Commit a37cfed
authored
Update dependency next to v16.2.3 [SECURITY] (#4221)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [next](https://nextjs.org)
([source](https://redirect.github.com/vercel/next.js)) | [`16.2.2` →
`16.2.3`](https://renovatebot.com/diffs/npm/next/16.2.2/16.2.3) |

|

|
---
### Next.js has a Denial of Service with Server Components
[GHSA-q4gf-8mx6-v5v3](https://redirect.github.com/advisories/GHSA-q4gf-8mx6-v5v3)
<details>
<summary>More information</summary>
#### Details
A vulnerability affects certain React Server Components packages for
versions 19.x and frameworks that use the affected packages, including
Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is
tracked upstream as
[CVE-2026-23869](https://redirect.github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg).
You can read more about this advisory our [this
changelog](https://vercel.com/changelog/summary-of-cve-2026-23869).
A specially crafted HTTP request can be sent to any App Router Server
Function endpoint that, when deserialized, may trigger excessive CPU
usage. This can result in denial of service in unpatched environments.
#### Severity
- CVSS Score: 7.5 / 10 (High)
- Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`
#### References
-
[https://github.com/vercel/next.js/security/advisories/GHSA-q4gf-8mx6-v5v3](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-q4gf-8mx6-v5v3)
-
[https://vercel.com/changelog/summary-of-cve-2026-23869](https://vercel.com/changelog/summary-of-cve-2026-23869)
-
[https://github.com/advisories/GHSA-q4gf-8mx6-v5v3](https://redirect.github.com/advisories/GHSA-q4gf-8mx6-v5v3)
This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-q4gf-8mx6-v5v3)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>
---
### Release Notes
<details>
<summary>vercel/next.js (next)</summary>
###
[`v16.2.3`](https://redirect.github.com/vercel/next.js/compare/v16.2.2...v16.2.3)
[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v16.2.2...v16.2.3)
</details>
---
### Configuration
📅 **Schedule**: (in timezone Etc/UTC)
- Branch creation
- ""
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/PeerDB-io/peerdb).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzkuNyIsInVwZGF0ZWRJblZlciI6IjQzLjEzOS43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzZWN1cml0eSJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>1 parent 340d734 commit a37cfed
1 file changed
Lines changed: 39 additions & 39 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments