Security Update

[chrispotter]

Impact: minor
Type: chore

Issue

Better security update with upgraded next package. Tests wouldn't run locally so PR for CircleCI testing.

[chrispotter]

Hmm, looks like upgrading next introduced errors. Back to the drawing board, suggestions welcome...

[focusaurus]

If the security fixes aren't backported to next v7 then we can file a bug and have storefront devs handle upgrading next as broader maintenance work.

[HarisSpahija]

I would like to pick this up, could you maybe shed some more light on the errors you encountered? @chrispotter

[chrispotter]

@HarisSpahija here are the vulns we've had reported through next.js. Snyk recommends that we update to [email protected]

[HarisSpahija]

Best way seems to just upgrade the NextJS platform right? I am not sure if security fixes will ever be backported to v7 since we are on Next v9 atm. I have rarely seen them backporting fixes to more than 1 major patch.

Is it okay to take over this PR or create a new PR and update the NextJS and fix the resulting erros/bugs?

[chrispotter]

@HarisSpahija feel free to make a new PR or take over this one!

[HarisSpahija]

I currently see only unit tests failing? Did the update only introduce bugs to the tests?

Also, some items can/should be removed with the upgrade of Next to V9. For example react-helmet is no longer needed and can be replaced with Head from 'next/head. I will create separate issues with the tag ESv2. They will be part of a bigger update that I am working on.

[willopez]

closing in favor of #664