Skip to content

fix: update Next.js to 16.1.6 to resolve security vulnerabilities#294

Open
Grayking1905 wants to merge 2 commits intoAOSSIE-Org:devfrom
Grayking1905:my-work
Open

fix: update Next.js to 16.1.6 to resolve security vulnerabilities#294
Grayking1905 wants to merge 2 commits intoAOSSIE-Org:devfrom
Grayking1905:my-work

Conversation

@Grayking1905
Copy link

@Grayking1905 Grayking1905 commented Feb 14, 2026
edited
Loading

PR: Update Next.js to 16.1.6

Fixes #258

📦 Package Update

  • Package: next
  • Current Version: 16.1.1
  • Target Version: 16.1.6

🛡️ Security Fixes

This update addresses the following security vulnerabilities:

  1. HTTP Request Deserialization DoS (GHSA-h25m-26qc-wcjf)
    • Severity: HIGH (CVSS 7.5)
    • Description: HTTP request deserialization can lead to DoS when using insecure React Server Components.
  2. Image Optimizer DoS via remotePatterns (GHSA-9g9p-9gw9-jx7f)
    • Severity: MODERATE (CVSS 5.9)
    • Description: Self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration.
  3. Unbounded Memory Consumption via PPR Resume Endpoint (GHSA-5f7q-jpqc-wp7h)
    • Severity: MODERATE (CVSS 5.9)
    • Description: Unbounded memory consumption via PPR Resume Endpoint.

🛠️ Changes

  • Updated package.json to lock next version to 16.1.6.
  • Updated package-lock.json with new dependency resolutions.

✅ Verification

  • Ran npm install to update dependencies.
  • Ran npm run build - Build successful.
  • Ran npm audit - Found 0 vulnerabilities.

@Grayking1905 Grayking1905 requested a review from a team as a code owner February 14, 2026 14:30
@coderabbitai
Copy link

coderabbitai bot commented Feb 14, 2026

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@Grayking1905
Copy link
Author

Grayking1905 commented Feb 14, 2026

please review this PR @M4dhav

@Grayking1905 Grayking1905 changed the title My work fix: update Next.js to 16.1.6 to resolve security vulnerabilities#259 Feb 14, 2026
@Grayking1905 Grayking1905 changed the title fix: update Next.js to 16.1.6 to resolve security vulnerabilities#259 fix: update Next.js to 16.1.6 to resolve security vulnerabilities Feb 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Grayking1905 @M4dhav