chore(deps): bump the npm_and_yarn group across 2 directories with 3 updates by dependabot[bot] · Pull Request #69 · Amsterdam/openstad-headless

dependabot · 2026-03-10T14:54:03Z

Bumps the npm_and_yarn group with 3 updates in the / directory: next, multer and dompurify.
Bumps the npm_and_yarn group with 1 update in the /apps/admin-server directory: next.

Updates next from 14.2.35 to 15.5.10

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

v15.3.9

Please see this changelog for more information about this security patch.

v15.2.9

Please see this changelog for more information about this security patch.

v15.1.12

Please see this changelog for more information about this security patch.

v15.0.8

Please see this changelog for more information about this security patch.

Commits

60a2aa9 v15.5.10
e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
bf9f084 Sync DoS mitigations for React Flight
c5de33e v15.5.9
dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
7526cd6 v15.5.8
1e9ec41 Update React Version (#41)
16141e5 Update React Version (#30)
e01e589 Backport Next.js changes to v15.5.8 (#23)
Additional commits viewable in compare view

Updates multer from 2.1.0 to 2.1.1

Release notes

Sourced from multer's releases.

v2.1.1

Important

Fix CVE-2026-3520 (GHSA-5528-5vmv-3xc2)

What's Changed

chore: add node version to 25.x in CI by @imangas in expressjs/multer#1372

chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by @dependabot[bot] in expressjs/multer#1378

chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @dependabot[bot] in expressjs/multer#1377

chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 by @dependabot[bot] in expressjs/multer#1376

chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 by @dependabot[bot] in expressjs/multer#1375

chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by @dependabot[bot] in expressjs/multer#1374

fix error/abort handling by @ctcpip in expressjs/multer#1373

2.1.1 by @UlisesGascon in expressjs/multer#1380

New Contributors

@imangas made their first contribution in expressjs/multer#1372

@dependabot[bot] made their first contribution in expressjs/multer#1378

Full Changelog: expressjs/multer@v2.1.0...v2.1.1

Changelog

Sourced from multer's changelog.

2.1.1

Fix CVE-2026-3520 (GHSA-5528-5vmv-3xc2)

fix error/abort handling

Commits

368c8a1 2.1.1 (#1380)
7e66481 🐛 fix recursion issue
643571e ✅ add explicit test for client able to send body without abrupt disconnect
e86fa52 fix error/abort handling
ca37779 chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 (#1374)
13088f4 chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 (#1375)
bc6a1d1 chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 (#1376)
c496e93 chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 (#1377)
fa173d3 chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 (#1378)
17d7f51 chore: add node version to 25.x in CI
See full diff in compare view

Updates dompurify from 3.3.1 to 3.3.2

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.2

Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters

Fixed a prototype pollution issue when working with custom elements, thanks @christos-eth

Fixed a lenient config parsing in _isValidAttribute, thanks @christos-eth

Bumped and removed several dependencies, thanks @Rotzbua

Fixed the test suite after bumping dependencies, thanks @Rotzbua

Commits

5e56114 Getting 3.x branch ready for 3.3.2 release (#1208)
e8c95f4 fix: Fixed the broken package-lock.json
9636037 Update package-lock.json
5cad4ce Getting 3.x branch ready for 3.3.2 releas (#1205)
See full diff in compare view

Updates next from 14.2.35 to 16.1.6

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

v15.3.9

Please see this changelog for more information about this security patch.

v15.2.9

Please see this changelog for more information about this security patch.

v15.1.12

Please see this changelog for more information about this security patch.

v15.0.8

Please see this changelog for more information about this security patch.

Commits

60a2aa9 v15.5.10
e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
bf9f084 Sync DoS mitigations for React Flight
c5de33e v15.5.9
dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
7526cd6 v15.5.8
1e9ec41 Update React Version (#41)
16141e5 Update React Version (#30)
e01e589 Backport Next.js changes to v15.5.8 (#23)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…updates Bumps the npm_and_yarn group with 3 updates in the / directory: [next](https://github.com/vercel/next.js), [multer](https://github.com/expressjs/multer) and [dompurify](https://github.com/cure53/DOMPurify). Bumps the npm_and_yarn group with 1 update in the /apps/admin-server directory: [next](https://github.com/vercel/next.js). Updates `next` from 14.2.35 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v15.5.10) Updates `multer` from 2.1.0 to 2.1.1 - [Release notes](https://github.com/expressjs/multer/releases) - [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md) - [Commits](expressjs/multer@v2.1.0...v2.1.1) Updates `dompurify` from 3.3.1 to 3.3.2 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.3.1...3.3.2) Updates `next` from 14.2.35 to 16.1.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v15.5.10) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: multer dependency-version: 2.1.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: dompurify dependency-version: 3.3.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.6 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 10, 2026

dependabot bot mentioned this pull request Mar 10, 2026

chore(deps): bump the npm_and_yarn group across 2 directories with 1 update #68

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 2 directories with 3 updates#69

chore(deps): bump the npm_and_yarn group across 2 directories with 3 updates#69
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-95b8434a1e

dependabot bot commented on behalf of github Mar 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 10, 2026

v15.5.10

v15.4.11

v15.3.9

v15.2.9

v15.1.12

v15.0.8

v2.1.1

Important

What's Changed

New Contributors

2.1.1

DOMPurify 3.3.2

v15.5.10

v15.4.11

v15.3.9

v15.2.9

v15.1.12

v15.0.8

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

0 participants