Skip to content

feat: update next#2391

Merged
wilsonrivera merged 1 commit intomainfrom
wilson/eng-8621-update-next-to-latest-version
Dec 3, 2025
Merged

feat: update next#2391
wilsonrivera merged 1 commit intomainfrom
wilson/eng-8621-update-next-to-latest-version

Conversation

@wilsonrivera
Copy link
Copy Markdown
Contributor

@wilsonrivera wilsonrivera commented Dec 3, 2025
edited by coderabbitai Bot
Loading

Summary by CodeRabbit

  • Chores
    • Upgraded Next.js to version 15.4.8

✏️ Tip: You can customize this high-level summary in your review settings.

Checklist

@wilsonrivera wilsonrivera requested a review from SkArchon December 3, 2025 20:49
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Dec 3, 2025
edited
Loading

Walkthrough

Next.js dependency version bumped from 15.4.7 to 15.4.8 across package.json files. PNPM overrides and studio package configurations updated correspondingly. No changes to exports, APIs, control flow, or error handling.

Changes

Cohort / File(s) Change Summary
Next.js version bump
package.json, studio/package.json		 Upgrade Next.js from 15.4.7 to 15.4.8 in PNPM overrides and studio package dependencies

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

  • Version bump is purely a dependency update with no code logic or configuration changes to review
  • Homogeneous change applied consistently across two similar files

Possibly related PRs

Pre-merge checks

❌ Failed checks (1 inconclusive)
Check name Status Explanation Resolution
Title check ❓ Inconclusive The title 'feat: update next' is vague and lacks specificity about which version of Next.js is being updated to, despite the branch name and changes indicating a version bump from 15.4.7 to 15.4.8. Consider using a more specific title like 'feat: update next to 15.4.8' or 'feat: bump next from 15.4.7 to 15.4.8' to clearly communicate the version change.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov
Copy link
Copy Markdown

codecov Bot commented Dec 3, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@276bc8f). Learn more about missing BASE report.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2391   +/-   ##
=======================================
  Coverage        ?   34.64%           
=======================================
  Files           ?      340           
  Lines           ?    33837           
  Branches        ?      251           
=======================================
  Hits            ?    11722           
  Misses          ?    21086           
  Partials        ?     1029

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Dec 3, 2025
edited
Loading

Router image scan passed

✅ No security vulnerabilities found in image:

ghcr.io/wundergraph/cosmo/router:sha-6b6670a14892bc153a242b6659baae8d9c820f29

coderabbitai[bot]
coderabbitai Bot reviewed Dec 3, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 276bc8f and 1b92598.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (2)
  • package.json (1 hunks)
  • studio/package.json (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (16)
  • GitHub Check: build_test
  • GitHub Check: build_push_image
  • GitHub Check: integration_test (./events)
  • GitHub Check: integration_test (./telemetry)
  • GitHub Check: integration_test (./. ./fuzzquery ./lifecycle ./modules)
  • GitHub Check: build_test
  • GitHub Check: build_test
  • GitHub Check: image_scan (nonroot)
  • GitHub Check: image_scan
  • GitHub Check: build_push_image (nonroot)
  • GitHub Check: build_push_image
  • GitHub Check: build_test
  • GitHub Check: build_push_image
  • GitHub Check: build_test
  • GitHub Check: Analyze (go)
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (1)
package.json (1)

71-71: Approve consistency, but enforce security-critical review process.

Both package.json (overrides) and studio/package.json (dependencies) now consistently target Next.js 15.4.8, which is good for monorepo integrity. However, since this version patches a CVSS 10.0 critical RCE vulnerability (CVE-2025-66478), ensure the test/verification checklist boxes are completed before merge.

Consider adding a release note or ADR documenting the security motivation for this patch.

Comment thread studio/package.json
StarpTech
StarpTech approved these changes Dec 3, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@StarpTech StarpTech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@wilsonrivera wilsonrivera merged commit 5683e0f into main Dec 3, 2025
58 of 59 checks passed
@wilsonrivera wilsonrivera deleted the wilson/eng-8621-update-next-to-latest-version branch December 3, 2025 21:31
@coderabbitai coderabbitai Bot mentioned this pull request Dec 12, 2025
Merged
5 tasks
asoorm pushed a commit that referenced this pull request Dec 16, 2025
@wilsonrivera @asoorm
feat: update next (#2391)
89d5114
@coderabbitai coderabbitai Bot mentioned this pull request Mar 13, 2026
Merged
5 tasks
@coderabbitai coderabbitai Bot mentioned this pull request Mar 27, 2026
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@StarpTech StarpTech StarpTech approved these changes

@JivusAyrus JivusAyrus Awaiting requested review from JivusAyrus JivusAyrus is a code owner

@thisisnithin thisisnithin Awaiting requested review from thisisnithin thisisnithin is a code owner

@SkArchon SkArchon Awaiting requested review from SkArchon SkArchon is a code owner automatically assigned from wundergraph/router

Assignees

No one assigned

Labels

monorepo studio

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wilsonrivera @StarpTech