From 3c37305d77cd130b24c57bcf38a339d14f95c9c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 21:58:57 +0000 Subject: [PATCH 1/4] chore(deps): bump next from 15.5.9 to 15.5.10 in /packages/web Bumps [next](https://github.com/vercel/next.js) from 15.5.9 to 15.5.10. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/compare/v15.5.9...v15.5.10) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- packages/web/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/web/package.json b/packages/web/package.json index c06af493d..4ddf55b4b 100644 --- a/packages/web/package.json +++ b/packages/web/package.json @@ -151,7 +151,7 @@ "linguist-languages": "^9.3.1", "lucide-react": "^0.517.0", "micromatch": "^4.0.8", - "next": "15.5.9", + "next": "15.5.10", "next-auth": "^5.0.0-beta.30", "next-navigation-guard": "^0.2.0", "next-themes": "^0.3.0", From fb84cba489e0a9d14de6f1bca8412bdf545d1c4b Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 22:00:33 +0000 Subject: [PATCH 2/4] chore: add changelog entry for next 15.5.10 security bump Co-authored-by: Brendan Kellam --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 43ee97124..86cfb757c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Bumped `@aws-sdk/credential-providers` to `^3.1000.0`. [#955](https://github.com/sourcebot-dev/sourcebot/pull/955) - Bumped `rollup` transitive dependency to `^4.59.0` via yarn resolutions. [#956](https://github.com/sourcebot-dev/sourcebot/pull/956) - Bumped `minimatch` transitive dependency to `^3.1.3` via yarn resolutions. [#957](https://github.com/sourcebot-dev/sourcebot/pull/957) +- Bumped `next` to `15.5.10` (security release: CVE-2025-59471, CVE-2025-59472, CVE-2026-23864). [#960](https://github.com/sourcebot-dev/sourcebot/pull/960) ## [4.13.0] - 2026-02-27 From b73f162e80adbe386a8243679fa418967ed0d7e9 Mon Sep 17 00:00:00 2001 From: Brendan Kellam Date: Fri, 27 Feb 2026 14:02:53 -0800 Subject: [PATCH 3/4] update yarn --- yarn.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/yarn.lock b/yarn.lock index 8db906281..7344fa41e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3465,10 +3465,10 @@ __metadata: languageName: node linkType: hard -"@next/env@npm:15.5.9": - version: 15.5.9 - resolution: "@next/env@npm:15.5.9" - checksum: 10c0/92c4e29d81a8e78c33c2da179648a4f478a9a6852966192e079007b19ec9955e72530d5ca7df55ea0efeccbf5b1c9d0efcaf80433e26af89c6478193e1d088f1 +"@next/env@npm:15.5.10": + version: 15.5.10 + resolution: "@next/env@npm:15.5.10" + checksum: 10c0/fb26c299ff388a3a0b2d14379616e3e59fe7960002e5aa67be4d195a377b9803fb93dd90067a5eb7d889d6f437aff091171701eec0e8d201666160269dda4e95 languageName: node linkType: hard @@ -8548,7 +8548,7 @@ __metadata: linguist-languages: "npm:^9.3.1" lucide-react: "npm:^0.517.0" micromatch: "npm:^4.0.8" - next: "npm:15.5.9" + next: "npm:15.5.10" next-auth: "npm:^5.0.0-beta.30" next-navigation-guard: "npm:^0.2.0" next-themes: "npm:^0.3.0" @@ -16536,11 +16536,11 @@ __metadata: languageName: node linkType: hard -"next@npm:15.5.9": - version: 15.5.9 - resolution: "next@npm:15.5.9" +"next@npm:15.5.10": + version: 15.5.10 + resolution: "next@npm:15.5.10" dependencies: - "@next/env": "npm:15.5.9" + "@next/env": "npm:15.5.10" "@next/swc-darwin-arm64": "npm:15.5.7" "@next/swc-darwin-x64": "npm:15.5.7" "@next/swc-linux-arm64-gnu": "npm:15.5.7" @@ -16591,7 +16591,7 @@ __metadata: optional: true bin: next: dist/bin/next - checksum: 10c0/6a120afbc45b96aa14debba6375602d6319093af4e3e8c648cf22b12ffb9db016c889df5e764cf5e0aa414ad60505db4e2095624a19f4b71316561076158651a + checksum: 10c0/ebf358cfc13e856ac2d60f6b1eb166560c541796d3422d6719712c0e8038626407f6075cb0d2805d9d6392404a5b0e63e501515982d78d7e934b721ea9753b17 languageName: node linkType: hard From 1958cae9fd10f744e5664e36ba99ab9645bf169f Mon Sep 17 00:00:00 2001 From: Brendan Kellam Date: Fri, 27 Feb 2026 14:04:39 -0800 Subject: [PATCH 4/4] Update next dependency version in CHANGELOG --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 86cfb757c..232a35d0f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,7 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Bumped `@aws-sdk/credential-providers` to `^3.1000.0`. [#955](https://github.com/sourcebot-dev/sourcebot/pull/955) - Bumped `rollup` transitive dependency to `^4.59.0` via yarn resolutions. [#956](https://github.com/sourcebot-dev/sourcebot/pull/956) - Bumped `minimatch` transitive dependency to `^3.1.3` via yarn resolutions. [#957](https://github.com/sourcebot-dev/sourcebot/pull/957) -- Bumped `next` to `15.5.10` (security release: CVE-2025-59471, CVE-2025-59472, CVE-2026-23864). [#960](https://github.com/sourcebot-dev/sourcebot/pull/960) +- Bumped `next` to `15.5.10`. [#960](https://github.com/sourcebot-dev/sourcebot/pull/960) ## [4.13.0] - 2026-02-27