Bump next from 15.3.3 to 15.4.8 in /src/frontend#196

Closed

dependabot[bot] wants to merge 1 commit intomainfrom

dependabot/npm_and_yarn/src/frontend/next-15.4.8

Closed

Bump next from 15.3.3 to 15.4.8 in /src/frontend#196
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/src/frontend/next-15.4.8

Conversation

Copy link

dependabot bot commented on behalf of github Dec 5, 2025 *

edited

Loading

Bumps next from 15.3.3 to 15.4.8.

Release notes

Sourced from next's releases.

v15.4.8

Please see CVE-2025-66478 for additional details about this release.

v15.3.6

Please see CVE-2025-66478 for additional details about this release.

Commits

4966847 v15.4.8
bf8d31c update version script
bed530f Update React Version for Next.js 15.4.8 (#9)
4309d93 update tag
17e6873 [backport]: experimental.middlewareClientMaxBodySize (#84722)
4da39f2 [backport] fix: unstable_cache should perform blocking revalidation during IS...
f30d815 v15.4.7
1a026e3 fix router handling when setting a location response header (#82588)
be4aafd v15.4.6
91e5b6b Backport "fix: add ?dpl to fonts in /_next/static/media (#82384)" (#82421)
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

dependabot bot added dependencies javascript labels Dec 5, 2025

Copy link

socket-security bot commented Dec 5, 2025 *

edited

Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	next@ 15.3.3 15.4.8		⁺⁵⁸	⁺¹

View full report

Copy link

socket-security bot commented Dec 5, 2025 *

edited

Loading

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

Copy link

coderabbitai bot commented Dec 5, 2025 *

edited

Loading

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Note

Free review on us!

CodeRabbit is offering free reviews until Wed Dec 17 2025 to showcase some of the refinements we've made.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}


 (dependencies) update next to 15.4.8

8b0cd62

Bumps [next](https://github.com/vercel/next.js) from 15.3.3 to 15.4.8. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.3.3...v15.4.8) --- updated-dependencies: - dependency-name: next dependency-version: 15.4.8 dependency-type: direct:production ... Signed-off-by: dependabot[bot]

qbey force-pushed the dependabot/npm_and_yarn/src/frontend/next-15.4.8 branch from b30467c to 8b0cd62 Compare

December 15, 2025 12:55

github-advanced-security bot found potential problems

Dec 15, 2025

View reviewed changes

src/frontend/yarn.lock

Comment on lines +10857 to +10876

		next@15.4.8:
		version "15.4.8"
		resolved "https://registry.yarnpkg.com/next/-/next-15.4.8.tgz#0f20a6cad613dc34547fa6519b2d09005ac370ca"
		integrity sha512-jwOXTz/bo0Pvlf20FSb6VXVeWRssA2vbvq9SdrOPEg9x8E1B27C2rQtvriAn600o9hH61kjrVRexEffv3JybuA==
		dependencies:
		"@next/env" "15.3.3"
		"@swc/counter" "0.1.3"
		"@next/env" "15.4.8"
		"@swc/helpers" "0.5.15"
		busboy "1.6.0"
		caniuse-lite "^1.0.30001579"
		postcss "8.4.31"
		styled-jsx "5.1.6"
		optionalDependencies:
		"@next/swc-darwin-arm64" "15.3.3"
		"@next/swc-darwin-x64" "15.3.3"
		"@next/swc-linux-arm64-gnu" "15.3.3"
		"@next/swc-linux-arm64-musl" "15.3.3"
		"@next/swc-linux-x64-gnu" "15.3.3"
		"@next/swc-linux-x64-musl" "15.3.3"
		"@next/swc-win32-arm64-msvc" "15.3.3"
		"@next/swc-win32-x64-msvc" "15.3.3"
		sharp "^0.34.1"
		"@next/swc-darwin-arm64" "15.4.8"
		"@next/swc-darwin-x64" "15.4.8"
		"@next/swc-linux-arm64-gnu" "15.4.8"
		"@next/swc-linux-arm64-musl" "15.4.8"
		"@next/swc-linux-x64-gnu" "15.4.8"
		"@next/swc-linux-x64-musl" "15.4.8"
		"@next/swc-win32-arm64-msvc" "15.4.8"
		"@next/swc-win32-x64-msvc" "15.4.8"
		sharp "^0.34.3"

Check failure

Code scanning / Trivy

Next Vulnerable to Denial of Service with Server Components High

Package: next
Installed Version: 15.4.8
Vulnerability GHSA-mwv6-3258-q52c
Severity: HIGH
Fixed Version: 14.2.34, 15.0.6, 15.1.10, 15.2.7, 15.3.7, 15.4.9, 15.5.8, 15.6.0-canary.59, 16.0.9, 16.1.0-canary.17
Link: GHSA-mwv6-3258-q52c

src/frontend/yarn.lock

Comment on lines +10857 to +10876

		next@15.4.8:
		version "15.4.8"
		resolved "https://registry.yarnpkg.com/next/-/next-15.4.8.tgz#0f20a6cad613dc34547fa6519b2d09005ac370ca"
		integrity sha512-jwOXTz/bo0Pvlf20FSb6VXVeWRssA2vbvq9SdrOPEg9x8E1B27C2rQtvriAn600o9hH61kjrVRexEffv3JybuA==
		dependencies:
		"@next/env" "15.3.3"
		"@swc/counter" "0.1.3"
		"@next/env" "15.4.8"
		"@swc/helpers" "0.5.15"
		busboy "1.6.0"
		caniuse-lite "^1.0.30001579"
		postcss "8.4.31"
		styled-jsx "5.1.6"
		optionalDependencies:
		"@next/swc-darwin-arm64" "15.3.3"
		"@next/swc-darwin-x64" "15.3.3"
		"@next/swc-linux-arm64-gnu" "15.3.3"
		"@next/swc-linux-arm64-musl" "15.3.3"
		"@next/swc-linux-x64-gnu" "15.3.3"
		"@next/swc-linux-x64-musl" "15.3.3"
		"@next/swc-win32-arm64-msvc" "15.3.3"
		"@next/swc-win32-x64-msvc" "15.3.3"
		sharp "^0.34.1"
		"@next/swc-darwin-arm64" "15.4.8"
		"@next/swc-darwin-x64" "15.4.8"
		"@next/swc-linux-arm64-gnu" "15.4.8"
		"@next/swc-linux-arm64-musl" "15.4.8"
		"@next/swc-linux-x64-gnu" "15.4.8"
		"@next/swc-linux-x64-musl" "15.4.8"
		"@next/swc-win32-arm64-msvc" "15.4.8"
		"@next/swc-win32-x64-msvc" "15.4.8"
		sharp "^0.34.3"

Check warning

Code scanning / Trivy

Next Server Actions Source Code Exposure Medium

Package: next
Installed Version: 15.4.8
Vulnerability GHSA-w37m-7fhw-fmv9
Severity: MEDIUM
Fixed Version: 15.0.6, 15.1.10, 15.2.7, 15.3.7, 15.4.9, 15.5.8, 15.6.0-canary.59, 16.0.9, 16.1.0-canary.17
Link: GHSA-w37m-7fhw-fmv9

Copy link

sonarqubecloud bot commented Dec 15, 2025

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Copy link

Collaborator

providenz commented Mar 19, 2026

cf. #338

providenz closed this Mar 19, 2026

Copy link

Author

dependabot bot commented on behalf of github Mar 19, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot bot deleted the dependabot/npm_and_yarn/src/frontend/next-15.4.8 branch March 19, 2026 14:29

Labels

dependencies javascript

Conversation

dependabot bot commented on behalf of github Dec 5, 2025 * edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v15.4.8

v15.3.6

Uh oh!

socket-security bot commented Dec 5, 2025 * edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security bot commented Dec 5, 2025 * edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

coderabbitai bot commented Dec 5, 2025 * edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review skipped

Free review on us!

Uh oh!

Check failure

Check warning

sonarqubecloud bot commented Dec 15, 2025

Quality Gate passed

Uh oh!

providenz commented Mar 19, 2026

Uh oh!

dependabot bot commented on behalf of github Mar 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Dec 5, 2025 *

edited

Loading

socket-security bot commented Dec 5, 2025 *

edited

Loading

socket-security bot commented Dec 5, 2025 *

edited

Loading

coderabbitai bot commented Dec 5, 2025 *

edited

Loading