deps: Update dependency cloudinary to v2.7.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
cloudinary (source)	2.6.0 -> 2.7.0

GitHub Vulnerability Alerts

CVE-2025-12613

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing security checks, altering data, or manipulating the application's behavior.

Note:
Following our established security policy, we attempted to contact the maintainer regarding this vulnerability, but haven't received a response.

---

Release Notes

cloudinary/cloudinary_npm (cloudinary)

v2.7.0

Compare Source

==================

• fix: prevent parameter injection via ampersand in parameter values (#​709)

v2.6.1

Compare Source

==================

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
literame	Ready	Preview	Comment	Nov 13, 2025 3:33am