Skip to content

patch(security): bump up nextjs version #437

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Sep 28, 2025
Merged

patch(security): bump up nextjs version #437

merged 7 commits into from
Sep 28, 2025

Conversation

@zhravan
Copy link
Collaborator

@zhravan zhravan commented Sep 26, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Updated Next.js runtime to 15.2.3 for improved stability and compatibility in the web app.
    • Refreshed linting configuration to match the latest Next.js tooling.
    • Updated API version metadata release date for v1 to reflect the latest release.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 26, 2025
edited
Loading

Walkthrough

Updates the v1 release_date in api/api/versions.json and bumps Next.js and eslint-config-next versions in view/package.json. No structural or control-flow changes.

Changes

Cohort / File(s) Summary
API version metadata
api/api/versions.json		 Updated v1.release_date timestamp only; no schema or other field changes.
View dependency bumps
view/package.json		 Upgraded dependencies: next 15.2.1-canary.2 → 15.2.3; eslint-config-next 15.2.1-canary.2 → 15.2.3. No script or config changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

Suggested labels

nixopus-view, nixopus-api

Poem

A hop and a bump—so fleet, so neat,
Dates refreshed, deps now complete.
I twitch my whiskers, version set,
Next hops forward—no regret.
Thump-thump! Release drums in the night,
Carrots cached, all green lights bright. 🥕🐇

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title clearly indicates that this PR patches a security issue by updating the Next.js version, accurately reflecting the main change without including extraneous details.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
✨ Finishing touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8523341 and 5924988.

⛔ Files ignored due to path filters (1)
  • view/yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (2)
  • api/api/versions.json (1 hunks)
  • view/package.json (2 hunks)
🔇 Additional comments (2)
api/api/versions.json (1)

4-7: Release date update looks good

The v1 metadata remains consistent, and the refreshed timestamp aligns with the publish cycle.

view/package.json (1)

48-79: Ensure lockfile reflects the new Next.js versions

After bumping next and eslint-config-next to 15.2.3, please regenerate the workspace lockfile (package-lock.json, pnpm-lock.yaml, or equivalent) so the resolved versions match these pins. Otherwise installs will continue to pull the older canary build.

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

  • Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
  • Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

raghavyuva
raghavyuva approved these changes Sep 26, 2025
View reviewed changes
Copy link
Owner

@raghavyuva raghavyuva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@zhravan zhravan changed the base branch from master to feat/develop September 28, 2025 13:19
@zhravan zhravan changed the base branch from feat/develop to master September 28, 2025 13:20
@zhravan zhravan merged commit 57e3ff8 into raghavyuva:master Sep 28, 2025
3 of 4 checks passed
@zhravan zhravan deleted the fix/sec-vul branch September 28, 2025 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@raghavyuva raghavyuva raghavyuva approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zhravan @raghavyuva