Update dependency next to v15.2.4 [SECURITY] (#2162)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [next](https://nextjs.org)
([source](https://redirect.github.com/vercel/next.js)) | dependencies |
patch | [`15.2.3` ->
`15.2.4`](https://renovatebot.com/diffs/npm/next/15.2.3/15.2.4) |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

### GitHub Vulnerability Alerts

####
[CVE-2025-30218](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-223j-4rm8-mrmf)

## Summary
In the process of remediating
[CVE-2025-29927](https://redirect.github.com/advisories/GHSA-f82v-jwr5-mffw),
we looked at other possible exploits of Middleware. We independently
verified this low severity vulnerability in parallel with two reports
from independent researchers.

Learn more
[here](https://vercel.com/changelog/cve-2025-30218-5DREmEH765PoeAsrNNQj3O).

## Credit

Thank you to Jinseo Kim [kjsman](https://hackerone.com/kjsman?type=user)
and [ryotak](https://hackerone.com/ryotak?type=user) for the responsible
disclosure. These researchers were awarded as part of our bug bounty
program.

---

### Release Notes

<details>
<summary>vercel/next.js (next)</summary>

###
[`v15.2.4`](https://redirect.github.com/vercel/next.js/releases/tag/v15.2.4)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v15.2.3...v15.2.4)

> \[!NOTE]\
> This release is backporting bug fixes. It does **not** include all
pending features/changes on canary.

##### Core Changes

- Match subrequest handling for edge and node
([#&#8203;77474](https://redirect.github.com/vercel/next.js/issues/77474))
- exclude images and static media from dev origin check
([#&#8203;77417](https://redirect.github.com/vercel/next.js/issues/77417))
- ensure /\__next middleware URLs are included in the origin check
([#&#8203;77416](https://redirect.github.com/vercel/next.js/issues/77416))
- remove direct ip/port bypass in dev origin check
([#&#8203;77414](https://redirect.github.com/vercel/next.js/issues/77414))
- switch development origin verification to be opt-in rather than
opt-out
([#&#8203;77395](https://redirect.github.com/vercel/next.js/issues/77395))

##### Credits

Huge thanks to [@&#8203;ijjk](https://redirect.github.com/ijjk) and
[@&#8203;ztanner](https://redirect.github.com/ztanner) for helping!

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - "every weekday"
(UTC).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xOS4wIiwidXBkYXRlZEluVmVyIjoiMzkuMTkuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJpbXBhY3Qvbm8tY2hhbmdlbG9nLXJlcXVpcmVkIl19-->

Co-authored-by: pulumi-renovate[bot] <189166143+pulumi-renovate[bot]@users.noreply.github.com>

Author: pulumi-renovate[bot]

aws-ts-nextjs/demoapp/package.json

@@ -17,7 +17,7 @@
     "autoprefixer": "10.4.20",
     "eslint": "9.21.0",
     "eslint-config-next": "15.2.1",
-    "next": "15.2.3",
+    "next": "15.2.4",
     "postcss": "8.5.3",
     "react": "19.0.0",
     "react-dom": "19.0.0",