[Snyk] Security upgrade next from 14.2.21 to 14.2.35#16
Conversation
…t-kit-nextjs-langchain/pnpm-lock.yaml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PLAYWRIGHT-14888269
There was a problem hiding this comment.
Pull request overview
This PR is a Snyk-automated security upgrade that updates Next.js from version 14.2.21 to 14.2.35 to fix a high severity vulnerability (SNYK-JS-PLAYWRIGHT-14888269 - "Exposed Dangerous Method or Function") with a score of 753.
Changes:
- Updated Next.js dependency version from ^14.2.3 to ^14.2.35 in package.json
- Updated pnpm lockfile to reflect the new Next.js version and its dependencies
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| examples/agent-kit-nextjs-langchain/package.json | Updated the Next.js version specifier from ^14.2.3 to ^14.2.35 |
| examples/agent-kit-nextjs-langchain/pnpm-lock.yaml | Updated lockfile entries for Next.js core package (14.2.35) and SWC platform binaries (14.2.33), along with dependency resolution updates |
Files not reviewed (1)
- examples/agent-kit-nextjs-langchain/pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| '@next/swc-darwin-arm64': 14.2.33 | ||
| '@next/swc-darwin-x64': 14.2.33 | ||
| '@next/swc-linux-arm64-gnu': 14.2.33 | ||
| '@next/swc-linux-arm64-musl': 14.2.33 | ||
| '@next/swc-linux-x64-gnu': 14.2.33 | ||
| '@next/swc-linux-x64-musl': 14.2.33 | ||
| '@next/swc-win32-arm64-msvc': 14.2.33 | ||
| '@next/swc-win32-ia32-msvc': 14.2.33 | ||
| '@next/swc-win32-x64-msvc': 14.2.33 |
There was a problem hiding this comment.
There is a version mismatch between the main Next.js package (14.2.35) and the SWC platform-specific binaries (14.2.33). The SWC packages are optional dependencies that provide native compilation for Next.js, and they should typically match the main Next.js version. This mismatch could potentially lead to incompatibility issues or unexpected behavior at runtime. The lockfile should be regenerated to ensure all Next.js-related packages are at version 14.2.35.
| '@next/swc-darwin-arm64': 14.2.33 | |
| '@next/swc-darwin-x64': 14.2.33 | |
| '@next/swc-linux-arm64-gnu': 14.2.33 | |
| '@next/swc-linux-arm64-musl': 14.2.33 | |
| '@next/swc-linux-x64-gnu': 14.2.33 | |
| '@next/swc-linux-x64-musl': 14.2.33 | |
| '@next/swc-win32-arm64-msvc': 14.2.33 | |
| '@next/swc-win32-ia32-msvc': 14.2.33 | |
| '@next/swc-win32-x64-msvc': 14.2.33 | |
| '@next/swc-darwin-arm64': 14.2.35 | |
| '@next/swc-darwin-x64': 14.2.35 | |
| '@next/swc-linux-arm64-gnu': 14.2.35 | |
| '@next/swc-linux-arm64-musl': 14.2.35 | |
| '@next/swc-linux-x64-gnu': 14.2.35 | |
| '@next/swc-linux-x64-musl': 14.2.35 | |
| '@next/swc-win32-arm64-msvc': 14.2.35 | |
| '@next/swc-win32-ia32-msvc': 14.2.35 | |
| '@next/swc-win32-x64-msvc': 14.2.35 |
Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.
Snyk changed the following file(s):
examples/agent-kit-nextjs-langchain/package.jsonexamples/agent-kit-nextjs-langchain/pnpm-lock.yamlVulnerabilities that will be fixed with an upgrade:
SNYK-JS-PLAYWRIGHT-14888269
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.