Skip to content

Comments

fix(deps): update next to 16.0.10#1607

Merged
AtofStryker merged 1 commit intocypress-io:masterfrom
MikeMcC399:update/nextjs
Dec 12, 2025
Merged

fix(deps): update next to 16.0.10#1607
AtofStryker merged 1 commit intocypress-io:masterfrom
MikeMcC399:update/nextjs

Conversation

@MikeMcC399
Copy link
Collaborator

@MikeMcC399 MikeMcC399 commented Dec 12, 2025

Situation

Vercel Next.js has further identified high visibility vulnerabilities and is reaching out to users via e-mail in addition to the Security Bulletin: CVE-2025-55184 and CVE-2025-55183 they have published.

npm audit and Dependabot identifies these vulnerabilities as being present in examples/nextjs.

Change

Update examples/nextjs to the latest version:

From To
[email protected] [email protected]

Verification

Execute:

cd examples/nextjs
npm ci
npm audit

and confirm no vulnerabilities are reported. Then execute:

npm run dev

and then in a separate terminal, execute:

npm test

confirming that the Cypress test passes.

@MikeMcC399
fix(deps): update next to 16.0.10
f85f99c 
In examples/nextjs, update
next to 16.0.10
react to 19.2.3
react-dom to 19.2.3
@tailwindcss/postcss to 4.1.18
tailwindcss to 4.1.18
@cypress-app-bot
Copy link

cypress-app-bot commented Dec 12, 2025

@MikeMcC399 MikeMcC399 added bug Something isn't working type: dependencies tests labels Dec 12, 2025
@MikeMcC399 MikeMcC399 self-assigned this Dec 12, 2025
@MikeMcC399 MikeMcC399 marked this pull request as ready for review December 12, 2025 11:07
AtofStryker
AtofStryker approved these changes Dec 12, 2025
View reviewed changes
Copy link
Contributor

@AtofStryker AtofStryker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for bringing this to my attension @MikeMcC399. I'll work on remediating the app dependencies and CT related repos

@AtofStryker AtofStryker merged commit d842ab1 into cypress-io:master Dec 12, 2025
82 checks passed
@github-actions
Copy link

github-actions bot commented Dec 12, 2025

🎉 This PR is included in version 6.10.6 🎉

The release is available on:

Your semantic-release bot 📦🚀

@MikeMcC399
Copy link
Collaborator Author

MikeMcC399 commented Dec 12, 2025

@AtofStryker

Thank you for bringing this to my attension

You're very welcome! Although I wouldn't expect the vulnerabilities to be exploitable in the context of this repo, I simply erred on the side of caution by updating the dependencies anyway.

I'll work on remediating the app dependencies and CT related repos

Good to know that you're planning to handle this in other repos!

@MikeMcC399 MikeMcC399 deleted the update/nextjs branch December 12, 2025 14:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AtofStryker AtofStryker AtofStryker approved these changes

@jennifer-shehane jennifer-shehane Awaiting requested review from jennifer-shehane

Assignees

@MikeMcC399 MikeMcC399

Labels

bug Something isn't working released tests type: dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MikeMcC399 @cypress-app-bot @AtofStryker