Skip to content

fix: bump next peerDependency minimum to ^15.5.18#28

Merged
dcbouius merged 1 commit into
mainfrom
fix/dependabot-alerts-next
May 13, 2026
Merged

fix: bump next peerDependency minimum to ^15.5.18#28
dcbouius merged 1 commit into
mainfrom
fix/dependabot-alerts-next

Conversation

@dcbouius
Copy link
Copy Markdown
Contributor

@dcbouius dcbouius commented May 13, 2026

Summary

  • Bump next peer dependency minimum for 15.x from ^15.5.14 to ^15.5.18
  • Updates lock file to resolve next 15.5.18

Dependabot alerts resolved

Test plan

  • Verify npm audit shows no new high/critical vulnerabilities
  • Verify npm run build succeeds
  • Verify Dependabot alerts close after merge

@dcbouius
fix: bump next peerDependency minimum to ^15.5.18 for open dependabot…
ded5e8a 
… alerts

Resolves 4 open dependabot alerts:
- GHSA-q4gf-8mx6-v5v3 (DoS with Server Components)
- GHSA-492v-c6pp-mqqv (Middleware bypass via dynamic route param injection)
- GHSA-267c-6grr-h53f (Middleware bypass via segment-prefetch routes)
- GHSA-26hh-7cqf-hhc6 (Middleware bypass incomplete fix follow-up)
@dcbouius dcbouius requested a review from DK09876 May 13, 2026 16:11
@dcbouius dcbouius merged commit 389f0b4 into main May 13, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DK09876 DK09876 DK09876 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dcbouius @DK09876