[Snyk] Security upgrade next from 16.1.5 to 16.1.7

[nihaltp]

Snyk has created this PR to fix 5 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue
	Allocation of Resources Without Limits or Throttling SNYK-JS-NEXT-15674556
	Cross-site Request Forgery (CSRF) SNYK-JS-NEXT-15674557
	HTTP Request Smuggling SNYK-JS-NEXT-15674558
	Allocation of Resources Without Limits or Throttling SNYK-JS-NEXT-15674559
	Missing Origin Validation in WebSockets SNYK-JS-NEXT-15674560

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling
🦉 Cross-site Request Forgery (CSRF)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
my-repos	Ready	Preview, Comment, Open in v0	Apr 9, 2026 6:13am

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9cae2933-7328-4df1-a6a8-b2a6afff9614

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch snyk-fix-ba539c40e72ea0e5dfe1cb6ab75b92e8

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR is a Snyk-driven dependency security update intended to remediate known vulnerabilities in Next.js by upgrading the project’s Next.js version.

Changes:

• Bump next from 16.1.5 to 16.1.7 in package.json.
• Update package-lock.json to reflect the new dependency graph for next@16.1.7.
• Update pnpm-lock.yaml entries related to Next.js (but currently appears out of sync with package.json).

Reviewed changes

Copilot reviewed 1 out of 3 changed files in this pull request and generated 1 comment.

File	Description
package.json	Updates next to 16.1.7 (the intended vulnerability remediation).
package-lock.json	Updates npm lockfile dependency resolutions for the Next.js upgrade.
pnpm-lock.yaml	Should reflect the Next.js upgrade for pnpm installs, but currently still pins next@16.1.5 in multiple places.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

pnpm-lock.yaml still pins next (and dependent entries like geist) to 16.1.5, while package.json has been upgraded to 16.1.7. This will cause pnpm installs to continue using the vulnerable Next version; regenerate/update the pnpm lockfile so all next@16.1.5 references are updated to 16.1.7 (including snapshots/packages sections).