Bump next to ^15.2.3 [SECURITY] #4828

renovate · 2025-04-02T22:42:44Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
next (source)	`15.2.3` -> `15.2.4`

GitHub Vulnerability Alerts

CVE-2025-30218

Summary

In the process of remediating CVE-2025-29927, we looked at other possible exploits of Middleware. We independently verified this low severity vulnerability in parallel with two reports from independent researchers.

Learn more here.

Credit

Thank you to Jinseo Kim kjsman and RyotaK (GMO Flatt Security Inc.) with takumi-san.ai for the responsible disclosure. These researchers were awarded as part of our bug bounty program.

Release Notes

vercel/next.js (next)

`v15.2.4`

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Match subrequest handling for edge and node (#77474)
exclude images and static media from dev origin check (#77417)
ensure /__next middleware URLs are included in the origin check (#77416)
remove direct ip/port bypass in dev origin check (#77414)
switch development origin verification to be opt-in rather than opt-out (#77395)

Credits

Huge thanks to @ijjk and @ztanner for helping!

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

mui-bot · 2025-04-02T22:46:30Z

Netlify deploy preview

https://deploy-preview-4828--mui-toolpad-docs.netlify.app/

Generated by 🚫 dangerJS against d1421bb

renovate bot added dependencies Update of dependencies priority: important This change can make a difference labels Apr 2, 2025

renovate bot force-pushed the renovate/npm-next-vulnerability branch from fb33d0a to ce0cf9a Compare April 8, 2025 13:13

github-actions bot added the PR: out-of-date The pull request has merge conflicts and can't be merged label Apr 15, 2025

renovate bot force-pushed the renovate/npm-next-vulnerability branch from ce0cf9a to 98393d9 Compare April 15, 2025 13:21

github-actions bot added PR: out-of-date The pull request has merge conflicts and can't be merged and removed PR: out-of-date The pull request has merge conflicts and can't be merged labels Apr 15, 2025

Bump next to ^15.2.3 [SECURITY]

d1421bb

renovate bot force-pushed the renovate/npm-next-vulnerability branch from 98393d9 to d1421bb Compare April 15, 2025 18:53

github-actions bot removed the PR: out-of-date The pull request has merge conflicts and can't be merged label Apr 15, 2025

Janpot merged commit 9c8b6e1 into master Apr 16, 2025
15 checks passed

Janpot deleted the renovate/npm-next-vulnerability branch April 16, 2025 08:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump next to ^15.2.3 [SECURITY] #4828

Bump next to ^15.2.3 [SECURITY] #4828

renovate bot commented Apr 2, 2025 •

edited

Loading

mui-bot commented Apr 2, 2025 •

edited

Loading

Bump next to ^15.2.3 [SECURITY] #4828

Bump next to ^15.2.3 [SECURITY] #4828

Conversation

renovate bot commented Apr 2, 2025 • edited Loading

GitHub Vulnerability Alerts

CVE-2025-30218

Summary

Credit

Release Notes

v15.2.4

Core Changes

Credits

Configuration

mui-bot commented Apr 2, 2025 • edited Loading

Netlify deploy preview

renovate bot commented Apr 2, 2025 •

edited

Loading

`v15.2.4`

mui-bot commented Apr 2, 2025 •

edited

Loading