[PR #342] [MERGED] chore(deps): upgrade to Next.js 16, Vitest 4, and Node.js 24 #373

New issue

Closed

opened 2026-02-26 12:41:09 +03:00 by kerem · 0 comments

kerem commented

2026-02-26 12:41:09 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/community-scripts/ProxmoxVE-Local/pull/342
Author: @MickLesk
Created: 11/24/2025
Status: ✅ Merged
Merged: 11/24/2025
Merged by: @michelroegl-brunner

Base: main ← Head: node24_securityfix

📝 Commits (1)

72c0246 chore(deps): upgrade to Next.js 16, Vitest 4, and Node.js 24

📊 Changes

4 files changed (+1081 additions, -1713 deletions)

View changed files

📝 next.config.js (+11 -4)
📝 package-lock.json (+1053 -1695)
📝 package.json (+16 -13)
📝 tsconfig.json (+1 -1)

📄 Description

✍️ Description

BREAKING CHANGES:

Upgrade Next.js from 15.1.6 to 16.0.4
Use Webpack instead of Turbopack for compatibility with server-side modules
Upgrade Node.js requirement to >=24.0.0

FEATURES:

Upgrade Vitest to 4.0.13 with improved testing capabilities
Update all vitest-related packages (@vitest/ui, @vitest/coverage-v8)
Upgrade react-syntax-highlighter to 16.1.0
Update node-cron to 4.2.1
Update lucide-react to 0.554.0

SECURITY:

Resolve glob command injection vulnerability (CVE) via v10.5.0
Fix all npm audit vulnerabilities (0 vulnerabilities found)
Update prisma/client to 6.19.0
Update all dependencies to latest secure versions

FIXES:

Configure next.config.js for webpack with proper server-side module handling
Update tsconfig.json for Next.js 16 compatibility (jsx: react-jsx)
Add engines field to require Node.js >=24.0.0
Remove deprecated webpack config in favor of Next.js 16 compatibility

Link: #307 #325 #330 #332 #334

✅ Prerequisites (X in brackets)

Self-review completed – Code follows project standards.
Tested thoroughly – Changes work as expected.
No security risks – No hardcoded secrets, unnecessary privilege escalations, or permission issues.

Screenshot for frontend Change

🛠️ Type of Change (X in brackets)

🐞 Bug fix – Resolves an issue without breaking functionality.
✨ New feature – Adds new, non-breaking functionality.
💥 Breaking change – Alters existing functionality in a way that may require updates.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/community-scripts/ProxmoxVE-Local/pull/342 **Author:** [@MickLesk](https://github.com/MickLesk) **Created:** 11/24/2025 **Status:** ✅ Merged **Merged:** 11/24/2025 **Merged by:** [@michelroegl-brunner](https://github.com/michelroegl-brunner) **Base:** `main` ← **Head:** `node24_securityfix` --- ### 📝 Commits (1) - [`72c0246`](https://github.com/community-scripts/ProxmoxVE-Local/commit/72c0246d8c947a8d1763a4ac8a009f218c09b772) chore(deps): upgrade to Next.js 16, Vitest 4, and Node.js 24 ### 📊 Changes **4 files changed** (+1081 additions, -1713 deletions) <details> <summary>View changed files</summary> 📝 `next.config.js` (+11 -4) 📝 `package-lock.json` (+1053 -1695) 📝 `package.json` (+16 -13) 📝 `tsconfig.json` (+1 -1) </details> ### 📄 Description  ## ✍️ Description BREAKING CHANGES: - Upgrade Next.js from 15.1.6 to 16.0.4 - Use Webpack instead of Turbopack for compatibility with server-side modules - Upgrade Node.js requirement to >=24.0.0 FEATURES: - Upgrade Vitest to 4.0.13 with improved testing capabilities - Update all vitest-related packages (@vitest/ui, @vitest/coverage-v8) - Upgrade react-syntax-highlighter to 16.1.0 - Update node-cron to 4.2.1 - Update lucide-react to 0.554.0 SECURITY: - Resolve glob command injection vulnerability (CVE) via v10.5.0 - Fix all npm audit vulnerabilities (0 vulnerabilities found) - Update prisma/client to 6.19.0 - Update all dependencies to latest secure versions FIXES: - Configure next.config.js for webpack with proper server-side module handling - Update tsconfig.json for Next.js 16 compatibility (jsx: react-jsx) - Add engines field to require Node.js >=24.0.0 - Remove deprecated webpack config in favor of Next.js 16 compatibility ## 🔗 Related PR / Issue Link: #307 #325 #330 #332 #334 <img width="3000" height="2000" alt="image" src="https://github.com/user-attachments/assets/ffd2b066-302b-469c-aea6-994f14ff54f4" /> ## ✅ Prerequisites (**X** in brackets) - [x] **Self-review completed** – Code follows project standards. - [x] **Tested thoroughly** – Changes work as expected. - [x] **No security risks** – No hardcoded secrets, unnecessary privilege escalations, or permission issues. ## Screenshot for frontend Change --- ## 🛠️ Type of Change (**X** in brackets) - [x] 🐞 **Bug fix** – Resolves an issue without breaking functionality. - [x] ✨ **New feature** – Adds new, non-breaking functionality. - [x] 💥 **Breaking change** – Alters existing functionality in a way that may require updates. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>