[PR #329] chore(deps): bump next from 15.5.2 to 15.5.15 in /landing #1694

New Issue

GiteaMirror · 2026-04-19T13:03:19-05:00

GiteaMirror commented

2026-04-19 13:03:19 -05:00

📋 Pull Request Information

Original PR: https://github.com/feeddeck/feeddeck/pull/329
Author: @dependabot[bot]
Created: 4/13/2026
Status: 🔄 Open

Base: main ← Head: dependabot/npm_and_yarn/landing/next-15.5.15

📝 Commits (1)

a8c4f6c chore(deps): bump next from 15.5.2 to 15.5.15 in /landing

📊 Changes

2 files changed (+41 additions, -41 deletions)

View changed files

📝 landing/package-lock.json (+40 -40)
📝 landing/package.json (+1 -1)

📄 Description

Bumps next from 15.5.2 to 15.5.15.

Release notes

Sourced from next's releases.

v15.5.15

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)

Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @styfle and @lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @ztanner for helping!

Commits

412eb90 v15.5.15
cb90de9 [15.x] Avoid consuming cyclic models multiple times (#74)
fffef9e Fix CI for glibc linux builds
d7b012d v15.5.14
2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
cfd5f53 v15.5.13
15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
d23f41c v15.5.12
8e75765 fix unlock in publish-native
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/feeddeck/feeddeck/pull/329 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 4/13/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `dependabot/npm_and_yarn/landing/next-15.5.15` --- ### 📝 Commits (1) - [`a8c4f6c`](https://github.com/feeddeck/feeddeck/commit/a8c4f6c4390b9d3c3174cdab734f3f129c5b7a20) chore(deps): bump next from 15.5.2 to 15.5.15 in /landing ### 📊 Changes **2 files changed** (+41 additions, -41 deletions) <details> <summary>View changed files</summary> 📝 `landing/package-lock.json` (+40 -40) 📝 `landing/package.json` (+1 -1) </details> ### 📄 Description Bumps [next](https://github.com/vercel/next.js) from 15.5.2 to 15.5.15. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v15.5.15</h2> <p>Please refer the following changelogs for more information about this security release:</p> <p><a href="https://vercel.com/changelog/summary-of-cve-2026-23869">https://vercel.com/changelog/summary-of-cve-2026-23869</a></p> <h2>v15.5.14</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>feat(next/image): add lru disk cache and images.maximumDiskCacheSize (<a href="https://redirect.github.com/vercel/next.js/issues/91660">#91660</a>)</li> <li>Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (<a href="https://redirect.github.com/vercel/next.js/issues/90304">#90304</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/styfle"><code>@styfle</code></a> and <a href="https://github.com/lllomh"><code>@lllomh</code></a> for helping!</p> <h2>v15.5.13</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: patch http-proxy to prevent request smuggling in rewrites (See: <a href="https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8">CVE-2026-29057</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/ztanner"><code>@ztanner</code></a> for helping!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/412eb90b6587ec02e8361c92efa9091487e7348f"><code>412eb90</code></a> v15.5.15</li> <li><a href="https://github.com/vercel/next.js/commit/cb90de98be409653f39ec602072740b38689a4e5"><code>cb90de9</code></a> [15.x] Avoid consuming cyclic models multiple times (<a href="https://redirect.github.com/vercel/next.js/issues/74">#74</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/fffef9ef3059a4883def5b847315fb6017668846"><code>fffef9e</code></a> Fix CI for glibc linux builds</li> <li><a href="https://github.com/vercel/next.js/commit/d7b012d787c01e0435f8cdf2a47211891668d13b"><code>d7b012d</code></a> v15.5.14</li> <li><a href="https://github.com/vercel/next.js/commit/2b0525123245da5b1b9d1abedc636c5fd3ee1d07"><code>2b05251</code></a> [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...</li> <li><a href="https://github.com/vercel/next.js/commit/f88cee9604f0ec8ab869a2f94ced984194277b9e"><code>f88cee9</code></a> Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...</li> <li><a href="https://github.com/vercel/next.js/commit/cfd5f533b08df3038476dcd54f1d6d660d85f069"><code>cfd5f53</code></a> v15.5.13</li> <li><a href="https://github.com/vercel/next.js/commit/15f28911fd272041707dbf6b7c07d62642593be8"><code>15f2891</code></a> [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...</li> <li><a href="https://github.com/vercel/next.js/commit/d23f41c42506005fe6978e076a1ccbf8979e4925"><code>d23f41c</code></a> v15.5.12</li> <li><a href="https://github.com/vercel/next.js/commit/8e75765a6544dc0e6b20aefeade7d33190ffcb7c"><code>8e75765</code></a> fix unlock in publish-native</li> <li>Additional commits viewable in <a href="https://github.com/vercel/next.js/compare/v15.5.2...v15.5.15">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=15.5.2&new-version=15.5.15)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/feeddeck/feeddeck/network/alerts). </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-04-19 13:03:19 -05:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/feeddeck#1694