Commit 613dad0
committed
fix(deps): bump login app dependencies to clear Snyk findings
Patches 15 known vulnerabilities in @zitadel/login (8 High, 6 Medium,
1 Low) and brings several runtime deps to the latest safe minor/patch.
Snyk-driven (security):
- next 16.2.3 -> 16.2.6 (13 CVEs incl. auth-bypass x3, SSRF, weak hash,
XSS, incorrect authorization)
- next-intl ^4.9.1 -> ^4.11.2 (prototype pollution)
- uuid ^11.1.0 -> ^11.1.1 (improper index validation)
Maintenance (safe minor/patch):
- @sentry/nextjs ^10.34.0 -> ^10.53.1
- @headlessui/react ^2.1.9 -> ^2.2.10
- @heroicons/react 2.1.3 -> 2.2.0
- react / react-dom 19.2.3 -> 19.2.6
- react-hook-form 7.39.5 -> 7.75.0
- @types/react 19.2.3 -> 19.2.14
Verified:
- snyk test apps/login -> 0 vulnerable paths
- pnpm vitest -> 10/10 passing
- pnpm next build -> compiles, 36 routes1 parent dc3a5c6 commit 613dad0
2 files changed
Lines changed: 901 additions & 646 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
23 | 23 | | |
24 | 24 | | |
25 | 25 | | |
26 | | - | |
27 | | - | |
28 | | - | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
29 | 29 | | |
30 | 30 | | |
31 | 31 | | |
| |||
36 | 36 | | |
37 | 37 | | |
38 | 38 | | |
39 | | - | |
40 | | - | |
| 39 | + | |
| 40 | + | |
41 | 41 | | |
42 | 42 | | |
43 | 43 | | |
44 | | - | |
45 | | - | |
46 | | - | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
47 | 47 | | |
48 | | - | |
| 48 | + | |
49 | 49 | | |
50 | 50 | | |
51 | 51 | | |
52 | 52 | | |
53 | 53 | | |
54 | 54 | | |
55 | 55 | | |
56 | | - | |
| 56 | + | |
57 | 57 | | |
58 | 58 | | |
59 | 59 | | |
| |||
0 commit comments