[Snyk] Security upgrade next from 12.0.5 to 14.2.25 by q1blue · Pull Request #154 · https-quantumblockchainai-atlassian-net/crystal-ai-nextjs-planetscale-starter

q1blue · 2025-03-22T02:42:35Z

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

package.json
yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Improper Authorization SNYK-JS-NEXT-9508709	240

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Authorization

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-9508709

changeset-bot · 2025-03-22T02:42:40Z

⚠️ No Changeset found

Latest commit: 880cc24

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

socket-security · 2025-03-22T02:43:17Z

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/runtime@7.15.4 ➜ 7.16.0	None	`0`	153 kB	nicolo-ribaudo
npm/@next/env@12.0.5 ➜ 14.2.25	None	`0`	0 B
npm/@next/swc-darwin-arm64@12.0.5 ➜ 14.2.25	None	`0`	0 B
npm/@next/swc-darwin-x64@12.0.5 ➜ 14.2.25	None	`0`	0 B
npm/@next/swc-linux-arm64-gnu@12.0.5 ➜ 14.2.25	None	`0`	0 B
npm/@next/swc-linux-arm64-musl@12.0.5 ➜ 14.2.25	None	`0`	0 B
npm/@next/swc-linux-x64-gnu@12.0.5 ➜ 14.2.25	None	`0`	0 B
npm/@next/swc-linux-x64-musl@12.0.5 ➜ 14.2.25	None	`0`	0 B
npm/@next/swc-win32-arm64-msvc@12.0.5 ➜ 14.2.25	None	`0`	0 B
npm/@next/swc-win32-ia32-msvc@12.0.5 ➜ 14.2.25	None	`0`	0 B
npm/@next/swc-win32-x64-msvc@12.0.5 ➜ 14.2.25	None	`0`	0 B
npm/@swc/counter@0.1.3	None	`0`	1.18 kB	kdy1
npm/@swc/helpers@0.5.5	None	`0`	230 kB	kdy1
npm/ansi-regex@2.1.1	None	`0`	4.19 kB	qix
npm/browserslist@4.16.6 ➜ 4.17.6	None	`0`	68.7 kB	ai
npm/buffer@5.6.0 ➜ 5.7.1	None	`0`	82.5 kB	feross
npm/busboy@1.6.0	None	`0`	124 kB	mscdex
npm/caniuse-lite@1.0.30001278 ➜ 1.0.30001706	None	`0`	2.16 MB	ai, beneb, caniuse-lite
npm/client-only@0.0.1	None	`0`	611 B	sebmarkbage
npm/color-convert@2.0.1	None	`0`	27.2 kB	qix
npm/electron-to-chromium@1.3.885 ➜ 1.3.890	None	`0`	81.9 kB	kilianvalkhof
npm/escape-string-regexp@4.0.0	None	`0`	3.79 kB	sindresorhus
npm/graceful-fs@4.2.8 ➜ 4.2.11	None	`0`	32.5 kB	isaacs
npm/json5@1.0.1 ➜ 2.2.0	None	`0`	242 kB	jordanbtucker
npm/nanoid@3.1.30 ➜ 3.3.11	None	`0`	32.6 kB	ai
npm/next@12.0.5 ➜ 14.2.25	None	`0`	86.5 MB	vercel-release-bot
npm/node-releases@1.1.77 ➜ 2.0.1	None	`0`	23.1 kB	chicoxyzzy
npm/postcss@8.2.15 ➜ 8.4.31	None	`0`	197 kB	ai
npm/source-map-js@1.2.1	None	`0`	140 kB	7rulnik
npm/streamsearch@1.1.0	None	`0`	16.6 kB	mscdex
npm/styled-jsx@5.0.0-beta.3 ➜ 5.1.1	environment	`0`	1.03 MB	vercel-release-bot
npm/tr46@1.0.1 ➜ 0.0.3	None	`0`	268 kB	sebmaster
npm/tslib@2.8.1	None	`0`	90.4 kB	typescript-bot
npm/webidl-conversions@4.0.2 ➜ 3.0.1	None	`0`	12.4 kB	sebmaster
npm/whatwg-url@7.1.0 ➜ 5.0.0	None	`0`	49.9 kB	domenic

🚮 Removed packages: npm/@babel/plugin-syntax-jsx@7.14.5, npm/@hapi/accept@5.0.2, npm/@hapi/boom@9.1.4, npm/@hapi/hoek@9.2.1, npm/@napi-rs/triples@1.0.3, npm/@next/polyfill-module@12.0.5, npm/@next/react-dev-overlay@12.0.5, npm/@next/react-refresh-utils@12.0.5, npm/@next/swc-android-arm64@12.0.5, npm/@next/swc-linux-arm-gnueabihf@12.0.5, npm/anser@1.4.9, npm/asn1.js@5.4.1, npm/assert@2.0.0, npm/available-typed-arrays@1.0.5, npm/big.js@5.2.2, npm/bn.js@5.2.0, npm/browserify-aes@1.2.0, npm/browserify-cipher@1.0.1, npm/browserify-des@1.0.2, npm/browserify-rsa@4.1.0, npm/browserify-sign@4.2.1, npm/browserify-zlib@0.2.0, npm/buffer-xor@1.0.3, npm/builtin-status-codes@3.0.0, npm/chokidar@3.5.1, npm/commondir@1.0.1, npm/constants-browserify@1.0.0, npm/create-ecdh@4.0.4, npm/create-hmac@1.1.7, npm/crypto-browserify@3.12.0, npm/css.escape@1.5.1, npm/cssnano-preset-simple@3.0.0, npm/cssnano-simple@3.0.0, npm/data-uri-to-buffer@3.0.1, npm/debug@2.6.9, npm/depd@1.1.2, npm/des.js@1.0.1, npm/diffie-hellman@5.0.3, npm/domain-browser@4.19.0, npm/elliptic@6.5.4, npm/emojis-list@2.1.0, npm/encoding@0.1.13, npm/es6-object-assign@1.1.0, npm/find-cache-dir@3.3.1, npm/foreach@2.0.5, npm/get-orientation@1.1.2, npm/hash-base@3.1.0, npm/hash.js@1.1.7, npm/he@1.2.0, npm/hmac-drbg@1.0.1, npm/http-errors@1.7.3, npm/https-browserify@1.0.0, npm/iconv-lite@0.6.3, npm/image-size@1.0.0, npm/is-arguments@1.1.1, npm/is-generator-function@1.0.10, npm/is-nan@1.3.2, npm/is-typed-array@1.1.8, npm/jest-worker@27.0.0-next.5, npm/loader-utils@1.2.3, npm/lodash.sortby@4.7.0, npm/md5.js@1.3.5, npm/miller-rabin@4.0.1, npm/minimalistic-crypto-utils@1.0.1, npm/ms@2.0.0, npm/node-html-parser@1.4.9, npm/object-is@1.1.5, npm/os-browserify@0.3.0, npm/pako@1.0.11, npm/path-browserify@1.0.1, npm/pbkdf2@3.1.2, npm/platform@1.3.6, npm/process@0.11.10, npm/public-encrypt@4.0.3, npm/querystring-es3@0.2.1, npm/queue@6.0.2, npm/randomfill@1.0.4, npm/raw-body@2.4.1, npm/react-refresh@0.8.3, npm/readdirp@3.5.0, npm/regenerator-runtime@0.13.4, npm/setimmediate@1.0.5, npm/setprototypeof@1.1.1, npm/sha.js@2.4.11, npm/shell-quote@1.7.3, npm/stacktrace-parser@0.1.10, npm/statuses@1.5.0, npm/stream-browserify@3.0.0, npm/stream-http@3.1.1, npm/stream-parser@0.3.1, npm/string-hash@1.1.3, npm/stylis-rule-sheet@0.0.10, npm/stylis@3.5.4, npm/timers-browserify@2.0.12, npm/toidentifier@1.0.0, npm/tty-browserify@0.0.1, npm/type-fest@0.7.1, npm/unpipe@1.0.0, npm/use-subscription@1.5.1, npm/util@0.12.4, npm/vm-browserify@1.1.2, npm/which-typed-array@1.1.7

View full report↗︎

fix: package.json & yarn.lock to reduce vulnerabilities

880cc24

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-9508709

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade next from 12.0.5 to 14.2.25#154

[Snyk] Security upgrade next from 12.0.5 to 14.2.25#154
q1blue wants to merge 1 commit intomainfrom
snyk-fix-d78836b7dd9c838d3610b7cc1047fae3

q1blue commented Mar 22, 2025

Uh oh!

changeset-bot Bot commented Mar 22, 2025

Uh oh!

socket-security Bot commented Mar 22, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

q1blue commented Mar 22, 2025

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

Note for zero-installs users

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

changeset-bot Bot commented Mar 22, 2025

⚠️ No Changeset found

Uh oh!

socket-security Bot commented Mar 22, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants