Skip to content

chore(deps): update dependency next to v16.1.5 [security] #1065

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency next to v16.1.5 [security] #1065

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jan 27, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change OpenSSF
next (source) dependencies patch 16.1.116.1.5 OpenSSF Scorecard

GitHub Vulnerability Alerts

CVE-2025-59471

A DoS vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint (/_next/image) loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause out-of-memory conditions by requesting optimization of arbitrarily large images. This vulnerability requires that remotePatterns is configured to allow image optimization from external domains and that the attacker can serve or control a large image on an allowed domain.

Strongly consider upgrading to 15.5.10 and 16.1.5 to reduce risk and prevent availability issues in Next applications.

Release Notes

vercel/next.js (next)

v16.1.5

Compare Source

v16.1.4

Compare Source

v16.1.3

Compare Source

v16.1.2

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
chore(deps): update dependency next to v16.1.5 [security]
5f0a98d 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot added the dependencies Dependency updates label Jan 27, 2026
@renovate renovate bot enabled auto-merge (squash) January 27, 2026 23:14
@github-actions github-actions bot added qa:running QA workflow is currently running status:approved Pull request has been approved labels Jan 27, 2026
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Jan 27, 2026
View reviewed changes
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

@renovate-approve-2 renovate-approve-2[bot] renovate-approve-2[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Dependency updates qa:running QA workflow is currently running status:approved Pull request has been approved

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants