chore(deps): update dependency next to v15.2.3 [security] (main) (#7122)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [next](https://nextjs.org)
([source](https://redirect.github.com/vercel/next.js)) | [`15.2.2` ->
`15.2.3`](https://renovatebot.com/diffs/npm/next/15.2.2/15.2.3) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/next/15.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/next/15.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/next/15.2.2/15.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/next/15.2.2/15.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-29927](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw)

# Impact
It is possible to bypass authorization checks within a Next.js
application, if the authorization check occurs in middleware.

# Patches
* For Next.js 15.x, this issue is fixed in `15.2.3`
* For Next.js 14.x, this issue is fixed in `14.2.25`
* For Next.js versions `11.1.4` thru `13.5.6`, consult the below
workaround.

# Workaround
If patching to a safe version is infeasible, it is recommend that you
prevent external user requests which contain the
`x-middleware-subrequest` header from reaching your Next.js application.

## Credits

- Allam Rachid (zhero;)
- Allam Yasser (inzo_)

---

### Release Notes

<details>
<summary>vercel/next.js (next)</summary>

###
[`v15.2.3`](https://redirect.github.com/vercel/next.js/compare/v15.2.2...v15.2.3)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v15.2.2...v15.2.3)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/SAP/ui5-webcomponents-react).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDcuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Author: renovate[bot]

examples/nextjs-app/package-lock.json

@@ -17,7 +17,7 @@
     "@types/react-dom": "19.0.4",
     "eslint": "9.22.0",
     "eslint-config-next": "15.2.2",
-    "next": "15.2.2",
+    "next": "15.2.3",
     "react": "19.0.0",
     "react-dom": "19.0.0",
     "typescript": "5.8.2"

examples/nextjs-app/package.json

@@ -17,7 +17,7 @@
     "@types/react-dom": "19.0.4",
     "eslint": "9.22.0",
     "eslint-config-next": "15.2.2",
-    "next": "15.2.2",
+    "next": "15.2.3",
     "react": "19.0.0",
     "react-dom": "19.0.0",
     "typescript": "5.8.2"