[Snyk] Security upgrade next from 13.4.2 to 15.5.10#173
[Snyk] Security upgrade next from 13.4.2 to 15.5.10#173snyk-io[bot] wants to merge 1 commit intomainfrom
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-15104645
⛔ Snyk checks have failed. 1 issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
WalkthroughThis PR upgrades Next.js from version 13.4.2 to 15.5.10, spanning two major releases. The upgrade includes comprehensive dependency updates across the entire Next.js ecosystem, including SWC compiler binaries updated to version 15.5.7 for all supported platforms. The update removes deprecated dependencies (busboy, zod, @next/swc-win32-ia32-msvc) and updates core dependencies like @swc/helpers, postcss, and styled-jsx. It adds optional sharp image optimization library with platform-specific binaries for Darwin, Linux, Windows, and WebAssembly across multiple architectures. Peer dependencies are adjusted to support both React 19 RC and stable versions while maintaining compatibility with the existing React 18.2.0 installation. Changes
Sequence DiagramThis diagram shows the interactions between components: sequenceDiagram
actor Dev as Developer
participant NPM as Package Manager
participant Next as Next.js 15.5.10
participant Sharp as Sharp (Image Processor)
participant SWC as SWC Compiler
participant Platform as Platform Binaries
Dev->>NPM: npm install / update
activate NPM
NPM->>Next: Install Next.js 15.5.10
activate Next
Note over NPM,Next: Core dependencies updated:<br/>@swc/helpers 0.5.15<br/>postcss 8.4.31<br/>styled-jsx 5.1.6
NPM->>SWC: Install platform-specific SWC binary
activate SWC
alt darwin-arm64
NPM->>Platform: Install @next/swc-darwin-arm64
else darwin-x64
NPM->>Platform: Install @next/swc-darwin-x64
else linux-x64-gnu
NPM->>Platform: Install @next/swc-linux-x64-gnu
else win32-x64-msvc
NPM->>Platform: Install @next/swc-win32-x64-msvc
end
Platform-->>SWC: Binary ready
deactivate SWC
opt Image Optimization Enabled
NPM->>Sharp: Install Sharp 0.34.5 (optional)
activate Sharp
Sharp->>Platform: Install platform-specific libvips
Note over Sharp,Platform: Installs native binaries for:<br/>- Darwin (arm64/x64)<br/>- Linux (arm/arm64/x64)<br/>- Windows (arm64/x64)
Platform-->>Sharp: Native binaries ready
deactivate Sharp
end
Next-->>NPM: Installation complete
deactivate Next
NPM-->>Dev: Dependencies updated
deactivate NPM
Note over Dev,Platform: Next.js 15 now includes:<br/>- Enhanced image optimization (Sharp)<br/>- Faster compilation (SWC)<br/>- Updated PostCSS & styled-jsx
Note for WindsurfPlease change the default marketplace provider to the following in the windsurf settings:Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts belowEmoji Descriptions:
Interact with the Bot:
Also you can trigger various commands with the bot by doing The current supported commands are
More commands to be added soon. |
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
gui/package.jsongui/package-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-NEXT-15104645
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling
EntelligenceAI PR Summary
Major Next.js framework upgrade from version 13.4.2 to 15.5.10 with comprehensive dependency updates and architectural improvements.