Skip to content

chore(web): bump @lobbyside/react to 0.5.0 and switch to org install#1013

Open
TropicolX wants to merge 1 commit into
supermemoryai:mainfrom
TropicolX:update-lobbyside-react-org-install
Open

chore(web): bump @lobbyside/react to 0.5.0 and switch to org install#1013
TropicolX wants to merge 1 commit into
supermemoryai:mainfrom
TropicolX:update-lobbyside-react-org-install

Conversation

@TropicolX
Copy link
Copy Markdown

@TropicolX TropicolX commented May 27, 2026

Pins to the latest published version and replaces the per-widget id with the supermemory org id, so flipping which widget is live in the Lobbyside dashboard takes effect without a code change.

@TropicolX @cursoragent
chore(web): bump @lobbyside/react to 0.5.0 and switch to org install
9c0ca8c 
Pins to the latest published version and replaces the per-widget id
with the supermemory org id, so flipping which widget is live in the
Lobbyside dashboard takes effect without a code change.

Co-authored-by: Cursor <cursoragent@cursor.com>
@graphite-app graphite-app Bot requested a review from Dhravya May 27, 2026 14:51
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 27, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addednext@​16.0.05425915070
Addedeslint-config-next@​16.0.0991006798100
Added@​ai-sdk/​react@​3.0.160991007498100
Addedposthog-node@​5.29.29110077100100
Added@​supermemory/​tools@​1.4.17910010094100
Added@​types/​node@​20.19.391001008195100
Updatedtailwindcss@​4.2.1 ⏵ 4.2.2100 +110084 +198100
Updatedai@​6.0.168 ⏵ 6.0.15892 +110010099100
Added@​posthog/​ai@​7.16.097100100100100
Added@​tailwindcss/​postcss@​4.2.210010010098100

View full report

@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 27, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Critical
Critical CVE: Next.js is vulnerable to RCE in React flight protocol

CVE: GHSA-9qr9-h5gf-34mp Next.js is vulnerable to RCE in React flight protocol (CRITICAL)

Affected versions: >= 14.3.0-canary.77 < 15.0.5; >= 15.1.0-canary.0 < 15.1.9; >= 15.2.0-canary.0 < 15.2.6; >= 15.3.0-canary.0 < 15.3.6; >= 15.4.0-canary.0 < 15.4.8; >= 15.5.0-canary.0 < 15.5.7; >= 16.0.0-canary.0 < 16.0.7

Patched version: 16.0.7

From: packages/tools/test/chatapp/package.jsonnpm/next@16.0.0

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/next@16.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Dhravya Dhravya Awaiting requested review from Dhravya

At least 1 approving review is required to merge this pull request.

Assignees

@TropicolX TropicolX

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TropicolX