Skip to content

chore(deps): update dependency next to v15.5.9 [security] - autoclosed #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
renovate wants to merge 1 commit into from
Closed

chore(deps): update dependency next to v15.5.9 [security] - autoclosed #39

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 12, 2025

This PR contains the following updates:

Package Change Age Confidence
next (source) 15.5.8 -> 15.5.9 age confidence

GitHub Vulnerability Alerts

GHSA-5j59-xgg2-r9c4

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and did not fully prevent denial-of-service attacks in all payload types. This affects React package versions 19.0.2, 19.1.3, and 19.2.2 and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-67779.

A malicious HTTP request can be crafted and sent to any Server Function endpoint that, when deserialized, can enter an infinite loop within the React Server Components runtime. This can cause the server process to hang and consume CPU, resulting in denial of service in unpatched environments.

Release Notes

vercel/next.js (next)

v15.5.9

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added dependencies Pull requests that update a dependency file javascript labels Dec 12, 2025
@semanticdiff-com
Copy link

semanticdiff-com bot commented Dec 12, 2025
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  package-lock.json  66% smaller

@snyk-io
Copy link
Contributor

snyk-io bot commented Dec 12, 2025

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@renovate renovate bot changed the title chore(deps): update dependency next to v15.5.9 [security] chore(deps): update dependency next to v15.5.9 [security] - autoclosed Dec 13, 2025
@renovate renovate bot closed this Dec 13, 2025
@renovate renovate bot deleted the renovate/npm-next-vulnerability branch December 13, 2025 16:08
@hashim21223445 hashim21223445 self-requested a review December 13, 2025 16:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hashim21223445 hashim21223445 hashim21223445 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hashim21223445