Skip to content

Fix next.js vulnerability in onchain-app-template: upgrade to ^15.2.9#2

Open
Copilot wants to merge 3 commits intocopilot/update-documentation-for-repofrom
copilot/update-dependency-version
Open

Fix next.js vulnerability in onchain-app-template: upgrade to ^15.2.9#2
Copilot wants to merge 3 commits intocopilot/update-documentation-for-repofrom
copilot/update-dependency-version

Conversation

Copy link
Copy Markdown

Copilot AI commented Feb 27, 2026
edited
Loading

next ^14.2.35 falls within the vulnerable range >= 13.0.0, < 15.0.8 for an HTTP request deserialization DoS (insecure React Server Components). Minimum safe version is 15.0.8; bumped to ^15.2.9 which has no known vulnerabilities.

Changes

  • onchain-app-template/package.json
    • next: ^14.2.35^15.2.9
    • resolutions retained for transitive dependency fixes (cross-spawn, sha.js, node-forge, bn.js, glob, h3, lodash, minimatch)
    • @wagmi/cli pinned at 2.10.0 (picks up patched esbuild)
"dependencies": {
  "next": "^15.2.9"
},
"resolutions": {
  "cross-spawn": "^7.0.5",
  "sha.js": "^2.4.12",
  "node-forge": "^1.3.3",
  "bn.js": "^5.2.3",
  "glob": "^10.5.0",
  "h3": "^1.15.5",
  "lodash": "^4.17.23",
  "minimatch": "^10.2.1"
}
Original prompt

Reference: 2cddc04

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI and others added 2 commits February 27, 2026 01:14
@Deejae69
Fix next version to ^14.2.35 as per referenced commit 2cddc04
8ef9088 
Co-authored-by: Deejae69 <179696940+Deejae69@users.noreply.github.com>
@Deejae69
Update next to ^15.2.9 to fix HTTP deserialization DoS vulnerability
ea653d0 
Co-authored-by: Deejae69 <179696940+Deejae69@users.noreply.github.com>
Copilot AI changed the title [WIP] Update dependency version in project Fix next.js vulnerability in onchain-app-template: upgrade to ^15.2.9 Feb 27, 2026
@Deejae69 Deejae69 marked this pull request as ready for review March 3, 2026 06:22
Copilot AI review requested due to automatic review settings March 3, 2026 06:22
Copilot AI reviewed Mar 3, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@Deejae69 Deejae69 Deejae69 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@Deejae69 Deejae69

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Deejae69