Update next to 14.2.32 in dashboard-service #45
Conversation
|
This repository is associated with groupthinking whose free trial has ended. Subscribe at jazzberry.ai. |
|
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the Comment |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Co-authored-by: groupthinking <[email protected]>
There was a problem hiding this comment.
Pull request overview
This PR manually updates Next.js from version ^14.0.3 to 14.2.32 in the dashboard service to apply security fixes. This addresses a stuck Dependabot PR (#14) that has been unable to complete due to a path mismatch issue.
Key Changes:
- Updated
nextdependency from^14.0.3to14.2.32inpackage.json - Updated
package-lock.jsonwith new Next.js version and all related@next/*package entries - Version pinning removes semver range operator (changed from
^14.0.3to exact14.2.32)
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| services/dashboard-service/package.json | Updated Next.js version to 14.2.32 with exact version pinning |
| services/dashboard-service/package-lock.json | Updated lockfile with new Next.js 14.2.32 dependencies and all related @next/* packages |
Files not reviewed (1)
- services/dashboard-service/package-lock.json: Language not supported
| "react": "^18.2.0", | ||
| "react-dom": "^18.2.0", | ||
| "next": "^14.0.3", | ||
| "next": "14.2.32", |
There was a problem hiding this comment.
The version has been pinned (removing the ^ prefix) which means future npm install or npm update commands won't automatically pick up newer patch versions of Next.js. While this provides more control, it means security updates won't be automatically applied. Consider keeping the ^ prefix (i.e., "next": "^14.2.32") to allow automatic patch updates while staying on the 14.2.x version range, or document why strict version pinning is required for this dependency.
| "next": "14.2.32", | |
| "next": "^14.2.32", |
Dependabot PR #14 has been stuck 82+ days due to path mismatch (
/files/services/dashboard-servicevs actual/services/dashboard-service). Manually applying the security update.Changes
nextto14.2.32inservices/dashboard-service/package.json(was^14.0.3)package-lock.jsonaccordinglyNext.js 14.2.32 Fixes
next/imagecontent-type detection (#82179)next/imageoptimizer headers (#82178)Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com//advisories/home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js(http block)If you need me to access, download, or install something from one of these locations, you can either:
Original prompt
This pull request was created as a result of the following prompt from Copilot chat.
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.