chore: bump next

[foodaka]

General Changes

• Bumps next to 12.3.7

Developer Notes

Add any notes here that may be helpful for reviewers.

---

Reviewer Checklist

Please ensure you, as the reviewer(s), have gone through this checklist to ensure that the code changes are ready to ship safely and to help mitigate any downstream issues that may occur.

• End-to-end tests are passing without any errors
• Code changes do not significantly increase the application bundle size
• If there are new 3rd-party packages, they do not introduce potential security threats
• If there are new environment variables being added, they have been added to the .env.example file as well as the pertinant .github/actions/* files
• There are no CI changes, or they have been approved by the DevOps and Engineering team(s)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
interface	Ready	Preview	Comment	Oct 3, 2025 10:28am

[github-actions]

Dependency Review

The following issues were found:

• ❌ 2 vulnerable package(s)

See the Details below.

Vulnerabilities

package.json

Name	Version	Vulnerability	Severity
next	12.3.7	Next.js authorization bypass vulnerability	high
		Denial of Service condition in Next.js image optimization	moderate
		Next.js Affected by Cache Key Confusion for Image Optimization API Routes	moderate
		Next.js Content Injection Vulnerability for Image Optimization	moderate
		Next.js Improper Middleware Redirect Handling Leads to SSRF	moderate

yarn.lock

Name	Version	Vulnerability	Severity
next	12.3.7	Next.js authorization bypass vulnerability	high
		Denial of Service condition in Next.js image optimization	moderate
		Next.js Affected by Cache Key Confusion for Image Optimization API Routes	moderate
		Next.js Content Injection Vulnerability for Image Optimization	moderate
		Next.js Improper Middleware Redirect Handling Leads to SSRF	moderate
next	12.3.7	Next.js authorization bypass vulnerability	high
		Denial of Service condition in Next.js image optimization	moderate
		Next.js Affected by Cache Key Confusion for Image Optimization API Routes	moderate
		Next.js Content Injection Vulnerability for Image Optimization	moderate
		Next.js Improper Middleware Redirect Handling Leads to SSRF	moderate

Only included vulnerabilities with severity moderate or higher.

OpenSSF Scorecard

Package	Version	Score	Details
npm/next	12.3.7	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 25/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging 🟢 10 packaging workflow detected Binary-Artifacts ⚠️ 0 binaries present in source code SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Vulnerabilities ⚠️ 0 233 existing vulnerabilities detected
npm/next	12.3.7	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 25/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging 🟢 10 packaging workflow detected Binary-Artifacts ⚠️ 0 binaries present in source code SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Vulnerabilities ⚠️ 0 233 existing vulnerabilities detected
npm/@next/env	12.3.7	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 25/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging 🟢 10 packaging workflow detected Binary-Artifacts ⚠️ 0 binaries present in source code SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Vulnerabilities ⚠️ 0 233 existing vulnerabilities detected

Scanned Files

• package.json
• yarn.lock

[chatgpt-codex-connector]

💡 Codex Review

interface/yarn.lock

Lines 10821 to 10833 in dc1a43e

	optionalDependencies:
	"@next/swc-android-arm-eabi" "12.3.4"
	"@next/swc-android-arm64" "12.3.4"
	"@next/swc-darwin-arm64" "12.3.4"
	"@next/swc-darwin-x64" "12.3.4"
	"@next/swc-freebsd-x64" "12.3.4"
	"@next/swc-linux-arm-gnueabihf" "12.3.4"
	"@next/swc-linux-arm64-gnu" "12.3.4"
	"@next/swc-linux-arm64-musl" "12.3.4"
	"@next/swc-linux-x64-gnu" "12.3.4"
	"@next/swc-linux-x64-musl" "12.3.4"
	"@next/swc-win32-arm64-msvc" "12.3.4"
	"@next/swc-win32-ia32-msvc" "12.3.4"

Update SWC optional dependencies with Next bump

The lockfile entry for [email protected] still pins all @next/swc-* optional dependencies to 12.3.4. Installing with this lock will keep the old SWC native binaries, which causes next to emit “version mismatch” errors or forces every install to rewrite the lockfile. Regenerate yarn.lock so the @next/swc-* packages resolve to 12.3.7 alongside the main upgrade.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting

• @codex fix this CI failure
• @codex address that feedback

[github-actions]

• Ipfs hash: bafybeias6d6g4dmwzzd5p57cvphovbv2mlo3efcwxkuf4wpvjh3tecgyza
• Ipfs preview link: https://bafybeias6d6g4dmwzzd5p57cvphovbv2mlo3efcwxkuf4wpvjh3tecgyza.ipfs.cf-ipfs.com/

[github-actions]

📦 Next.js Bundle Analysis for aave-ui

This analysis was generated by the Next.js Bundle Analysis action. 🤖

This PR introduced no changes to the JavaScript bundle! 🙌