Skip to content

Comments

test(deps): update next to 16.0.7#1600

Merged
jennifer-shehane merged 1 commit intocypress-io:masterfrom
MikeMcC399:update/nextjs
Dec 4, 2025
Merged

test(deps): update next to 16.0.7#1600
jennifer-shehane merged 1 commit intocypress-io:masterfrom
MikeMcC399:update/nextjs

Conversation

@MikeMcC399
Copy link
Collaborator

@MikeMcC399 MikeMcC399 commented Dec 4, 2025

Situation

Dependabot and npm audit report a critical vulnerability CVE-2025-66478 (GHSA-9qr9-h5gf-34mp) in the npm package next used in examples/nextjs.

Change

Update next-related dependencies in examples/nextjs:

Dependency From To
next 16.0.6 16.0.7
react & react-dom 19.2.0 19.2.1

Verification

Execute:

cd examples/nextjs
npm ci
npm audit

and confirm no vulnerabilities are reported. Then execute:

npm run dev

and then in a separate terminal, execute:

npm test

confirming that the Cypress test passes.

@MikeMcC399
test(deps): update next to 16.0.7
885e147 
Update
react to 19.2.1
react-down to 19.2.1
@MikeMcC399 MikeMcC399 added bug Something isn't working type: dependencies labels Dec 4, 2025
@cypress-app-bot
Copy link

cypress-app-bot commented Dec 4, 2025

@MikeMcC399 MikeMcC399 self-assigned this Dec 4, 2025
@MikeMcC399 MikeMcC399 marked this pull request as ready for review December 4, 2025 07:23
Zarthus
Zarthus approved these changes Dec 4, 2025
View reviewed changes
Copy link

@Zarthus Zarthus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(Thank you for being on top of this :), not an official reviewer just wanted to express gratitude)

@MikeMcC399
Copy link
Collaborator Author

MikeMcC399 commented Dec 4, 2025

@Zarthus

(Thank you for being on top of this :), not an official reviewer just wanted to express gratitude)

Thank you! It doesn't actually affect the action itself, and the vulnerability alert only occurs if you have a clone of the repo. It would probably also be difficult to exploit in this environment as well.

That being said, I try to contribute updates to this repo to remove any vulnerability warnings, whether they are in the core action or just in the examples, and whether they appear exploitable or not, just to keep the repo clean and up-to-date.

@jennifer-shehane jennifer-shehane merged commit 3826585 into cypress-io:master Dec 4, 2025
82 checks passed
@MikeMcC399 MikeMcC399 deleted the update/nextjs branch December 4, 2025 13:48
This was referenced Dec 10, 2025
Closed
Merged
@github-actions
Copy link

github-actions bot commented Dec 10, 2025

🎉 This PR is included in version 6.10.5 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jennifer-shehane jennifer-shehane jennifer-shehane approved these changes

+1 more reviewer

@Zarthus Zarthus Zarthus approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@MikeMcC399 MikeMcC399

Labels

bug Something isn't working released type: dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@MikeMcC399 @cypress-app-bot @jennifer-shehane @Zarthus