Skip to main content

​
πŸ”΅ Release v2.75.3

⭐ Simple Complexity β€’ 2 commits β€’ 4 files changed
Critical security patches for production stability. This release addresses high severity Dependabot alerts and Next.js CVEs by updating to the latest stable versions of Next.js, Playwright, and Puppeteer. All dependencies are now patched against known vulnerabilities affecting the gamification platform and testing infrastructure.

​
What’s New

  • Next.js Security Patches - Upgraded Next.js 15.4.8 β†’ 15.4.10 to fix critical CVEs in Next.js framework and related tooling, ensuring secure application serving and bundle generation
  • Playwright Test Framework Updates - Updated @playwright/test 1.53.1 β†’ 1.55.1 with security fixes in browser automation and test execution infrastructure
  • Puppeteer Browser Automation - Upgraded Puppeteer 24.10.1 β†’ 24.33.0 with comprehensive security patches for headless browser operations and screenshot generation
  • Build & Tooling Security - All Next.js related packages (@next/bundle-analyzer, @next/third-parties, @next/mdx, eslint-config-next) updated to 15.4.10 for consistent security posture across the build pipeline

​
Apps Updated

User App

β€” No changes

API

β€” No changes

Admin

β€” No changes

MCP Server

β€” No changes

Website

β€” No changes

Games

β€” No changes

​
Detailed Changes

Next.js Framework Suite (15.4.8 β†’ 15.4.10)
  • @next/bundle-analyzer - Bundle analysis tooling with security updates
  • @next/third-parties - Third-party script integration with patched vulnerabilities
  • @next/mdx - MDX compilation for docs platform with fixes
  • next - Core Next.js framework with critical CVE patches
  • eslint-config-next - ESLint configuration aligned with latest standards
Test & Browser Automation
  • @playwright/test - E2E test framework updated from 1.53.1 to 1.55.1
  • puppeteer - Headless browser automation upgraded from 24.10.1 to 24.33.0
Security Impact
  • Addresses 6 high severity Dependabot alerts
  • Patches CVEs in Next.js request handling, bundle generation, and third-party integrations
  • Updates browser automation security layers for safer test execution

​
Security Notes

​
CVEs Addressed

This release resolves the following categories of vulnerabilities:
  1. Next.js Core Framework - Request handling and response serialization CVEs fixed in 15.4.10
  2. Bundle Analysis - Build-time vulnerabilities in dependency analysis tools
  3. Third-Party Script Integration - Security hardening for external script loading
  4. Test Infrastructure - Playwright and Puppeteer security patches for safer test execution

​
Dependency Stability

All updates maintain semantic versioning compatibility:
  • Next.js: 15.4.8 β†’ 15.4.10 (patch version bump)
  • Playwright: 1.53.1 β†’ 1.55.1 (minor version bump)
  • Puppeteer: 24.10.1 β†’ 24.33.0 (minor version bump with significant security improvements)
No breaking changes or API modifications. Existing configurations require no updates.

​
Breaking Changes

None. This release is fully backward compatible and is a security patch update.

​
Contributors

SaadK94@SaadK941 commit β€’ +211/-215 lines

nudj-changelog-bot[bot]@nudj-changelog-bot[bot]1 commit β€’ Automation

​
Release Stats

MetricValue
Total Commits2
Lines Added+211
Lines Removed-215
Files Changed4
Release SizeSmall
ComplexitySimple
v2.75.3 deployed on December 12, 2025