Skip to content

Fix dependabot alerts#219

Merged
aurorascharff merged 1 commit into
mainfrom
fix-security-vulnerabilities
May 21, 2026
Merged

Fix dependabot alerts#219
aurorascharff merged 1 commit into
mainfrom
fix-security-vulnerabilities

Conversation

@aurorascharff

Copy link
Copy Markdown
Contributor

No description provided.

@vercel

vercel Bot commented May 21, 2026

Copy link
Copy Markdown
Contributor

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
layouts-playground Ready Ready Preview, Comment, Open in v0 May 21, 2026 11:56am

@aurorascharff aurorascharff changed the title Fix security vulnerabilities Fix dependabot alerts May 21, 2026
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addednext@​16.2.662100919970
Added@​next/​mdx@​16.2.610010010099100

View full report

@aurorascharff
aurorascharff marked this pull request as ready for review May 21, 2026 11:57
Copilot AI review requested due to automatic review settings May 21, 2026 11:57

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates core Next.js dependencies and cleans up pnpm overrides as part of addressing dependency/security alerts in this Next.js playground repo.

Changes:

  • Bump next from 16.2.1-canary.34 to 16.2.6.
  • Bump @next/mdx from 16.2.2 to 16.2.6.
  • Remove pnpm overrides entries for @ungap/structured-clone, diff, and mdast-util-to-hast (keeping the postcss override), and refresh the lockfile accordingly.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated no comments.

File Description
pnpm-workspace.yaml Removes several dependency overrides, leaving only the postcss override.
pnpm-lock.yaml Updates locked Next.js package set to 16.2.6 and reflects the overrides cleanup.
package.json Updates direct dependency versions for next and @next/mdx to 16.2.6.
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@aurorascharff
aurorascharff merged commit 826acaa into main May 21, 2026
6 checks passed
@aurorascharff
aurorascharff deleted the fix-security-vulnerabilities branch May 21, 2026 12:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants