Update nextjs monorepo to v15.5.19 #4

Open

renovate wants to merge 1 commit from renovate/nextjs-monorepo into main

pull from: renovate/nextjs-monorepo

merge into: florian:main

florian:main

florian:renovate/actions-setup-node-6.x

florian:renovate/actions-checkout-6.x

florian:renovate/tailwindcss-monorepo

florian:renovate/playwright-monorepo

florian:renovate/vitest-monorepo

florian:renovate/react-monorepo

florian:renovate/prisma-monorepo

florian:renovate/node-22.x-lockfile

florian:renovate/simplewebauthn-server-13.x-lockfile

Conversation 0 Commits 1 Files changed 2 +126 -659

renovate commented 2026-06-14 03:51:34 +02:00

Collaborator

Copy link

This PR contains the following updates:

Package	Change	Age	Confidence
eslint-config-next (source)	15.5.14 → 15.5.19
next (source)	15.5.14 → 15.5.19

---

Release Notes

vercel/next.js (eslint-config-next)

v15.5.19: 15.5.19

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• [15.5.x] Don't drop FormData entries (#​94244)

Other

• [15.5.x] Fix CI (#​94281)

Credits

Huge thanks to @​eps1lon for helping!

v15.5.18

Compare Source

This release contains security fixes for the following advisories:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

v15.5.16

Compare Source

This release contains security fixes for the following advisories:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

v15.5.15

Compare Source

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [eslint-config-next](https://nextjs.org/docs/app/api-reference/config/eslint) ([source](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next)) | [`15.5.14` → `15.5.19`](https://renovatebot.com/diffs/npm/eslint-config-next/15.5.14/15.5.19) |  |  | | [next](https://nextjs.org) ([source](https://github.com/vercel/next.js)) | [`15.5.14` → `15.5.19`](https://renovatebot.com/diffs/npm/next/15.5.14/15.5.19) |  |  | --- ### Release Notes <details> <summary>vercel/next.js (eslint-config-next)</summary> ### [`v15.5.19`](https://github.com/vercel/next.js/releases/tag/v15.5.19): 15.5.19 [Compare Source](https://github.com/vercel/next.js/compare/v15.5.18...v15.5.19) > \[!NOTE] > This release is backporting bug fixes. It does **not** include all pending features/changes on canary. ##### Core Changes - \[15.5.x] Don't drop `FormData` entries ([#&#8203;94244](https://github.com/vercel/next.js/issues/94244)) ##### Other - \[15.5.x] Fix CI ([#&#8203;94281](https://github.com/vercel/next.js/issues/94281)) ##### Credits Huge thanks to [@&#8203;eps1lon](https://github.com/eps1lon) for helping! ### [`v15.5.18`](https://github.com/vercel/next.js/releases/tag/v15.5.18) [Compare Source](https://github.com/vercel/next.js/compare/v15.5.16...v15.5.18) This release contains security fixes for the following advisories: High: - [GHSA-8h8q-6873-q5fj: Denial of Service with Server Components](https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj) - [GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes](https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f) - [GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up](https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6) - [GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components](https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx) - [GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection](https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv) - [GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades](https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r) - [GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n](https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5) Moderate: - [GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces](https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q) - [GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input](https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h) - [GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API](https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh) - [GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses](https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7) Low: - [GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting](https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949) - [GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned](https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq) ### [`v15.5.16`](https://github.com/vercel/next.js/releases/tag/v15.5.16) [Compare Source](https://github.com/vercel/next.js/compare/v15.5.15...v15.5.16) This release contains security fixes for the following advisories: High: - [GHSA-8h8q-6873-q5fj: Denial of Service with Server Components](https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj) - [GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes](https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f) - [GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components](https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx) - [GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection](https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv) - [GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades](https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r) - [GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n](https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5) Moderate: - [GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces](https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q) - [GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input](https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h) - [GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API](https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh) - [GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses](https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7) Low: - [GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting](https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949) - [GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned](https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq) ### [`v15.5.15`](https://github.com/vercel/next.js/releases/tag/v15.5.15) [Compare Source](https://github.com/vercel/next.js/compare/v15.5.14...v15.5.15) Please refer the following changelogs for more information about this security release: <https://vercel.com/changelog/summary-of-cve-2026-23869> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMjAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIyMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

renovate added 1 commit 2026-06-14 03:51:34 +02:00

Update nextjs monorepo to v15.5.19 611238f3fe

Some checks failed

Hide all checks

CI / verify (pull_request) Failing after 2s

Details

CI / publish-images (pull_request) Has been skipped

Details

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/nextjs-monorepo:renovate/nextjs-monorepo

git switch renovate/nextjs-monorepo

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main

git merge --no-ff renovate/nextjs-monorepo

git switch renovate/nextjs-monorepo

git rebase main

git switch main

git merge --ff-only renovate/nextjs-monorepo

git switch renovate/nextjs-monorepo

git rebase main

git switch main

git merge --no-ff renovate/nextjs-monorepo

git switch main

git merge --squash renovate/nextjs-monorepo

git switch main

git merge --ff-only renovate/nextjs-monorepo

git switch main

git merge renovate/nextjs-monorepo

git push origin main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something isn't working

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

wontfix

This will not be worked on

No labels

bug

documentation

duplicate

enhancement

good first issue

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

florian/saatgut!4

No description provided.