fix: upgrade Next.js 16.1.1 → 16.2.3 to resolve 8 high-severity vulnerabilities by sohiren · Pull Request #1199 · vercel-labs/agent-browser

sohiren · 2026-04-09T01:43:09Z

Summary

Upgrade Next.js from 16.1.1 to 16.2.3 to resolve 8 high-severity vulnerabilities

ID	Severity	Description
GHSA-9g9p-9gw9-jx7f	High	DoS via Image Optimizer remotePatterns
GHSA-h25m-26qc-wcjf	High	HTTP request deserialization DoS
GHSA-ggv3-7p47-pfv8	High	HTTP request smuggling in rewrites
GHSA-3x4c-7xq6-9pq8	High	Unbounded disk cache growth
GHSA-h27x-g6w4-24gq	High	Unbounded postponed resume buffering DoS
GHSA-mq59-m269-xvcx	High	null origin CSRF bypass
GHSA-jcc7-9wpm-mj36	High	null origin HMR websocket CSRF bypass
GHSA-5f7q-jpqc-wp7h	High	Unbounded Memory Consumption via PPR Resume

🤖 Generated with Claude Code

…rabilities - GHSA-9g9p-9gw9-jx7f (DoS via Image Optimizer) - GHSA-h25m-26qc-wcjf (HTTP request deserialization DoS) - GHSA-ggv3-7p47-pfv8 (HTTP request smuggling) - GHSA-3x4c-7xq6-9pq8 (Unbounded disk cache growth) - GHSA-h27x-g6w4-24gq (Unbounded postponed resume buffering DoS) - GHSA-mq59-m269-xvcx (null origin CSRF bypass) - GHSA-jcc7-9wpm-mj36 (null origin HMR websocket CSRF bypass) - GHSA-5f7q-jpqc-wp7h (Unbounded Memory Consumption via PPR Resume) Co-Authored-By: Claude <noreply@anthropic.com>

vercel · 2026-04-09T01:43:15Z

Someone is attempting to deploy a commit to the Vercel Labs Team on Vercel.

A member of the Team first needs to authorize it.