Skip to content

chore(deps): update dependency next to v16.1.5 [security]#114

Merged
Debbl merged 1 commit intomainfrom
renovate/npm-next-vulnerability
Jan 28, 2026
Merged

chore(deps): update dependency next to v16.1.5 [security]#114
Debbl merged 1 commit intomainfrom
renovate/npm-next-vulnerability

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jan 27, 2026

This PR contains the following updates:

Package Change Age Confidence
next (source) 16.1.416.1.5 age confidence

GitHub Vulnerability Alerts

CVE-2025-59471

A DoS vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint (/_next/image) loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause out-of-memory conditions by requesting optimization of arbitrarily large images. This vulnerability requires that remotePatterns is configured to allow image optimization from external domains and that the attacker can serve or control a large image on an allowed domain.

Strongly consider upgrading to 15.5.10 and 16.1.5 to reduce risk and prevent availability issues in Next applications.

Release Notes

vercel/next.js (next)

v16.1.5

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Jan 27, 2026
@vercel
Copy link

vercel bot commented Jan 27, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
aiwan-run Ready Ready Preview, Comment Jan 27, 2026 11:28pm

@coderabbitai
Copy link

coderabbitai bot commented Jan 27, 2026

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

  • 🔍 Trigger a full review

Comment @coderabbitai help to get the list of available commands and usage tips.

@netlify
Copy link

netlify bot commented Jan 27, 2026
edited
Loading

Deploy Preview for aiwan-run ready!

Name Link
🔨 Latest commit 253af3d
🔍 Latest deploy log https://app.netlify.com/projects/aiwan-run/deploys/69794943f1f5950008946366
😎 Deploy Preview https://deploy-preview-114--aiwan-run.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@Debbl Debbl merged commit 4af0ffc into main Jan 28, 2026
8 checks passed
@renovate renovate bot deleted the renovate/npm-next-vulnerability branch January 28, 2026 01:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Debbl