interledger
fix(deps): update dependency next to v14.2.25 [security]
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| next (source) | 14.2.21 -> 14.2.25 |
GitHub Vulnerability Alerts
CVE-2025-29927
Impact
It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.
Patches
- For Next.js 15.x, this issue is fixed in
15.2.3 - For Next.js 14.x, this issue is fixed in
14.2.25 - For Next.js 13.x, this issue is fixed in
13.5.9 - For Next.js 12.x, this issue is fixed in
12.3.5 - For Next.js 11.x, consult the below workaround.
Note: Next.js deployments hosted on Vercel are automatically protected against this vulnerability.
Workaround
If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application.
Credits
- Allam Rachid (zhero;)
- Allam Yasser (inzo_)
Release Notes
vercel/next.js (next)
v14.2.25
v14.2.24
[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.
Core Changes
- fix: ensure lint worker errors aren't silenced (#75779)
- add additional x-middleware-set-cookie filtering (#75561 & #73482)
Credits
Huge thanks to @ztanner for helping!
v14.2.23
[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.
Core Changes
- backport: force module format for virtual client-proxy (#74590)
- Backport: Use provided waitUntil for pending revalidates (#74573)
- Feature: next/image: add support for images.qualities in next.config (#74500)
Credits
Huge thanks to @styfle, @ijjk and @lubieowoce for helping!
v14.2.22
[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.
Core Changes
- Retry manifest file loading only in dev mode: #73900
- Ensure workers are cleaned up: #71564
- Use shared worker for lint & typecheck steps: #74154
Credits
Huge thanks to @unstubbable, @ijjk, and @ztanner for helping!
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}