fix(deps): update dependency next-intl to v4.9.2 [security] by renovate[bot] · Pull Request #643 · Innei/Shiro

renovate · 2026-04-11T00:37:45Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
next-intl (source)	`4.8.3` → `4.9.2`

next-intl has an open redirect vulnerability

CVE-2026-40299 / GHSA-8f24-v5vv-gm5j

More information

Details

Impact

Applications using the next-intl middleware with localePrefix: 'as-needed' could construct URLs where path handling and the WHATWG URL parser resolved a relative redirect target to another host (e.g. scheme-relative // or control characters stripped by the URL parser), so the middleware could redirect the browser off-site while the user still started from a trusted app URL.

Patches

The problem has been patched, please update to next-intl@4.9.1.

Credits

Many thanks to Joni Liljeblad from Oura for responsibly disclosing the vulnerability and for suggesting the fix.

Severity

CVSS Score: 6.9 / 10 (Medium)
Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

next-intl has prototype pollution with `experimental.messages.precompile` via attacker-controlled translation catalog keys

GHSA-4c35-wcg5-mm9h

More information

Details

Summary

setNestedProperty in packages/next-intl/src/extractor/utils.tsx walks a dotted key path and assigns the final value without blocking the reserved keys __proto__, constructor, or prototype. When the next-intl Next.js plugin is configured with experimental.messages and messages.precompile: true, a JSON translation catalog containing a top‑level __proto__ key causes setNestedProperty(result, '__proto__.isAdmin', compiledMessage) to assign onto Object.prototype, polluting every object in the running build process.

Details

Root cause — packages/next-intl/src/extractor/utils.tsx:13-34:

export function setNestedProperty(
  obj: Record<string, any>,
  keyPath: string,
  value: any
): void {
  const keys = keyPath.split('.');
  let current = obj;

  for (let i = 0; i < keys.length - 1; i++) {
    const key = keys[i];
    if (
      !(key in current) ||
      typeof current[key] !== 'object' ||
      current[key] === null
    ) {
      current[key] = {};
    }
    current = current[key];
  }

  current[keys[keys.length - 1]] = value;
}

The existence check !(key in current) uses the in operator, which walks the prototype chain. For key === '__proto__', '__proto__' in {} is true (it's inherited from Object.prototype) and typeof current['__proto__'] === 'object' (it is Object.prototype). The guard therefore never re-initializes current[key], and current = current['__proto__'] redirects all subsequent writes onto Object.prototype. The final assignment current[keys[keys.length-1]] = value sets Object.prototype[<attacker key>] = <attacker value>.

Build-time data flow:

packages/next-intl/src/plugin/catalog/catalogLoader.tsx:55-83 — the webpack/turbopack loader receives the catalog file source and, if options.messages.precompile is enabled, calls codec.decode(source, {locale}).
packages/next-intl/src/extractor/format/codecs/JSONCodec.tsx:9-18 — decode runs JSON.parse(source). V8 installs __proto__ as an own data property on the result when the JSON key is literally "__proto__" (bypassing the normal Object.prototype.__proto__ setter that would otherwise reassign the prototype).
JSONCodec.tsx:33-53 — traverseMessages iterates Object.keys(obj), which for a JSON‑parsed object includes the own __proto__ key. It reads obj.__proto__ (returns the attacker’s nested object, not Object.prototype, because it's an own property), recurses into it, and emits message id __proto__.isAdmin.
catalogLoader.tsx:71 — precompileMessages(decoded, cache).
catalogLoader.tsx:89-131 — for each message, calls setNestedProperty(result, message.id, compiledMessage). With message.id === '__proto__.isAdmin', setNestedProperty walks into Object.prototype and assigns Object.prototype.isAdmin = compiledMessage.

The same sink is also reachable via JSONCodec.encode (JSONCodec.tsx:20-26) and POCodec (packages/next-intl/src/extractor/format/codecs/POCodec.tsx:87) during extraction, both of which feed attacker-influenced message.id values into setNestedProperty — but those paths require control of source-code identifiers, which is a weaker attack vector than the build-time catalog path above.

After pollution, every subsequent object access during the remainder of the Next.js build pipeline (webpack, turbopack, babel, next-intl’s own logic) inherits the attacker-controlled properties. This is a classic gadget-chain precondition for corrupting build-tool internals and tampering with generated bundles, since many build tools use patterns like if (obj.someFlag) or options[key] ?? default that are sensitive to polluted prototypes.

Trust boundary note: next-intl’s message catalogs are realistically attacker-influenced in practice. Translation files are routinely round-tripped through external TMS systems (Crowdin, Lokalise, Transifex), accepted via community locale PRs, or pulled from third-party translation packages — any of which can carry a crafted __proto__ key unnoticed, since JSON translation diffs are usually merged with minimal scrutiny.

PoC

Prerequisites: a Next.js project using next-intl ≤ 4.9.1 with the Next.js plugin configured:

// next.config.ts
import createNextIntlPlugin from 'next-intl/plugin';

const withNextIntl = createNextIntlPlugin({
  experimental: {
    messages: {
      path: './messages',
      format: 'json',
      locales: 'infer',
      precompile: true
    }
  }
});

export default withNextIntl({});

Drop a malicious catalog at messages/en.json:

{
  "Greeting": "Hello",
  "__proto__": { "isAdmin": "polluted" }
}

Run next build (or next dev). The catalogLoader will invoke JSONCodec.decode → traverseMessages → precompileMessages → setNestedProperty.

Minimal reproduction of the sink itself (verified locally against the v4.9.1 source):

function setNestedProperty(obj, keyPath, value) {
  const keys = keyPath.split('.');
  let current = obj;
  for (let i = 0; i < keys.length - 1; i++) {
    const key = keys[i];
    if (!(key in current) || typeof current[key] !== 'object' || current[key] === null) {
      current[key] = {};
    }
    current = current[key];
  }
  current[keys[keys.length - 1]] = value;
}

setNestedProperty({}, '__proto__.isAdmin', 'PWNED');
console.log(({}).isAdmin); // -> "PWNED"

Output: PWNED.

Full chain reproduction (also verified):

const parsed = JSON.parse('{"Greeting":"Hello","__proto__":{"isAdmin":"polluted"}}');
// traverseMessages emits: [{id:"Greeting",message:"Hello"},{id:"__proto__.isAdmin",message:"polluted"}]
// precompileMessages then calls setNestedProperty(result, "__proto__.isAdmin", "polluted")
console.log(({}).isAdmin); // -> "polluted"

After the loader runs, ({}).isAdmin === 'polluted' for the remainder of the build Node process.

Impact

Object.prototype is polluted for the lifetime of the build‑time Node.js process, affecting every object created or inspected thereafter in the Next.js build pipeline (webpack/turbopack loaders, babel plugins, next-intl’s own codecs, user plugins).
Classic CWE-1321 gadget-chain precondition: downstream tools that branch on obj.someFlag, options[key] ?? default, if (!config.noX), etc. can be coerced into unintended behavior, including emitting tampered bundles.
Realistic delivery vectors include TMS round-trips (Crowdin/Lokalise/Transifex), community locale PRs, and compromised/transitively-installed translation packages — all situations where a JSON catalog diff is routinely accepted without the scrutiny given to code changes.
Exploitation requires the user to opt in to the experimental.messages + precompile configuration. Users who do not use the extractor/precompile features are not affected.

Recommended Fix

Reject reserved keys in setNestedProperty and stop using the in operator for the existence check. A minimal patch to packages/next-intl/src/extractor/utils.tsx:

const FORBIDDEN_KEYS = new Set(['__proto__', 'constructor', 'prototype']);

export function setNestedProperty(
  obj: Record<string, any>,
  keyPath: string,
  value: any
): void {
  const keys = keyPath.split('.');
  for (const key of keys) {
    if (FORBIDDEN_KEYS.has(key)) {
      throw new Error(`Invalid message id segment: ${key}`);
    }
  }

  let current = obj;
  for (let i = 0; i < keys.length - 1; i++) {
    const key = keys[i];
    if (
      !Object.prototype.hasOwnProperty.call(current, key) ||
      typeof current[key] !== 'object' ||
      current[key] === null
    ) {
      current[key] = Object.create(null);
    }
    current = current[key];
  }

  current[keys[keys.length - 1]] = value;
}

Additionally:

In packages/next-intl/src/extractor/format/codecs/JSONCodec.tsx, make traverseMessages skip reserved keys (or switch to Object.create(null) + Object.hasOwn semantics) so that a malicious catalog is rejected early with a clear error rather than producing __proto__.* message ids.
In packages/next-intl/src/plugin/catalog/catalogLoader.tsx, initialize precompileMessages’s result with Object.create(null) as defense in depth, so even if a key slipped through it could not redirect through Object.prototype.

Severity

CVSS Score: 4.2 / 10 (Medium)
Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

amannn/next-intl (next-intl)

`v4.9.2`

Compare Source

Bug Fixes

Prototype safety guards for precompile: true (#2307) (c0bf0ee) – by @amannn

`v4.9.1`

Compare Source

Bug Fixes

Improve middleware pathname validation (#2304) (1c80b66) – by @amannn

`v4.9.0`

Compare Source

Features

Support transitionTypes on Link (#2302) (02811f5) – by @amannn

`v4.8.4`

Compare Source

Bug Fixes

Remove TypeScript peer dependency and update examples to TypeScript v6 (#2293) (5e7bcd7) – by @wojtekmaj

Configuration

📅 Schedule: (in timezone Asia/Shanghai)

Branch creation
- ""
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

vercel · 2026-04-11T00:37:47Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
shiro	Error		May 18, 2026 10:56am

safedep · 2026-04-11T00:37:50Z

SafeDep Report Summary

Package Details

Package	Malware	Vulnerability	Risky License	Report
`vite @ 8.0.0` _npm _{pnpm-lock.yaml}	✔️	⛔	✔️	🔗
`@codemirror/autocomplete @ 6.20.2` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@codemirror/commands @ 6.10.3` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@codemirror/lang-jinja @ 6.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@codemirror/lang-yaml @ 6.1.3` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@codemirror/language @ 6.12.3` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@codemirror/legacy-modes @ 6.5.3` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@codemirror/lint @ 6.9.6` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@codemirror/state @ 6.6.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@codemirror/view @ 6.43.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@emnapi/core @ 1.10.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@emnapi/runtime @ 1.10.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@emnapi/wasi-threads @ 1.2.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@formatjs/fast-memoize @ 3.1.5` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@formatjs/icu-messageformat-parser @ 3.5.9` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@formatjs/icu-skeleton-parser @ 2.1.9` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@formatjs/intl-localematcher @ 0.8.8` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/cm-editor @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-editor @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-editor-ui @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-ext-code-snippet @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-ext-embed @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-ext-excalidraw @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-ext-gallery @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-ext-nested-doc @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-headless @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-kit-shiro @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-plugin-block-handle @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-plugin-floating-toolbar @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-plugin-link-edit @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-plugin-mention @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-plugin-slash-menu @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-plugin-table @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-plugin-toolbar @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-renderer-alert @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-renderer-banner @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-renderer-codeblock @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-renderer-image @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-renderer-katex @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-renderer-linkcard @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-renderer-mention @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-renderer-mermaid @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-renderer-ruby @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-renderer-video @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-renderers @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-renderers-edit @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-static-renderer @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@haklex/rich-style-token @ 0.0.105` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@iconify-json/material-icon-theme @ 1.2.64` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@iconify/utils @ 3.1.3` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@icons-pack/react-simple-icons @ 13.13.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@lexical/clipboard @ 0.42.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@lexical/code-core @ 0.42.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@lexical/dragon @ 0.42.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@lexical/extension @ 0.42.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@lexical/headless @ 0.42.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@lexical/html @ 0.42.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@lexical/link @ 0.42.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@lexical/list @ 0.42.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@lexical/markdown @ 0.42.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@lexical/rich-text @ 0.42.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@lexical/selection @ 0.42.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@lexical/table @ 0.42.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@lexical/text @ 0.42.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@lexical/utils @ 0.42.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@lezer/common @ 1.5.2` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@lezer/css @ 1.3.3` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@lezer/lr @ 1.4.10` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@mermaid-js/parser @ 1.1.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@napi-rs/wasm-runtime @ 1.1.4` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@oxc-project/types @ 0.130.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@preact/signals-core @ 1.14.2` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@rolldown/binding-android-arm64 @ 1.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@rolldown/binding-darwin-arm64 @ 1.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@rolldown/binding-darwin-x64 @ 1.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@rolldown/binding-freebsd-x64 @ 1.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@rolldown/binding-linux-arm-gnueabihf @ 1.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@rolldown/binding-linux-arm64-gnu @ 1.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@rolldown/binding-linux-arm64-musl @ 1.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@rolldown/binding-linux-ppc64-gnu @ 1.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@rolldown/binding-linux-s390x-gnu @ 1.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@rolldown/binding-linux-x64-gnu @ 1.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@rolldown/binding-linux-x64-musl @ 1.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@rolldown/binding-openharmony-arm64 @ 1.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@rolldown/binding-wasm32-wasi @ 1.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@rolldown/binding-win32-arm64-msvc @ 1.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@rolldown/binding-win32-x64-msvc @ 1.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@rolldown/pluginutils @ 1.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@swc/core @ 1.15.33` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@swc/core-darwin-arm64 @ 1.15.33` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@swc/core-darwin-x64 @ 1.15.33` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@swc/core-linux-arm-gnueabihf @ 1.15.33` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@swc/core-linux-arm64-gnu @ 1.15.33` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@swc/core-linux-arm64-musl @ 1.15.33` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@swc/core-linux-ppc64-gnu @ 1.15.33` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@swc/core-linux-s390x-gnu @ 1.15.33` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@swc/core-linux-x64-gnu @ 1.15.33` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@swc/core-linux-x64-musl @ 1.15.33` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@swc/core-win32-arm64-msvc @ 1.15.33` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@swc/core-win32-ia32-msvc @ 1.15.33` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@swc/core-win32-x64-msvc @ 1.15.33` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@swc/types @ 0.1.26` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`@tybys/wasm-util @ 0.10.2` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`ajv @ 6.15.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`cytoscape @ 3.33.3` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`cytoscape-cose-bilkent @ 4.1.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`cytoscape-fcose @ 2.2.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`dayjs @ 1.11.20` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`dompurify @ 3.4.5` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`es-toolkit @ 1.46.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`happy-dom @ 20.9.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`icu-minify @ 4.12.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`import-meta-resolve @ 4.2.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`intl-messageformat @ 11.2.6` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`katex @ 0.16.47` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`lexical @ 0.42.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`lodash-es @ 4.18.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`lucide-react @ 1.16.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`mermaid @ 11.15.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`nanoid @ 3.3.12` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`next-intl @ 4.9.2` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`next-intl-swc-plugin-extractor @ 4.12.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`oniguruma-parser @ 0.12.2` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`oniguruma-to-es @ 4.3.6` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`picomatch @ 4.0.4` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`postcss @ 8.5.14` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`rolldown @ 1.0.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`semver @ 7.8.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`stylis @ 4.4.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`tinyglobby @ 0.2.16` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`use-intl @ 4.12.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`uuid @ 14.0.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`vitest @ 4.1.0` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗
`ws @ 8.20.1` _npm _{pnpm-lock.yaml}	✔️	✔️	✔️	🔗

View complete scan results →

_{This report is generated by SafeDep Github App}

renovate Bot added the renovate label Apr 11, 2026

vercel Bot had a problem deploying to Preview April 11, 2026 00:37 Failure

renovate Bot force-pushed the renovate/npm-next-intl-vulnerability branch from f64682c to fd35140 Compare May 1, 2026 05:00

vercel Bot had a problem deploying to Preview May 1, 2026 05:00 Failure

renovate Bot changed the title ~~fix(deps): update dependency next-intl to v4.9.1 [security]~~ fix(deps): update dependency next-intl to v4.9.2 [security] May 8, 2026

renovate Bot force-pushed the renovate/npm-next-intl-vulnerability branch from fd35140 to cdf58a0 Compare May 8, 2026 08:48

vercel Bot had a problem deploying to Preview May 8, 2026 08:48 Failure

renovate Bot force-pushed the renovate/npm-next-intl-vulnerability branch from cdf58a0 to 2e44ea2 Compare May 12, 2026 17:06

vercel Bot had a problem deploying to Preview May 12, 2026 17:06 Failure

fix(deps): update dependency next-intl to v4.9.2 [security]

7afd330

renovate Bot force-pushed the renovate/npm-next-intl-vulnerability branch from 2e44ea2 to 7afd330 Compare May 18, 2026 10:55

vercel Bot had a problem deploying to Preview May 18, 2026 10:56 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(deps): update dependency next-intl to v4.9.2 [security]#643

fix(deps): update dependency next-intl to v4.9.2 [security]#643
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/npm-next-intl-vulnerability

renovate Bot commented Apr 11, 2026 •

edited

Loading

Uh oh!

vercel Bot commented Apr 11, 2026 •

edited

Loading

Uh oh!

safedep Bot commented Apr 11, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

renovate Bot commented Apr 11, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

next-intl has an open redirect vulnerability

Details

Impact

Patches

Credits

Severity

References

next-intl has prototype pollution with experimental.messages.precompile via attacker-controlled translation catalog keys

Details

Summary

Details

PoC

Impact

Recommended Fix

Severity

References

Release Notes

v4.9.2

Bug Fixes

v4.9.1

Bug Fixes

v4.9.0

Features

v4.8.4

Bug Fixes

Configuration

Uh oh!

vercel Bot commented Apr 11, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

safedep Bot commented Apr 11, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

SafeDep Report Summary

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate Bot commented Apr 11, 2026 •

edited

Loading

next-intl has prototype pollution with `experimental.messages.precompile` via attacker-controlled translation catalog keys

`v4.9.2`

`v4.9.1`

`v4.9.0`

`v4.8.4`

vercel Bot commented Apr 11, 2026 •

edited

Loading

safedep Bot commented Apr 11, 2026 •

edited

Loading