security: bump 9 package(s) in npm#16
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Wiz Scan Summary
To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension. |
![wiz-6cbc7756d1[bot]](https://avatars.githubusercontent.com/b/268422?s=60&v=4){kind=small}
| "formidable": "^3.5.1", | ||
| "lucide-react": "^0.330.0", | ||
| "next": "14.2.35", | ||
| "next": "15.0.8", |
There was a problem hiding this comment.
The following vulnerabilities impact next versions <15.5.16: CVE-2024-56332, CVE-2025-29927, CVE-2025-32421, CVE-2025-48068, CVE-2025-49826, CVE-2025-55173, CVE-2025-57752, CVE-2025-57822, CVE-2025-59471, CVE-2026-23869, CVE-2026-23870, CVE-2026-27980, CVE-2026-29057, CVE-2026-44572, CVE-2026-44573, CVE-2026-44576, CVE-2026-44577, CVE-2026-44578, CVE-2026-44579, CVE-2026-44580, CVE-2026-44581, CVE-2026-44582.
These can be remediated by updating to version 15.5.16 or higher.
To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason
If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).
To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate
| "next": "15.0.8", | |
| "next": "15.5.16", |
1 participant
Security dependency upgrade
This PR was opened by depagent to address 9 security alert(s) in the
npmecosystem.Each package is pinned to exactly the patched version reported by Dependabot's
first_patched_version— not a range. To restore a range constraint (e.g.^x.y.z), edit the manifest after merge.Alerts addressed
axiosnextnextnextaxiosaxiosnextaxiosnextNotes
(none)
Generated by depagent —
storyprotocol/artcast.