Skip to content

fix(deps): bump login app dependencies to clear Snyk findings#78

Merged
yahyafakhroji merged 1 commit into
mainfrom
chore/login-deps-snyk-fixes
May 13, 2026
Merged

fix(deps): bump login app dependencies to clear Snyk findings#78
yahyafakhroji merged 1 commit into
mainfrom
chore/login-deps-snyk-fixes

Conversation

@yahyafakhroji
Copy link
Copy Markdown

@yahyafakhroji yahyafakhroji commented May 13, 2026
edited
Loading

Summary

Bumps apps/login dependencies to patch 15 known vulnerabilities (8 High, 6 Medium, 1 Low) flagged by Snyk, plus a few safe minor/patch refreshes that came along with npm-check-updates.

Snyk-driven (security)

Package From → To Snyk findings cleared
next 16.2.3 → 16.2.6 13 CVEs — auth-bypass ×3, SSRF, incorrect authorization, weak hash, XSS, resource throttling
next-intl ^4.9.1 → ^4.11.2 Prototype Pollution
uuid ^11.1.0 → ^11.1.1 Improper index validation

Maintenance (safe minor/patch)

Package From → To
@sentry/nextjs ^10.34.0 → ^10.53.1
@headlessui/react ^2.1.9 → ^2.2.10
@heroicons/react 2.1.3 → 2.2.0
react / react-dom 19.2.3 → 19.2.6
react-hook-form 7.39.5 → 7.75.0
@types/react 19.2.3 → 19.2.14

Verification

  • snyk test apps/login → 0 vulnerable paths (was 15)
  • pnpm vitest → 10/10 passing across 3 files
  • pnpm next build → compiles cleanly, TypeScript clean, 36 routes

@yahyafakhroji
fix(deps): bump login app dependencies to clear Snyk findings
613dad0 
Patches 15 known vulnerabilities in @zitadel/login (8 High, 6 Medium,
1 Low) and brings several runtime deps to the latest safe minor/patch.

Snyk-driven (security):
- next 16.2.3 -> 16.2.6 (13 CVEs incl. auth-bypass x3, SSRF, weak hash,
  XSS, incorrect authorization)
- next-intl ^4.9.1 -> ^4.11.2 (prototype pollution)
- uuid ^11.1.0 -> ^11.1.1 (improper index validation)

Maintenance (safe minor/patch):
- @sentry/nextjs ^10.34.0 -> ^10.53.1
- @headlessui/react ^2.1.9 -> ^2.2.10
- @heroicons/react 2.1.3 -> 2.2.0
- react / react-dom 19.2.3 -> 19.2.6
- react-hook-form 7.39.5 -> 7.75.0
- @types/react 19.2.3 -> 19.2.14

Verified:
- snyk test apps/login -> 0 vulnerable paths
- pnpm vitest -> 10/10 passing
- pnpm next build -> compiles, 36 routes
@yahyafakhroji yahyafakhroji merged commit 00f695a into main May 13, 2026
6 checks passed
@ecv ecv deleted the chore/login-deps-snyk-fixes branch May 13, 2026 02:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ecv ecv ecv approved these changes

@kevwilliams kevwilliams Awaiting requested review from kevwilliams

@gaghan430 gaghan430 Awaiting requested review from gaghan430

@mattdjenkinson mattdjenkinson Awaiting requested review from mattdjenkinson

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yahyafakhroji @ecv