Skip to content

release: To Prod#1352

Merged
suisuss merged 2 commits into
prodfrom
staging
May 22, 2026
Merged

release: To Prod#1352
suisuss merged 2 commits into
prodfrom
staging

Conversation

@suisuss

@suisuss suisuss commented May 22, 2026

Copy link
Copy Markdown

No description provided.

suisuss added 2 commits May 22, 2026 17:22
@suisuss
chore: bump next to 16.2.6 to patch 9 high-severity advisories
91d5002 
Resolves all Next.js advisories surfaced by pnpm audit on 16.2.2:

- GHSA-q4gf-8mx6-v5v3  DoS via Server Components
- GHSA-8h8q-6873-q5fj  DoS via Server Components (follow-up)
- GHSA-mg66-mrh9-m8jx  DoS via connection exhaustion in Cache Components
- GHSA-c4j6-fc7j-m34r  SSRF via WebSocket upgrades
- GHSA-492v-c6pp-mqqv  Middleware/proxy bypass via dynamic route param injection
- GHSA-267c-6grr-h53f  App Router middleware bypass via segment-prefetch
- GHSA-26hh-7cqf-hhc6  Segment-prefetch bypass incomplete-fix follow-up
- GHSA-36qx-fr4f-26g5  Pages Router i18n middleware bypass (N/A but patched)

Diff is package.json + pnpm-lock.yaml only. type-check and lint pass.
@suisuss
Merge pull request #1351 from KeeperHub/chore/next-16.2.6-security
effc240 
chore: bump next to 16.2.6 (security patches)
@suisuss suisuss merged commit 85f2ad8 into prod May 22, 2026
30 of 32 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@suisuss