MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · houdini479/mike · PR #1

fix: bump next to 16.2.4 in frontend

🟢 open · #1 · houdini479/mike ← houdini479/mike · opened 1mo ago by houdini479 · self · +1,600-1,564 across 3 files · ↗ on GitHub

From the PR description

Summary

Fixes the broken npm install --prefix frontend reported during local setup.

The frontend pinned next@16.0.3, but @opennextjs/cloudflare@^1.13.1 resolves to 1.19.6, which requires next peer >=15.5.15 <16 || >=16.2.3. This caused ERESOLVE errors and forced contributors to use --legacy-peer-deps. Additionally, next@16.0.3 is flagged by CVE-2025-66478.

Changes

  • frontend/package.json
    • next: 16.0.316.2.4
    • eslint-config-next: 16.0.316.2.4
  • frontend/package-lock.json regenerated

Verification

  • rm -rf node_modules package-lock.json && npm install completes cleanly with no --legacy-peer-deps.
  • npm run build --prefix frontend compiles successfully and TypeScript passes (the prerender step requires populated frontend/.env.local, which is expected for fresh local setups).
  • Vulnerabilities reported by npm audit: 9 (1 critical, 1 high, 7 moderate) → 8 (all moderate).

Test plan

  • Pull branch on a clean checkout, run npm install --prefix frontend without flags - expect success.
  • Populate frontend/.env.local and run npm run build --prefix frontend - expect end-to-end build success.
  • Run npm run dev --prefix frontend and smoke-test the app at http://localhost:3000.

Our analysis

Bump Next.js to clear a critical CVE and fix the install break — read the full analysis →

Think the analysis missed something the PR description covers?

Capture this PR into my fork

Download a Markdown prompt that tells Claude how to port every commit in this PR into your working tree. Run it via claude -p < capture-pull-1.md from inside the repo you want the changes in.

⬇ Download capture-pull-1.md