20160187278
85%

Ran 12 Dec 2025 08:01AM UTC

Jobs 7

Files 231

Run time 1min

Badge

Embed ▾

Committed 12 Dec 2025 07:47AM UTC coverage: 84.91% (-0.02%) from 84.929%

Build # 20160187278

Build Type

push

github

Committed by

web-flow

Commit Message

chore(deps): update dependency next to v16.0.9 [security] (#8021)

This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [next](https://nextjs.org)
([source](https://redirect.github.com/vercel/next.js)) | [`16.0.7` ->
`16.0.9`](https://renovatebot.com/diffs/npm/next/16.0.7/16.0.9) |
![age](https://developer.mend.io/api/mc/badges/age/npm/next/16.0.9?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/next/16.0.7/16.0.9?slim=true)
|

### GitHub Vulnerability Alerts

####
[GHSA-mwv6-3258-q52c](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c)

A vulnerability affects certain React packages for versions 19.0.0,
19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that
use the affected packages, including Next.js 15.x and 16.x using the App
Router. The issue is tracked upstream as
[CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184).

A malicious HTTP request can be crafted and sent to any App Router
endpoint that, when deserialized, can cause the server process to hang
and consume CPU. This can result in denial of service in unpatched
environments.

####
[GHSA-w37m-7fhw-fmv9](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-w37m-7fhw-fmv9)

A vulnerability affects certain React packages for versions 19.0.0,
19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that
use the affected packages, including Next.js 15.x and 16.x using the App
Router. The issue is tracked upstream as
[CVE-2025-55183](https://www.cve.org/CVERecord?id=CVE-2025-55183).

A malicious HTTP request can be crafted and sent to any App Router
endpoint that can return the compiled source code of [Server
Functions](https://react.dev/reference/rsc/server-functions). This could
reveal business logic, but would not expose secrets ... (continued)

Run Details

3263 of 4169 branches covered (78.27%)

Branch coverage included in aggregate %.

5740 of 6434 relevant lines covered (89.21%)

118767.96 hits per line

Uncovered Existing Lines

Lines	Coverage	∆	File
1	88.46	-7.69%	packages/base/src/internal/utils/debounce.ts

Jobs

ID	Job ID	Ran	Files	Coverage
1	main/src/webComponents - 20160187278.1	12 Dec 2025 08:01AM UTC	157	8.44	GitHub Action Run
2	main/src/components - 20160187278.2	12 Dec 2025 08:08AM UTC	157	85.95	GitHub Action Run
3	base - 20160187278.3	12 Dec 2025 08:02AM UTC	162	11.56	GitHub Action Run
4	compat - 20160187278.4	12 Dec 2025 08:01AM UTC	168	13.32	GitHub Action Run
5	charts - 20160187278.5	12 Dec 2025 08:03AM UTC	215	21.38	GitHub Action Run
6	cypress-commands - 20160187278.6	12 Dec 2025 08:01AM UTC	157	10.0	GitHub Action Run
7	main/src/internal - 20160187278.7	12 Dec 2025 08:01AM UTC	157	10.15	GitHub Action Run

UI5 / webcomponents-react / 20160187278
85%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Uncovered Existing Lines

Jobs

Source Files on build 20160187278

UI5 / webcomponents-react / 20160187278 85%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Uncovered Existing Lines

Jobs

Source Files on build 20160187278

UI5 / webcomponents-react / 20160187278
85%

README BADGES
x