From 24e9a77bb97ba3377633ef8ad3475db786c88eb1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Dec 2025 22:42:14 +0000
Subject: [PATCH] Bump mdast-util-to-hast in /starters/nextjs/shopify-ecommerce

Bumps [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) from 13.2.0 to 13.2.1.
- [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases)
- [Commits](https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1)

---
updated-dependencies:
- dependency-name: mdast-util-to-hast
  dependency-version: 13.2.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 starters/nextjs/shopify-ecommerce/pnpm-lock.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/starters/nextjs/shopify-ecommerce/pnpm-lock.yaml b/starters/nextjs/shopify-ecommerce/pnpm-lock.yaml
index adc84167..4949ba86 100644
--- a/starters/nextjs/shopify-ecommerce/pnpm-lock.yaml
+++ b/starters/nextjs/shopify-ecommerce/pnpm-lock.yaml
@@ -1822,6 +1822,7 @@ packages:
   next@15.0.3:
     resolution: {integrity: sha512-ontCbCRKJUIoivAdGB34yCaOcPgYXr9AAkV/IwqFfWWTXEPUgLYkSkqBhIk9KK7gGmgjc64B+RdoeIDM13Irnw==}
     engines: {node: ^18.18.0 || ^19.8.0 || >= 20.0.0}
+    deprecated: This version has a security vulnerability. Please upgrade to a patched version. See https://nextjs.org/blog/CVE-2025-66478 for more details.
     hasBin: true
     peerDependencies:
       '@opentelemetry/api': ^1.1.0