Skip to content

[Snyk] Security upgrade next from 14.2.13 to 14.2.35#39

Open
Azanul wants to merge 1 commit intomasterfrom
snyk-fix-4f7bd84b4169fc1d636f83748b3884ac
Open

[Snyk] Security upgrade next from 14.2.13 to 14.2.35#39
Azanul wants to merge 1 commit intomasterfrom
snyk-fix-4f7bd84b4169fc1d636f83748b3884ac

Conversation

@Azanul
Copy link
Owner

@Azanul Azanul commented Dec 15, 2025

snyk-top-banner

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • frontend/package.json
  • frontend/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Deserialization of Untrusted Data
SNYK-JS-NEXT-14400636		   852  
medium severity Improper Input Validation
SNYK-JS-NANOID-8492085		   529  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation
🦉 Deserialization of Untrusted Data

@gooroo-dev
Copy link

gooroo-dev bot commented Dec 15, 2025

Please double check the following review of the pull request:

🐞Mistake 🤪Typo 🚨Security 🚀Performance 💪Best Practices 📖Readability ❓Others
0 0 0 0 0 0 0

Changes in the diff

  • 🛠️ Updated next package version from 14.2.13 to 14.2.35 in package.json and package-lock.json.
  • 🛠️ Updated related @next/* dependencies versions in package-lock.json to match the new next version.
  • 🛠️ Changed version specifier for next in package-lock.json from exact "14.2.13" to caret "^14.2.35" for flexibility.

Identified Issues

No issues identified. The changes are straightforward version upgrades of dependencies to address security vulnerabilities as indicated by the PR title. No code logic changes or new features introduced.

Summary

This PR upgrades the Next.js framework and its related packages from version 14.2.13 to 14.2.35 to address security concerns. The changes are limited to dependency version bumps in package.json and package-lock.json. No code or configuration logic was altered. No mistakes, typos, or security regressions were found in the diff. No additional tests are needed for this dependency upgrade.

Summon me to re-review when updated! Yours, Gooroo.dev
I'd love to hear your feedback! Add a reaction or reply.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Azanul @snyk-bot