Skip to content

Upgrade Next.js dependencies and harden contributor fetch #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
minorcell wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Upgrade Next.js dependencies and harden contributor fetch #16

minorcell wants to merge 2 commits into from

Conversation

@minorcell
Copy link
Owner

@minorcell minorcell commented Dec 4, 2025
edited by linearb bot
Loading

Summary

  • bump Next.js-related dependencies to 15.1.4 and align npm/pnpm lockfiles
  • standardize npm registry configuration on npmjs for consistent installs
  • add resilient GitHub contributor fetching with revalidation to avoid build failures when offline

Testing

  • CI=1 pnpm build

Codex Task

✨ PR Description

Purpose: Upgrade Next.js from 15.0.4 to 15.1.4 to patch RCE vulnerability and improve contributor fetch resilience with proper error handling.

Main changes:

  • Updated Next.js and @next/mdx dependencies to version 15.1.4 to address security vulnerability
  • Added comprehensive error handling in getContributors with try-catch and HTTP status validation
  • Configured .npmrc with explicit registry settings to prevent dependency confusion attacks
  • Implemented hourly revalidation cache strategy to reduce GitHub API rate limit pressure

Generated by LinearB AI and added by gitStream.
AI-generated content may contain inaccuracies. Please verify before using.
💡 Tip: You can customize your AI Description using Guidelines Learn how

@vercel
Copy link
Contributor

vercel bot commented Dec 4, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
perfedge Error Error Dec 5, 2025 7:43am

linearb[bot]
linearb bot reviewed Dec 10, 2025
View reviewed changes
Copy link

@linearb linearb bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✨ PR Review

LGTM

Generated by LinearB AI and added by gitStream.
AI-generated content may contain inaccuracies. Please verify before using.
💡 Tip: You can customize your AI Review using Guidelines Learn how

@linearb linearb bot added the 1 min review label Dec 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@linearb linearb[bot] linearb[bot] left review comments

Assignees

No one assigned

Labels

1 min review codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@minorcell