Skip to content

Pierwsze ściągnięcie #595

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Kamil1230xd wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Pierwsze ściągnięcie #595

Kamil1230xd wants to merge 2 commits into from
+162 −167

Conversation

@Kamil1230xd
Copy link

@Kamil1230xd Kamil1230xd commented Dec 10, 2025

This pull request updates the next dependency across multiple packages and lockfiles to newer versions, ensuring consistency and access to the latest features and fixes. The changes affect the documentation, web, and next packages, as well as the associated lockfiles and SWC binaries.

Dependency updates:

  • Updated the next dependency in docs/package.json from 15.6.0-canary.13 to 15.6.0-canary.58 to use a more recent canary release.
  • Updated the next dependency in packages/web/package.json from 15.5.4 to 15.5.7.
  • Updated the next dependency in packages/next/package.json from 16.0.1 to 16.0.7.

Lockfile and binary alignment:

  • Updated all references to next and associated SWC binaries in pnpm-lock.yaml to match the new versions used in the respective packages, ensuring all environments and platforms use consistent versions. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11]

Other lockfile updates:

  • Removed an old version of caniuse-lite from pnpm-lock.yaml as part of lockfile maintenance.

vercel bot and others added 2 commits December 9, 2025 23:26
@vercel
Update dependencies for React Flight RCE advisory
4896710 
Updated dependencies to fix Next.js CVE vulnerabilities.

The fix-react2shell-next tool automatically updated the following packages to their secure versions:
- next
- react-server-dom-webpack
- react-server-dom-parcel  
- react-server-dom-turbopack

All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory.

Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
@Kamil1230xd
Merge pull request #1 from Kamil1230xd/vercel/dependencies-for-react-…
9cba15d 
…flight-lzolq0

Fix React Server Components RCE vulnerability
Copilot AI review requested due to automatic review settings December 10, 2025 12:10
@changeset-bot
Copy link

changeset-bot bot commented Dec 10, 2025

⚠️ No Changeset found

Latest commit: 9cba15d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@vercel
Copy link
Contributor

vercel bot commented Dec 10, 2025

@Kamil1230xd is attempting to deploy a commit to the Vercel Labs Team on Vercel.

A member of the Team first needs to authorize it.

Copilot AI reviewed Dec 10, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates Next.js dependencies across multiple workspace packages to newer patch and canary versions. The updates follow a consistent pattern of applying patch version increments and canary progression, ensuring all packages have access to the latest bug fixes and features appropriate to their stability requirements.

Key Changes

  • Updated docs package from Next.js 15.6.0-canary.13 to 15.6.0-canary.58 for access to the latest canary features
  • Applied patch updates to stable Next.js 15.x (15.5.4 → 15.5.7) and 16.x (16.0.1 → 16.0.7) across production and workbench packages
  • Synchronized pnpm-lock.yaml with updated dependencies and platform-specific SWC binaries

Reviewed changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
docs/package.json Updates Next.js to canary.58 for documentation site features
packages/web/package.json Updates Next.js from 15.5.4 to 15.5.7 (patch update)
packages/next/package.json Updates Next.js from 16.0.1 to 16.0.7 (patch update)
workbench/nextjs-webpack/package.json Updates Next.js from 16.0.1 to 16.0.7 for webpack workbench
workbench/nextjs-turbopack/package.json Updates Next.js from 16.0.1 to 16.0.7 for turbopack workbench
pnpm-lock.yaml Updates all Next.js package resolutions, SWC binaries, and removes unused caniuse-lite version
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Kamil1230xd