Skip to content

OUT-3723: patch nextjs for latest vulnerabilities#249

Merged
SandipBajracharya merged 1 commit into
masterfrom
OUT-3723
May 14, 2026
Merged

OUT-3723: patch nextjs for latest vulnerabilities#249
SandipBajracharya merged 1 commit into
masterfrom
OUT-3723

Conversation

@SandipBajracharya
Copy link
Copy Markdown
Collaborator

@SandipBajracharya SandipBajracharya commented May 13, 2026

No description provided.

@linear-code
Copy link
Copy Markdown

linear-code Bot commented May 13, 2026

OUT-3723

@vercel
Copy link
Copy Markdown

vercel Bot commented May 13, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
quickbooks-sync Building Building May 13, 2026 3:41pm
quickbooks-sync (dev) Ready Ready Preview, Comment May 13, 2026 3:41pm

Request Review

@greptile-apps
Copy link
Copy Markdown

greptile-apps Bot commented May 13, 2026

Greptile Summary

This PR patches Next.js from 15.5.15 to 15.5.18, a security-focused update that the Next.js team released to address multiple vulnerabilities (high, moderate, and low severity) including an upstream React issue (CVE-2025-55184, CVE-2025-55183).

  • package.json: Version pin for next changed from 15.5.1515.5.18.
  • yarn.lock: All next and @next/* sub-package resolutions and checksums updated to match 15.5.18; no other dependency changes are present.

Confidence Score: 5/5

Safe to merge — this is a targeted security patch bump with no application logic changes.

The change is limited to bumping Next.js from 15.5.15 to 15.5.18, a patch release issued specifically by the Next.js team to fix known security vulnerabilities. The yarn.lock is consistent with the version change, all @next/* sub-packages are updated together, and no unrelated dependencies were modified. There is minimal risk of regression from a patch-level security release within the same minor version.

No files require special attention — both changed files are straightforward version-pin updates.

Important Files Changed

Filename Overview
package.json Bumps the next dependency from 15.5.15 to 15.5.18 to address security vulnerabilities.
yarn.lock Lockfile updated to reflect the new Next.js 15.5.18 resolution, checksums, and all associated @next/* sub-packages; no unrelated dependency changes.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["package.json: next 15.5.15 → 15.5.18"] --> B["yarn.lock updated"]
    B --> C["@next/env 15.5.18"]
    B --> D["@next/swc-* 15.5.18 (9 platform binaries)"]
    B --> E["next 15.5.18 with new checksum"]
    C & D & E --> F["Security fixes applied (CVE-2025-55184, CVE-2025-55183)"]
Loading

Reviews (1): Last reviewed commit: "chore(OUT-3723): patch nextjs for latest..." | Re-trigger Greptile

priosshrsth
priosshrsth approved these changes May 14, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@priosshrsth priosshrsth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@SandipBajracharya SandipBajracharya merged commit a7c168d into master May 14, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@priosshrsth priosshrsth priosshrsth approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SandipBajracharya @priosshrsth