Fix CVE-2025-66478

[hpware]

Summary by CodeRabbit

• Chores

  • Updated Next.js to the latest patch release for improved stability and performance.
  • Bumped application version to v0.1.9.

• Documentation

  • Added release notes for v0.1.9 highlighting a security fix (CVE-2025-66478) and related release context.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[dokploy-hpwartwweb2]

Dokploy Preview Deployment

Name	Status	Preview	Updated (UTC)
app	✅ Done	Preview URL	2025-12-05T06:10:07.718Z

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Bumps Next.js in apps/web/package.json from ^16.0.2 to ^16.0.7, adds release notes file Versions/v0-1-9.md, and updates the exported version in apps/web/projectData.ts from 0.1.8 to 0.1.9.

Changes

Cohort / File(s)	Summary
Dependency update apps/web/package.json	Updated Next.js dependency from ^16.0.2 to ^16.0.7.
Release notes added Versions/v0-1-9.md	Added release notes describing v0.1.9 and referencing a CVE fix (CVE-2025-66478) context.
Version bump in app data apps/web/projectData.ts	Updated exported version value from 0.1.8 to 0.1.9 (no API/signature changes).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Check apps/web/package.json for transitive dependency implications and run local build/tests.
• Review Versions/v0-1-9.md for accuracy and formatting.
• Verify apps/web/projectData.ts version bump is consistent with release notes and any CI/release pipelines.

Possibly related PRs

• Update packages & Next version #7: Earlier Next.js dependency bump to ^16.0.2 in apps/web/package.json, related as a previous step in the same dependency upgrade.

Poem

🐰 I hopped through code with nimble feet,

bumped a version — tidy and neat.
Notes and numbers all in line,
0.1.9, a tiny sign.
🍃 A carrot celebration, small and sweet.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Fix CVE-2025-66478' directly relates to the main change: updating the Next.js dependency to address a specific CVE vulnerability.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0023b97 and b8da56c.

📒 Files selected for processing (2)

• Versions/v0-1-9.md (1 hunks)
• apps/web/projectData.ts (1 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}