Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Build(deps): Bump next in the npm_and_yarn group across 1 directory (… #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Dargon789 merged 1 commit into from
Dec 22, 2025
Merged

Build(deps): Bump next in the npm_and_yarn group across 1 directory (… #13

Dargon789 merged 1 commit into from
Dec 22, 2025

Conversation

@Dargon789
Copy link
Owner

@Dargon789 Dargon789 commented Dec 22, 2025
edited by sourcery-ai bot
Loading

#6) (#12)

The following vulnerabilities are fixed with an upgrade:

The following vulnerabilities are fixed with an upgrade:

Bumps the npm_and_yarn group with 1 update in the / directory: next.

Updates next from 15.4.7 to 15.4.8

updated-dependencies:

  • dependency-name: next dependency-version: 15.4.8 dependency-type: direct:production dependency-group: npm_and_yarn ...

Summary by Sourcery

Update Next.js dependency versions across docs and web packages to the latest patched release.

Bug Fixes:

  • Address known security vulnerabilities by upgrading Next.js in docs and web packages.

Enhancements:

  • Align Next.js versions in docs and web workspaces with the latest 15.4.x patch release.

Build:

  • Refresh pnpm lockfile to reflect updated Next.js dependency graph.

@Dargon789 @snyk-io @dependabot
Build(deps): Bump next in the npm_and_yarn group across 1 directory (#6
56a09f8 
…) (#12)

* fix: extras/web/package.json to reduce vulnerabilities (#10)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644

Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>

* fix: extras/docs/package.json to reduce vulnerabilities (#9)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644

Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>

* Build(deps): Bump next in the npm_and_yarn group across 1 directory (#6)

Bumps the npm_and_yarn group with 1 update in the / directory: [next](https://github.com/vercel/next.js).


Updates `next` from 15.4.7 to 15.4.8
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.4.7...v15.4.8)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.4.8
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@sourcery-ai
Copy link

sourcery-ai bot commented Dec 22, 2025
edited
Loading

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR upgrades the Next.js dependency from 15.4.7 to 15.4.10 in the docs and web extras packages and refreshes the pnpm lockfile to pick up the new version and its transitive dependency updates, primarily to address known security vulnerabilities.

File-Level Changes

Change Details Files
Upgrade Next.js version used by the extras docs and web apps.
  • Bump the next dependency from ^15.4.7 to ^15.4.10 in extras/docs/package.json.
  • Bump the next dependency from ^15.4.7 to ^15.4.10 in extras/web/package.json.
  • Ensure both apps remain aligned on the same Next.js major/minor version to avoid workspace inconsistencies.
 extras/docs/package.json
extras/web/package.json
Regenerate pnpm lockfile to reflect the Next.js upgrade and associated transitive dependency changes.
  • Update pnpm-lock.yaml entries for next to 15.4.10 and adjust its integrity/resolution metadata.
  • Refresh transitive dependency versions pulled in by the new Next.js release as recorded in the lockfile.
 pnpm-lock.yaml
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@snyk-io
Copy link
Contributor

snyk-io bot commented Dec 22, 2025

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@gemini-code-assist
Copy link

gemini-code-assist bot commented Dec 22, 2025

Summary of Changes

Hello @Dargon789, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on enhancing the security and stability of the project by updating the core Next.js framework and its associated dependencies. The primary goal is to mitigate identified vulnerabilities and ensure that the application leverages the latest improvements and bug fixes from these critical packages.

Highlights

  • Next.js Upgrade: The next dependency has been upgraded from version 15.4.7 to 15.4.10 in both extras/docs/package.json and extras/web/package.json.
  • Vulnerability Fixes: This upgrade addresses known vulnerabilities in Next.js, specifically SNYK-JS-NEXT-14400636 and SNYK-JS-NEXT-14400644.
  • Transitive Dependency Updates: Numerous transitive dependencies, including @emnapi/runtime, caniuse-lite, detect-libc, sharp, and various @next/swc-* and @img/sharp-* packages, have been updated to their latest versions as reflected in pnpm-lock.yaml.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

sourcery-ai[bot]
sourcery-ai bot reviewed Dec 22, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've reviewed your changes and they look great!

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 22, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the next dependency to version 15.4.10, which is a good step to patch security vulnerabilities. However, I've identified a critical issue in the pnpm-lock.yaml file. The next package is at version 15.4.10, but its core @next/swc-* dependencies are incorrectly resolved to version 15.4.8. This version mismatch can lead to unexpected runtime errors. I've left a comment with instructions on how to resolve this by regenerating the lockfile. Additionally, for clarity, it would be beneficial to update the pull request title and description to reflect the update to version 15.4.10, as they currently mention version 15.4.8.

@Dargon789 Dargon789 merged commit 4c8185b into master Dec 22, 2025
13 of 15 checks passed
@Dargon789 Dargon789 deleted the dependabot/npm_and_yarn/npm_and_yarn-d75907e3d7 branch December 22, 2025 11:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Dargon789