From 40366ec242a16b2e9dcc2d64d87b96cd42815010 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 23 Sep 2025 21:16:00 +0000
Subject: [PATCH 01/93] fix:
 ci-cd/turborepo-github-actions/packages/ui/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-TMP-11501554
---
 ci-cd/turborepo-github-actions/packages/ui/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci-cd/turborepo-github-actions/packages/ui/package.json b/ci-cd/turborepo-github-actions/packages/ui/package.json
index a72b1b52ea..9484916113 100644
--- a/ci-cd/turborepo-github-actions/packages/ui/package.json
+++ b/ci-cd/turborepo-github-actions/packages/ui/package.json
@@ -14,7 +14,7 @@
   "devDependencies": {
     "@repo/eslint-config": "workspace:*",
     "@repo/typescript-config": "workspace:*",
-    "@turbo/gen": "^1.12.4",
+    "@turbo/gen": "^2.5.7",
     "@types/eslint": "^8.56.5",
     "@types/node": "^20.11.24",
     "@types/react": "^18.2.61",

From 94c4f0bc7eafe17b0b8aa7ca1c2c48ecaa0704e7 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 30 Sep 2025 14:24:18 +0000
Subject: [PATCH 02/93] fix: edge-middleware/modify-request-header/package.json
 to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-9508709
- https://snyk.io/vuln/SNYK-JS-NEXT-8520073
- https://snyk.io/vuln/SNYK-JS-NEXT-12299318
- https://snyk.io/vuln/SNYK-JS-NEXT-8186172
- https://snyk.io/vuln/SNYK-JS-NEXT-6032387
- https://snyk.io/vuln/SNYK-JS-NEXT-10176058
- https://snyk.io/vuln/SNYK-JS-NEXT-8602067
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
- https://snyk.io/vuln/SNYK-JS-NEXT-12301496
- https://snyk.io/vuln/SNYK-JS-NEXT-10259370
- https://snyk.io/vuln/SNYK-JS-NEXT-12265451
- https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692
---
 edge-middleware/modify-request-header/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/edge-middleware/modify-request-header/package.json b/edge-middleware/modify-request-header/package.json
index 365b1ce385..4d4224572f 100644
--- a/edge-middleware/modify-request-header/package.json
+++ b/edge-middleware/modify-request-header/package.json
@@ -10,7 +10,7 @@
   },
   "dependencies": {
     "@vercel/examples-ui": "^1.0.5",
-    "next": "canary",
+    "next": "14.2.32",
     "react": "latest",
     "react-dom": "latest"
   },

From 7609636ad71092dad13c142657a7005fb057312e Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 21 Oct 2025 11:02:28 +0000
Subject: [PATCH 03/93] fix: framework-boilerplates/hydrogen-2/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-CROSSZIP-6105396
- https://snyk.io/vuln/SNYK-JS-FORMDATA-10841150
- https://snyk.io/vuln/SNYK-JS-GRAPHQL-5905181
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-YARN-12143051
- https://snyk.io/vuln/SNYK-JS-ZOD-5925617
---
 framework-boilerplates/hydrogen-2/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework-boilerplates/hydrogen-2/package.json b/framework-boilerplates/hydrogen-2/package.json
index c860c213f0..329a9f4c04 100644
--- a/framework-boilerplates/hydrogen-2/package.json
+++ b/framework-boilerplates/hydrogen-2/package.json
@@ -14,7 +14,7 @@
   "prettier": "@shopify/prettier-config",
   "dependencies": {
     "@remix-run/react": "1.19.1",
-    "@shopify/cli": "3.48.0",
+    "@shopify/cli": "3.59.0",
     "@shopify/cli-hydrogen": "^5.1.2",
     "@shopify/hydrogen": "^2023.7.2",
     "@shopify/remix-oxygen": "^1.1.3",

From 070852d63f907aad142913da3b18829abafc2bc3 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 28 Oct 2025 18:22:48 +0000
Subject: [PATCH 04/93] fix: framework-boilerplates/redwoodjs/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MINDOCUMENT-13045385
---
 framework-boilerplates/redwoodjs/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework-boilerplates/redwoodjs/package.json b/framework-boilerplates/redwoodjs/package.json
index 9a29135571..a3d27090c7 100644
--- a/framework-boilerplates/redwoodjs/package.json
+++ b/framework-boilerplates/redwoodjs/package.json
@@ -8,7 +8,7 @@
     ]
   },
   "devDependencies": {
-    "@redwoodjs/core": "^0.25.0"
+    "@redwoodjs/core": "^0.28.0"
   },
   "eslintConfig": {
     "extends": "@redwoodjs/eslint-config"

From 27f50ed3481d650f9d50fa346fb5f7f8ddfc7acb Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 12 Nov 2025 00:08:11 +0000
Subject: [PATCH 05/93] fix: storage/postgres-pgvector/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AI-13863465
---
 storage/postgres-pgvector/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage/postgres-pgvector/package.json b/storage/postgres-pgvector/package.json
index fc3951c734..71913edba9 100644
--- a/storage/postgres-pgvector/package.json
+++ b/storage/postgres-pgvector/package.json
@@ -17,7 +17,7 @@
     "@types/react": "18.3.2",
     "@types/react-dom": "18.3.0",
     "@vercel/postgres": "^0.8.0",
-    "ai": "^3.1.14",
+    "ai": "^5.0.52",
     "autoprefixer": "10.4.19",
     "clsx": "^2.1.1",
     "cmdk": "^1.0.0",

From 306cca196487f70d37616e5caba74fabd7dfd906 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 18 Nov 2025 14:20:28 +0000
Subject: [PATCH 06/93] fix: storage/kv-redis-starter/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
---
 storage/kv-redis-starter/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage/kv-redis-starter/package.json b/storage/kv-redis-starter/package.json
index d763489ee5..b64edab943 100644
--- a/storage/kv-redis-starter/package.json
+++ b/storage/kv-redis-starter/package.json
@@ -15,7 +15,7 @@
     "@types/react": "18.0.37",
     "@types/react-dom": "18.0.11", 
     "autoprefixer": "10.4.14",
-    "eslint": "8.38.0",
+    "eslint": "9.0.0",
     "eslint-config-next": "13.3.0",
     "next": "13.4.13",
     "postcss": "8.4.22",

From d59b90dc859c554706cbd5a65b6f9b4a0026c9d2 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 18 Nov 2025 14:55:00 +0000
Subject: [PATCH 07/93] fix: framework-boilerplates/hydrogen/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
---
 framework-boilerplates/hydrogen/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework-boilerplates/hydrogen/package.json b/framework-boilerplates/hydrogen/package.json
index d54196412c..fac38aa214 100644
--- a/framework-boilerplates/hydrogen/package.json
+++ b/framework-boilerplates/hydrogen/package.json
@@ -20,7 +20,7 @@
     "@tailwindcss/forms": "^0.5.2",
     "@tailwindcss/typography": "^0.5.2",
     "@types/react": "^18.0.14",
-    "eslint": "^8.18.0",
+    "eslint": "^9.0.0",
     "eslint-plugin-hydrogen": "^0.12.2",
     "playwright": "^1.22.2",
     "postcss": "^8.4.14",

From 423f6b8652ae910c3a84f60fa4bfbbff0ba77a82 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 18 Nov 2025 14:56:19 +0000
Subject: [PATCH 08/93] fix: storage/postgres-prisma/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
---
 storage/postgres-prisma/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage/postgres-prisma/package.json b/storage/postgres-prisma/package.json
index f091448b1a..e8ab7434a7 100644
--- a/storage/postgres-prisma/package.json
+++ b/storage/postgres-prisma/package.json
@@ -20,7 +20,7 @@
     "@types/react": "18.2.25",
     "@types/react-dom": "18.2.11",
     "autoprefixer": "10.4.16",
-    "eslint": "8.51.0",
+    "eslint": "9.0.0",
     "eslint-config-next": "13.5.4",
     "ms": "^2.1.3",
     "next": "13.5.4",

From c128ec9cba5511ae0250d2bc57fbfa23b7a930ac Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 18 Nov 2025 18:02:59 +0000
Subject: [PATCH 09/93] fix: framework-boilerplates/ember/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
---
 framework-boilerplates/ember/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework-boilerplates/ember/package.json b/framework-boilerplates/ember/package.json
index 261575d001..b419a26d1a 100644
--- a/framework-boilerplates/ember/package.json
+++ b/framework-boilerplates/ember/package.json
@@ -54,7 +54,7 @@
     "ember-source": "~5.1.1",
     "ember-template-lint": "^5.11.0",
     "ember-welcome-page": "^7.0.2",
-    "eslint": "^8.43.0",
+    "eslint": "^9.0.0",
     "eslint-config-prettier": "^8.8.0",
     "eslint-plugin-ember": "^11.9.0",
     "eslint-plugin-n": "^16.0.1",

From 6ead2df318b42a2f64d4eab2a5b0a2f952a9f9c0 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 2 Dec 2025 14:37:06 +0000
Subject: [PATCH 10/93] fix: framework-boilerplates/ionic-angular/package.json
 to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANGULARCOMPILER-14157154
- https://snyk.io/vuln/SNYK-JS-ANGULARCOMMON-14135651
---
 framework-boilerplates/ionic-angular/package.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/framework-boilerplates/ionic-angular/package.json b/framework-boilerplates/ionic-angular/package.json
index ac014cf2f8..2c55f29b79 100644
--- a/framework-boilerplates/ionic-angular/package.json
+++ b/framework-boilerplates/ionic-angular/package.json
@@ -14,8 +14,8 @@
   "private": true,
   "dependencies": {
     "@angular/animations": "^19.0.0",
-    "@angular/common": "^19.0.0",
-    "@angular/compiler": "^19.0.0",
+    "@angular/common": "^19.2.16",
+    "@angular/compiler": "^19.2.17",
     "@angular/core": "^19.0.0",
     "@angular/forms": "^19.0.0",
     "@angular/platform-browser": "^19.0.0",

From 53643f4c4ecf9485b9565234ecf7d68a77a41f7f Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 2 Dec 2025 16:28:42 +0000
Subject: [PATCH 11/93] fix: solutions/express/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-EXPRESS-14157151
---
 solutions/express/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/express/package.json b/solutions/express/package.json
index d72183b3e6..4d708f5ba1 100644
--- a/solutions/express/package.json
+++ b/solutions/express/package.json
@@ -8,7 +8,7 @@
   "license": "ISC",
   "dependencies": {
     "@types/express": "^5.0.0",
-    "express": "^4.18.2"
+    "express": "^4.22.0"
   },
   "devDependencies": {
     "@types/node": "^22.0.0"

From c8405e38bfc7682ec80a20d7aa99476623f564dd Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 3 Dec 2025 22:15:07 +0000
Subject: [PATCH 12/93] fix: framework-boilerplates/nextjs/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14173355
---
 framework-boilerplates/nextjs/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework-boilerplates/nextjs/package.json b/framework-boilerplates/nextjs/package.json
index d4b33ed2bf..39dac2b1a1 100644
--- a/framework-boilerplates/nextjs/package.json
+++ b/framework-boilerplates/nextjs/package.json
@@ -11,7 +11,7 @@
   "dependencies": {
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
-    "next": "15.1.4"
+    "next": "15.1.9"
   },
   "devDependencies": {
     "typescript": "^5",

From 24f9fe62e3a068067093828dad3d8f4c4266c5a4 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 5 Dec 2025 23:02:05 +0000
Subject: [PATCH 13/93] fix: storage/blob-starter/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-10598339
---
 storage/blob-starter/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage/blob-starter/package.json b/storage/blob-starter/package.json
index 4848950d1f..1f1472b539 100644
--- a/storage/blob-starter/package.json
+++ b/storage/blob-starter/package.json
@@ -16,7 +16,7 @@
   },
   "dependencies": {
     "@vercel/blob": "^1.0.0",
-    "next": "15.0.5",
+    "next": "15.1.9",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
     "react-hot-toast": "^2.4.1"

From d33bbf1fc0b711a927b00cd6bdf598160fa3a010 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 9 Dec 2025 18:36:26 +0000
Subject: [PATCH 14/93] fix: starter/hono-mcp/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MODELCONTEXTPROTOCOLSDK-14171914
---
 starter/hono-mcp/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/starter/hono-mcp/package.json b/starter/hono-mcp/package.json
index 50b0282e55..317c48fd86 100644
--- a/starter/hono-mcp/package.json
+++ b/starter/hono-mcp/package.json
@@ -2,7 +2,7 @@
   "name": "hono-mcp",
   "type": "module",
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.17.3",
+    "@modelcontextprotocol/sdk": "^1.24.0",
     "hono": "^4.9.2",
     "mcp-handler": "^1.0.1",
     "zod": "^3"

From c112216f3d4096cfd62a6386696ef9b6d6eaad79 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 14:36:20 +0000
Subject: [PATCH 15/93] fix: flags-sdk/experimentation-statsig/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644
---
 flags-sdk/experimentation-statsig/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flags-sdk/experimentation-statsig/package.json b/flags-sdk/experimentation-statsig/package.json
index 024c64e1bb..cef22264cd 100644
--- a/flags-sdk/experimentation-statsig/package.json
+++ b/flags-sdk/experimentation-statsig/package.json
@@ -25,7 +25,7 @@
     "clsx": "2.1.1",
     "flags": "^4.0.0",
     "nanoid": "5.1.2",
-    "next": "16.0.7",
+    "next": "16.0.10",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "sonner": "2.0.1",

From 3139072aa4dc8e497875488e89b1fd31e405c0bd Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 14:43:45 +0000
Subject: [PATCH 16/93] fix: storage/postgres-starter/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 storage/postgres-starter/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage/postgres-starter/package.json b/storage/postgres-starter/package.json
index 038f4a6b7e..417ecd711d 100644
--- a/storage/postgres-starter/package.json
+++ b/storage/postgres-starter/package.json
@@ -19,7 +19,7 @@
     "eslint": "^8",
     "eslint-config-next": "^15.1.6",
     "ms": "^2.1.3",
-    "next": "15.1.9",
+    "next": "15.1.11",
     "postcss": "8.4.31",
     "postgres": "^3.4.5",
     "react": "19.0.0",

From 3b45e15df738b57f15957502c9fd1700afd76d0d Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 14:44:15 +0000
Subject: [PATCH 17/93] fix: solutions/cron/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
---
 solutions/cron/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/cron/package.json b/solutions/cron/package.json
index ccecb0ce3a..84be87deb3 100644
--- a/solutions/cron/package.json
+++ b/solutions/cron/package.json
@@ -14,7 +14,7 @@
     "@vercel/examples-ui": "^1.0.5",
     "@vercel/kv": "^0.2.1",
     "ms": "^2.1.3",
-    "next": "canary",
+    "next": "14.2.35",
     "react": "latest",
     "react-dom": "latest",
     "swr": "^2.1.0"

From c8a0a71419048f85df8cc3311cc93a921e668aab Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 14:55:49 +0000
Subject: [PATCH 18/93] fix: flags-sdk/posthog/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644
---
 flags-sdk/posthog/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flags-sdk/posthog/package.json b/flags-sdk/posthog/package.json
index 92e939fd10..372e20dd4d 100644
--- a/flags-sdk/posthog/package.json
+++ b/flags-sdk/posthog/package.json
@@ -23,7 +23,7 @@
     "flags": "^4.0.2",
     "motion": "12.17.0",
     "nanoid": "5.1.2",
-    "next": "16.0.7",
+    "next": "16.0.10",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "sonner": "2.0.1",

From 022331145767036702aeef4297219d7ec323778b Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 14:57:48 +0000
Subject: [PATCH 19/93] fix: framework-boilerplates/storybook/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
---
 framework-boilerplates/storybook/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework-boilerplates/storybook/package.json b/framework-boilerplates/storybook/package.json
index 73cd687601..b01f9f7683 100644
--- a/framework-boilerplates/storybook/package.json
+++ b/framework-boilerplates/storybook/package.json
@@ -12,7 +12,7 @@
     "@types/node": "20.2.5",
     "@types/react": "18.2.8",
     "@types/react-dom": "18.2.4",
-    "next": "13.4.4",
+    "next": "14.2.35",
     "react": "18.2.0",
     "react-dom": "18.2.0",
     "typescript": "5.1.3"

From 271c4f1ab3dce4e5bd2647039831591a527921ef Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 15:03:37 +0000
Subject: [PATCH 20/93] fix:
 solutions/saas-microservices/apps/dashboard/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644
---
 solutions/saas-microservices/apps/dashboard/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/saas-microservices/apps/dashboard/package.json b/solutions/saas-microservices/apps/dashboard/package.json
index 1c05c2a074..e268fd6998 100644
--- a/solutions/saas-microservices/apps/dashboard/package.json
+++ b/solutions/saas-microservices/apps/dashboard/package.json
@@ -17,7 +17,7 @@
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "lucide-react": "^0.468.0",
-    "next": "15.1.9",
+    "next": "15.1.11",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "tailwind-merge": "^2.5.5",

From 52426f5dbbd41a7867c48115fc74c672284e988a Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 15:09:46 +0000
Subject: [PATCH 21/93] fix: flags-sdk/launchdarkly/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644
---
 flags-sdk/launchdarkly/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flags-sdk/launchdarkly/package.json b/flags-sdk/launchdarkly/package.json
index c9d229b8b2..8640f498b5 100644
--- a/flags-sdk/launchdarkly/package.json
+++ b/flags-sdk/launchdarkly/package.json
@@ -24,7 +24,7 @@
     "motion": "12.17.0",
     "launchdarkly-react-client-sdk": "^3.6.1",
     "nanoid": "5.1.2",
-    "next": "16.0.7",
+    "next": "16.0.10",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "sonner": "2.0.1",

From 1dff0010728d42b3c87b88d42cc44420d9f7513d Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 15:17:11 +0000
Subject: [PATCH 22/93] fix: app-directory/redirect-with-fallback/package.json
 to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 app-directory/redirect-with-fallback/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-directory/redirect-with-fallback/package.json b/app-directory/redirect-with-fallback/package.json
index c34573290a..a46221f04d 100644
--- a/app-directory/redirect-with-fallback/package.json
+++ b/app-directory/redirect-with-fallback/package.json
@@ -11,7 +11,7 @@
   },
   "dependencies": {
     "@vercel/examples-ui": "^2.0.1",
-    "next": "^13.4.10",
+    "next": "^14.2.35",
     "react": "^18.2.0",
     "react-dom": "^18.2.0"
   },

From 730ba5c6a37aada63f2403d494bb7f11d16957af Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 15:23:46 +0000
Subject: [PATCH 23/93] fix: flags-sdk/hypertune/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644
---
 flags-sdk/hypertune/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flags-sdk/hypertune/package.json b/flags-sdk/hypertune/package.json
index 8402757606..49825b0133 100644
--- a/flags-sdk/hypertune/package.json
+++ b/flags-sdk/hypertune/package.json
@@ -26,7 +26,7 @@
     "js-xxhash": "^4.0.0",
     "motion": "^12.9.4",
     "nanoid": "5.1.2",
-    "next": "16.0.7",
+    "next": "16.0.10",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "sonner": "2.0.1"

From 82ea93219b98edb9f7aaba1f68b6133198015b14 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 15:31:56 +0000
Subject: [PATCH 24/93] fix: toolbar/toolbar-launchdarkly/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-9508709
---
 toolbar/toolbar-launchdarkly/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/toolbar/toolbar-launchdarkly/package.json b/toolbar/toolbar-launchdarkly/package.json
index 7e1ca06cfb..847e9c641b 100644
--- a/toolbar/toolbar-launchdarkly/package.json
+++ b/toolbar/toolbar-launchdarkly/package.json
@@ -12,7 +12,7 @@
     "@launchdarkly/node-server-sdk": "^9.1.1",
     "@vercel/flags": "2.2.1",
     "@vercel/toolbar": "^0.1.10",
-    "next": "latest",
+    "next": "14.2.25",
     "react": "^18",
     "react-dom": "^18"
   },

From d7605b24239945c6d7d22b32cfd948fc91ef6811 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 15:46:57 +0000
Subject: [PATCH 25/93] fix:
 edge-middleware/feature-flag-launchdarkly/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 edge-middleware/feature-flag-launchdarkly/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/edge-middleware/feature-flag-launchdarkly/package.json b/edge-middleware/feature-flag-launchdarkly/package.json
index 77f8203d50..c3108c73ab 100644
--- a/edge-middleware/feature-flag-launchdarkly/package.json
+++ b/edge-middleware/feature-flag-launchdarkly/package.json
@@ -13,7 +13,7 @@
     "@launchdarkly/vercel-server-sdk": "^1.3.3",
     "@vercel/edge-config": "^1.1.0",
     "@vercel/examples-ui": "^2.0.3",
-    "next": "^13.4.19",
+    "next": "^14.2.35",
     "react": "^18.2.0",
     "react-dom": "^18.2.0"
   },

From 045c2ac5902865bb0a5a30f7f1b79514c803e952 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 16:01:55 +0000
Subject: [PATCH 26/93] fix: flags-sdk/openfeature/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644
---
 flags-sdk/openfeature/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flags-sdk/openfeature/package.json b/flags-sdk/openfeature/package.json
index 0f81440599..43c86aae4a 100644
--- a/flags-sdk/openfeature/package.json
+++ b/flags-sdk/openfeature/package.json
@@ -26,7 +26,7 @@
     "motion": "12.17.0",
     "js-xxhash": "4.0.0",
     "nanoid": "5.1.2",
-    "next": "16.0.7",
+    "next": "16.0.10",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "sonner": "2.0.1"

From 65ba2c4242d15eea53d049082b7608c1f81cfa26 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 16:13:59 +0000
Subject: [PATCH 27/93] fix:
 edge-middleware/feature-flag-hypertune/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 edge-middleware/feature-flag-hypertune/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/edge-middleware/feature-flag-hypertune/package.json b/edge-middleware/feature-flag-hypertune/package.json
index 82c159bc65..9a984e66ac 100644
--- a/edge-middleware/feature-flag-hypertune/package.json
+++ b/edge-middleware/feature-flag-hypertune/package.json
@@ -16,7 +16,7 @@
     "@vercel/flags": "2.5.1",
     "@vercel/toolbar": "^0.1.15",
     "hypertune": "2.4.0",
-    "next": "^14.1.4",
+    "next": "^14.2.35",
     "react": "latest",
     "react-dom": "latest",
     "server-only": "^0.0.1"

From 17eb5cf2b140f022cab002a0ab6b4c753e0a056c Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 16:21:41 +0000
Subject: [PATCH 28/93] fix: toolbar/toolbar-statsig/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 toolbar/toolbar-statsig/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/toolbar/toolbar-statsig/package.json b/toolbar/toolbar-statsig/package.json
index 3f2aa77995..4941d1c93f 100644
--- a/toolbar/toolbar-statsig/package.json
+++ b/toolbar/toolbar-statsig/package.json
@@ -11,7 +11,7 @@
   "dependencies": {
     "@vercel/flags": "2.2.1",
     "@vercel/toolbar": "^0.1.10",
-    "next": "latest",
+    "next": "14.2.35",
     "react": "^18",
     "react-dom": "^18",
     "statsig-node": "^5.17.0"

From 89acbcbe6a64b0e77a9288f9e7143833e9925d93 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 16:22:11 +0000
Subject: [PATCH 29/93] fix:
 ci-cd/turborepo-github-actions/apps/docs/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
---
 ci-cd/turborepo-github-actions/apps/docs/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci-cd/turborepo-github-actions/apps/docs/package.json b/ci-cd/turborepo-github-actions/apps/docs/package.json
index 263b8d9ed3..862013846c 100644
--- a/ci-cd/turborepo-github-actions/apps/docs/package.json
+++ b/ci-cd/turborepo-github-actions/apps/docs/package.json
@@ -11,7 +11,7 @@
   "dependencies": {
     "@repo/foo": "workspace:*",
     "@repo/ui": "workspace:*",
-    "next": "14.2.5",
+    "next": "14.2.35",
     "react": "18.3.1",
     "react-dom": "18.3.1"
   },

From 11bd3a688e903c2bddc3501b386c7fbcd93231c8 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 16:23:39 +0000
Subject: [PATCH 30/93] fix: toolbar/toolbar-optimizely/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 toolbar/toolbar-optimizely/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/toolbar/toolbar-optimizely/package.json b/toolbar/toolbar-optimizely/package.json
index 0226e58ff8..6cf0c82dbc 100644
--- a/toolbar/toolbar-optimizely/package.json
+++ b/toolbar/toolbar-optimizely/package.json
@@ -12,7 +12,7 @@
     "@optimizely/optimizely-sdk": "^5.1.0",
     "@vercel/flags": "2.2.1",
     "@vercel/toolbar": "^0.1.10",
-    "next": "latest",
+    "next": "14.2.35",
     "react": "^18",
     "react-dom": "^18"
   },

From 31bb614895fdff97919bc51fc5ffc7690fb316a7 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 17:08:50 +0000
Subject: [PATCH 31/93] fix: apps/vibe-coding-platform/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644
---
 apps/vibe-coding-platform/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/vibe-coding-platform/package.json b/apps/vibe-coding-platform/package.json
index e87d1ce8d5..35c8964d54 100644
--- a/apps/vibe-coding-platform/package.json
+++ b/apps/vibe-coding-platform/package.json
@@ -32,7 +32,7 @@
     "jose": "6.0.12",
     "lucide-react": "0.528.0",
     "ms": "2.1.3",
-    "next": "15.5.7",
+    "next": "15.5.9",
     "next-themes": "^0.4.6",
     "nuqs": "2.4.3",
     "react": "19.1.0",

From 16c037634961cf47029ec9385f7bebedc5db271b Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 17:12:23 +0000
Subject: [PATCH 32/93] fix: toolbar/toolbar-split/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 toolbar/toolbar-split/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/toolbar/toolbar-split/package.json b/toolbar/toolbar-split/package.json
index b774e5eab6..dfb823730b 100644
--- a/toolbar/toolbar-split/package.json
+++ b/toolbar/toolbar-split/package.json
@@ -12,7 +12,7 @@
     "@splitsoftware/splitio": "^10.25.1",
     "@vercel/flags": "2.2.1",
     "@vercel/toolbar": "^0.1.10",
-    "next": "latest",
+    "next": "14.2.35",
     "react": "^18",
     "react-dom": "^18"
   },

From 41e9e5c5efcf0df5a4e557f5297fe4bae99bc0a7 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 17:21:58 +0000
Subject: [PATCH 33/93] fix: edge-middleware/feature-flag-split/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 edge-middleware/feature-flag-split/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/edge-middleware/feature-flag-split/package.json b/edge-middleware/feature-flag-split/package.json
index 07da3ecd15..4b13133e6f 100644
--- a/edge-middleware/feature-flag-split/package.json
+++ b/edge-middleware/feature-flag-split/package.json
@@ -15,7 +15,7 @@
     "@vercel/edge-config": "^0.2.1",
     "@vercel/examples-ui": "^2.0.1",
     "js-cookie": "^3.0.5",
-    "next": "^13.4.10",
+    "next": "^14.2.35",
     "react": "^18.2.0",
     "react-dom": "^18.2.0"
   },

From 62fe317f84d73fba7895859a18351bbb44b8f565 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 17:26:58 +0000
Subject: [PATCH 34/93] fix: solutions/blog/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
---
 solutions/blog/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/blog/package.json b/solutions/blog/package.json
index ab1ce98f34..9be77e7c9f 100644
--- a/solutions/blog/package.json
+++ b/solutions/blog/package.json
@@ -13,7 +13,7 @@
     "@vercel/analytics": "^1.1.3",
     "@vercel/speed-insights": "^1.0.9",
     "geist": "1.2.2",
-    "next": "canary",
+    "next": "14.2.35",
     "next-mdx-remote": "^4.4.1",
     "postcss": "^8.4.35",
     "react": "18.2.0",

From 5e1d94d661efa5b893c0dddfe533f8f9a251f3a0 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 17:30:34 +0000
Subject: [PATCH 35/93] fix: storage/kv-redis-waiting-room/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 storage/kv-redis-waiting-room/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage/kv-redis-waiting-room/package.json b/storage/kv-redis-waiting-room/package.json
index 3539646e68..ba8b36f68a 100644
--- a/storage/kv-redis-waiting-room/package.json
+++ b/storage/kv-redis-waiting-room/package.json
@@ -15,7 +15,7 @@
     "@types/react-dom": "18.2.11",
     "@upstash/redis": "^1.34.3",
     "autoprefixer": "10.4.16",
-    "next": "^13.5.4",
+    "next": "^14.2.35",
     "postcss": "8.4.31",
     "react": "18.2.0",
     "react-dom": "18.2.0",

From f314c8cd422a319392e3f19865fdf6fe8d651a2d Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 17:35:01 +0000
Subject: [PATCH 36/93] fix: storage/postgres-pgvector/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 storage/postgres-pgvector/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage/postgres-pgvector/package.json b/storage/postgres-pgvector/package.json
index 71913edba9..48e169747c 100644
--- a/storage/postgres-pgvector/package.json
+++ b/storage/postgres-pgvector/package.json
@@ -25,7 +25,7 @@
     "eslint": "9.3.0",
     "eslint-config-next": "14.2.3",
     "gpt3-tokenizer": "^1.1.5",
-    "next": "14.2.3",
+    "next": "14.2.35",
     "openai": "^4.47.1",
     "postcss": "8.4.38",
     "react": "18.3.1",

From e1fc09dccdfa8062c8b2536d94da4941a4cfad65 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 17:44:52 +0000
Subject: [PATCH 37/93] fix: storage/kv-redis-starter/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 storage/kv-redis-starter/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage/kv-redis-starter/package.json b/storage/kv-redis-starter/package.json
index b64edab943..2b4aa03cbf 100644
--- a/storage/kv-redis-starter/package.json
+++ b/storage/kv-redis-starter/package.json
@@ -17,7 +17,7 @@
     "autoprefixer": "10.4.14",
     "eslint": "9.0.0",
     "eslint-config-next": "13.3.0",
-    "next": "13.4.13",
+    "next": "14.2.35",
     "postcss": "8.4.22",
     "react": "18.2.0",
     "react-dom": "18.2.0",

From 2d362fd090edcab1fa188656d6e3de075a668fe6 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 17:59:25 +0000
Subject: [PATCH 38/93] fix:
 ci-cd/turborepo-github-actions/apps/web/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
---
 ci-cd/turborepo-github-actions/apps/web/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci-cd/turborepo-github-actions/apps/web/package.json b/ci-cd/turborepo-github-actions/apps/web/package.json
index 5e82477d0f..35a530ce5b 100644
--- a/ci-cd/turborepo-github-actions/apps/web/package.json
+++ b/ci-cd/turborepo-github-actions/apps/web/package.json
@@ -10,7 +10,7 @@
   },
   "dependencies": {
     "@repo/ui": "workspace:*",
-    "next": "14.2.5",
+    "next": "14.2.35",
     "react": "18.3.1",
     "react-dom": "18.3.1"
   },

From 1ccb2cafcc72d2b1cfd109f55258d4c533906cc1 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 17:59:51 +0000
Subject: [PATCH 39/93] fix: edge-middleware/geolocation-script/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 edge-middleware/geolocation-script/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/edge-middleware/geolocation-script/package.json b/edge-middleware/geolocation-script/package.json
index a4141aee48..e0d203c4db 100644
--- a/edge-middleware/geolocation-script/package.json
+++ b/edge-middleware/geolocation-script/package.json
@@ -9,7 +9,7 @@
     "lint": "next lint"
   },
   "dependencies": {
-    "next": "13.5.6",
+    "next": "14.2.35",
     "react": "^18",
     "react-dom": "^18"
   },

From 22224d60fea3bed92aa1afe75d0bcda409fb3a62 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 18:20:09 +0000
Subject: [PATCH 40/93] fix: solutions/cms-contentstack-commerce/package.json
 to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 solutions/cms-contentstack-commerce/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/cms-contentstack-commerce/package.json b/solutions/cms-contentstack-commerce/package.json
index c90992634c..eb3d1e706f 100644
--- a/solutions/cms-contentstack-commerce/package.json
+++ b/solutions/cms-contentstack-commerce/package.json
@@ -11,7 +11,7 @@
   },
   "dependencies": {
     "clsx": "^2.0.0",
-    "next": "^14.0.4",
+    "next": "^14.2.35",
     "react": "^18.2.0",
     "react-dom": "^18.2.0"
   },

From 15bb28102066b35d960318256286d523d79c1cca Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 18:22:53 +0000
Subject: [PATCH 41/93] fix: app-directory/css-in-js/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 app-directory/css-in-js/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-directory/css-in-js/package.json b/app-directory/css-in-js/package.json
index ce53c4a9d2..9c2ba7ef92 100644
--- a/app-directory/css-in-js/package.json
+++ b/app-directory/css-in-js/package.json
@@ -15,7 +15,7 @@
     "@emotion/styled": "^11.11.0",
     "@vercel/examples-ui": "^2.0.1",
     "framer-motion": "^10.12.22",
-    "next": "^13.4.10",
+    "next": "^14.2.35",
     "react": "^18.2.0",
     "react-dom": "^18.2.0"
   },

From 3ee8ba29f2ae1de47dd8e98ca1c9848497e64bb8 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 18:40:49 +0000
Subject: [PATCH 42/93] fix: flags-sdk/growthbook/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644
---
 flags-sdk/growthbook/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flags-sdk/growthbook/package.json b/flags-sdk/growthbook/package.json
index 2ced0d368e..0716fb7200 100644
--- a/flags-sdk/growthbook/package.json
+++ b/flags-sdk/growthbook/package.json
@@ -24,7 +24,7 @@
     "clsx": "2.1.1",
     "flags": "^4.0.0",
     "nanoid": "5.1.2",
-    "next": "16.0.7",
+    "next": "16.0.10",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "sonner": "2.0.1",

From 1dd621ea0da4d06db1b0f672564ce3796d38219e Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 18:41:37 +0000
Subject: [PATCH 43/93] fix: storage/postgres-kysely/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 storage/postgres-kysely/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage/postgres-kysely/package.json b/storage/postgres-kysely/package.json
index 1a4a0c438a..11c395c318 100644
--- a/storage/postgres-kysely/package.json
+++ b/storage/postgres-kysely/package.json
@@ -21,7 +21,7 @@
     "kysely": "^0.26.3",
     "kysely-postgres-js": "^2.0.0",
     "ms": "^2.1.3",
-    "next": "15.1.9",
+    "next": "15.1.11",
     "postcss": "8.4.31",
     "postgres": "^3.4.5",
     "react": "19.0.0",

From 5f1b56ec4b96ec07f2ace6e4638f3cfd8c696f89 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 18:47:20 +0000
Subject: [PATCH 44/93] fix: app-directory/i18n/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 app-directory/i18n/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-directory/i18n/package.json b/app-directory/i18n/package.json
index e2b4b9c8ab..80a8c67940 100644
--- a/app-directory/i18n/package.json
+++ b/app-directory/i18n/package.json
@@ -11,7 +11,7 @@
   },
   "dependencies": {
     "@vercel/examples-ui": "^2.0.1",
-    "next": "^13.4.10",
+    "next": "^14.2.35",
     "react": "^18.2.0",
     "react-dom": "^18.2.0"
   },

From a9fb8f961bed6c18e05393cf89396a10d7451eac Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 18:58:34 +0000
Subject: [PATCH 45/93] fix: storage/postgres-prisma/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 storage/postgres-prisma/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage/postgres-prisma/package.json b/storage/postgres-prisma/package.json
index e8ab7434a7..c373db3651 100644
--- a/storage/postgres-prisma/package.json
+++ b/storage/postgres-prisma/package.json
@@ -23,7 +23,7 @@
     "eslint": "9.0.0",
     "eslint-config-next": "13.5.4",
     "ms": "^2.1.3",
-    "next": "13.5.4",
+    "next": "14.2.35",
     "postcss": "8.4.31",
     "prisma": "^5.4.1",
     "react": "18.2.0",

From 686338f90ab69191753a0b4811b61d180be429af Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 19:15:52 +0000
Subject: [PATCH 46/93] fix: solutions/flags-sdk/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644
---
 solutions/flags-sdk/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/flags-sdk/package.json b/solutions/flags-sdk/package.json
index dec10c2b36..88dd2adf31 100644
--- a/solutions/flags-sdk/package.json
+++ b/solutions/flags-sdk/package.json
@@ -12,7 +12,7 @@
   },
   "dependencies": {
     "flags": "^4.0.0",
-    "next": "15.1.9",
+    "next": "15.1.11",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "@vercel/toolbar": "^0.1.31"

From 190e9b4bd8e9063c4021a6dc956db2925e3e1fa3 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 19:42:10 +0000
Subject: [PATCH 47/93] fix: vercel-tutor/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644
---
 vercel-tutor/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vercel-tutor/package.json b/vercel-tutor/package.json
index c7673c516d..90410cc360 100644
--- a/vercel-tutor/package.json
+++ b/vercel-tutor/package.json
@@ -10,7 +10,7 @@
   "dependencies": {
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
-    "next": "15.2.6"
+    "next": "15.2.8"
   },
   "devDependencies": {
     "@eslint/eslintrc": "^3",

From f9871779f6b53f5105f0ab85ffb5f06f91f9fc1f Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 20:01:46 +0000
Subject: [PATCH 48/93] fix: framework-boilerplates/blitzjs/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
---
 framework-boilerplates/blitzjs/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework-boilerplates/blitzjs/package.json b/framework-boilerplates/blitzjs/package.json
index a804ef3f4d..4481bdf0b2 100644
--- a/framework-boilerplates/blitzjs/package.json
+++ b/framework-boilerplates/blitzjs/package.json
@@ -24,7 +24,7 @@
     "@blitzjs/next": "^2.0.0",
     "@blitzjs/rpc": "2.0.0",
     "blitz": "^2.0.0",
-    "next": "^14.1.1",
+    "next": "^14.2.35",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
     "ts-node": "^10.9.1"

From 2ef90fa5e1f31d5d0393b29d16beefc821a5b963 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 20:31:09 +0000
Subject: [PATCH 49/93] fix: storage/blob-starter/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 storage/blob-starter/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage/blob-starter/package.json b/storage/blob-starter/package.json
index 1f1472b539..0834cfa258 100644
--- a/storage/blob-starter/package.json
+++ b/storage/blob-starter/package.json
@@ -16,7 +16,7 @@
   },
   "dependencies": {
     "@vercel/blob": "^1.0.0",
-    "next": "15.1.9",
+    "next": "15.0.7",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
     "react-hot-toast": "^2.4.1"

From 174a8bc1598c7df07464f03479ba8481baf8ea8f Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 20:33:26 +0000
Subject: [PATCH 50/93] fix: edge-middleware/ab-testing-statsig/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
---
 edge-middleware/ab-testing-statsig/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/edge-middleware/ab-testing-statsig/package.json b/edge-middleware/ab-testing-statsig/package.json
index f5c0746d1a..b7ab6bda22 100644
--- a/edge-middleware/ab-testing-statsig/package.json
+++ b/edge-middleware/ab-testing-statsig/package.json
@@ -12,7 +12,7 @@
     "@vercel/edge-config": "^0.3.0",
     "@vercel/examples-ui": "^1.0.4",
     "js-cookie": "^3.0.1",
-    "next": "canary",
+    "next": "14.2.35",
     "react": "latest",
     "react-dom": "latest",
     "statsig-node-lite": "0.2.2",

From 9b6ea0f6a33c340a4396c2c822f9e8bad0dfe183 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 20:42:48 +0000
Subject: [PATCH 51/93] fix: solutions/aws-s3-image-upload/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 solutions/aws-s3-image-upload/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/aws-s3-image-upload/package.json b/solutions/aws-s3-image-upload/package.json
index e38da1c8b1..20e5e40ac6 100644
--- a/solutions/aws-s3-image-upload/package.json
+++ b/solutions/aws-s3-image-upload/package.json
@@ -18,7 +18,7 @@
     "encoding": "^0.1.13",
     "eslint": "8.53.0",
     "eslint-config-next": "14.0.2",
-    "next": "^14.0.2",
+    "next": "^14.2.35",
     "react": "18.2.0",
     "react-dom": "18.2.0",
     "typescript": "5.2.2",

From 40bb536bbd0a25d537ca7ef3c3851bea65342a3a Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 20:50:54 +0000
Subject: [PATCH 52/93] fix: framework-boilerplates/ember/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-ANSIHTML-1296849
- https://snyk.io/vuln/SNYK-JS-BRACES-6838727
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-TMP-11501554
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
---
 framework-boilerplates/ember/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework-boilerplates/ember/package.json b/framework-boilerplates/ember/package.json
index b419a26d1a..6674aabac4 100644
--- a/framework-boilerplates/ember/package.json
+++ b/framework-boilerplates/ember/package.json
@@ -35,7 +35,7 @@
     "broccoli-asset-rev": "^3.0.0",
     "concurrently": "^8.2.0",
     "ember-auto-import": "^2.6.3",
-    "ember-cli": "~5.1.0",
+    "ember-cli": "~6.9.1",
     "ember-cli-app-version": "^6.0.1",
     "ember-cli-babel": "^7.26.11",
     "ember-cli-clean-css": "^2.0.0",

From 22fcd0062c8f1eaa32c48947cd2bbecc2a2705bc Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 21:22:37 +0000
Subject: [PATCH 53/93] fix: storage/postgres-drizzle/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 storage/postgres-drizzle/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage/postgres-drizzle/package.json b/storage/postgres-drizzle/package.json
index d6bf7470bc..6b3f67b2da 100644
--- a/storage/postgres-drizzle/package.json
+++ b/storage/postgres-drizzle/package.json
@@ -21,7 +21,7 @@
     "eslint": "8.51.0",
     "eslint-config-next": "^15.1.6",
     "ms": "^2.1.3",
-    "next": "15.1.9",
+    "next": "15.1.11",
     "postcss": "8.4.31",
     "postgres": "^3.4.5",
     "react": "19.0.0",

From f4291059eb8d3867e5cc7638356b45b3989a305e Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 21:33:56 +0000
Subject: [PATCH 54/93] fix: plop-templates/example/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 plop-templates/example/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plop-templates/example/package.json b/plop-templates/example/package.json
index 7bd9bf3f4d..03d5e35b3c 100644
--- a/plop-templates/example/package.json
+++ b/plop-templates/example/package.json
@@ -11,7 +11,7 @@
   },
   "dependencies": {
     "@vercel/examples-ui": "^2.0.1",
-    "next": "^13.4.10",
+    "next": "^14.2.35",
     "react": "^18.2.0",
     "react-dom": "^18.2.0"
   },

From 81beead2e3aec5d264c4e350d6dbb163dfd7ff43 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 21:41:37 +0000
Subject: [PATCH 55/93] fix: framework-boilerplates/nextjs/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644
---
 framework-boilerplates/nextjs/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework-boilerplates/nextjs/package.json b/framework-boilerplates/nextjs/package.json
index 39dac2b1a1..f5703052fe 100644
--- a/framework-boilerplates/nextjs/package.json
+++ b/framework-boilerplates/nextjs/package.json
@@ -11,7 +11,7 @@
   "dependencies": {
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
-    "next": "15.1.9"
+    "next": "15.1.11"
   },
   "devDependencies": {
     "typescript": "^5",

From 1917958d5a72d3f834184a263f3b9e00c19e767b Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 22:05:15 +0000
Subject: [PATCH 56/93] fix:
 edge-middleware/redirects-bloom-filter/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 edge-middleware/redirects-bloom-filter/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/edge-middleware/redirects-bloom-filter/package.json b/edge-middleware/redirects-bloom-filter/package.json
index effd65f750..f0f556f8bc 100644
--- a/edge-middleware/redirects-bloom-filter/package.json
+++ b/edge-middleware/redirects-bloom-filter/package.json
@@ -12,7 +12,7 @@
   "dependencies": {
     "@vercel/examples-ui": "^2.0.3",
     "bloom-filters": "^3.0.1",
-    "next": "14.1.0",
+    "next": "14.2.35",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
     "ts-node": "^10.9.1"

From 45bda1a48341b635212e967fe947baf9af5fe1f9 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 22:27:19 +0000
Subject: [PATCH 57/93] fix: starter/turborepo-with-hono/apps/web/package.json
 to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644
---
 starter/turborepo-with-hono/apps/web/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/starter/turborepo-with-hono/apps/web/package.json b/starter/turborepo-with-hono/apps/web/package.json
index 27dc98ad06..9d84b410c6 100644
--- a/starter/turborepo-with-hono/apps/web/package.json
+++ b/starter/turborepo-with-hono/apps/web/package.json
@@ -12,7 +12,7 @@
   },
   "dependencies": {
     "@repo/ui": "workspace:*",
-    "next": "16.0.7",
+    "next": "16.0.10",
     "react": "^19.1.0",
     "react-dom": "^19.1.0"
   },

From 7baff63ed7a094014aa4945062aec0718ae62bd4 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 16 Dec 2025 22:36:09 +0000
Subject: [PATCH 58/93] fix: python/nextjs-flask/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 python/nextjs-flask/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python/nextjs-flask/package.json b/python/nextjs-flask/package.json
index d311227ba8..0fbdfcbf39 100644
--- a/python/nextjs-flask/package.json
+++ b/python/nextjs-flask/package.json
@@ -18,7 +18,7 @@
     "concurrently": "^8.0.1",
     "eslint": "8.40.0",
     "eslint-config-next": "13.4.2",
-    "next": "13.4.3",
+    "next": "14.2.35",
     "postcss": "8.4.23",
     "react": "18.2.0",
     "react-dom": "18.2.0",

From 83327a6b021cf51126c24cceab01602e5b60b4fd Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 23 Dec 2025 04:57:03 +0000
Subject: [PATCH 59/93] fix:
 ci-cd/turborepo-github-actions/packages/eslint-config/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BABELHELPERS-9397697
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
- https://snyk.io/vuln/SNYK-JS-NEXT-10176058
- https://snyk.io/vuln/SNYK-JS-NEXT-10259370
- https://snyk.io/vuln/SNYK-JS-NEXT-12265451
- https://snyk.io/vuln/SNYK-JS-NEXT-12299318
- https://snyk.io/vuln/SNYK-JS-NEXT-12301496
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-8025427
- https://snyk.io/vuln/SNYK-JS-NEXT-8186172
- https://snyk.io/vuln/SNYK-JS-NEXT-8520073
- https://snyk.io/vuln/SNYK-JS-NEXT-8602067
- https://snyk.io/vuln/SNYK-JS-NEXT-9508709
---
 .../packages/eslint-config/package.json                         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci-cd/turborepo-github-actions/packages/eslint-config/package.json b/ci-cd/turborepo-github-actions/packages/eslint-config/package.json
index 43032d5231..d0c112a2fb 100644
--- a/ci-cd/turborepo-github-actions/packages/eslint-config/package.json
+++ b/ci-cd/turborepo-github-actions/packages/eslint-config/package.json
@@ -17,7 +17,7 @@
     "typescript": "^5.3.3"
   },
   "dependencies": {
-    "next": "^14.2.5",
+    "next": "^14.2.35",
     "react": "^18.3.1",
     "react-dom": "^18.3.1"
   }

From 2177083d37862cf906aa0e1fef81d45a79aa5eb5 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 23 Dec 2025 04:57:03 +0000
Subject: [PATCH 60/93] fix:
 ci-cd/turborepo-github-actions/packages/ui/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BABELHELPERS-9397697
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
- https://snyk.io/vuln/SNYK-JS-NEXT-10176058
- https://snyk.io/vuln/SNYK-JS-NEXT-10259370
- https://snyk.io/vuln/SNYK-JS-NEXT-12265451
- https://snyk.io/vuln/SNYK-JS-NEXT-12299318
- https://snyk.io/vuln/SNYK-JS-NEXT-12301496
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-8025427
- https://snyk.io/vuln/SNYK-JS-NEXT-8186172
- https://snyk.io/vuln/SNYK-JS-NEXT-8520073
- https://snyk.io/vuln/SNYK-JS-NEXT-8602067
- https://snyk.io/vuln/SNYK-JS-NEXT-9508709
---
 ci-cd/turborepo-github-actions/packages/ui/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci-cd/turborepo-github-actions/packages/ui/package.json b/ci-cd/turborepo-github-actions/packages/ui/package.json
index a72b1b52ea..1e07be6280 100644
--- a/ci-cd/turborepo-github-actions/packages/ui/package.json
+++ b/ci-cd/turborepo-github-actions/packages/ui/package.json
@@ -23,7 +23,7 @@
     "typescript": "^5.3.3"
   },
   "dependencies": {
-    "next": "^14.2.5",
+    "next": "^14.2.35",
     "react": "^18.3.1",
     "react-dom": "^18.3.1"
   }

From 33b4a9844b1b2fd9a903487ff491738d023f3a68 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 23 Dec 2025 04:57:10 +0000
Subject: [PATCH 61/93] fix:
 ci-cd/turborepo-github-actions/apps/docs/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BABELHELPERS-9397697
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 ci-cd/turborepo-github-actions/apps/docs/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci-cd/turborepo-github-actions/apps/docs/package.json b/ci-cd/turborepo-github-actions/apps/docs/package.json
index 263b8d9ed3..862013846c 100644
--- a/ci-cd/turborepo-github-actions/apps/docs/package.json
+++ b/ci-cd/turborepo-github-actions/apps/docs/package.json
@@ -11,7 +11,7 @@
   "dependencies": {
     "@repo/foo": "workspace:*",
     "@repo/ui": "workspace:*",
-    "next": "14.2.5",
+    "next": "14.2.35",
     "react": "18.3.1",
     "react-dom": "18.3.1"
   },

From 5754ba7ecce88cb00912f10ba97218bc04d286bc Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 23 Dec 2025 04:57:30 +0000
Subject: [PATCH 62/93] fix:
 ci-cd/turborepo-github-actions/packages/foo/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BABELHELPERS-9397697
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
- https://snyk.io/vuln/SNYK-JS-NEXT-10176058
- https://snyk.io/vuln/SNYK-JS-NEXT-10259370
- https://snyk.io/vuln/SNYK-JS-NEXT-12265451
- https://snyk.io/vuln/SNYK-JS-NEXT-12299318
- https://snyk.io/vuln/SNYK-JS-NEXT-12301496
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-8025427
- https://snyk.io/vuln/SNYK-JS-NEXT-8186172
- https://snyk.io/vuln/SNYK-JS-NEXT-8520073
- https://snyk.io/vuln/SNYK-JS-NEXT-8602067
- https://snyk.io/vuln/SNYK-JS-NEXT-9508709
---
 ci-cd/turborepo-github-actions/packages/foo/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci-cd/turborepo-github-actions/packages/foo/package.json b/ci-cd/turborepo-github-actions/packages/foo/package.json
index a80bfc8780..197948d3ef 100644
--- a/ci-cd/turborepo-github-actions/packages/foo/package.json
+++ b/ci-cd/turborepo-github-actions/packages/foo/package.json
@@ -16,7 +16,7 @@
     "typescript": "^5.4.5"
   },
   "dependencies": {
-    "next": "^14.2.5",
+    "next": "^14.2.35",
     "react": "^18.3.1",
     "react-dom": "^18.3.1"
   }

From 166ba50e9dd3872785a48cd27bece36fc915fd5d Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 23 Dec 2025 04:57:31 +0000
Subject: [PATCH 63/93] fix:
 ci-cd/turborepo-github-actions/packages/typescript-config/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BABELHELPERS-9397697
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
- https://snyk.io/vuln/SNYK-JS-NEXT-10176058
- https://snyk.io/vuln/SNYK-JS-NEXT-10259370
- https://snyk.io/vuln/SNYK-JS-NEXT-12265451
- https://snyk.io/vuln/SNYK-JS-NEXT-12299318
- https://snyk.io/vuln/SNYK-JS-NEXT-12301496
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-8025427
- https://snyk.io/vuln/SNYK-JS-NEXT-8186172
- https://snyk.io/vuln/SNYK-JS-NEXT-8520073
- https://snyk.io/vuln/SNYK-JS-NEXT-8602067
- https://snyk.io/vuln/SNYK-JS-NEXT-9508709
---
 .../packages/typescript-config/package.json                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci-cd/turborepo-github-actions/packages/typescript-config/package.json b/ci-cd/turborepo-github-actions/packages/typescript-config/package.json
index 116eb73514..ce6205a697 100644
--- a/ci-cd/turborepo-github-actions/packages/typescript-config/package.json
+++ b/ci-cd/turborepo-github-actions/packages/typescript-config/package.json
@@ -7,7 +7,7 @@
     "access": "public"
   },
   "dependencies": {
-    "next": "^14.2.5",
+    "next": "^14.2.35",
     "react": "^18.3.1",
     "react-dom": "^18.3.1"
   }

From 1ccc78c8a862b72e4f29366b0f5772c521148d53 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 23 Dec 2025 04:57:51 +0000
Subject: [PATCH 64/93] fix: starter/turborepo-with-hono/apps/api/package.json
 to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HONO-12485162
- https://snyk.io/vuln/SNYK-JS-HONO-12668833
- https://snyk.io/vuln/SNYK-JS-HONO-13669873
- https://snyk.io/vuln/SNYK-JS-HONO-13720736
---
 starter/turborepo-with-hono/apps/api/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/starter/turborepo-with-hono/apps/api/package.json b/starter/turborepo-with-hono/apps/api/package.json
index 4b7f3ce460..2c22519c5b 100644
--- a/starter/turborepo-with-hono/apps/api/package.json
+++ b/starter/turborepo-with-hono/apps/api/package.json
@@ -5,7 +5,7 @@
     "dev": "srvx"
   },
   "dependencies": {
-    "hono": "^4.8.10",
+    "hono": "^4.10.3",
     "@repo/constants": "workspace:*"
   },
   "devDependencies": {

From 2c2fbbf254c5b525c0815897c0c045d1856a05b2 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 23 Dec 2025 04:57:51 +0000
Subject: [PATCH 65/93] fix:
 solutions/saas-microservices/apps/dashboard/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-10176058
- https://snyk.io/vuln/SNYK-JS-NEXT-10598339
- https://snyk.io/vuln/SNYK-JS-NEXT-14173355
---
 solutions/saas-microservices/apps/dashboard/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/saas-microservices/apps/dashboard/package.json b/solutions/saas-microservices/apps/dashboard/package.json
index 1c05c2a074..e268fd6998 100644
--- a/solutions/saas-microservices/apps/dashboard/package.json
+++ b/solutions/saas-microservices/apps/dashboard/package.json
@@ -17,7 +17,7 @@
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "lucide-react": "^0.468.0",
-    "next": "15.1.9",
+    "next": "15.1.11",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "tailwind-merge": "^2.5.5",

From 838aff1446689faf23663f56ce68d88ab279dc0a Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 23 Dec 2025 04:57:52 +0000
Subject: [PATCH 66/93] fix:
 ci-cd/turborepo-github-actions/apps/web/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BABELHELPERS-9397697
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
---
 ci-cd/turborepo-github-actions/apps/web/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci-cd/turborepo-github-actions/apps/web/package.json b/ci-cd/turborepo-github-actions/apps/web/package.json
index 5e82477d0f..35a530ce5b 100644
--- a/ci-cd/turborepo-github-actions/apps/web/package.json
+++ b/ci-cd/turborepo-github-actions/apps/web/package.json
@@ -10,7 +10,7 @@
   },
   "dependencies": {
     "@repo/ui": "workspace:*",
-    "next": "14.2.5",
+    "next": "14.2.35",
     "react": "18.3.1",
     "react-dom": "18.3.1"
   },

From 34fd1937d8fe5f31bfb4f9a7785dcbeae4a6b658 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 23 Dec 2025 04:58:05 +0000
Subject: [PATCH 67/93] fix:
 solutions/saas-microservices/apps/api-dashboard/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-COOKIE-8163060
---
 solutions/saas-microservices/apps/api-dashboard/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/saas-microservices/apps/api-dashboard/package.json b/solutions/saas-microservices/apps/api-dashboard/package.json
index 4d7a83e8cf..2ba86d16e7 100644
--- a/solutions/saas-microservices/apps/api-dashboard/package.json
+++ b/solutions/saas-microservices/apps/api-dashboard/package.json
@@ -9,7 +9,7 @@
     "typecheck": "tsc --noEmit"
   },
   "devDependencies": {
-    "@vercel/microfrontends": "2.0.0",
+    "@vercel/microfrontends": "2.0.1",
     "nitropack": "latest"
   }
 }

From 77459233ece45b97b6e6021fc319da9fae4ebc8f Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 24 Dec 2025 22:33:36 +0000
Subject: [PATCH 68/93] fix: framework-boilerplates/hydrogen/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-ROLLUP-8073097
---
 framework-boilerplates/hydrogen/package.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/framework-boilerplates/hydrogen/package.json b/framework-boilerplates/hydrogen/package.json
index fac38aa214..d7bbe943b7 100644
--- a/framework-boilerplates/hydrogen/package.json
+++ b/framework-boilerplates/hydrogen/package.json
@@ -14,8 +14,8 @@
     "test:ci": "yarn build -t node && vitest run"
   },
   "devDependencies": {
-    "@shopify/cli": "3.0.27",
-    "@shopify/cli-hydrogen": "3.0.27",
+    "@shopify/cli": "3.33.0",
+    "@shopify/cli-hydrogen": "9.0.0",
     "@shopify/prettier-config": "^1.1.2",
     "@tailwindcss/forms": "^0.5.2",
     "@tailwindcss/typography": "^0.5.2",
@@ -29,7 +29,7 @@
     "prettier": "^2.3.2",
     "tailwindcss": "^3.0.24",
     "typescript": "^4.7.2",
-    "vite": "^2.9.0",
+    "vite": "^3.0.0",
     "vitest": "^0.15.2"
   },
   "prettier": "@shopify/prettier-config",

From 72a142ca6460f2b3b72cdb93262f5a45490a8245 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 24 Dec 2025 22:38:18 +0000
Subject: [PATCH 69/93] fix: framework-boilerplates/gatsby/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-5596892
---
 framework-boilerplates/gatsby/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework-boilerplates/gatsby/package.json b/framework-boilerplates/gatsby/package.json
index af59a687eb..e370b63183 100644
--- a/framework-boilerplates/gatsby/package.json
+++ b/framework-boilerplates/gatsby/package.json
@@ -8,7 +8,7 @@
     "clean": "gatsby clean"
   },
   "dependencies": {
-    "gatsby": "^5.0.0",
+    "gatsby": "^5.4.0",
     "react": "^18.2.0",
     "react-dom": "^18.2.0"
   }

From d4f7ed12d53061b090af6018c3cfc38dafcd5b43 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 26 Dec 2025 10:43:02 +0000
Subject: [PATCH 70/93] fix: framework-boilerplates/blitzjs/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
- https://snyk.io/vuln/SNYK-JS-NEXT-10176058
- https://snyk.io/vuln/SNYK-JS-NEXT-10259370
- https://snyk.io/vuln/SNYK-JS-NEXT-12265451
- https://snyk.io/vuln/SNYK-JS-NEXT-12299318
- https://snyk.io/vuln/SNYK-JS-NEXT-12301496
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-9508709
- https://snyk.io/vuln/SNYK-JS-ONHEADERS-10773729
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
---
 framework-boilerplates/blitzjs/package.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/framework-boilerplates/blitzjs/package.json b/framework-boilerplates/blitzjs/package.json
index a804ef3f4d..e7621f0af6 100644
--- a/framework-boilerplates/blitzjs/package.json
+++ b/framework-boilerplates/blitzjs/package.json
@@ -20,11 +20,11 @@
     ]
   },
   "dependencies": {
-    "@blitzjs/auth": "^2.0.0",
+    "@blitzjs/auth": "^2.2.4",
     "@blitzjs/next": "^2.0.0",
     "@blitzjs/rpc": "2.0.0",
     "blitz": "^2.0.0",
-    "next": "^14.1.1",
+    "next": "^14.2.35",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
     "ts-node": "^10.9.1"
@@ -36,8 +36,8 @@
     "@types/react": "18.0.25",
     "@typescript-eslint/eslint-plugin": "5.30.5",
     "@vitejs/plugin-react": "2.2.0",
-    "eslint": "8.27.0",
-    "eslint-config-next": "12.3.1",
+    "eslint": "9.1.0",
+    "eslint-config-next": "14.1.0",
     "eslint-config-prettier": "8.5.0",
     "husky": "8.0.2",
     "jsdom": "20.0.3",

From c5f496013362736ae30b865be703d5f33af7b2c1 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 26 Dec 2025 10:43:08 +0000
Subject: [PATCH 71/93] fix: framework-boilerplates/nextjs/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ESLINTPLUGINKIT-10847878
- https://snyk.io/vuln/SNYK-JS-NEXT-10176058
- https://snyk.io/vuln/SNYK-JS-NEXT-10598339
- https://snyk.io/vuln/SNYK-JS-NEXT-14173355
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-14400644
---
 framework-boilerplates/nextjs/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework-boilerplates/nextjs/package.json b/framework-boilerplates/nextjs/package.json
index f5703052fe..2ae4055291 100644
--- a/framework-boilerplates/nextjs/package.json
+++ b/framework-boilerplates/nextjs/package.json
@@ -20,7 +20,7 @@
     "@types/react-dom": "^19",
     "postcss": "^8",
     "tailwindcss": "^3.4.1",
-    "eslint": "^9",
+    "eslint": "^9.27.0",
     "eslint-config-next": "15.1.4",
     "@eslint/eslintrc": "^3"
   }

From ad765cbd0550cd6219f47ce79b49504643b4dbb4 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 26 Dec 2025 10:43:18 +0000
Subject: [PATCH 72/93] fix: framework-boilerplates/hydrogen/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504
- https://snyk.io/vuln/SNYK-JS-BABELRUNTIMECOREJS3-9397696
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073
- https://snyk.io/vuln/SNYK-JS-BRACES-6838727
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
- https://snyk.io/vuln/SNYK-JS-PLAYWRIGHTCORE-13553173
- https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-VITE-5664718
- https://snyk.io/vuln/SNYK-JS-VITE-6182924
- https://snyk.io/vuln/SNYK-JS-VITE-6531286
- https://snyk.io/vuln/SNYK-JS-WORDWRAP-3149973
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
---
 framework-boilerplates/hydrogen/package.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/framework-boilerplates/hydrogen/package.json b/framework-boilerplates/hydrogen/package.json
index d7bbe943b7..60b9bebf43 100644
--- a/framework-boilerplates/hydrogen/package.json
+++ b/framework-boilerplates/hydrogen/package.json
@@ -20,16 +20,16 @@
     "@tailwindcss/forms": "^0.5.2",
     "@tailwindcss/typography": "^0.5.2",
     "@types/react": "^18.0.14",
-    "eslint": "^9.0.0",
-    "eslint-plugin-hydrogen": "^0.12.2",
-    "playwright": "^1.22.2",
-    "postcss": "^8.4.14",
+    "eslint": "^9.1.0",
+    "eslint-plugin-hydrogen": "^0.12.5",
+    "playwright": "^1.55.1",
+    "postcss": "^8.4.31",
     "postcss-import": "^14.1.0",
     "postcss-preset-env": "^7.6.0",
     "prettier": "^2.3.2",
     "tailwindcss": "^3.0.24",
     "typescript": "^4.7.2",
-    "vite": "^3.0.0",
+    "vite": "^2.9.18",
     "vitest": "^0.15.2"
   },
   "prettier": "@shopify/prettier-config",

From 71ada3f4add9cdaa88a7cdebe193929aef455431 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 30 Dec 2025 15:13:19 +0000
Subject: [PATCH 73/93] fix: framework-boilerplates/hydrogen/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221
- https://snyk.io/vuln/SNYK-JS-SIMPLEGIT-3177391
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2964180
- https://snyk.io/vuln/SNYK-JS-ZOD-5925617
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-FORMDATA-10841150
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-TMP-11501554
- https://snyk.io/vuln/SNYK-JS-ROLLUP-8073097
- https://snyk.io/vuln/SNYK-JS-GRAPHQL-5905181
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
- https://snyk.io/vuln/SNYK-JS-LIQUIDJS-2952868
---
 framework-boilerplates/hydrogen/package.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/framework-boilerplates/hydrogen/package.json b/framework-boilerplates/hydrogen/package.json
index 60b9bebf43..c4ca427d18 100644
--- a/framework-boilerplates/hydrogen/package.json
+++ b/framework-boilerplates/hydrogen/package.json
@@ -14,8 +14,8 @@
     "test:ci": "yarn build -t node && vitest run"
   },
   "devDependencies": {
-    "@shopify/cli": "3.33.0",
-    "@shopify/cli-hydrogen": "9.0.0",
+    "@shopify/cli": "3.59.0",
+    "@shopify/cli-hydrogen": "9.0.4",
     "@shopify/prettier-config": "^1.1.2",
     "@tailwindcss/forms": "^0.5.2",
     "@tailwindcss/typography": "^0.5.2",
@@ -29,7 +29,7 @@
     "prettier": "^2.3.2",
     "tailwindcss": "^3.0.24",
     "typescript": "^4.7.2",
-    "vite": "^2.9.18",
+    "vite": "^3.0.0",
     "vitest": "^0.15.2"
   },
   "prettier": "@shopify/prettier-config",

From 2a43f30434f80cae50a29d6997eb4cfe8008576a Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 30 Dec 2025 18:39:19 +0000
Subject: [PATCH 74/93] fix: framework-boilerplates/blitzjs/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-GLOB-14040952
---
 framework-boilerplates/blitzjs/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework-boilerplates/blitzjs/package.json b/framework-boilerplates/blitzjs/package.json
index e7621f0af6..51d0ca0cc3 100644
--- a/framework-boilerplates/blitzjs/package.json
+++ b/framework-boilerplates/blitzjs/package.json
@@ -37,7 +37,7 @@
     "@typescript-eslint/eslint-plugin": "5.30.5",
     "@vitejs/plugin-react": "2.2.0",
     "eslint": "9.1.0",
-    "eslint-config-next": "14.1.0",
+    "eslint-config-next": "15.0.0",
     "eslint-config-prettier": "8.5.0",
     "husky": "8.0.2",
     "jsdom": "20.0.3",

From 48fe2c50c4339d58543297c952a5423ff0f18129 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 30 Dec 2025 18:59:56 +0000
Subject: [PATCH 75/93] fix: solutions/express/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-QS-14724253

From d5e69772ebc11a8f41d0cb5affeb82079d556cda Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 30 Dec 2025 19:00:19 +0000
Subject: [PATCH 76/93] fix: edge-middleware/basic-auth-password/package.json
 to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-9508709
---
 edge-middleware/basic-auth-password/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/edge-middleware/basic-auth-password/package.json b/edge-middleware/basic-auth-password/package.json
index c6c37fd207..de87a7942a 100644
--- a/edge-middleware/basic-auth-password/package.json
+++ b/edge-middleware/basic-auth-password/package.json
@@ -11,7 +11,7 @@
   },
   "dependencies": {
     "@vercel/examples-ui": "^1.0.5",
-    "next": "canary",
+    "next": "13.5.11",
     "react": "latest",
     "react-dom": "latest"
   },

From 72880f0f19f729c05dc5b1605af4d3b2430a04df Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 30 Dec 2025 20:37:17 +0000
Subject: [PATCH 77/93] fix: solutions/auth-with-ory/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-QS-14724253
---
 solutions/auth-with-ory/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/auth-with-ory/package.json b/solutions/auth-with-ory/package.json
index b008b0db38..88def728f1 100644
--- a/solutions/auth-with-ory/package.json
+++ b/solutions/auth-with-ory/package.json
@@ -16,7 +16,7 @@
     "test:dev": "cypress open"
   },
   "dependencies": {
-    "@ory/integrations": "^0.2.1",
+    "@ory/integrations": "^1.2.1",
     "@ory/kratos-client": "^0.8.2-alpha.1",
     "@vercel/examples-ui": "^1.0.4",
     "next": "canary",

From 9e4a82c36ef87236382d4edf93d95a0ae78fcde0 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 30 Dec 2025 21:25:39 +0000
Subject: [PATCH 78/93] fix: solutions/mint-nft/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-QS-14724253
---
 solutions/mint-nft/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/mint-nft/package.json b/solutions/mint-nft/package.json
index 3534161285..c1d64b3765 100644
--- a/solutions/mint-nft/package.json
+++ b/solutions/mint-nft/package.json
@@ -20,7 +20,7 @@
     "magic-sdk": "^13.6.0",
     "moralis-v1": "^1.12.0",
     "next": "^13.2.4",
-    "nsfwjs": "^2.4.2",
+    "nsfwjs": "^3.0.0",
     "pica": "^9.0.1",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",

From 8f8bb02f2da3eff8709eaa218066dcf09dec3b35 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 6 Jan 2026 16:31:08 +0000
Subject: [PATCH 79/93] fix: solutions/auth-with-ory/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-QS-14724253
---
 solutions/auth-with-ory/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/auth-with-ory/package.json b/solutions/auth-with-ory/package.json
index b008b0db38..6756e04580 100644
--- a/solutions/auth-with-ory/package.json
+++ b/solutions/auth-with-ory/package.json
@@ -28,7 +28,7 @@
     "@types/node": "^17.0.14",
     "@types/react": "latest",
     "autoprefixer": "^10.4.2",
-    "cypress": "^9.4.1",
+    "cypress": "^13.0.0",
     "eslint": "^8.9.0",
     "eslint-config-next": "canary",
     "ory-prettier-styles": "^1.1.2",

From 0526de00b8d1eff0ac3cf65d60fcbd79fdee1e14 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 7 Jan 2026 05:07:21 +0000
Subject: [PATCH 80/93] fix: framework-boilerplates/blitzjs/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
- https://snyk.io/vuln/SNYK-JS-NEXT-10176058
- https://snyk.io/vuln/SNYK-JS-NEXT-10259370
- https://snyk.io/vuln/SNYK-JS-NEXT-12265451
- https://snyk.io/vuln/SNYK-JS-NEXT-12299318
- https://snyk.io/vuln/SNYK-JS-NEXT-12301496
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-NEXT-9508709
- https://snyk.io/vuln/SNYK-JS-ONHEADERS-10773729
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116

From 5285b8f38101cdd85da8cd9f82270de2a4f353a0 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 7 Jan 2026 05:07:35 +0000
Subject: [PATCH 81/93] fix: framework-boilerplates/hydrogen/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504
- https://snyk.io/vuln/SNYK-JS-BABELRUNTIMECOREJS3-9397696
- https://snyk.io/vuln/SNYK-JS-BODYPARSER-7926860
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073
- https://snyk.io/vuln/SNYK-JS-BRACES-6838727
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
- https://snyk.io/vuln/SNYK-JS-PLAYWRIGHTCORE-13553173
- https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692
- https://snyk.io/vuln/SNYK-JS-QS-14724253
- https://snyk.io/vuln/SNYK-JS-UNDICI-10176064
- https://snyk.io/vuln/SNYK-JS-UNDICI-8641354
- https://snyk.io/vuln/SNYK-JS-VITE-5664718
- https://snyk.io/vuln/SNYK-JS-VITE-6182924
- https://snyk.io/vuln/SNYK-JS-VITE-6531286
- https://snyk.io/vuln/SNYK-JS-WORDWRAP-3149973
- https://snyk.io/vuln/SNYK-JS-VITE-9512410
- https://snyk.io/vuln/SNYK-JS-VITE-9576207
- https://snyk.io/vuln/SNYK-JS-VITE-9653016
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-VITE-8648411
- https://snyk.io/vuln/SNYK-JS-VITE-9919777
- https://snyk.io/vuln/SNYK-JS-VITE-13644406
- https://snyk.io/vuln/SNYK-JS-VITE-9685035
- https://snyk.io/vuln/SNYK-JS-VITE-8022916
- https://snyk.io/vuln/SNYK-JS-VITE-8023174
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-ROLLUP-8073097
- https://snyk.io/vuln/SNYK-JS-SIRV-12558119
- https://snyk.io/vuln/SNYK-JS-VITE-12558116
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110

From bb270f414cdc83c9180369f120840e16a6bc596f Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 10 Jan 2026 19:32:05 +0000
Subject: [PATCH 82/93] fix: framework-boilerplates/remix/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-REMIXRUNNODE-14908858
- https://snyk.io/vuln/SNYK-JS-REMIXRUNREACT-14908290
- https://snyk.io/vuln/SNYK-JS-REMIXRUNREACT-14908292
- https://snyk.io/vuln/SNYK-JS-REMIXRUNSERVERRUNTIME-14908428
---
 framework-boilerplates/remix/package.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/framework-boilerplates/remix/package.json b/framework-boilerplates/remix/package.json
index 5bb01d545b..43a6c7eaee 100644
--- a/framework-boilerplates/remix/package.json
+++ b/framework-boilerplates/remix/package.json
@@ -9,9 +9,9 @@
     "typecheck": "tsc"
   },
   "dependencies": {
-    "@remix-run/node": "2.10.0",
-    "@remix-run/react": "2.10.0",
-    "@remix-run/server-runtime": "2.10.0",
+    "@remix-run/node": "2.17.2",
+    "@remix-run/react": "2.17.3",
+    "@remix-run/server-runtime": "2.17.3",
     "@vercel/analytics": "^1.2.2",
     "@vercel/remix": "2.10.0",
     "isbot": "^4",
@@ -19,7 +19,7 @@
     "react-dom": "^18.2.0"
   },
   "devDependencies": {
-    "@remix-run/dev": "2.10.0",
+    "@remix-run/dev": "2.17.3",
     "@remix-run/eslint-config": "2.10.0",
     "@types/react": "^18.2.20",
     "@types/react-dom": "^18.2.7",

From 243f9da991abde188a86ddc76d7cc2d6ff782c2e Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 13 Jan 2026 14:26:39 +0000
Subject: [PATCH 83/93] fix: starter/hono-mcp/package.json &
 starter/hono-mcp/pnpm-lock.yaml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MODELCONTEXTPROTOCOLSDK-14871802
---
 starter/hono-mcp/package.json   |   2 +-
 starter/hono-mcp/pnpm-lock.yaml | 114 +++++++++++++++++++++-----------
 2 files changed, 76 insertions(+), 40 deletions(-)

diff --git a/starter/hono-mcp/package.json b/starter/hono-mcp/package.json
index 317c48fd86..7e83089679 100644
--- a/starter/hono-mcp/package.json
+++ b/starter/hono-mcp/package.json
@@ -2,7 +2,7 @@
   "name": "hono-mcp",
   "type": "module",
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.24.0",
+    "@modelcontextprotocol/sdk": "^1.25.2",
     "hono": "^4.9.2",
     "mcp-handler": "^1.0.1",
     "zod": "^3"
diff --git a/starter/hono-mcp/pnpm-lock.yaml b/starter/hono-mcp/pnpm-lock.yaml
index 53a09749ac..54c176a01d 100644
--- a/starter/hono-mcp/pnpm-lock.yaml
+++ b/starter/hono-mcp/pnpm-lock.yaml
@@ -9,14 +9,14 @@ importers:
   .:
     dependencies:
       '@modelcontextprotocol/sdk':
-        specifier: ^1.17.3
-        version: 1.17.3
+        specifier: ^1.25.2
+        version: 1.25.2(hono@4.9.2)(zod@3.25.76)
       hono:
         specifier: ^4.9.2
         version: 4.9.2
       mcp-handler:
         specifier: ^1.0.1
-        version: 1.0.1(@modelcontextprotocol/sdk@1.17.3)
+        version: 1.0.1(@modelcontextprotocol/sdk@1.25.2(hono@4.9.2)(zod@3.25.76))
       zod:
         specifier: ^3
         version: 3.25.76
@@ -30,9 +30,21 @@ importers:
 
 packages:
 
-  '@modelcontextprotocol/sdk@1.17.3':
-    resolution: {integrity: sha512-JPwUKWSsbzx+DLFznf/QZ32Qa+ptfbUlHhRLrBQBAFu9iI1iYvizM4p+zhhRDceSsPutXp4z+R/HPVphlIiclg==}
+  '@hono/node-server@1.19.8':
+    resolution: {integrity: sha512-0/g2lIOPzX8f3vzW1ggQgvG5mjtFBDBHFAzI5SFAi2DzSqS9luJwqg9T6O/gKYLi+inS7eNxBeIFkkghIPvrMA==}
+    engines: {node: '>=18.14.1'}
+    peerDependencies:
+      hono: ^4
+
+  '@modelcontextprotocol/sdk@1.25.2':
+    resolution: {integrity: sha512-LZFeo4F9M5qOhC/Uc1aQSrBHxMrvxett+9KLHt7OhcExtoiRN9DKgbZffMP/nxjutWDQpfMDfP3nkHI4X9ijww==}
     engines: {node: '>=18'}
+    peerDependencies:
+      '@cfworker/json-schema': ^4.1.1
+      zod: ^3.25 || ^4.0
+    peerDependenciesMeta:
+      '@cfworker/json-schema':
+        optional: true
 
   '@redis/bloom@1.2.0':
     resolution: {integrity: sha512-HG2DFjYKbpNmVXsa0keLHp/3leGJz1mjh09f2RLGGLQZzSHpkmZWuwJbAvo3QcRY8p80m5+ZdXZdYOSBLlp7Cg==}
@@ -70,8 +82,16 @@ packages:
     resolution: {integrity: sha512-5cvg6CtKwfgdmVqY1WIiXKc3Q1bkRqGLi+2W/6ao+6Y7gu/RCwRuAhGEzh5B4KlszSuTLgZYuqFqo5bImjNKng==}
     engines: {node: '>= 0.6'}
 
-  ajv@6.12.6:
-    resolution: {integrity: sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==}
+  ajv-formats@3.0.1:
+    resolution: {integrity: sha512-8iUql50EUR+uUcdRQ3HDqa6EVyo3docL8g5WJ3FNcWmu62IbkGUue/pEyLBW8VGKKucTPgqeks4fIU1DA4yowQ==}
+    peerDependencies:
+      ajv: ^8.0.0
+    peerDependenciesMeta:
+      ajv:
+        optional: true
+
+  ajv@8.17.1:
+    resolution: {integrity: sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==}
 
   body-parser@2.2.0:
     resolution: {integrity: sha512-02qvAaxv8tp7fBa/mw1ga98OGm+eCbqzJOKoRt70sLmfEEi+jyBYVTDGfCL/k06/4EMk/z01gCe7HoCH/f2LTg==}
@@ -189,8 +209,8 @@ packages:
   fast-deep-equal@3.1.3:
     resolution: {integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==}
 
-  fast-json-stable-stringify@2.1.0:
-    resolution: {integrity: sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==}
+  fast-uri@3.1.0:
+    resolution: {integrity: sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==}
 
   finalhandler@2.1.0:
     resolution: {integrity: sha512-/t88Ty3d5JWQbWYgaOGCCYfXRwV1+be02WqYYlL6h0lEiUAMPM8o8qKGO01YIkOHzka2up08wvgYD0mDiI+q3Q==}
@@ -256,8 +276,14 @@ packages:
   isexe@2.0.0:
     resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==}
 
-  json-schema-traverse@0.4.1:
-    resolution: {integrity: sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==}
+  jose@6.1.3:
+    resolution: {integrity: sha512-0TpaTfihd4QMNwrz/ob2Bp7X04yuxJkjRGi4aKmOqwhov54i6u79oCv7T+C7lo70MKH6BesI3vscD1yb/yzKXQ==}
+
+  json-schema-traverse@1.0.0:
+    resolution: {integrity: sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==}
+
+  json-schema-typed@8.0.2:
+    resolution: {integrity: sha512-fQhoXdcvc3V28x7C7BMs4P5+kNlgUURe2jmUT1T//oBRMDrqy1QPelJimwZGo7Hg9VPV3EQV5Bnq4hbFy2vetA==}
 
   math-intrinsics@1.1.0:
     resolution: {integrity: sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==}
@@ -331,10 +357,6 @@ packages:
     resolution: {integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==}
     engines: {node: '>= 0.10'}
 
-  punycode@2.3.1:
-    resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==}
-    engines: {node: '>=6'}
-
   qs@6.14.0:
     resolution: {integrity: sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==}
     engines: {node: '>=0.6'}
@@ -350,6 +372,10 @@ packages:
   redis@4.7.1:
     resolution: {integrity: sha512-S1bJDnqLftzHXHP8JsT5II/CtHWQrASX5K96REjWjlmWKrviSOLWmM7QnRLstAWsu1VBBV1ffV6DzCvxNP0UJQ==}
 
+  require-from-string@2.0.2:
+    resolution: {integrity: sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==}
+    engines: {node: '>=0.10.0'}
+
   router@2.2.0:
     resolution: {integrity: sha512-nLTrUKm2UyiL7rlhapu/Zl45FwNgkZGaCpZbIHajDYgwlJCOzLSk+cIPAnsEqV955GjILJnKbdQC1nVPz+gAYQ==}
     engines: {node: '>= 18'}
@@ -423,9 +449,6 @@ packages:
     resolution: {integrity: sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==}
     engines: {node: '>= 0.8'}
 
-  uri-js@4.4.1:
-    resolution: {integrity: sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==}
-
   vary@1.1.2:
     resolution: {integrity: sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==}
     engines: {node: '>= 0.8'}
@@ -441,19 +464,25 @@ packages:
   yallist@4.0.0:
     resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==}
 
-  zod-to-json-schema@3.24.6:
-    resolution: {integrity: sha512-h/z3PKvcTcTetyjl1fkj79MHNEjm+HpD6NXheWjzOekY7kV+lwDYnHw+ivHkijnCSMz1yJaWBD9vu/Fcmk+vEg==}
+  zod-to-json-schema@3.25.1:
+    resolution: {integrity: sha512-pM/SU9d3YAggzi6MtR4h7ruuQlqKtad8e9S0fmxcMi+ueAK5Korys/aWcV9LIIHTVbj01NdzxcnXSN+O74ZIVA==}
     peerDependencies:
-      zod: ^3.24.1
+      zod: ^3.25 || ^4
 
   zod@3.25.76:
     resolution: {integrity: sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==}
 
 snapshots:
 
-  '@modelcontextprotocol/sdk@1.17.3':
+  '@hono/node-server@1.19.8(hono@4.9.2)':
     dependencies:
-      ajv: 6.12.6
+      hono: 4.9.2
+
+  '@modelcontextprotocol/sdk@1.25.2(hono@4.9.2)(zod@3.25.76)':
+    dependencies:
+      '@hono/node-server': 1.19.8(hono@4.9.2)
+      ajv: 8.17.1
+      ajv-formats: 3.0.1(ajv@8.17.1)
       content-type: 1.0.5
       cors: 2.8.5
       cross-spawn: 7.0.6
@@ -461,11 +490,14 @@ snapshots:
       eventsource-parser: 3.0.3
       express: 5.1.0
       express-rate-limit: 7.5.1(express@5.1.0)
+      jose: 6.1.3
+      json-schema-typed: 8.0.2
       pkce-challenge: 5.0.0
       raw-body: 3.0.0
       zod: 3.25.76
-      zod-to-json-schema: 3.24.6(zod@3.25.76)
+      zod-to-json-schema: 3.25.1(zod@3.25.76)
     transitivePeerDependencies:
+      - hono
       - supports-color
 
   '@redis/bloom@1.2.0(@redis/client@1.6.1)':
@@ -503,12 +535,16 @@ snapshots:
       mime-types: 3.0.1
       negotiator: 1.0.0
 
-  ajv@6.12.6:
+  ajv-formats@3.0.1(ajv@8.17.1):
+    optionalDependencies:
+      ajv: 8.17.1
+
+  ajv@8.17.1:
     dependencies:
       fast-deep-equal: 3.1.3
-      fast-json-stable-stringify: 2.1.0
-      json-schema-traverse: 0.4.1
-      uri-js: 4.4.1
+      fast-uri: 3.1.0
+      json-schema-traverse: 1.0.0
+      require-from-string: 2.0.2
 
   body-parser@2.2.0:
     dependencies:
@@ -635,7 +671,7 @@ snapshots:
 
   fast-deep-equal@3.1.3: {}
 
-  fast-json-stable-stringify@2.1.0: {}
+  fast-uri@3.1.0: {}
 
   finalhandler@2.1.0:
     dependencies:
@@ -704,13 +740,17 @@ snapshots:
 
   isexe@2.0.0: {}
 
-  json-schema-traverse@0.4.1: {}
+  jose@6.1.3: {}
+
+  json-schema-traverse@1.0.0: {}
+
+  json-schema-typed@8.0.2: {}
 
   math-intrinsics@1.1.0: {}
 
-  mcp-handler@1.0.1(@modelcontextprotocol/sdk@1.17.3):
+  mcp-handler@1.0.1(@modelcontextprotocol/sdk@1.25.2(hono@4.9.2)(zod@3.25.76)):
     dependencies:
-      '@modelcontextprotocol/sdk': 1.17.3
+      '@modelcontextprotocol/sdk': 1.25.2(hono@4.9.2)(zod@3.25.76)
       chalk: 5.5.0
       commander: 11.1.0
       redis: 4.7.1
@@ -754,8 +794,6 @@ snapshots:
       forwarded: 0.2.0
       ipaddr.js: 1.9.1
 
-  punycode@2.3.1: {}
-
   qs@6.14.0:
     dependencies:
       side-channel: 1.1.0
@@ -778,6 +816,8 @@ snapshots:
       '@redis/search': 1.2.0(@redis/client@1.6.1)
       '@redis/time-series': 1.1.0(@redis/client@1.6.1)
 
+  require-from-string@2.0.2: {}
+
   router@2.2.0:
     dependencies:
       debug: 4.4.1
@@ -871,10 +911,6 @@ snapshots:
 
   unpipe@1.0.0: {}
 
-  uri-js@4.4.1:
-    dependencies:
-      punycode: 2.3.1
-
   vary@1.1.2: {}
 
   which@2.0.2:
@@ -885,7 +921,7 @@ snapshots:
 
   yallist@4.0.0: {}
 
-  zod-to-json-schema@3.24.6(zod@3.25.76):
+  zod-to-json-schema@3.25.1(zod@3.25.76):
     dependencies:
       zod: 3.25.76
 

From 1d1f9ed8c378437d1945669c5be2f0b4584eb497 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 13 Jan 2026 15:41:17 +0000
Subject: [PATCH 84/93] fix: framework-boilerplates/ionic-angular/package.json
 to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANGULARCOMPILER-14908872
- https://snyk.io/vuln/SNYK-JS-ANGULARCORE-14908871
---
 framework-boilerplates/ionic-angular/package.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/framework-boilerplates/ionic-angular/package.json b/framework-boilerplates/ionic-angular/package.json
index 2c55f29b79..f80b13724d 100644
--- a/framework-boilerplates/ionic-angular/package.json
+++ b/framework-boilerplates/ionic-angular/package.json
@@ -15,8 +15,8 @@
   "dependencies": {
     "@angular/animations": "^19.0.0",
     "@angular/common": "^19.2.16",
-    "@angular/compiler": "^19.2.17",
-    "@angular/core": "^19.0.0",
+    "@angular/compiler": "^19.2.18",
+    "@angular/core": "^19.2.18",
     "@angular/forms": "^19.0.0",
     "@angular/platform-browser": "^19.0.0",
     "@angular/platform-browser-dynamic": "^19.0.0",

From ae4d4d530bc74ba7fef75403bef4be0c62cd6c7b Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 14 Jan 2026 07:09:55 +0000
Subject: [PATCH 85/93] fix: framework-boilerplates/angular/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANGULARCOMPILER-14908872
- https://snyk.io/vuln/SNYK-JS-ANGULARCORE-14908871
---
 framework-boilerplates/angular/package.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/framework-boilerplates/angular/package.json b/framework-boilerplates/angular/package.json
index 5a49b305e7..f3ff4af66f 100644
--- a/framework-boilerplates/angular/package.json
+++ b/framework-boilerplates/angular/package.json
@@ -10,8 +10,8 @@
   "dependencies": {
     "@angular/animations": "^15.0.0",
     "@angular/common": "^15.0.0",
-    "@angular/compiler": "^15.0.0",
-    "@angular/core": "^15.0.0",
+    "@angular/compiler": "^19.2.18",
+    "@angular/core": "^19.2.18",
     "@angular/forms": "^15.0.0",
     "@angular/platform-browser": "^15.0.0",
     "@angular/platform-browser-dynamic": "^15.0.0",

From 2b636a84d0d837b473b0a0e0581645fb46bce3e9 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 15 Jan 2026 03:57:33 +0000
Subject: [PATCH 86/93] fix: framework-boilerplates/hydrogen/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504
- https://snyk.io/vuln/SNYK-JS-BABELRUNTIMECOREJS3-9397696
- https://snyk.io/vuln/SNYK-JS-BODYPARSER-7926860
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073
- https://snyk.io/vuln/SNYK-JS-BRACES-6838727
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
- https://snyk.io/vuln/SNYK-JS-PLAYWRIGHT-14888269
- https://snyk.io/vuln/SNYK-JS-PLAYWRIGHTCORE-13553173
- https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692
- https://snyk.io/vuln/SNYK-JS-QS-14724253
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-UNDICI-10176064
- https://snyk.io/vuln/SNYK-JS-UNDICI-8641354
- https://snyk.io/vuln/SNYK-JS-VITE-5664718
- https://snyk.io/vuln/SNYK-JS-VITE-6182924
- https://snyk.io/vuln/SNYK-JS-VITE-6531286
- https://snyk.io/vuln/SNYK-JS-WORDWRAP-3149973
- https://snyk.io/vuln/SNYK-JS-YARN-12143051
- https://snyk.io/vuln/SNYK-JS-VITE-9512410
- https://snyk.io/vuln/SNYK-JS-VITE-9576207
- https://snyk.io/vuln/SNYK-JS-VITE-9653016
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-VITE-8648411
- https://snyk.io/vuln/SNYK-JS-VITE-13644406
- https://snyk.io/vuln/SNYK-JS-VITE-9919777
- https://snyk.io/vuln/SNYK-JS-VITE-9685035
- https://snyk.io/vuln/SNYK-JS-VITE-8022916
- https://snyk.io/vuln/SNYK-JS-VITE-8023174
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-ROLLUP-8073097
- https://snyk.io/vuln/SNYK-JS-SIRV-12558119
- https://snyk.io/vuln/SNYK-JS-VITE-12558116
---
 framework-boilerplates/hydrogen/package.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/framework-boilerplates/hydrogen/package.json b/framework-boilerplates/hydrogen/package.json
index c4ca427d18..016053db76 100644
--- a/framework-boilerplates/hydrogen/package.json
+++ b/framework-boilerplates/hydrogen/package.json
@@ -15,21 +15,21 @@
   },
   "devDependencies": {
     "@shopify/cli": "3.59.0",
-    "@shopify/cli-hydrogen": "9.0.4",
+    "@shopify/cli-hydrogen": "9.0.0",
     "@shopify/prettier-config": "^1.1.2",
     "@tailwindcss/forms": "^0.5.2",
     "@tailwindcss/typography": "^0.5.2",
     "@types/react": "^18.0.14",
     "eslint": "^9.1.0",
     "eslint-plugin-hydrogen": "^0.12.5",
-    "playwright": "^1.55.1",
+    "playwright": "^1.56.0",
     "postcss": "^8.4.31",
     "postcss-import": "^14.1.0",
     "postcss-preset-env": "^7.6.0",
     "prettier": "^2.3.2",
     "tailwindcss": "^3.0.24",
     "typescript": "^4.7.2",
-    "vite": "^3.0.0",
+    "vite": "^3.2.11",
     "vitest": "^0.15.2"
   },
   "prettier": "@shopify/prettier-config",

From e1d3328117b2fed79cb4f95ca42c4f6acd7ea7b5 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 17 Jan 2026 21:49:50 +0000
Subject: [PATCH 87/93] fix: starter/hono-mcp/package.json &
 starter/hono-mcp/pnpm-lock.yaml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HONO-14927373
- https://snyk.io/vuln/SNYK-JS-HONO-14927374
---
 starter/hono-mcp/package.json   |  2 +-
 starter/hono-mcp/pnpm-lock.yaml | 26 +++++++++++++-------------
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/starter/hono-mcp/package.json b/starter/hono-mcp/package.json
index 7e83089679..31dd087814 100644
--- a/starter/hono-mcp/package.json
+++ b/starter/hono-mcp/package.json
@@ -3,7 +3,7 @@
   "type": "module",
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.25.2",
-    "hono": "^4.9.2",
+    "hono": "^4.11.4",
     "mcp-handler": "^1.0.1",
     "zod": "^3"
   },
diff --git a/starter/hono-mcp/pnpm-lock.yaml b/starter/hono-mcp/pnpm-lock.yaml
index 54c176a01d..5d382ef674 100644
--- a/starter/hono-mcp/pnpm-lock.yaml
+++ b/starter/hono-mcp/pnpm-lock.yaml
@@ -10,13 +10,13 @@ importers:
     dependencies:
       '@modelcontextprotocol/sdk':
         specifier: ^1.25.2
-        version: 1.25.2(hono@4.9.2)(zod@3.25.76)
+        version: 1.25.2(hono@4.11.4)(zod@3.25.76)
       hono:
-        specifier: ^4.9.2
-        version: 4.9.2
+        specifier: ^4.11.4
+        version: 4.11.4
       mcp-handler:
         specifier: ^1.0.1
-        version: 1.0.1(@modelcontextprotocol/sdk@1.25.2(hono@4.9.2)(zod@3.25.76))
+        version: 1.0.1(@modelcontextprotocol/sdk@1.25.2(hono@4.11.4)(zod@3.25.76))
       zod:
         specifier: ^3
         version: 3.25.76
@@ -251,8 +251,8 @@ packages:
     resolution: {integrity: sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==}
     engines: {node: '>= 0.4'}
 
-  hono@4.9.2:
-    resolution: {integrity: sha512-UG2jXGS/gkLH42l/1uROnwXpkjvvxkl3kpopL3LBo27NuaDPI6xHNfuUSilIHcrBkPfl4y0z6y2ByI455TjNRw==}
+  hono@4.11.4:
+    resolution: {integrity: sha512-U7tt8JsyrxSRKspfhtLET79pU8K+tInj5QZXs1jSugO1Vq5dFj3kmZsRldo29mTBfcjDRVRXrEZ6LS63Cog9ZA==}
     engines: {node: '>=16.9.0'}
 
   http-errors@2.0.0:
@@ -474,13 +474,13 @@ packages:
 
 snapshots:
 
-  '@hono/node-server@1.19.8(hono@4.9.2)':
+  '@hono/node-server@1.19.8(hono@4.11.4)':
     dependencies:
-      hono: 4.9.2
+      hono: 4.11.4
 
-  '@modelcontextprotocol/sdk@1.25.2(hono@4.9.2)(zod@3.25.76)':
+  '@modelcontextprotocol/sdk@1.25.2(hono@4.11.4)(zod@3.25.76)':
     dependencies:
-      '@hono/node-server': 1.19.8(hono@4.9.2)
+      '@hono/node-server': 1.19.8(hono@4.11.4)
       ajv: 8.17.1
       ajv-formats: 3.0.1(ajv@8.17.1)
       content-type: 1.0.5
@@ -718,7 +718,7 @@ snapshots:
     dependencies:
       function-bind: 1.1.2
 
-  hono@4.9.2: {}
+  hono@4.11.4: {}
 
   http-errors@2.0.0:
     dependencies:
@@ -748,9 +748,9 @@ snapshots:
 
   math-intrinsics@1.1.0: {}
 
-  mcp-handler@1.0.1(@modelcontextprotocol/sdk@1.25.2(hono@4.9.2)(zod@3.25.76)):
+  mcp-handler@1.0.1(@modelcontextprotocol/sdk@1.25.2(hono@4.11.4)(zod@3.25.76)):
     dependencies:
-      '@modelcontextprotocol/sdk': 1.25.2(hono@4.9.2)(zod@3.25.76)
+      '@modelcontextprotocol/sdk': 1.25.2(hono@4.11.4)(zod@3.25.76)
       chalk: 5.5.0
       commander: 11.1.0
       redis: 4.7.1

From 4cda6995eaed7678effed1d1c6d036bdb3e0f040 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 4 Feb 2026 09:00:24 +0000
Subject: [PATCH 88/93] fix: edge-middleware/feature-flag-split/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-15104645
---
 edge-middleware/feature-flag-split/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/edge-middleware/feature-flag-split/package.json b/edge-middleware/feature-flag-split/package.json
index 4b13133e6f..7dc82dc72a 100644
--- a/edge-middleware/feature-flag-split/package.json
+++ b/edge-middleware/feature-flag-split/package.json
@@ -15,7 +15,7 @@
     "@vercel/edge-config": "^0.2.1",
     "@vercel/examples-ui": "^2.0.1",
     "js-cookie": "^3.0.5",
-    "next": "^14.2.35",
+    "next": "^15.5.10",
     "react": "^18.2.0",
     "react-dom": "^18.2.0"
   },

From 0b79c2f35c0b18d7db8a670069ffb47d774175de Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 10 Feb 2026 16:32:14 +0000
Subject: [PATCH 89/93] fix: starter/hono-mcp/package.json &
 starter/hono-mcp/pnpm-lock.yaml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MODELCONTEXTPROTOCOLSDK-15208843
---
 starter/hono-mcp/package.json   |   2 +-
 starter/hono-mcp/pnpm-lock.yaml | 120 ++++++++++++++++++++++++--------
 2 files changed, 91 insertions(+), 31 deletions(-)

diff --git a/starter/hono-mcp/package.json b/starter/hono-mcp/package.json
index 31dd087814..4258900f66 100644
--- a/starter/hono-mcp/package.json
+++ b/starter/hono-mcp/package.json
@@ -2,7 +2,7 @@
   "name": "hono-mcp",
   "type": "module",
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.25.2",
+    "@modelcontextprotocol/sdk": "^1.26.0",
     "hono": "^4.11.4",
     "mcp-handler": "^1.0.1",
     "zod": "^3"
diff --git a/starter/hono-mcp/pnpm-lock.yaml b/starter/hono-mcp/pnpm-lock.yaml
index 5d382ef674..7c8bbab326 100644
--- a/starter/hono-mcp/pnpm-lock.yaml
+++ b/starter/hono-mcp/pnpm-lock.yaml
@@ -9,14 +9,14 @@ importers:
   .:
     dependencies:
       '@modelcontextprotocol/sdk':
-        specifier: ^1.25.2
-        version: 1.25.2(hono@4.11.4)(zod@3.25.76)
+        specifier: ^1.26.0
+        version: 1.26.0(zod@3.25.76)
       hono:
         specifier: ^4.11.4
         version: 4.11.4
       mcp-handler:
         specifier: ^1.0.1
-        version: 1.0.1(@modelcontextprotocol/sdk@1.25.2(hono@4.11.4)(zod@3.25.76))
+        version: 1.0.1(@modelcontextprotocol/sdk@1.26.0(zod@3.25.76))
       zod:
         specifier: ^3
         version: 3.25.76
@@ -30,14 +30,14 @@ importers:
 
 packages:
 
-  '@hono/node-server@1.19.8':
-    resolution: {integrity: sha512-0/g2lIOPzX8f3vzW1ggQgvG5mjtFBDBHFAzI5SFAi2DzSqS9luJwqg9T6O/gKYLi+inS7eNxBeIFkkghIPvrMA==}
+  '@hono/node-server@1.19.9':
+    resolution: {integrity: sha512-vHL6w3ecZsky+8P5MD+eFfaGTyCeOHUIFYMGpQGbrBTSmNNoxv0if69rEZ5giu36weC5saFuznL411gRX7bJDw==}
     engines: {node: '>=18.14.1'}
     peerDependencies:
       hono: ^4
 
-  '@modelcontextprotocol/sdk@1.25.2':
-    resolution: {integrity: sha512-LZFeo4F9M5qOhC/Uc1aQSrBHxMrvxett+9KLHt7OhcExtoiRN9DKgbZffMP/nxjutWDQpfMDfP3nkHI4X9ijww==}
+  '@modelcontextprotocol/sdk@1.26.0':
+    resolution: {integrity: sha512-Y5RmPncpiDtTXDbLKswIJzTqu2hyBKxTNsgKqKclDbhIgg1wgtf1fRuvxgTnRfcnxtvvgbIEcqUOzZrJ6iSReg==}
     engines: {node: '>=18'}
     peerDependencies:
       '@cfworker/json-schema': ^4.1.1
@@ -93,8 +93,8 @@ packages:
   ajv@8.17.1:
     resolution: {integrity: sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==}
 
-  body-parser@2.2.0:
-    resolution: {integrity: sha512-02qvAaxv8tp7fBa/mw1ga98OGm+eCbqzJOKoRt70sLmfEEi+jyBYVTDGfCL/k06/4EMk/z01gCe7HoCH/f2LTg==}
+  body-parser@2.2.2:
+    resolution: {integrity: sha512-oP5VkATKlNwcgvxi0vM0p/D3n2C3EReYVX+DNYs5TjZFn/oQt2j+4sVJtSMr18pdRr8wjTcBl6LoV+FUwzPmNA==}
     engines: {node: '>=18'}
 
   bytes@3.1.2:
@@ -154,6 +154,15 @@ packages:
       supports-color:
         optional: true
 
+  debug@4.4.3:
+    resolution: {integrity: sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==}
+    engines: {node: '>=6.0'}
+    peerDependencies:
+      supports-color: '*'
+    peerDependenciesMeta:
+      supports-color:
+        optional: true
+
   depd@2.0.0:
     resolution: {integrity: sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==}
     engines: {node: '>= 0.8'}
@@ -196,14 +205,14 @@ packages:
     resolution: {integrity: sha512-CRT1WTyuQoD771GW56XEZFQ/ZoSfWid1alKGDYMmkt2yl8UXrVR4pspqWNEcqKvVIzg6PAltWjxcSSPrboA4iA==}
     engines: {node: '>=18.0.0'}
 
-  express-rate-limit@7.5.1:
-    resolution: {integrity: sha512-7iN8iPMDzOMHPUYllBEsQdWVB6fPDMPqwjBaFrgr4Jgr/+okjvzAy+UHlYYL/Vs0OsOrMkwS6PJDkFlJwoxUnw==}
+  express-rate-limit@8.2.1:
+    resolution: {integrity: sha512-PCZEIEIxqwhzw4KF0n7QF4QqruVTcF73O5kFKUnGOyjbCCgizBBiFaYpd/fnBLUMPw/BWw9OsiN7GgrNYr7j6g==}
     engines: {node: '>= 16'}
     peerDependencies:
       express: '>= 4.11'
 
-  express@5.1.0:
-    resolution: {integrity: sha512-DT9ck5YIRU+8GYzzU5kT3eHGA5iL+1Zd0EutOmTE9Dtk+Tvuzd23VBU+ec7HPNSTxXYO55gPV/hq4pSBJDjFpA==}
+  express@5.2.1:
+    resolution: {integrity: sha512-hIS4idWWai69NezIdRt2xFVofaF4j+6INOpJlVOLDO8zXGpUVEVzIYk12UUi2JzjEzWL3IOAxcTubgz9Po0yXw==}
     engines: {node: '>= 18'}
 
   fast-deep-equal@3.1.3:
@@ -259,13 +268,25 @@ packages:
     resolution: {integrity: sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==}
     engines: {node: '>= 0.8'}
 
+  http-errors@2.0.1:
+    resolution: {integrity: sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==}
+    engines: {node: '>= 0.8'}
+
   iconv-lite@0.6.3:
     resolution: {integrity: sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==}
     engines: {node: '>=0.10.0'}
 
+  iconv-lite@0.7.2:
+    resolution: {integrity: sha512-im9DjEDQ55s9fL4EYzOAv0yMqmMBSZp6G0VvFyTMPKWxiSBHUj9NW/qqLmXUwXrrM7AvqSlTCfvqRb0cM8yYqw==}
+    engines: {node: '>=0.10.0'}
+
   inherits@2.0.4:
     resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==}
 
+  ip-address@10.0.1:
+    resolution: {integrity: sha512-NWv9YLW4PoW2B7xtzaS3NCot75m6nK7Icdv0o3lfMceJVRfSoQwqD4wEH5rLwoKJwUiZ/rfpiVBhnaF0FK4HoA==}
+    engines: {node: '>= 12'}
+
   ipaddr.js@1.9.1:
     resolution: {integrity: sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==}
     engines: {node: '>= 0.10'}
@@ -361,6 +382,10 @@ packages:
     resolution: {integrity: sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==}
     engines: {node: '>=0.6'}
 
+  qs@6.14.1:
+    resolution: {integrity: sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==}
+    engines: {node: '>=0.6'}
+
   range-parser@1.2.1:
     resolution: {integrity: sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==}
     engines: {node: '>= 0.6'}
@@ -369,6 +394,10 @@ packages:
     resolution: {integrity: sha512-RmkhL8CAyCRPXCE28MMH0z2PNWQBNk2Q09ZdxM9IOOXwxwZbN+qbWaatPkdkWIKL2ZVDImrN/pK5HTRz2PcS4g==}
     engines: {node: '>= 0.8'}
 
+  raw-body@3.0.2:
+    resolution: {integrity: sha512-K5zQjDllxWkf7Z5xJdV0/B0WTNqx6vxG70zJE4N0kBs4LovmEYWJzQGxC9bS9RAKu3bgM40lrd5zoLJ12MQ5BA==}
+    engines: {node: '>= 0.10'}
+
   redis@4.7.1:
     resolution: {integrity: sha512-S1bJDnqLftzHXHP8JsT5II/CtHWQrASX5K96REjWjlmWKrviSOLWmM7QnRLstAWsu1VBBV1ffV6DzCvxNP0UJQ==}
 
@@ -474,13 +503,13 @@ packages:
 
 snapshots:
 
-  '@hono/node-server@1.19.8(hono@4.11.4)':
+  '@hono/node-server@1.19.9(hono@4.11.4)':
     dependencies:
       hono: 4.11.4
 
-  '@modelcontextprotocol/sdk@1.25.2(hono@4.11.4)(zod@3.25.76)':
+  '@modelcontextprotocol/sdk@1.26.0(zod@3.25.76)':
     dependencies:
-      '@hono/node-server': 1.19.8(hono@4.11.4)
+      '@hono/node-server': 1.19.9(hono@4.11.4)
       ajv: 8.17.1
       ajv-formats: 3.0.1(ajv@8.17.1)
       content-type: 1.0.5
@@ -488,8 +517,9 @@ snapshots:
       cross-spawn: 7.0.6
       eventsource: 3.0.7
       eventsource-parser: 3.0.3
-      express: 5.1.0
-      express-rate-limit: 7.5.1(express@5.1.0)
+      express: 5.2.1
+      express-rate-limit: 8.2.1(express@5.2.1)
+      hono: 4.11.4
       jose: 6.1.3
       json-schema-typed: 8.0.2
       pkce-challenge: 5.0.0
@@ -497,7 +527,6 @@ snapshots:
       zod: 3.25.76
       zod-to-json-schema: 3.25.1(zod@3.25.76)
     transitivePeerDependencies:
-      - hono
       - supports-color
 
   '@redis/bloom@1.2.0(@redis/client@1.6.1)':
@@ -546,16 +575,16 @@ snapshots:
       json-schema-traverse: 1.0.0
       require-from-string: 2.0.2
 
-  body-parser@2.2.0:
+  body-parser@2.2.2:
     dependencies:
       bytes: 3.1.2
       content-type: 1.0.5
-      debug: 4.4.1
+      debug: 4.4.3
       http-errors: 2.0.0
-      iconv-lite: 0.6.3
+      iconv-lite: 0.7.2
       on-finished: 2.4.1
-      qs: 6.14.0
-      raw-body: 3.0.0
+      qs: 6.14.1
+      raw-body: 3.0.2
       type-is: 2.0.1
     transitivePeerDependencies:
       - supports-color
@@ -603,6 +632,10 @@ snapshots:
     dependencies:
       ms: 2.1.3
 
+  debug@4.4.3:
+    dependencies:
+      ms: 2.1.3
+
   depd@2.0.0: {}
 
   dunder-proto@1.0.1:
@@ -633,19 +666,21 @@ snapshots:
     dependencies:
       eventsource-parser: 3.0.3
 
-  express-rate-limit@7.5.1(express@5.1.0):
+  express-rate-limit@8.2.1(express@5.2.1):
     dependencies:
-      express: 5.1.0
+      express: 5.2.1
+      ip-address: 10.0.1
 
-  express@5.1.0:
+  express@5.2.1:
     dependencies:
       accepts: 2.0.0
-      body-parser: 2.2.0
+      body-parser: 2.2.2
       content-disposition: 1.0.0
       content-type: 1.0.5
       cookie: 0.7.2
       cookie-signature: 1.2.2
       debug: 4.4.1
+      depd: 2.0.0
       encodeurl: 2.0.0
       escape-html: 1.0.3
       etag: 1.8.1
@@ -728,12 +763,26 @@ snapshots:
       statuses: 2.0.1
       toidentifier: 1.0.1
 
+  http-errors@2.0.1:
+    dependencies:
+      depd: 2.0.0
+      inherits: 2.0.4
+      setprototypeof: 1.2.0
+      statuses: 2.0.2
+      toidentifier: 1.0.1
+
   iconv-lite@0.6.3:
     dependencies:
       safer-buffer: 2.1.2
 
+  iconv-lite@0.7.2:
+    dependencies:
+      safer-buffer: 2.1.2
+
   inherits@2.0.4: {}
 
+  ip-address@10.0.1: {}
+
   ipaddr.js@1.9.1: {}
 
   is-promise@4.0.0: {}
@@ -748,9 +797,9 @@ snapshots:
 
   math-intrinsics@1.1.0: {}
 
-  mcp-handler@1.0.1(@modelcontextprotocol/sdk@1.25.2(hono@4.11.4)(zod@3.25.76)):
+  mcp-handler@1.0.1(@modelcontextprotocol/sdk@1.26.0(zod@3.25.76)):
     dependencies:
-      '@modelcontextprotocol/sdk': 1.25.2(hono@4.11.4)(zod@3.25.76)
+      '@modelcontextprotocol/sdk': 1.26.0(zod@3.25.76)
       chalk: 5.5.0
       commander: 11.1.0
       redis: 4.7.1
@@ -798,6 +847,10 @@ snapshots:
     dependencies:
       side-channel: 1.1.0
 
+  qs@6.14.1:
+    dependencies:
+      side-channel: 1.1.0
+
   range-parser@1.2.1: {}
 
   raw-body@3.0.0:
@@ -807,6 +860,13 @@ snapshots:
       iconv-lite: 0.6.3
       unpipe: 1.0.0
 
+  raw-body@3.0.2:
+    dependencies:
+      bytes: 3.1.2
+      http-errors: 2.0.1
+      iconv-lite: 0.7.2
+      unpipe: 1.0.0
+
   redis@4.7.1:
     dependencies:
       '@redis/bloom': 1.2.0(@redis/client@1.6.1)

From 995de600d74a554709709b069e1e4aa5e16bcab8 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 11 Feb 2026 13:29:08 +0000
Subject: [PATCH 90/93] fix: framework-boilerplates/vue/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-ESLINT-15102420
---
 framework-boilerplates/vue/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework-boilerplates/vue/package.json b/framework-boilerplates/vue/package.json
index 6cb8248c8b..008d495ee3 100644
--- a/framework-boilerplates/vue/package.json
+++ b/framework-boilerplates/vue/package.json
@@ -20,7 +20,7 @@
     "@vue/cli-plugin-eslint": "~5.0.9",
     "@vue/cli-service": "~5.0.9",
     "@vue/compiler-sfc": "^3.5.22",
-    "eslint": "^8.57.1",
+    "eslint": "^9.26.0",
     "eslint-plugin-vue": "^9.33.0"
   },
   "eslintConfig": {

From 397df5aa2165854147a2d838fff6c727db6dbe8e Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 17 Mar 2026 23:17:25 +0000
Subject: [PATCH 91/93] fix: framework-boilerplates/hydrogen/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504
- https://snyk.io/vuln/SNYK-JS-BABELRUNTIMECOREJS3-9397696
- https://snyk.io/vuln/SNYK-JS-BODYPARSER-7926860
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073
- https://snyk.io/vuln/SNYK-JS-BRACES-6838727
- https://snyk.io/vuln/SNYK-JS-ESLINT-15102420
- https://snyk.io/vuln/SNYK-JS-FLATTED-15518041
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
- https://snyk.io/vuln/SNYK-JS-PLAYWRIGHT-14888269
- https://snyk.io/vuln/SNYK-JS-PLAYWRIGHTCORE-13553173
- https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692
- https://snyk.io/vuln/SNYK-JS-QS-14724253
- https://snyk.io/vuln/SNYK-JS-QS-15268416
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-UNDICI-10176064
- https://snyk.io/vuln/SNYK-JS-UNDICI-14943963
- https://snyk.io/vuln/SNYK-JS-UNDICI-15518061
- https://snyk.io/vuln/SNYK-JS-UNDICI-15518068
- https://snyk.io/vuln/SNYK-JS-UNDICI-15518070
- https://snyk.io/vuln/SNYK-JS-UNDICI-15518072
- https://snyk.io/vuln/SNYK-JS-UNDICI-8641354
- https://snyk.io/vuln/SNYK-JS-VITE-5664718
- https://snyk.io/vuln/SNYK-JS-VITE-6182924
- https://snyk.io/vuln/SNYK-JS-VITE-6531286
- https://snyk.io/vuln/SNYK-JS-WORDWRAP-3149973
- https://snyk.io/vuln/SNYK-JS-YARN-12143051
- https://snyk.io/vuln/SNYK-JS-VITE-9576207
- https://snyk.io/vuln/SNYK-JS-VITE-9512410
- https://snyk.io/vuln/SNYK-JS-VITE-9653016
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-ROLLUP-15340920
- https://snyk.io/vuln/SNYK-JS-VITE-8648411
- https://snyk.io/vuln/SNYK-JS-VITE-13644406
- https://snyk.io/vuln/SNYK-JS-VITE-9919777
- https://snyk.io/vuln/SNYK-JS-VITE-9685035
- https://snyk.io/vuln/SNYK-JS-VITE-8022916
- https://snyk.io/vuln/SNYK-JS-VITE-8023174
- https://snyk.io/vuln/SNYK-JS-LIQUIDJS-15443434
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-15309438
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-15353389
- https://snyk.io/vuln/SNYK-JS-AJV-15274295
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-ROLLUP-8073097
- https://snyk.io/vuln/SNYK-JS-SIRV-12558119
- https://snyk.io/vuln/SNYK-JS-VITE-12558116
---
 framework-boilerplates/hydrogen/package.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/framework-boilerplates/hydrogen/package.json b/framework-boilerplates/hydrogen/package.json
index 016053db76..1e1e9d9c64 100644
--- a/framework-boilerplates/hydrogen/package.json
+++ b/framework-boilerplates/hydrogen/package.json
@@ -20,7 +20,7 @@
     "@tailwindcss/forms": "^0.5.2",
     "@tailwindcss/typography": "^0.5.2",
     "@types/react": "^18.0.14",
-    "eslint": "^9.1.0",
+    "eslint": "^9.26.0",
     "eslint-plugin-hydrogen": "^0.12.5",
     "playwright": "^1.56.0",
     "postcss": "^8.4.31",
@@ -36,7 +36,7 @@
   "dependencies": {
     "@headlessui/react": "^1.6.4",
     "@heroicons/react": "^1.0.6",
-    "@shopify/hydrogen": "^1.0.2",
+    "@shopify/hydrogen": "^1.7.4",
     "clsx": "^1.1.1",
     "graphql-tag": "^2.12.6",
     "react": "^18.2.0",

From 3746821bd9dfe962fafbb2e1284fc35c1c68d860 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 17 Mar 2026 23:17:35 +0000
Subject: [PATCH 92/93] fix: starter/personalization-builder-io/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-15674556
- https://snyk.io/vuln/SNYK-JS-NEXT-15674558
---
 starter/personalization-builder-io/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/starter/personalization-builder-io/package.json b/starter/personalization-builder-io/package.json
index 5ebfe4f142..c5b626ef9d 100644
--- a/starter/personalization-builder-io/package.json
+++ b/starter/personalization-builder-io/package.json
@@ -50,7 +50,7 @@
     "atob": "^2.1.2",
     "jest": "^27.4.7",
     "js-cookie": "^3.0.1",
-    "next": "^12.1.0",
+    "next": "^16.1.7",
     "next-seo": "^5.1.0",
     "react": "^17.0.2",
     "react-dom": "^17.0.2",

From 32493814723693a6e58538bee1a4a8204f52dc77 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 17 Mar 2026 23:17:36 +0000
Subject: [PATCH 93/93] fix: edge-middleware/clerk-authentication/package.json
 to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-15674556
- https://snyk.io/vuln/SNYK-JS-NEXT-15674558
---
 edge-middleware/clerk-authentication/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/edge-middleware/clerk-authentication/package.json b/edge-middleware/clerk-authentication/package.json
index 833a1bbca5..5123f95173 100644
--- a/edge-middleware/clerk-authentication/package.json
+++ b/edge-middleware/clerk-authentication/package.json
@@ -15,7 +15,7 @@
     "@peculiar/webcrypto": "^1.2.3",
     "add": "^2.0.6",
     "jose": "^4.4.0",
-    "next": "^12.1.0",
+    "next": "^16.1.7",
     "react": "17.0.2",
     "react-dom": "17.0.2",
     "swiper": "^8.0.2"