fix for Next.js CVE-2026-23869 (#1137)

Author: vicb

.changeset/thin-times-roll.md

@@ -0,0 +1,9 @@
+---
+"@opennextjs/aws": patch
+---
+
+fix for Next.js CVE-2026-23869
+
+See the [CVE-2026-23869 summary](https://vercel.com/changelog/summary-of-cve-2026-23869) for details.
+
+This CVE is fixed by bumping the minium Next.js release version to 15.5.15/16.2.3

packages/open-next/package.json

@@ -64,7 +64,7 @@
     "typescript": "catalog:"
   },
   "peerDependencies": {
-    "next": "~15.0.8 || ~15.1.12 || ~15.2.9 || ~15.3.9 || ~15.4.11 || ~15.5.10 || ~16.0.11 || ^16.1.5"
+    "next": ">=15.5.15 || >=16.2.3"
   },
   "bugs": {
     "url": "https://github.com/opennextjs/opennextjs-aws/issues"