3 CVEs in visualizer's Next.js and React versions

[0xtito]

There are three CVEs in the currently used Next.js (16.1.1), and one for the current React version (19.2.3)

Updating to the patched versions:

• Next.js to 16.1.5
• React to 19.2.4

Will do the trick. I have also made a PR for this issue for ease of fix, but understand if the team wants to merge their own!

rlm/visualizer
❯ npm install

added 415 packages, and audited 416 packages in 22s

145 packages are looking for funding
  run `npm fund` for details

1 high severity vulnerability

To address all issues, run:
  npm audit fix --force

Run `npm audit` for details.

rlm/visualizer
❯ npm audit
# npm audit report

next  15.6.0-canary.0 - 16.1.4
Severity: high
Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration - https://github.com/advisories/GHSA-9g9p-9gw9-jx7f
Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components - https://github.com/advisories/GHSA-h25m-26qc-wcjf
Next.js has Unbounded Memory Consumption via PPR Resume Endpoint  - https://github.com/advisories/GHSA-5f7q-jpqc-wp7h
fix available via `npm audit fix --force`
Will install next@16.1.6, which is outside the stated dependency range
node_modules/next

1 high severity vulnerability

To address all issues, run:
  npm audit fix --force