fix: patch next up to latest patch for 14 major to address vulnerability

[rogaldh]

Description

Bump nextjs version to address vulnerability.

Type of change

• Bug fix
• New feature
• Protocol integration
• Documentation update
• Other (please describe): security issue

Related Issues

Issue.

Checklist

• My code follows the project's style guidelines
• I have added tests that prove my fix/feature works
• All tests pass locally and in CI
• I have updated documentation as needed
• CI/CD checks pass
• I have included screenshots for protocol screens (if applicable)
• For security-related features, I have included links to related information

---

Important

Update next version in package.json to 14.2.25 to fix CVE-2025-29927 vulnerability.

• Dependencies:
  • Update next version from 14.2.21 to 14.2.25 in package.json to address CVE-2025-29927 vulnerability.

^{This description was created by for 9087ad3. It will automatically update as commits are pushed.}

[vercel]

@rogaldh is attempting to deploy a commit to the Solana Foundation Team on Vercel.

A member of the Team first needs to authorize it.

[ellipsis-dev]

👍 Looks good to me! Reviewed everything up to 9087ad3 in 34 seconds

More details

• Looked at 13 lines of code in 1 files
• Skipped 1 files when reviewing.
• Skipped posting 3 drafted comments based on config settings.

1. package.json:56

• Draft comment:
  Ensure that the bumped 'next' version (14.2.25) indeed includes the patch for the reported vulnerability CVE-2025-29927.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50%
  This comment is asking the PR author to ensure that a specific version of a dependency includes a patch for a vulnerability. This falls under the category of asking the author to double-check something, which is against the rules.

2. package.json:56

• Draft comment:
  Check compatibility of related packages (e.g., eslint-config-next) with next 14.2.25 to avoid potential issues.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50%
  This comment is asking the PR author to check compatibility of related packages, which falls under the rule of not asking the author to ensure compatibility or to double-check things. It does not provide a specific suggestion or point out a specific issue.

3. package.json:56

• Draft comment:
  Bump next from 14.2.21 to 14.2.25 addresses the CVE. Please verify that this patch fully resolves the vulnerability and consider aligning related packages (e.g., eslint-config-next) if needed.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50%
  The comment is related to a dependency change, specifically a version bump for the 'next' package. It asks the PR author to verify that the patch resolves a vulnerability and to consider aligning related packages. This violates the rule against commenting on dependency changes and asking for verification of intentions.

Workflow ID: wflow_ATA5OTTEbj7oNYBG

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.