Skip to content

Comments

Bump next to ^15.2.2 [SECURITY]#17080

Merged
LukasTy merged 1 commit intomasterfrom
renovate/npm-next-vulnerability
Mar 24, 2025
Merged

Bump next to ^15.2.2 [SECURITY]#17080
LukasTy merged 1 commit intomasterfrom
renovate/npm-next-vulnerability

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Mar 21, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
next (source) 15.2.2 -> 15.2.3 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2025-29927

Impact

It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.

Patches

  • For Next.js 15.x, this issue is fixed in 15.2.3
  • For Next.js 14.x, this issue is fixed in 14.2.25
  • For Next.js versions 11.1.4 thru 13.5.6, consult the below workaround.

Workaround

If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application.

Credits

  • Allam Rachid (zhero;)
  • Allam Yasser (inzo_)

Release Notes

vercel/next.js (next)

v15.2.3

Compare Source

Configuration

📅 Schedule: Branch creation - "" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Update of dependencies. label Mar 21, 2025
@github-actions
Copy link

github-actions bot commented Mar 21, 2025

Thanks for adding a type label to the PR! 👍

@mui-bot
Copy link

mui-bot commented Mar 21, 2025
edited
Loading

Deploy preview: https://deploy-preview-17080--material-ui-x.netlify.app/

Generated by 🚫 dangerJS against db1eb95

@github-actions
Copy link

github-actions bot commented Mar 23, 2025

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions github-actions bot added the PR: out-of-date The pull request has merge conflicts and can't be merged. label Mar 23, 2025
@renovate renovate bot force-pushed the renovate/npm-next-vulnerability branch from c6e9ed5 to c437273 Compare March 23, 2025 09:52
@github-actions github-actions bot removed the PR: out-of-date The pull request has merge conflicts and can't be merged. label Mar 23, 2025
@renovate renovate bot force-pushed the renovate/npm-next-vulnerability branch from c437273 to f3e1361 Compare March 23, 2025 10:04
@renovate renovate bot force-pushed the renovate/npm-next-vulnerability branch from f3e1361 to db1eb95 Compare March 23, 2025 13:58
@LukasTy LukasTy merged commit 76bb4ba into master Mar 24, 2025
22 checks passed
@LukasTy LukasTy deleted the renovate/npm-next-vulnerability branch March 24, 2025 08:34
@oliviertassinari oliviertassinari added the security Pull requests that address a security vulnerability. label Dec 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bernardobelchior bernardobelchior bernardobelchior approved these changes

Assignees

No one assigned

Labels

dependencies Update of dependencies. security Pull requests that address a security vulnerability.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mui-bot @bernardobelchior @oliviertassinari @LukasTy