fix: update dependencies to fix vulnerabilities (#3399)

### **PR Type** Enhancement, Bug fix ___ ### **Description** - Update dependencies to address vulnerabilities - Improve DTS plugin configuration in Vite - Update Next.js and GraphQL Codegen CLI - Add resolutions for security patches ___ ### Diagram Walkthrough ```mermaid flowchart LR A["Security Updates"] --> B["Dependency Upgrades"] B --> C["Next.js 14.2.30"] B --> D["GraphQL Codegen CLI 5.0.7"] A --> E["Vite DTS Plugin 4.5.4"] E --> F["Improved DTS Configuration"] A --> G["Additional Resolutions"] ``` <details> <summary><h3> File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody></tr></tbody></table> </details> ___
2025-07-23 13:55:15 +02:00
parent 59249e5161
commit b8cb491ab1
7 changed files with 283 additions and 254 deletions
--- a/.changeset/slow-oranges-jump.md
+++ b/.changeset/slow-oranges-jump.md
@@ -0,0 +1,11 @@
+---
+'@nhost-examples/nextjs-server-components': minor
+'@nhost-examples/codegen-react-apollo': minor
+'@nhost-examples/codegen-react-query': minor
+'@nhost-examples/codegen-react-urql': minor
+'@nhost-examples/nextjs': minor
+'@nhost/nextjs': minor
+'@nhost/dashboard': minor
+---
+
+fix: update dependencies to fix vulnerabilities
--- a/dashboard/package.json
+++ b/dashboard/package.json
@@ -91,7 +91,7 @@
    "jwt-decode": "^4.0.0",
    "lodash.debounce": "^4.0.8",
    "lucide-react": "^0.416.0",
-    "next": "^14.2.26",
+    "next": "^14.2.30",
    "next-nprogress-bar": "^2.3.13",
    "next-seo": "^6.5.0",
    "next-themes": "^0.3.0",
--- a/examples/nextjs/package.json
+++ b/examples/nextjs/package.json
@@ -24,7 +24,7 @@
    "@nhost/react": "workspace:^",
    "@nhost/react-apollo": "workspace:^",
    "graphql": "16.8.1",
-    "next": "^14.2.26",
+    "next": "^14.2.30",
    "react": "18.2.0",
    "react-dom": "18.2.0",
    "react-icons": "^4.12.0"
@@ -41,4 +41,4 @@
    "ws": "^8.16.0",
    "xstate": "^4.38.3"
  }
-}
+}
--- a/examples/quickstarts/nextjs-server-components/package.json
+++ b/examples/quickstarts/nextjs-server-components/package.json
@@ -18,7 +18,7 @@
    "form-data": "^4.0.0",
    "graphql": "16.8.1",
    "js-cookie": "^3.0.5",
-    "next": "^14.2.26",
+    "next": "^14.2.30",
    "postcss": "^8.4.38",
    "react": "^18.2.0",
    "react-dom": "^18.2.0",
--- a/package.json
+++ b/package.json
@@ -179,7 +179,12 @@
      "@sveltejs/kit@>=2.0.0 <2.20.6": ">=2.20.6",
      "react-router@<7.5.2": ">=7.5.2",
      "undici@<5.29.0": ">=5.29.0",
-      "tar-fs@>=3.0.0 <3.0.9": ">=3.0.9"
+      "tar-fs@>=3.0.0 <3.0.9": ">=3.0.9",
+      "brace-expansion@>=1.0.0 <=1.1.11": "~1.1.12",
+      "brace-expansion@>=2.0.0 <=2.0.1": "~2.0.2",
+      "on-headers@<1.1.0": ">=1.1.0",
+      "form-data@>=4.0.0 <4.0.4": ">=4.0.4",
+      "form-data@<2.5.4": ">=2.5.4"
    }
  }
 }
--- a/packages/nextjs/package.json
+++ b/packages/nextjs/package.json
@@ -78,7 +78,7 @@
  "devDependencies": {
    "@nhost/docgen": "workspace:*",
    "@types/js-cookie": "^3.0.6",
-    "next": "^14.2.26",
+    "next": "^14.2.30",
    "react": "^18.2.0",
    "react-dom": "^18.2.0"
  }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml