Update dependency next to v15.2.4 [SECURITY] (#2162)

pulumi-renovate[bot] · web-flow · commit bb6cc857fc84 · 2025-04-03T00:15:58.000Z
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [next](https://nextjs.org) ([source](https://redirect.github.com/vercel/next.js)) | dependencies | patch | [`15.2.3` -> `15.2.4`](https://renovatebot.com/diffs/npm/next/15.2.3/15.2.4) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ### GitHub Vulnerability Alerts #### [CVE-2025-30218](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-223j-4rm8-mrmf) ## Summary In the process of remediating [CVE-2025-29927](https://redirect.github.com/advisories/GHSA-f82v-jwr5-mffw), we looked at other possible exploits of Middleware. We independently verified this low severity vulnerability in parallel with two reports from independent researchers. Learn more [here](https://vercel.com/changelog/cve-2025-30218-5DREmEH765PoeAsrNNQj3O). ## Credit Thank you to Jinseo Kim [kjsman](https://hackerone.com/kjsman?type=user) and [ryotak](https://hackerone.com/ryotak?type=user) for the responsible disclosure. These researchers were awarded as part of our bug bounty program. --- ### Release Notes <details> <summary>vercel/next.js (next)</summary> ### [`v15.2.4`](https://redirect.github.com/vercel/next.js/releases/tag/v15.2.4) [Compare Source](https://redirect.github.com/vercel/next.js/compare/v15.2.3...v15.2.4) > \[!NOTE]\ > This release is backporting bug fixes. It does **not** include all pending features/changes on canary. ##### Core Changes - Match subrequest handling for edge and node ([#&#8203;77474](https://redirect.github.com/vercel/next.js/issues/77474)) - exclude images and static media from dev origin check ([#&#8203;77417](https://redirect.github.com/vercel/next.js/issues/77417)) - ensure /\__next middleware URLs are included in the origin check ([#&#8203;77416](https://redirect.github.com/vercel/next.js/issues/77416)) - remove direct ip/port bypass in dev origin check ([#&#8203;77414](https://redirect.github.com/vercel/next.js/issues/77414)) - switch development origin verification to be opt-in rather than opt-out ([#&#8203;77395](https://redirect.github.com/vercel/next.js/issues/77395)) ##### Credits Huge thanks to [@&#8203;ijjk](https://redirect.github.com/ijjk) and [@&#8203;ztanner](https://redirect.github.com/ztanner) for helping! </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - "every weekday" (UTC). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: pulumi-renovate[bot] <189166143+pulumi-renovate[bot]@users.noreply.github.com>
diff --git a/aws-ts-nextjs/demoapp/package.json b/aws-ts-nextjs/demoapp/package.json
@@ -17,7 +17,7 @@
     "autoprefixer": "10.4.20",
     "eslint": "9.21.0",
     "eslint-config-next": "15.2.1",
-    "next": "15.2.3",
+    "next": "15.2.4",
     "postcss": "8.5.3",
     "react": "19.0.0",
     "react-dom": "19.0.0",
