Skip to content

chore(security): bump next-mdx-remote to 6.0.0#10

Merged
abel-castro merged 2 commits intomainfrom
codex/bump-next-mdx-remote-6-0-0
Feb 15, 2026
Merged

chore(security): bump next-mdx-remote to 6.0.0#10
abel-castro merged 2 commits intomainfrom
codex/bump-next-mdx-remote-6-0-0

Conversation

@abel-castro
Copy link
Owner

@abel-castro abel-castro commented Feb 13, 2026

No description provided.

@abel-castro abel-castro requested a review from Copilot February 13, 2026 10:14
@vercel
Copy link

vercel bot commented Feb 13, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
abelcastro-dev-next Ready Ready Preview, Comment Feb 15, 2026 5:03am

Request Review

Copilot AI reviewed Feb 13, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR bumps the next-mdx-remote package from version 5.0.0 to 6.0.0 as a security update. The upgrade includes updates to transitive dependencies in the unist utility packages, modernizing the dependency tree to use newer versions of these utilities.

Changes:

  • Updated next-mdx-remote from ^5.0.0 to 6.0.0 (with pinned version)
  • Updated transitive dependencies: unist-util-remove (3.1.1 → 4.0.0) and unist-util-visit (5.0.0 → 5.1.0)
  • Removed obsolete v5 unist utility dependencies that are no longer needed

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
package.json Updated next-mdx-remote dependency from ^5.0.0 to pinned 6.0.0
pnpm-lock.yaml Updated lockfile with new next-mdx-remote version, transitive dependency updates, and removed obsolete v5 unist utilities
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

package.json Outdated
"lucide-react": "^0.553.0",
"next": "^16.0.7",
"next-mdx-remote": "^5.0.0",
"next-mdx-remote": "6.0.0",
Copy link

Copilot AI Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version specifier for next-mdx-remote has been changed from a caret range (^5.0.0) to a pinned version (6.0.0). This is inconsistent with the versioning strategy used for nearly all other dependencies in this project, which use caret ranges to allow automatic minor and patch updates. Consider using ^6.0.0 instead to maintain consistency and allow for automatic patch and minor version updates while preventing breaking major version changes.

Suggested change
"next-mdx-remote": "6.0.0",
"next-mdx-remote": "^6.0.0",

Copilot uses AI. Check for mistakes.
@abel-castro abel-castro force-pushed the codex/bump-next-mdx-remote-6-0-0 branch from 70e17c5 to 771b852 Compare February 15, 2026 04:59
@codecov
Copy link

codecov bot commented Feb 15, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@abel-castro abel-castro merged commit 4e94c61 into main Feb 15, 2026
4 of 5 checks passed
@abel-castro abel-castro deleted the codex/bump-next-mdx-remote-6-0-0 branch February 15, 2026 05:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@abel-castro