Skip to content

Update dependency next to v16.2.3 [SECURITY]#145

Merged
rtivital merged 1 commit into
masterfrom
renovate/npm-next-vulnerability
Apr 16, 2026
Merged

Update dependency next to v16.2.3 [SECURITY]#145
rtivital merged 1 commit into
masterfrom
renovate/npm-next-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Apr 16, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
next (source) 16.1.716.2.3 age adoption passing confidence

GitHub Vulnerability Alerts

GHSA-q4gf-8mx6-v5v3

A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23869. You can read more about this advisory our this changelog.

A specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage. This can result in denial of service in unpatched environments.

Severity
  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Release Notes

vercel/next.js (next)

v16.2.3

Compare Source

v16.2.2

Compare Source

v16.2.1

Compare Source

v16.2.0

Compare Source


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@rtivital rtivital merged commit f9ca53d into master Apr 16, 2026
1 check passed
@renovate renovate Bot deleted the renovate/npm-next-vulnerability branch April 16, 2026 07:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant