fix(deps): update dependency next to v15.1.2 [security]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
next (source)	dependencies	patch	15.1.0 -> 15.1.2

GitHub Vulnerability Alerts

CVE-2024-56332

Impact

A Denial of Service (DoS) attack allows attackers to construct requests that leaves requests to Server Actions hanging until the hosting provider cancels the function execution.

Note: Next.js server is idle during that time and only keeps the connection open. CPU and memory footprint are low during that time.

Deployments without any protection against long running Server Action invocations are especially vulnerable. Hosting providers like Vercel or Netlify set a default maximum duration on function execution to reduce the risk of excessive billing.

This is the same issue as if the incoming HTTP request has an invalid Content-Length header or never closes. If the host has no other mitigations to those then this vulnerability is novel.

This vulnerability affects only Next.js deployments using Server Actions.

Patches

This vulnerability was resolved in Next.js 14.2.21, 15.1.2, and 13.5.8. We recommend that users upgrade to a safe version.

Workarounds

There are no official workarounds for this vulnerability.

Credits

Thanks to the PackDraw team for responsibly disclosing this vulnerability.

---

Release Notes

vercel/next.js (next)

v15.1.2

Compare Source

v15.1.1

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - "* 0-3 * * 1" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
clickhouse-monitoring	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jan 3, 2025 9:39pm

[sourcery-ai]

Reviewer's Guide by Sourcery

This PR updates the next dependency to version 15.1.2 to address a security vulnerability (CVE-2024-56332). This vulnerability allows for Denial of Service (DoS) attacks by keeping Server Actions requests hanging. The update patches this vulnerability. No other changes were made.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change	Details	Files
Update next dependency to 15.1.2	Updated lock files to reflect the dependency change to next 15.1.2	yarn.lock docs/yarn.lock

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, renovate[bot]!). We assume it knows what it's doing!

[codecov-commenter]

Bundle Report

Bundle size has no change ✅

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 77.16%. Comparing base (7f89ba7) to head (0abb120).

✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #455   +/-   ##
=======================================
  Coverage   77.16%   77.16%           
=======================================
  Files           5        5           
  Lines         162      162           
  Branches       60       60           
=======================================
  Hits          125      125           
- Misses         34       37    +3     
+ Partials        3        0    -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (^15.0.3). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.