letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

chore(deps): bump next 15.2.9→15.5.18 + drizzle-orm 0.38.4→0.45.2 (Phase 1b/c)
Some checks failed
Build & Push Docker Images / lint (push) Successful in 1m31s
Details
Build & Push Docker Images / build-and-push (push) Has been cancelled
Details

Browse Source 
Security-driven version bumps; both stay within their existing major.

next 15.2.9 → 15.5.18 closes (1 high + 6 moderate next-specific CVEs):
- DoS via Server Components (high)
- Image Optimizer cache key confusion / content injection (moderate)
- Improper middleware redirect handling → SSRF (moderate)
- HTTP request smuggling in rewrites (moderate)
- Unbounded next/image disk cache growth → storage exhaustion (moderate)
- Self-hosted DoS via Image Optimizer remotePatterns (moderate)

drizzle-orm 0.38.4 → 0.45.2 closes:
- SQL injection via improperly escaped SQL identifiers (high)

Drizzle 0.45 changed query-error wrapping: outer Error.message is now
generic ("Failed query: insert into ...") with the postgres error on
.cause. Two integration test suites updated to assert on
cause.code === '23505' (postgres unique_violation) instead of message
regex — more robust + unambiguous.

eslint-config-next bumped 15.2.9 → 15.5.18 to match.
drizzle-kit bumped 0.30.6 → 0.31.10 to match.

Note: next-env.d.ts is auto-generated by next at build time; not
committed here (the new triple-slash routes reference would fail the
project's eslint rule, and CI regenerates it anyway).

Tests: 1185/1185 vitest passing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt
2026-05-08 16:34:01 +02:00
parent 6c159a8cac
commit e2b5898efc
4 changed files with 106 additions and 600 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
package.json
View File

@@ -66,7 +66,7 @@
"clsx": "^2.1.1",
"cmdk": "^1.1.1",
"date-fns": "^4.1.0",
"drizzle-orm": "^0.38.4",
"drizzle-orm": "^0.45.2",
"imapflow": "^1.3.3",
"ioredis": "^5.10.1",
"iso-3166-2": "^1.0.0",
@@ -75,7 +75,7 @@
"lucide-react": "^0.460.0",
"mailparser": "^3.9.8",
"minio": "^8.0.7",
"next": "15.2.9",
"next": "15.5.18",
"next-themes": "^0.4.6",
"nodemailer": "^6.10.1",
"openai": "^6.37.0",
@@ -114,10 +114,10 @@
"@vitest/coverage-v8": "^4.1.5",
"autoprefixer": "^10.5.0",
"dotenv": "^17.4.2",
"drizzle-kit": "^0.30.6",
"drizzle-kit": "^0.31.10",
"esbuild": "^0.25.12",
"eslint": "^9.39.4",
"eslint-config-next": "15.2.9",
"eslint-config-next": "15.5.18",
"eslint-config-prettier": "^9.1.2",
"husky": "^9.1.7",
"lint-staged": "^15.5.2",

682
pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff

4
tests/integration/ownership-transfer.test.ts
View File

@@ -69,6 +69,8 @@ describe('transferOwnership', () => {
endDate: null,
createdBy: 'test',
}),
).rejects.toThrow(/duplicate key/i);
).rejects.toMatchObject({
cause: expect.objectContaining({ code: '23505' }),
});
});
});

12
tests/integration/schema-constraints.test.ts
View File

@@ -64,7 +64,9 @@ describe('schema constraints', () => {
endDate: null, // another open row — should violate partial unique
createdBy: 'test',
}),
).rejects.toThrow(/duplicate key|unique/i);
).rejects.toMatchObject({
cause: expect.objectContaining({ code: '23505' }),
});
},
);
@@ -104,7 +106,9 @@ describe('schema constraints', () => {
startDate: new Date(),
createdBy: 'test',
}),
).rejects.toThrow(/duplicate key|unique/i);
).rejects.toMatchObject({
cause: expect.objectContaining({ code: '23505' }),
});
});
itDb(
@@ -154,7 +158,9 @@ describe('schema constraints', () => {
await expect(
db.insert(companies).values({ portId: port.id, name: 'AEGEAN HOLDINGS' }),
).rejects.toThrow(/duplicate key|unique/i);
).rejects.toMatchObject({
cause: expect.objectContaining({ code: '23505' }),
});
});
itDb('allows same-name companies in different ports', async () => {