[Snyk] Security upgrade next from 14.0.3 to 14.2.7

[Roseymr]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • examples/ts/nextjs-page-router/package.json
  • examples/ts/nextjs-page-router/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	149/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.48, Score Version: V5	Uncontrolled Recursion SNYK-JS-NEXT-8186172	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: next

The new version differs by 250 commits.

• a1c3a03 v14.2.7
• d46ab2c Fix hmr assetPrefix escaping and reuse logic from other files (#67983)
• d11cbc9 Reject next image urls in image optimizer (#68628)
• 575385e Fix bad modRequest in flight entry manifest (#68888)
• 9ecf2e8 update turbopack build manifest
• 325dc4b pages router: ensure x-middleware-cache is respected (#67734)
• d3021b6 update playwright interface
• 5e6f511 fix i18n data pathname resolving (#68947)
• dd32e0f Update font data (#68639)
• 2f7fa98 Add deployment id header for rsc payload if present (#67255)
• 545746e fix: properly patch lockfile against swc bindings (#66515)
• 26c80ee GTM dataLayer parameter should take an object, not an array of strings (#66339)
• bce2ec0 build: upgrade edge-runtime (#67565)
• 96d6ada fix(next): add cross origin in react dom preload (#67423)
• c572030 fix: Narrow down from `string | undefined` to `string` (#65248)
• b5db704 Refactor internal routing headers to use request meta (#66987)
• deeeb5f Revert "chore: externalize undici for bundling" (#65727)
• 43f24d0 Switch from automatically requesting reviews to manually requesting them (#67024)
• 42f0129 fix formatting from #69164
• 427c01d v14.2.6
• d4ca0b9 Ensure fetch cache TTL is updated properly (#69164)
• eee87cb remove invalid line in disabling webpack cache example
• dc40cc9 Fix typo in memory usage docs
• 28110b6 [docs] Backport Multi-Zones docs to 14.x branch (#68460)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/[email protected]	environment, filesystem, network, shell, unsafe	+18	1.2 GB	vercel-release-bot
pypi/[email protected]	filesystem, network	0	32.2 kB	saghul
pypi/[email protected]	None	0	0 B

🚮 Removed packages: npm/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected]

View full report↗︎