Skip to content

[Snyk] Security upgrade next from 13.1.6 to 14.2.24 #30

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
"bottleneck": "^2.19.5",
"cheerio": "^1.0.0-rc.12",
"langchain": "^0.1.20",
"next": "13.1.6",
"next": "14.2.24",

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

This upgrade from Next.js v13.1.6 to v14.2.24 is a major version change, which can introduce breaking changes and requires careful attention.

Could you please ensure the following critical steps are taken before merging?

  1. Update package-lock.json: As highlighted in the PR description by Snyk, the package-lock.json file must be updated (e.g., by running npm install) and committed. This is crucial for ensuring deterministic builds and that the correct dependency versions, including this security fix, are used consistently across all environments.

  2. Thorough Testing: Given this is a major version upgrade (v13 to v14), please conduct comprehensive testing of the application. This includes checking for any regressions or unexpected behavior due to potential breaking changes in Next.js.

  3. Review Release Notes: It's highly recommended to review the official Next.js v14 release notes to understand the scope of changes, identify any breaking changes relevant to your project, and follow any prescribed migration guides.

Addressing these points, especially the package-lock.json update, is essential for the stability and security of the application.

"node-spider": "^1.4.1",
"react": "18.2.0",
"react-dom": "18.2.0",
Expand Down