Skip to content

Commit 043c000

Browse files
renovate[bot]renovate[bot]
authored
chore(deps): update dependency next to v16.2.3 [security] (#8477)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [next](https://nextjs.org) ([source](https://redirect.github.com/vercel/next.js)) | [`16.2.2` → `16.2.3`](https://renovatebot.com/diffs/npm/next/16.2.2/16.2.3) | ![age](https://developer.mend.io/api/mc/badges/age/npm/next/16.2.3?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/next/16.2.2/16.2.3?slim=true) | ### GitHub Vulnerability Alerts #### [GHSA-q4gf-8mx6-v5v3](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-q4gf-8mx6-v5v3) A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23869](https://redirect.github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg). You can read more about this advisory our [this changelog](https://vercel.com/changelog/summary-of-cve-2026-23869). A specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage. This can result in denial of service in unpatched environments. --- ### Release Notes <details> <summary>vercel/next.js (next)</summary> ### [`v16.2.3`](https://redirect.github.com/vercel/next.js/compare/v16.2.2...v16.2.3) [Compare Source](https://redirect.github.com/vercel/next.js/compare/v16.2.2...v16.2.3) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/UI5/webcomponents-react). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent 0d0a1ba commit 043c000

8 files changed

Lines changed: 164 additions & 164 deletions

File tree

examples/nextjs-app/package-lock.json

Lines changed: 40 additions & 40 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

examples/nextjs-app/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
"@types/react-dom": "19.2.3",
1919
"eslint": "9.39.4",
2020
"eslint-config-next": "16.2.3",
21-
"next": "16.2.2",
21+
"next": "16.2.3",
2222
"react": "19.2.5",
2323
"react-dom": "19.2.5",
2424
"typescript": "5.9.3"

examples/nextjs-pages/package-lock.json

Lines changed: 40 additions & 40 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

examples/nextjs-pages/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
"@types/react-dom": "19.2.3",
1919
"eslint": "9.39.4",
2020
"eslint-config-next": "16.2.3",
21-
"next": "16.2.2",
21+
"next": "16.2.3",
2222
"react": "19.2.5",
2323
"react-dom": "19.2.5",
2424
"typescript": "5.9.3"

0 commit comments

Comments
 (0)