Skip to content

Commit 8976d39

Browse files
renovate[bot]renovate[bot]
authored
chore(deps): update dependency next to v16.0.7 [security] (#8000)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [next](https://nextjs.org) ([source](https://redirect.github.com/vercel/next.js)) | [`16.0.6` -> `16.0.7`](https://renovatebot.com/diffs/npm/next/16.0.6/16.0.7) | ![age](https://developer.mend.io/api/mc/badges/age/npm/next/16.0.7?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/next/16.0.6/16.0.7?slim=true) | ### GitHub Vulnerability Alerts #### [CVE-2025-66478](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp) A vulnerability affects certain React packages<sup>1</sup> for versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55182](https://www.cve.org/CVERecord?id=CVE-2025-55182). Fixed in: React: 19.0.1, 19.1.2, 19.2.1 Next.js: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7 The vulnerability also affects experimental canary releases starting with 14.3.0-canary.77. Users on any of the 14.3 canary builds should either downgrade to a 14.x stable release or 14.3.0-canary.76. All users of stable 15.x or 16.x Next.js versions should upgrade to a patched, stable version immediately. <sup>1</sup> The affected React packages are: - react-server-dom-parcel - react-server-dom-turbopack - react-server-dom-webpack --- ### Release Notes <details> <summary>vercel/next.js (next)</summary> ### [`v16.0.7`](https://redirect.github.com/vercel/next.js/compare/v16.0.6...7492122a3bbc6655b64ccba04076c73ab418cdcc) [Compare Source](https://redirect.github.com/vercel/next.js/compare/v16.0.6...v16.0.7) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/UI5/webcomponents-react). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zMi4yIiwidXBkYXRlZEluVmVyIjoiNDIuMzIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent 9c0b4f0 commit 8976d39

File tree

8 files changed

+168
-164
lines changed

8 files changed

+168
-164
lines changed

examples/nextjs-app/package-lock.json

Lines changed: 41 additions & 40 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

examples/nextjs-app/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
"@types/react-dom": "19.2.3",
1919
"eslint": "9.39.1",
2020
"eslint-config-next": "16.0.6",
21-
"next": "16.0.6",
21+
"next": "16.0.7",
2222
"react": "19.2.0",
2323
"react-dom": "19.2.0",
2424
"typescript": "5.9.3"

examples/nextjs-pages/package-lock.json

Lines changed: 41 additions & 40 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

examples/nextjs-pages/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
"@types/react-dom": "19.2.3",
1919
"eslint": "9.39.1",
2020
"eslint-config-next": "16.0.6",
21-
"next": "16.0.6",
21+
"next": "16.0.7",
2222
"react": "19.2.0",
2323
"react-dom": "19.2.0",
2424
"typescript": "5.9.3"

0 commit comments

Comments
 (0)