Fix all security vulnerabilities and update major dependencies

[devin-ai-integration]

Fix all security vulnerabilities and update major dependencies

Summary

This PR addresses all security vulnerabilities and updates major dependencies to their latest versions. The changes include:

• Security: Resolved all 13 security vulnerabilities (now 0 vulnerabilities)
• Next.js: Updated from 14.1.2 to 15.3.4 (major version upgrade)
• React: Updated from 18.x to 19.1.0 (major version upgrade)
• OpenAI SDK: Updated from 4.58.2 to 5.8.1 (major version upgrade)
• Langchain: Updated from 0.1.28 to 0.3.29 (major version upgrade)
• Compatibility fixes: Fixed breaking changes from the major version updates

Review & Testing Checklist for Human

⚠️ High Risk Changes - Please test thoroughly:

• End-to-end functionality testing: Test the core answer engine with real API keys (GROQ_API_KEY, SERPER_API, etc.) to ensure AI responses work correctly
• All AI features work: Test search functionality, function calling (@mention tools), embeddings, and semantic caching with real queries
• No runtime errors: Check browser console and server logs for any new errors, warnings, or performance issues
• Build and deployment: Verify that npm run build works and deployment processes are unaffected
• Feature completeness: Test places search, shopping search, Spotify integration, and other function calling features

Recommended Test Plan:

1. Set up real environment variables from .env.example
2. Start dev server and test basic Q&A functionality
3. Test each @mention tool (places, shopping, music, etc.)
4. Run production build and test deployment
5. Monitor for any console warnings or performance degradation

---

Diagram

graph TB
    subgraph "Core Dependencies"
        A[package.json]:::major-edit
        B[package-lock.json]:::major-edit
        C[tsconfig.json]:::minor-edit
        D[next-env.d.ts]:::minor-edit
    end
    
    subgraph "Compatibility Fixes"
        E[app/tools/mentionFunctions/structuredUnlockSummarize.ts]:::major-edit
        F[app/tools/rateLimiting.tsx]:::major-edit
        G[lib/hooks/use-enter-submit.tsx]:::major-edit
    end
    
    subgraph "Related Files"
        H[app/config.tsx]:::context
        I[app/function-calling.tsx]:::context
        J[app/action.tsx]:::context
    end
    
    A --> E
    A --> F
    A --> G
    C --> G
    H --> E
    H --> I
    
    subgraph Legend
        L1[Major Edit]:::major-edit
        L2[Minor Edit]:::minor-edit  
        L3[Context/No Edit]:::context
    end
    
    
    classDef major-edit fill:#90EE90
    classDef minor-edit fill:#87CEEB
    classDef context fill:#FFFFFF

Loading

Notes

• OpenAI SDK v5 Changes: The openai.beta.chat.completions.parse API was deprecated and replaced with openai.chat.completions.create with manual JSON parsing
• Next.js 15 Changes: The headers() function now returns a Promise that must be awaited
• React 19 Changes: Stricter TypeScript types for refs require explicit null handling
• Testing Limitation: Only tested with dummy environment variables - real API functionality needs validation
• Deprecation Warning: Noticed a React 19 ref deprecation warning in toast component that may need future attention

Link to Devin run: https://app.devin.ai/sessions/80b30385ad87467ea6d24993d05b890d
Requested by: @developersdigest

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
llm-answer-engine	❌ Failed (Inspect)			Jun 27, 2025 3:35am