[Snyk] Security upgrade next from 14.2.5 to 14.2.35

[djdiptayan1]

Snyk has created this PR to fix 2 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• package.json
• yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Deserialization of Untrusted Data SNYK-JS-NEXT-14400636	852
	Improper Input Validation SNYK-JS-NANOID-8492085	529

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation
🦉 Deserialization of Untrusted Data

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
githubsrmv2	Ready	Preview, Comment	Dec 15, 2025 8:13pm

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-fix-14a25fbda2f8e5b2aa1e1ffafdc6f372

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR upgrades Next.js from version 14.2.5 to 14.2.35 to address two security vulnerabilities: a high-severity Deserialization of Untrusted Data issue (SNYK-JS-NEXT-14400636) and a medium-severity Improper Input Validation issue in nanoid (SNYK-JS-NANOID-8492085). However, the upgrade contains a critical version mismatch between the main package and its platform-specific dependencies.

Key Changes:

• Updated next dependency from ^14.1.0 to ^14.2.35 in package.json
• Updated main next package and @next/env to version 14.2.35 in yarn.lock
• Issue: Platform-specific SWC binaries remain at version 14.2.33 instead of 14.2.35

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
package.json	Updates the next dependency version constraint to ^14.2.35
yarn.lock	Updates resolved versions for next (14.2.35) and @next/env (14.2.35), but contains mismatched SWC binary versions (14.2.33)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.