Skip to content

chore(deps): update dependency next to v14.2.35 [security] #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
renovate wants to merge 1 commit into
base: development
Choose a base branch
from
Open

chore(deps): update dependency next to v14.2.35 [security] #186

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion examples/with-app-router-context/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
"@types/react-dom": "18.3.5",
"eslint": "9.23.0",
"eslint-config-next": "15.2.4",
Copy link

@coderabbitai coderabbitai bot Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Version mismatch: eslint-config-next is ahead of next.

The eslint-config-next is at version 15.2.4 while next is at 14.2.35. While this may work, it's generally recommended to keep these versions aligned to the same major version to avoid potential compatibility issues.

Consider aligning the versions:

-    "eslint-config-next": "15.2.4",
+    "eslint-config-next": "14.2.35",
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"eslint-config-next": "15.2.4",
"eslint-config-next": "14.2.35",
🤖 Prompt for AI Agents 
examples/with-app-router-context/package.json lines 16-16: eslint-config-next is
on 15.2.4 while next is 14.2.35; update package.json so both packages use the
same major version (either pin eslint-config-next to a 14.x release matching
next, or upgrade next to 15.x to match eslint-config-next), then run your
package manager install and re-run lint/build to verify compatibility.

"next": "14.2.26",
"next": "14.2.35",
"next-runtime-env": "link:../..",
"react": "18.3.1",
"react-dom": "18.3.1",
Expand Down
90 changes: 45 additions & 45 deletions examples/with-app-router-context/pnpm-lock.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion examples/with-app-router-script/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
"@types/react-dom": "18.3.5",
"eslint": "9.23.0",
"eslint-config-next": "15.2.4",
Copy link

@coderabbitai coderabbitai bot Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Version mismatch: eslint-config-next is ahead of next.

The eslint-config-next is at version 15.2.4 while next is at 14.2.35. While this may work, it's generally recommended to keep these versions aligned to the same major version to avoid potential compatibility issues.

Consider aligning the versions:

-    "eslint-config-next": "15.2.4",
+    "eslint-config-next": "14.2.35",
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"eslint-config-next": "15.2.4",
"eslint-config-next": "14.2.35",
🤖 Prompt for AI Agents 
In examples/with-app-router-script/package.json around line 16,
eslint-config-next is at 15.2.4 while next is 14.2.35; update package.json to
align versions by either downgrading eslint-config-next to a 14.x matching next
or upgrading next to 15.x so both share the same major version, then run
npm/yarn install and test linting/build to ensure compatibility.

"next": "14.2.26",
"next": "14.2.35",
Copy link

@coderabbitai coderabbitai bot Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Next.js 14.2.35 is the appropriate security patch for the 14.x release line.

CVE-2025-55182 (React2Shell) is a critical CVSS 10.0 vulnerability affecting React versions 19.x and Next.js versions 15.x and 16.x when using App Router. Next.js 14.x stable is not affected. The version bump is therefore appropriate.

CVE-2025-57752, a cache deception vulnerability in Next.js Image Optimization, was fixed in v14.2.31. CVE-2025-48068, a dev server source code exposure issue, was fixed in versions 14.2.30 and 15.2.2. Since 14.2.35 includes both fixes, the security improvements are confirmed.

However, address the version mismatch: eslint-config-next is pinned to version 15.2.4, which corresponds to Next.js 15.x, while next is 14.2.35. Update eslint-config-next to the 14.2.x series to match the Next.js version.

🤖 Prompt for AI Agents 
In examples/with-app-router-script/package.json around line 17,
eslint-config-next is pinned to 15.2.4 while next is 14.2.35; update
eslint-config-next to the matching 14.2.x series (e.g., 14.2.35 or a compatible
14.2.*) in package.json, then reinstall dependencies (npm/yarn/pnpm install) to
update the lockfile and run the linter to confirm no configuration mismatches
remain.

"next-runtime-env": "link:../..",
"react": "18.3.1",
"react-dom": "18.3.1",
Expand Down
Loading
Loading