You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR focuses on updating the version of next and related dependencies in the package.json and yarn.lock files, ensuring compatibility with the latest features and fixes.
Detailed summary
Updated next version from 14.2.28 to 14.2.35 in package.json and yarn.lock.
Updated @next/env and related @next/swc-* packages to version 14.2.35 or 14.2.33 as appropriate.
Adjusted caniuse-lite dependency versions.
Updated nanoid version from 3.3.6 to 3.3.11.
✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}
Summary by CodeRabbit
Chores
Updated Next.js dependency to version 14.2.35.
✏️ Tip: You can customize this high-level summary in your review settings.
The next dependency in web-devtools/package.json is upgraded from version 14.2.28 to 14.2.35, a patch-level version update within the same major and minor version series.
Changes
Cohort / File(s)
Summary
Dependency Version Update web-devtools/package.json
Upgraded Next.js from 14.2.28 to 14.2.35
Estimated code review effort
🎯 1 (Trivial) | ⏱️ ~2 minutes
Single-line change in a configuration file
Patch-level version bump with no functional code modifications
Minimal risk surface for this type of update
Poem
🐰 A hop and a bump, from twenty-eight to thirty-five so fine,
Next.js does improve, one version at a time,
Patches applied with care, the dependencies align,
In the web-devtools garden, where all the packages shine! 🌱
Pre-merge checks and finishing touches
❌ Failed checks (1 warning)
Check name
Status
Explanation
Resolution
Title check
⚠️ Warning
The title references specific vulnerability IDs (55183 and 55184) but the actual change is a Next.js dependency upgrade from 14.2.28 to 14.2.35, which is unrelated to React vulnerabilities.
Update the title to accurately reflect the actual change, such as 'chore: upgrade Next.js to 14.2.35' or 'fix: upgrade Next.js dependency to address vulnerabilities'.
✅ Passed checks (2 passed)
Check name
Status
Explanation
Description Check
✅ Passed
Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage
✅ Passed
No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches🧪 Generate unit tests (beta)
Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch fix/react-vuln-55184-and-55183
📜 Recent review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📥 Commits
Reviewing files that changed from the base of the PR and between e16934e and 117cfb0.
⛔ Files ignored due to path filters (1)
yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (1)
web-devtools/package.json (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (14)
63-63: Ensure the lockfile is updated to pin next@14.2.35.
Next.js 14.2.35 correctly addresses CVE-2025-55183 (Server Functions source-code leakage) and CVE-2025-55184 (App Router DoS), so the version bump is appropriate. However, package.json changes alone won't ensure the fix reaches production—verify that the corresponding yarn.lock (or package-lock.json) has been updated in this PR and that CI/prod will install next@14.2.35 and its patched dependencies.
Comment @coderabbitai help to get the list of available commands and usage tips.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
jaybuidl
added
Type: Maintenance 🚧
Type: Security Patch🛡️
Package: Web
PR-Codex overview
This PR focuses on updating the version of
nextand related dependencies in thepackage.jsonandyarn.lockfiles, ensuring compatibility with the latest features and fixes.Detailed summary
nextversion from14.2.28to14.2.35inpackage.jsonandyarn.lock.@next/envand related@next/swc-*packages to version14.2.35or14.2.33as appropriate.caniuse-litedependency versions.nanoidversion from3.3.6to3.3.11.Summary by CodeRabbit
✏️ Tip: You can customize this high-level summary in your review settings.