[Snyk] Fix for 5 vulnerabilities#464
Conversation
…duce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-15930944 - https://snyk.io/vuln/SNYK-JS-DEFU-15914644 - https://snyk.io/vuln/SNYK-JS-NEXT-15921797 - https://snyk.io/vuln/SNYK-JS-NEXT-15954202 - https://snyk.io/vuln/SNYK-JS-STABLELIBED25519-15914262
⛔ Snyk checks have failed. 11 issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
| "msw": "^2.4.1", | ||
| "near-api-js": "^0.44.2", | ||
| "next": "^13.5.9", | ||
| "next": "^15.5.15", |
There was a problem hiding this comment.
🔴 next export CLI command removed in Next.js 14+, breaking the build script
The build script at line 9 runs next build && next export, but next export was removed as a standalone CLI command in Next.js 14. With the upgrade from next ^13.5.9 to ^15.5.15, this build command will fail with an error like "next export" does not exist. In Next.js 14+, static export must be configured via output: 'export' in next.config.js, and next build alone produces the static output. The next.config.js at packages/example/next.config.js does not have output: 'export' set.
Prompt for agents
The build script in packages/example/package.json (line 9) uses `next build && next export`, but `next export` was removed in Next.js 14. Since this PR bumps next to ^15.5.15, the build will fail.
To fix this:
1. In packages/example/next.config.js, add `output: 'export'` to the nextConfig object.
2. In packages/example/package.json, change the build script from `cross-env NODE_OPTIONS=--openssl-legacy-provider next build && next export` to just `cross-env NODE_OPTIONS=--openssl-legacy-provider next build`.
Also note that `next-compose-plugins` and `next-fonts` are unmaintained and may not be compatible with Next.js 15 — test the build after making these changes. The `eslint-config-next` devDependency is still pinned to `13.5.6` and should be updated to match the Next.js major version (15.x).
Was this helpful? React with 👍 or 👎 to provide feedback.
2 participants
Snyk has created this PR to fix 5 vulnerabilities in the yarn dependencies of this project.
Snyk changed the following file(s):
packages/example/package.jsonpackages/example/yarn.lockNote for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the
.yarn/cache/directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to runyarnto update the contents of the./yarn/cachedirectory.If you are not using zero-install you can ignore this as your flow should likely be unchanged.
Vulnerabilities that will be fixed with an upgrade:
SNYK-JS-AXIOS-15930944
SNYK-JS-DEFU-15914644
SNYK-JS-NEXT-15921797
SNYK-JS-NEXT-15954202
SNYK-JS-STABLELIBED25519-15914262
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling
🦉 Prototype Pollution