Update Next.js version to address security vulnerability#47
Merged
Conversation
cbullinger
approved these changes
Dec 3, 2025
This was referenced May 6, 2026
tmcneil-mdb
added a commit
that referenced
this pull request
May 7, 2026
…106) * Bump pymongo to v4.17.0 * Merge TanStack Framework into Development (#105) * Set up TanStack Start sample app with tests, CI/CD, and Bluehawk snippet extraction (#101) * Adding TanStack Start + Unit & Integration Tests * Adding GH Actions * Add Bluehawk snippet extraction and improve test documentation - Set up Bluehawk for snippet extraction from source code - Add generic snip.js script for framework examples - Add processFiles.js for handling unannotated files - Extract 8 code snippets to testedSnippets/ - Add test:all npm script to run both unit and integration tests - Update all READMEs to clarify test commands (test vs test:all) - Document component testing status (not implemented due to TanStack Start beta) - Add Bluehawk annotations to source files (Header, RestaurantList, db, routes) * addressing pr feedback * Adding in copier flow (#104) * adding pining * fix(python-fastapi): bump pillow and python-dotenv for security advisories - pillow 12.2.0 (CVE-2026-42308 through CVE-2026-42311, GHSA-5xmw-vc9v-4wf2, etc.) - python-dotenv 1.2.2 (CVE-2026-28684, GHSA-mf9w-mj56-hr94) Addresses Dependabot alerts #47-51 on mongodb/docs-sample-apps. Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: Cory Bullinger <cory.bullinger@mongodb.com> Co-authored-by: cory <115956901+cbullinger@users.noreply.github.com> Co-authored-by: Cursor <cursoragent@cursor.com>
tmcneil-mdb
added a commit
that referenced
this pull request
May 27, 2026
* Bump pymongo to v4.17.0 * Merge TanStack Framework into Development (#105) * Set up TanStack Start sample app with tests, CI/CD, and Bluehawk snippet extraction (#101) * Adding TanStack Start + Unit & Integration Tests * Adding GH Actions * Add Bluehawk snippet extraction and improve test documentation - Set up Bluehawk for snippet extraction from source code - Add generic snip.js script for framework examples - Add processFiles.js for handling unannotated files - Extract 8 code snippets to testedSnippets/ - Add test:all npm script to run both unit and integration tests - Update all READMEs to clarify test commands (test vs test:all) - Document component testing status (not implemented due to TanStack Start beta) - Add Bluehawk annotations to source files (Header, RestaurantList, db, routes) * addressing pr feedback * Adding in copier flow (#104) * adding pining * fix(python-fastapi): bump pillow and python-dotenv for security advisories - pillow 12.2.0 (CVE-2026-42308 through CVE-2026-42311, GHSA-5xmw-vc9v-4wf2, etc.) - python-dotenv 1.2.2 (CVE-2026-28684, GHSA-mf9w-mj56-hr94) Addresses Dependabot alerts #47-51 on mongodb/docs-sample-apps. Co-authored-by: Cursor <cursoragent@cursor.com> * Batch Dependabot Fixes & Security Workflow (#110) * fix: dependabot issues and creating audit script * chore:remove cached audit files * chore: updating readme and gitignore * fix: batch updating the python packages for mflix to sure the security passes --------- Co-authored-by: Cory Bullinger <cory.bullinger@mongodb.com> Co-authored-by: cory <115956901+cbullinger@users.noreply.github.com> Co-authored-by: Cursor <cursoragent@cursor.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Addresses the following Dependabot alert: https://github.com/mongodb/docs-sample-apps/security/dependabot/4
Tested it locally with the Python server and everything looks good. We'll want to test it with each of the clients in the artifact repos after we merge to main.