Skip to content

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 15, 2025

This PR contains the following updates:

Package Change Age Confidence
next (source) 14.2.28 -> 14.2.30 age confidence

GitHub Vulnerability Alerts

CVE-2025-48068

Summary

A low-severity vulnerability in Next.js has been fixed in version 15.2.2. This issue may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a malicious webpage while npm run dev is active.

Because the mitigation is potentially a breaking change for some development setups, to opt-in to the fix, you must configure allowedDevOrigins in your next config after upgrading to a patched version. Learn more.

Learn more: https://vercel.com/changelog/cve-2025-48068

Credit

Thanks to sapphi-red and Radman Siddiki for responsibly disclosing this issue.


Release Notes

vercel/next.js (next)

v14.2.30

Compare Source

v14.2.29

Compare Source


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.


PR-Codex overview

This PR focuses on updating the version of next and its associated dependencies in the package.json and yarn.lock files from 14.2.28 to 14.2.30.

Detailed summary

  • Updated next version from 14.2.28 to 14.2.30 in package.json and yarn.lock.
  • Updated all references to @next/* packages to 14.2.30 in yarn.lock.
  • Updated checksum for next in yarn.lock.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Jun 15, 2025
@renovate renovate bot requested review from a team as code owners June 15, 2025 05:35
Copy link
Contributor

coderabbitai bot commented Jun 15, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbit review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.


🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbit in a new review comment at the desired location with your query.
  • PR comments: Tag @coderabbit in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbit gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbit read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbit help to get the list of available commands.

Other keywords and placeholders

  • Add @coderabbit ignore or @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbit summary or @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbit or @coderabbitai title anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

  • Visit our Status Page to check the current availability of CodeRabbit.
  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link

netlify bot commented Jun 15, 2025

Deploy Preview for kleros-v2-university failed. Why did it fail? →

Name Link
🔨 Latest commit 66fd842
🔍 Latest deploy log https://app.netlify.com/projects/kleros-v2-university/deploys/68b117624bc5a90008d98500

Copy link

netlify bot commented Jun 15, 2025

Deploy Preview for kleros-v2-testnet-devtools ready!

Name Link
🔨 Latest commit 66fd842
🔍 Latest deploy log https://app.netlify.com/projects/kleros-v2-testnet-devtools/deploys/68b117624976c00008501aa1
😎 Deploy Preview https://deploy-preview-2025--kleros-v2-testnet-devtools.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

Copy link

netlify bot commented Jun 15, 2025

Deploy Preview for kleros-v2-neo ready!

Name Link
🔨 Latest commit 66fd842
🔍 Latest deploy log https://app.netlify.com/projects/kleros-v2-neo/deploys/68b11762a5be200007749ce5
😎 Deploy Preview https://deploy-preview-2025--kleros-v2-neo.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

Copy link

netlify bot commented Jun 15, 2025

Deploy Preview for kleros-v2-testnet ready!

Name Link
🔨 Latest commit 66fd842
🔍 Latest deploy log https://app.netlify.com/projects/kleros-v2-testnet/deploys/68b1176200ad060008e05b95
😎 Deploy Preview https://deploy-preview-2025--kleros-v2-testnet.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@renovate renovate bot force-pushed the renovate/npm-next-vulnerability branch 3 times, most recently from ba9f754 to cca90ad Compare June 23, 2025 12:44
@renovate renovate bot force-pushed the renovate/npm-next-vulnerability branch 2 times, most recently from 0260213 to 2d540bc Compare July 5, 2025 22:33
Copy link

Code Climate has analyzed commit 2d540bc and detected 0 issues on this pull request.

View more on Code Climate.

@renovate renovate bot force-pushed the renovate/npm-next-vulnerability branch 11 times, most recently from 533d821 to 20c96a7 Compare July 21, 2025 18:09
@renovate renovate bot force-pushed the renovate/npm-next-vulnerability branch 4 times, most recently from b64413d to db7672f Compare July 29, 2025 22:28
@renovate renovate bot force-pushed the renovate/npm-next-vulnerability branch 9 times, most recently from 73bd6b5 to 267ada2 Compare August 8, 2025 01:58
@renovate renovate bot force-pushed the renovate/npm-next-vulnerability branch 8 times, most recently from 1772d11 to e612b30 Compare August 15, 2025 01:06
@renovate renovate bot force-pushed the renovate/npm-next-vulnerability branch 7 times, most recently from 23958b2 to f0bfed4 Compare August 22, 2025 01:29
@renovate renovate bot force-pushed the renovate/npm-next-vulnerability branch 3 times, most recently from cefdd38 to 8470ae6 Compare August 27, 2025 04:03
@renovate renovate bot force-pushed the renovate/npm-next-vulnerability branch from 8470ae6 to 66fd842 Compare August 29, 2025 02:58
Copy link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant