UI5 / webcomponents-react / 20195115396 / 1
85%
main: 85%

LAST BUILD BRANCH: renovate/patch-root-all-minor-patch
DEFAULT BRANCH: main
Ran
Files 157
Run time 4s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 8.426%. Remained the same
20195115396.1

push

github

web-flow 
chore(deps): update dependency next to v16.0.10 [security] (#8028)

This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [next](https://nextjs.org)
([source](https://redirect.github.com/vercel/next.js)) | [`16.0.9` ->
`16.0.10`](https://renovatebot.com/diffs/npm/next/16.0.9/16.0.10) |
![age](https://developer.mend.io/api/mc/badges/age/npm/next/16.0.10?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/next/16.0.9/16.0.10?slim=true)
|

### GitHub Vulnerability Alerts

####
[GHSA-5j59-xgg2-r9c4](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4)

It was found that the fix
addressing [CVE-2025-55184](https://redirect.github.com/advisories/GHSA-2m3v-v2m8-q956) in
React Server Components was incomplete and did not fully prevent
denial-of-service attacks in all payload types. This affects React
package versions 19.0.2, 19.1.3, and 19.2.2 and frameworks that use the
affected packages, including Next.js 13.x, 14.x, 15.x and 16.x using the
App Router. The issue is tracked upstream as
[CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779).

A malicious HTTP request can be crafted and sent to any Server Function
endpoint that, when deserialized, can enter an infinite loop within the
React Server Components runtime. This can cause the server process to
hang and consume CPU, resulting in denial of service in unpatched
environments.

---

### Release Notes

<details>
<summary>vercel/next.js (next)</summary>

###
[`v16.0.10`](https://redirect.github.com/vercel/next.js/compare/v16.0.9...v16.0.10)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v16.0.9...v16.0.10)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasin... (continued)

47 of 3113 branches covered (1.51%)

Branch coverage included in aggregate %.

632 of 4945 relevant lines covered (12.78%)

3.23 hits per line

Source Files on job main/src/webComponents - 20195115396.1