[Snyk] Security upgrade next from 14.2.3 to 14.2.7

[Samsonroyal]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • clearpath/package.json
  • clearpath/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Recently disclosed, Has a fix available, CVSS 8.2	Uncontrolled Recursion SNYK-JS-NEXT-8186172	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: next

The new version differs by 57 commits.

• a1c3a03 v14.2.7
• d46ab2c Fix hmr assetPrefix escaping and reuse logic from other files (#67983)
• d11cbc9 Reject next image urls in image optimizer (#68628)
• 575385e Fix bad modRequest in flight entry manifest (#68888)
• 9ecf2e8 update turbopack build manifest
• 325dc4b pages router: ensure x-middleware-cache is respected (#67734)
• d3021b6 update playwright interface
• 5e6f511 fix i18n data pathname resolving (#68947)
• dd32e0f Update font data (#68639)
• 2f7fa98 Add deployment id header for rsc payload if present (#67255)
• 545746e fix: properly patch lockfile against swc bindings (#66515)
• 26c80ee GTM dataLayer parameter should take an object, not an array of strings (#66339)
• bce2ec0 build: upgrade edge-runtime (#67565)
• 96d6ada fix(next): add cross origin in react dom preload (#67423)
• c572030 fix: Narrow down from `string | undefined` to `string` (#65248)
• b5db704 Refactor internal routing headers to use request meta (#66987)
• deeeb5f Revert "chore: externalize undici for bundling" (#65727)
• 43f24d0 Switch from automatically requesting reviews to manually requesting them (#67024)
• 42f0129 fix formatting from #69164
• 427c01d v14.2.6
• d4ca0b9 Ensure fetch cache TTL is updated properly (#69164)
• eee87cb remove invalid line in disabling webpack cache example
• dc40cc9 Fix typo in memory usage docs
• 28110b6 [docs] Backport Multi-Zones docs to 14.x branch (#68460)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

---

Important

Upgrade next from 14.2.3 to 14.2.7 to fix a high severity uncontrolled recursion vulnerability.

• Dependencies:
  • Upgrade next from 14.2.3 to 14.2.7 in package.json and package-lock.json to fix uncontrolled recursion vulnerability (SNYK-JS-NEXT-8186172).
• Security:
  • Addresses high severity vulnerability with CVSS 8.2 by upgrading next package.

^{This description was created by for af606b3. It will automatically update as commits are pushed.}

[ellipsis-dev]

👍 Looks good to me! Reviewed everything up to af606b3 in 9 seconds

More details

• Looked at 13 lines of code in 1 files
• Skipped 1 files when reviewing.
• Skipped posting 0 drafted comments based on config settings.

Workflow ID: wflow_88e79vGAkLaZuKH9

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.