[Snyk] Security upgrade next from 14.2.35 to 15.5.10

[onsails]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-NEXT-15104645	610

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[Copilot]

Pull request overview

This PR upgrades Next.js from version 14.2.35 to 15.5.10 to address a high-severity security vulnerability (SNYK-JS-NEXT-15104645 - Allocation of Resources Without Limits or Throttling). This is a major version upgrade that introduces significant breaking changes to the Next.js API.

Changes:

• Upgrades Next.js from 14.2.35 to 15.5.10 (major version upgrade)
• Addresses high-severity security vulnerability with score 610/1000
• Introduces breaking API changes that require code modifications throughout the application

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The next-intl version (3.26.5) may not be fully compatible with Next.js 15.5.10. According to the next-intl documentation, Next.js 15 support was added in next-intl 3.16.0, but there have been ongoing compatibility updates. Consider updating next-intl to the latest version (3.x series) to ensure full compatibility with Next.js 15.5.10, as there may have been important fixes for Next.js 15 support since version 3.26.5 was released.

[Copilot]

Next.js 15 officially recommends React 19, though it maintains backward compatibility with React 18. The current React version (18.3.1) may work, but you might encounter deprecation warnings or miss out on optimizations. Consider upgrading React and React DOM to version 19 alongside this Next.js upgrade for the best compatibility and to take advantage of React 19's features like the React Compiler and improved Server Components support. If staying on React 18, thoroughly test all interactive and server components.

[Copilot]

Verify that @sentry/nextjs version 9.4.0 is compatible with Next.js 15.5.10. Sentry has been releasing updates to support Next.js 15, and version 9.4.0 was released before Next.js 15.5.10. Check the Sentry changelog and consider updating to the latest @sentry/nextjs version to ensure full compatibility, particularly for instrumentation hooks, error tracking in Server Components, and the tunnelRoute configuration used in your next.config.mjs.

[Copilot]

This upgrade from Next.js 14.2.35 to 15.5.10 is a major version change that introduces breaking changes requiring code modifications throughout the codebase:

1. params is now async: In Next.js 15, route segment params must be awaited. Currently, multiple pages access params synchronously (e.g., apps/shell/src/app/[locale]/layout.tsx:79, apps/shell/src/app/[locale]/governance/proposal/[id]/page.tsx:17-21, apps/shell/src/app/[locale]/staking/validator/[address]/page.tsx:18). These need to be updated to const { locale } = await params pattern.

2. headers() returns a Promise: In Next.js 15, the headers() function returns a Promise and must be awaited. Currently used synchronously in multiple files (e.g., apps/shell/src/app/[locale]/layout.tsx:81, apps/shell/src/app/[locale]/page.tsx:18, apps/shell/src/app/[locale]/authz/page.tsx:17).

3. Route handler params are async: API route handlers also need to await params (e.g., apps/shell/src/app/api/liquid-staking/unbondings/[address]/route.ts:23).

One file (apps/shell/src/app/[locale]/waitlist/page.tsx) already uses the correct async pattern, but all other pages need updates. These changes should be made before deploying this version to avoid runtime errors.

Suggested change

	"next": "15.5.10",
	"next": "14.2.35",