[Snyk] Security upgrade next from 13.4.2 to 14.2.35

[snyk-io]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• gui/package.json
• gui/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Deserialization of Untrusted Data SNYK-JS-NEXT-14400636	685
	Improper Input Validation SNYK-JS-NANOID-8492085	465

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation
🦉 Deserialization of Untrusted Data

---

EntelligenceAI PR Summary

Major Next.js framework upgrade from version 13.4.2 to 14.2.35 with dependency and runtime requirement updates.

• Upgraded Next.js framework to version 14.2.35
• Updated all platform-specific SWC compiler binaries (darwin, linux, win32 variants)
• Updated transitive dependencies: @swc/helpers (0.5.1 → 0.5.5), caniuse-lite (1.0.30001491 → 1.0.30001760), nanoid (3.3.6 → 3.3.11), postcss (8.4.14 → 8.4.31), source-map-js (1.0.2 → 1.2.1)
• Removed 'zod' dependency (3.21.4) and added '@swc/counter'
• Raised minimum Node.js version from 16.8.0 to 18.17.0
• Updated peer dependencies: removed 'fibers' and 'node-sass', added optional '@playwright/test' support

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[entelligence-ai-pr-reviews]

Entelligence AI Vulnerability Scanner

Status: No security vulnerabilities found

Your code passed our comprehensive security analysis.

[entelligence-ai-pr-reviews]

Walkthrough

This PR upgrades the Next.js framework from version 13.4.2 to 14.2.35, representing a major version bump that brings the application to the latest stable release in the Next.js 14.x line. The upgrade includes updates to all platform-specific SWC compiler binaries and several transitive dependencies. Notable changes include the removal of the 'zod' dependency, addition of '@swc/counter', and updated peer dependency requirements. The minimum Node.js version requirement has been raised from 16.8.0 to 18.17.0, reflecting Next.js 14's runtime requirements. This update likely includes performance improvements, new features, and bug fixes, but may require testing for breaking changes.

Changes

File(s)

Summary

gui/package.json gui/package-lock.json

Upgraded Next.js from 13.4.2 to 14.2.35 with corresponding lockfile updates including all platform-specific SWC compiler binaries, transitive dependencies (@swc/helpers, caniuse-lite, nanoid, postcss, source-map-js), minimum Node.js version (16.8.0 → 18.17.0), removed 'zod' dependency, added '@swc/counter', and updated peer dependencies (removed 'fibers' and 'node-sass', added optional '@playwright/test').

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant App as Next.js Application
    participant NextCore as Next.js Core (v14.2.35)
    participant Env as @next/env
    participant SWC as SWC Compiler
    participant Helpers as @swc/helpers
    participant Counter as @swc/counter (NEW)
    participant PostCSS as PostCSS (v8.4.31)
    participant StyledJSX as styled-jsx

    App->>NextCore: Initialize Application
    activate NextCore
    
    NextCore->>Env: Load environment variables
    activate Env
    Env-->>NextCore: Environment config
    deactivate Env
    
    NextCore->>SWC: Compile TypeScript/JavaScript
    activate SWC
    
    SWC->>SWC: Select platform-specific binary<br/>(darwin-arm64, linux-x64, win32, etc.)
    
    SWC->>Helpers: Import helper functions (v0.5.5)
    activate Helpers
    
    Helpers->>Counter: Track compilation metrics
    activate Counter
    Counter-->>Helpers: Metrics data
    deactivate Counter
    
    Helpers-->>SWC: Helper utilities
    deactivate Helpers
    
    SWC-->>NextCore: Compiled code
    deactivate SWC
    
    NextCore->>PostCSS: Process CSS files
    activate PostCSS
    
    PostCSS->>PostCSS: Parse and transform CSS<br/>(using nanoid v3.3.11)
    PostCSS-->>NextCore: Processed CSS
    deactivate PostCSS
    
    NextCore->>StyledJSX: Process styled-jsx components
    activate StyledJSX
    StyledJSX-->>NextCore: Compiled styles
    deactivate StyledJSX
    
    NextCore->>NextCore: Check browser compatibility<br/>(caniuse-lite v1.0.30001760)
    
    NextCore-->>App: Application ready
    deactivate NextCore
    
    Note over App,NextCore: Node.js >= 18.17.0 required (upgraded from 16.8.0)
    Note over SWC,Counter: New @swc/counter dependency for metrics tracking
    Note over NextCore: Removed: zod, fibers, node-sass dependencies

Loading

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.