fix: react2shell vuln

[promatty]

next 15.1.4 to 15.1.11

Summary by CodeRabbit

• Chores
  • Updated core framework and framework-aligned tooling to pick up recent stability, performance, and developer-experience improvements; no public API or behavior changes expected.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
helios-telemetry	Ready	Preview, Comment	Dec 13, 2025 6:49pm

[coderabbitai]

Warning

Rate limit exceeded

@promatty has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 10 minutes and 25 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 8c30096 and 7590acd.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• packages/client/package.json (2 hunks)

Walkthrough

The pull request updates next and eslint-config-next in packages/client/package.json from 15.1.4 to 15.1.11 in both dependencies and devDependencies. No other dependencies, scripts, or source code changes were included.

Changes

Cohort / File(s)	Summary
Dependency updates packages/client/package.json	Bumped next from 15.1.4 → 15.1.11 and eslint-config-next from 15.1.4 → 15.1.11 in both dependencies and devDependencies.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

• Single file, consistent version bumps, no functional changes.
• Review attention: verify lockfile consistency and run quick dev build/tests.

Poem

🐰 A tiny hop, a patch applied,
Next and lints all upgraded wide.
No code disturbed, just versions shined,
Quietly faster, neatly aligned.
🥕✨

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'fix: react2shell vuln' is vague and uses abbreviated terminology that lacks clarity about the specific changes made.	Replace with a more descriptive title that specifies what vulnerability is being addressed, such as 'fix: update Next.js to 15.1.11 to address react2shell vulnerability'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between aff7d46 and 4a5078c.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• packages/client/package.json (1 hunks)