security: fix CVE-2025-66478 - update Next.js

[emmanuelish]

Summary by CodeRabbit

• Chores
  • Updated framework dependency to the latest patch version for improved stability and bug fixes.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

@emmanuelish is attempting to deploy a commit to the JS Mastery Pro Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

Walkthrough

The package.json dependency for Next.js has been updated from version 14.2.3 to 14.2.35. This is a patch-level version bump with no changes to other dependencies, build scripts, or configuration settings.

Changes

Cohort / File(s)	Change Summary
Dependency Update package.json	Next.js dependency upgraded from 14.2.3 to 14.2.35

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

• Single-file change with straightforward version bump
• No logic, configuration, or behavioral modifications to review
• Verify version compatibility if breaking changes exist between 14.2.3 and 14.2.35

Poem

🐰 A version bump, so small, so neat,
Next.js grows with each heartbeat,
Fourteen-two-three becomes thirty-five,
Package managers keep us alive! 📦✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'security: fix CVE-2025-66478 - update Next.js' directly matches the changeset, which updates Next.js to address a specific security vulnerability.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b8d5a8e and a118f7b.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json (1 hunks)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Update eslint-config-next to match the Next.js version.

The next package has been updated to 14.2.35, but eslint-config-next remains at 14.2.3 in devDependencies. This version mismatch can lead to inconsistent linting rules and potential compatibility issues.

Update eslint-config-next to 14.2.35 to align with the Next.js version:

-    "eslint-config-next": "14.2.3",
+    "eslint-config-next": "14.2.35",

Also applies to: 44-44

🤖 Prompt for AI Agents

In package.json around lines 25 and 44, the devDependency "eslint-config-next"
is still at 14.2.3 while "next" was bumped to 14.2.35; update the
"eslint-config-next" entry to "14.2.35" to match, then run your package manager
(npm/yarn/pnpm) to install and update the lockfile so dependencies stay
consistent.