Skip to content

Commit a37cfed

Browse files
Update dependency next to v16.2.3 [SECURITY] (#4221)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [next](https://nextjs.org) ([source](https://redirect.github.com/vercel/next.js)) | [`16.2.2` → `16.2.3`](https://renovatebot.com/diffs/npm/next/16.2.2/16.2.3) | ![age](https://developer.mend.io/api/mc/badges/age/npm/next/16.2.3?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/next/16.2.2/16.2.3?slim=true) | --- ### Next.js has a Denial of Service with Server Components [GHSA-q4gf-8mx6-v5v3](https://redirect.github.com/advisories/GHSA-q4gf-8mx6-v5v3) <details> <summary>More information</summary> #### Details A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23869](https://redirect.github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg). You can read more about this advisory our [this changelog](https://vercel.com/changelog/summary-of-cve-2026-23869). A specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage. This can result in denial of service in unpatched environments. #### Severity - CVSS Score: 7.5 / 10 (High) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H` #### References - [https://github.com/vercel/next.js/security/advisories/GHSA-q4gf-8mx6-v5v3](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-q4gf-8mx6-v5v3) - [https://vercel.com/changelog/summary-of-cve-2026-23869](https://vercel.com/changelog/summary-of-cve-2026-23869) - [https://github.com/advisories/GHSA-q4gf-8mx6-v5v3](https://redirect.github.com/advisories/GHSA-q4gf-8mx6-v5v3) This data is provided by the [GitHub Advisory Database](https://redirect.github.com/advisories/GHSA-q4gf-8mx6-v5v3) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Release Notes <details> <summary>vercel/next.js (next)</summary> ### [`v16.2.3`](https://redirect.github.com/vercel/next.js/compare/v16.2.2...v16.2.3) [Compare Source](https://redirect.github.com/vercel/next.js/compare/v16.2.2...v16.2.3) </details> --- ### Configuration 📅 **Schedule**: (in timezone Etc/UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/PeerDB-io/peerdb). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzkuNyIsInVwZGF0ZWRJblZlciI6IjQzLjEzOS43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzZWN1cml0eSJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent 340d734 commit a37cfed

1 file changed

Lines changed: 39 additions & 39 deletions

File tree

ui/package-lock.json

Lines changed: 39 additions & 39 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)