[Snyk] Security upgrade next from 16.0.7 to 16.1.5

[miccy]

Snyk has created this PR to fix 2 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

• examples/react-nextjs/package.json

⚠️ Warning

Failed to update the pnpm-lock.yaml, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-NEXT-15104645	149
	Allocation of Resources Without Limits or Throttling SNYK-JS-NEXT-15105315	149

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-fix-354b2366e6bc9b18196e78bd0d0f57d8

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4d158ae9f0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Update pnpm-lock to match the new Next spec

This bumps next to ^16.1.5 in examples/react-nextjs/package.json, but pnpm-lock.yaml still records the importer specifier as ^16.0.0 and resolves to 16.0.7 (see pnpm-lock.yaml lines 462–464). Because the repo’s install action runs pnpm install --frozen-lockfile ( .github/actions/setup-node-pnpm-install/action.yaml line 17), installs will now fail with a lockfile mismatch. Regenerate and commit the lockfile so frozen installs succeed.

Useful? React with 👍 / 👎.

[Copilot]

Pull request overview

This PR upgrades the Next.js dependency in the react-nextjs example to address two high-severity security vulnerabilities related to resource allocation without limits or throttling. The upgrade moves from version ^16.0.0 (which was resolved to 16.0.7) to ^16.1.5.

Changes:

• Upgraded Next.js from ^16.0.0 to ^16.1.5 to fix SNYK-JS-NEXT-15104645 and SNYK-JS-NEXT-15105315

[Copilot]

The Next.js dependency is being upgraded to version 16.1.5, but the related eslint-config-next package in devDependencies remains at version ^16.0.0. These packages are typically versioned together by the Next.js team and should be kept in sync to ensure compatibility. Consider also updating eslint-config-next to ^16.1.5 to match the Next.js version.