Skip to content

Bump next to ^15.5.6 [SECURITY]#20555

Merged
bernardobelchior merged 1 commit intomasterfrom
renovate/npm-next-vulnerability
Dec 4, 2025
Merged

Bump next to ^15.5.6 [SECURITY]#20555
bernardobelchior merged 1 commit intomasterfrom
renovate/npm-next-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Dec 3, 2025

This PR contains the following updates:

Package Change Age Confidence
next (source) 15.5.6 -> 15.5.7 age confidence

GitHub Vulnerability Alerts

CVE-2025-66478

A vulnerability affects certain React packages1 for versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55182.

Fixed in:
React: 19.0.1, 19.1.2, 19.2.1
Next.js: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7

The vulnerability also affects experimental canary releases starting with 14.3.0-canary.77. Users on any of the 14.3 canary builds should either downgrade to a 14.x stable release or 14.3.0-canary.76.

All users of stable 15.x or 16.x Next.js versions should upgrade to a patched, stable version immediately.

1 The affected React packages are:

  • react-server-dom-parcel
  • react-server-dom-turbopack
  • react-server-dom-webpack

Release Notes

vercel/next.js (next)

v15.5.7

Compare Source

Configuration

📅 Schedule: Branch creation - "" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Update of dependencies. label Dec 3, 2025
@bernardobelchior bernardobelchior merged commit a9eee45 into master Dec 4, 2025
22 checks passed
@bernardobelchior bernardobelchior deleted the renovate/npm-next-vulnerability branch December 4, 2025 07:13
@oliviertassinari oliviertassinari added the security Pull requests that address a security vulnerability. label Dec 6, 2025
This was referenced Dec 6, 2025
Merged
Merged
Merged
A-s-h-o-k pushed a commit to A-s-h-o-k/mui-x that referenced this pull request Dec 14, 2025
@renovate @A-s-h-o-k
Bump next to ^15.5.6 [SECURITY] (mui#20555)
d97fb24 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
mapache-salvaje pushed a commit to mapache-salvaje/mui-x that referenced this pull request Dec 29, 2025
@renovate @mapache-salvaje
Bump next to ^15.5.6 [SECURITY] (mui#20555)
1d15e9e 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bernardobelchior bernardobelchior bernardobelchior approved these changes

Assignees

No one assigned

Labels

dependencies Update of dependencies. security Pull requests that address a security vulnerability.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bernardobelchior @oliviertassinari