Skip to content

Commit 95c8f24

Browse files
renovate[bot]renovate[bot]
authored
chore(deps): update dependency next to v15.2.3 [security] (main) (#7122)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [next](https://nextjs.org) ([source](https://redirect.github.com/vercel/next.js)) | [`15.2.2` -> `15.2.3`](https://renovatebot.com/diffs/npm/next/15.2.2/15.2.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/next/15.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/next/15.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/next/15.2.2/15.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/next/15.2.2/15.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-29927](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw) # Impact It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. # Patches * For Next.js 15.x, this issue is fixed in `15.2.3` * For Next.js 14.x, this issue is fixed in `14.2.25` * For Next.js versions `11.1.4` thru `13.5.6`, consult the below workaround. # Workaround If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the `x-middleware-subrequest` header from reaching your Next.js application. ## Credits - Allam Rachid (zhero;) - Allam Yasser (inzo_) --- ### Release Notes <details> <summary>vercel/next.js (next)</summary> ### [`v15.2.3`](https://redirect.github.com/vercel/next.js/compare/v15.2.2...v15.2.3) [Compare Source](https://redirect.github.com/vercel/next.js/compare/v15.2.2...v15.2.3) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/SAP/ui5-webcomponents-react). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDcuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent c8bea19 commit 95c8f24

File tree

8 files changed

+164
-164
lines changed

8 files changed

+164
-164
lines changed

examples/nextjs-app/package-lock.json

Lines changed: 40 additions & 40 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

examples/nextjs-app/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
"@types/react-dom": "19.0.4",
1818
"eslint": "9.22.0",
1919
"eslint-config-next": "15.2.2",
20-
"next": "15.2.2",
20+
"next": "15.2.3",
2121
"react": "19.0.0",
2222
"react-dom": "19.0.0",
2323
"typescript": "5.8.2"

examples/nextjs-pages/package-lock.json

Lines changed: 40 additions & 40 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

examples/nextjs-pages/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
"@types/react-dom": "19.0.4",
1818
"eslint": "9.22.0",
1919
"eslint-config-next": "15.2.2",
20-
"next": "15.2.2",
20+
"next": "15.2.3",
2121
"react": "19.0.0",
2222
"react-dom": "19.0.0",
2323
"typescript": "5.8.2"

0 commit comments

Comments
 (0)