chore: upgrate nextJS version to avoid vulnerabilities #110
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
WalkthroughNext.js dependency version updated from 14.2.5 to 14.2.35 in package.json. No functional or structural code changes introduced. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (1)
package.json(1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
**/*
⚙️ CodeRabbit configuration file
**/*: - Only comment on issues that would block merging — ignore minor or stylistic concerns.
- Restrict feedback to errors, security risks, or functionality-breaking problems.
- Do not post comments on code style, formatting, or non-critical improvements.
- Keep reviews short: flag only issues that make the PR unsafe to merge.
- Limit review comments to 3–5 items maximum, unless additional blockers exist.
- Group similar issues into a single comment instead of posting multiple notes.
- Skip repetition — if a pattern repeats, mention it once at a summary level only.
- Do not add general suggestions; focus strictly on merge-blocking concerns.
- If there are no critical problems, respond with minimal approval (e.g., 'Looks good'). Do not add additional review.
- Avoid line-by-line commentary unless it highlights a critical bug or security hole.
- Highlight only issues that could cause runtime errors, data loss, or severe maintainability issues.
- Ignore minor optimization opportunities — focus solely on correctness and safety.
- Provide a top-level summary of critical blockers rather than detailed per-line notes.
- Comment only when the issue must be resolved before merge — otherwise, remain silent.
- When in doubt, err on the side of fewer comments — brevity and blocking issues only.
- Avoid posting any refactoring issues
Files:
package.json
Greptile OverviewGreptile SummaryThis PR attempts to upgrade Next.js from 14.2.5 to 14.2.35 but contains a critical version mismatch in Critical Issues:
Resolution Required:
Confidence Score: 0/5
Important Files ChangedFile Analysis
Sequence DiagramsequenceDiagram
participant Dev as Developer
participant NPM as npm install
participant Registry as npm Registry
participant Next as next (14.2.35)
participant Env as @next/env
participant SWC as SWC Binaries
Dev->>NPM: npm install next@14.2.35
NPM->>Registry: Request next@14.2.35
Registry->>NPM: Return next package
NPM->>Registry: Request @next/env@14.2.35
Registry->>NPM: Return @next/env package
NPM->>Registry: Request platform-specific SWC binaries
Note over NPM,Registry: Issue: Returns 14.2.33 instead of 14.2.35
Registry->>NPM: Return @next/swc-*@14.2.33
NPM->>Dev: Installation complete (with mismatched versions)
Dev->>Next: npm run dev/build
Next->>Env: Load environment config (14.2.35)
Next->>SWC: Load SWC compiler (expects 14.2.35)
SWC-->>Next: Version mismatch error (14.2.33 ≠ 14.2.35)
Next-->>Dev: Runtime failure
|
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
rodrigopavezi
approved these changes
Dec 12, 2025
aimensahnoun
deleted the
12-12-chore_upgrate_nextjs_version_to_avoid_vulnerabilities
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
TL;DR
Upgraded Next.js from version 14.2.5 to 14.2.35.
What changed?
This PR updates the Next.js dependency from version 14.2.5 to 14.2.35 in both package.json and package-lock.json files. The update includes changes to all related Next.js packages, including @next/env and various platform-specific SWC packages.
How to test?
npm installnpm run devWhy make this change?
This update brings in the latest improvements, bug fixes, and security patches from the Next.js framework. Keeping dependencies up-to-date is important for maintaining application security and stability.
Summary by CodeRabbit
✏️ Tip: You can customize this high-level summary in your review settings.