UI5 / webcomponents-react / 20159981546
85%
main: 85%

LAST BUILD BRANCH: renovate/major-vite-and-plugins
DEFAULT BRANCH: main
Ran
Jobs 7
Files 231
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 84.929%. Remained the same
20159981546

push

github

web-flow 
chore(deps): update dependency next to v16.0.9 [security] (#8021)

This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [next](https://nextjs.org)
([source](https://redirect.github.com/vercel/next.js)) | [`16.0.7` ->
`16.0.9`](https://renovatebot.com/diffs/npm/next/16.0.7/16.0.9) |
![age](https://developer.mend.io/api/mc/badges/age/npm/next/16.0.9?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/next/16.0.7/16.0.9?slim=true)
|

### GitHub Vulnerability Alerts

####
[GHSA-mwv6-3258-q52c](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c)

A vulnerability affects certain React packages for versions 19.0.0,
19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that
use the affected packages, including Next.js 15.x and 16.x using the App
Router. The issue is tracked upstream as
[CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184).

A malicious HTTP request can be crafted and sent to any App Router
endpoint that, when deserialized, can cause the server process to hang
and consume CPU. This can result in denial of service in unpatched
environments.

####
[GHSA-w37m-7fhw-fmv9](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-w37m-7fhw-fmv9)

A vulnerability affects certain React packages for versions 19.0.0,
19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that
use the affected packages, including Next.js 15.x and 16.x using the App
Router. The issue is tracked upstream as
[CVE-2025-55183](https://www.cve.org/CVERecord?id=CVE-2025-55183).

A malicious HTTP request can be crafted and sent to any App Router
endpoint that can return the compiled source code of [Server
Functions](https://react.dev/reference/rsc/server-functions). This could
reveal business logic, but would not expose secrets ... (continued)

3264 of 4169 branches covered (78.29%)

Branch coverage included in aggregate %.

5741 of 6434 relevant lines covered (89.23%)

118867.03 hits per line

Jobs
ID Job ID Ran Files Coverage
1 main/src/internal - 20159981546.1 157
10.15
 GitHub Action Run
2 main/src/components - 20159981546.2 157
85.95
 GitHub Action Run
3 base - 20159981546.3 162
11.58
 GitHub Action Run
4 compat - 20159981546.4 168
13.32
 GitHub Action Run
5 cypress-commands - 20159981546.5 157
10.0
 GitHub Action Run
6 main/src/webComponents - 20159981546.6 157
8.43
 GitHub Action Run
7 charts - 20159981546.7 215
21.38
 GitHub Action Run
Source Files on build 20159981546