Skip to content

[Snyk] Upgrade next from 14.1.0 to 15.4.5 #96

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: next
Choose a base branch
from
Open

[Snyk] Upgrade next from 14.1.0 to 15.4.5 #96

wants to merge 1 commit into from

Conversation

@nerdy-tech-com-gitub
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade next from 14.1.0 to 15.4.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 954 versions ahead of your current version.

  • The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Acceptance of Extraneous Untrusted Data With Trusted Data
SNYK-JS-NEXT-8025427		 82 Proof of Concept
high severity Uncontrolled Recursion
SNYK-JS-NEXT-8186172		 82 No Known Exploit
high severity Missing Authorization
SNYK-JS-NEXT-8520073		 82 No Known Exploit
medium severity Race Condition
SNYK-JS-NEXT-10176058		 82 Proof of Concept
medium severity Server-Side Request Forgery (SSRF)
SNYK-JS-NEXT-6828457		 82 Proof of Concept
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JS-NEXT-8602067		 82 No Known Exploit
low severity Missing Origin Validation in WebSockets
SNYK-JS-NEXT-10259370		 82 No Known Exploit
critical severity Improper Authorization
SNYK-JS-NEXT-9508709		 82 Mature
Release notes
Package name: next
  • 15.4.5 - 2025-07-29
  • 15.4.4 - 2025-07-24

    Note

    This release is backporting bug fixes. It does not include all pending features/changes on canary.

    Core Changes

    • Fix dynamicParams false layout case in dev (#82026)
    • Turbopack: fix scope hoisting variable renaming bug (#81640)
    • Upgrade to swc v33 (#81750)
    • Revert "[metadata] use https protocol for schema urls" (#81934)

    Credits

    Huge thanks to @ bgw @ mischnic @ huozhi @ lukesandberg and @ ijjk for helping!

  • 15.4.3 - 2025-07-22

    Note

    This release is backporting bug fixes. It does not include all pending features/changes on canary.

    Core Changes

    • Turbopack: fix dist dir on Windows (#81758)

    Credits

    Huge thanks to @ mischnic for helping!

  • 15.4.2 - 2025-07-18
  • 15.4.2-canary.56 - 2025-08-19
  • 15.4.2-canary.55 - 2025-08-19
  • 15.4.2-canary.54 - 2025-08-19
  • 15.4.2-canary.53 - 2025-08-18
  • 15.4.2-canary.52 - 2025-08-17
  • 15.4.2-canary.51 - 2025-08-16
  • 15.4.2-canary.50 - 2025-08-16
  • 15.4.2-canary.49 - 2025-08-15
  • 15.4.2-canary.48 - 2025-08-14
  • 15.4.2-canary.47 - 2025-08-14
  • 15.4.2-canary.46 - 2025-08-13
  • 15.4.2-canary.45 - 2025-08-13
  • 15.4.2-canary.44 - 2025-08-13
  • 15.4.2-canary.43 - 2025-08-13
  • 15.4.2-canary.42 - 2025-08-12
  • 15.4.2-canary.41 - 2025-08-12
  • 15.4.2-canary.40 - 2025-08-12
  • 15.4.2-canary.39 - 2025-08-12
  • 15.4.2-canary.38 - 2025-08-11
  • 15.4.2-canary.37 - 2025-08-11
  • 15.4.2-canary.36 - 2025-08-11
  • 15.4.2-canary.35 - 2025-08-09
  • 15.4.2-canary.34 - 2025-08-08
  • 15.4.2-canary.33 - 2025-08-07
  • 15.4.2-canary.32 - 2025-08-06
  • 15.4.2-canary.31 - 2025-08-05
  • 15.4.2-canary.30 - 2025-08-04
  • 15.4.2-canary.29 - 2025-08-03
  • 15.4.2-canary.28 - 2025-08-02
  • 15.4.2-canary.27 - 2025-08-01
  • 15.4.2-canary.26 - 2025-08-01
  • 15.4.2-canary.25 - 2025-07-31
  • 15.4.2-canary.24 - 2025-07-31
  • 15.4.2-canary.23 - 2025-07-31
  • 15.4.2-canary.22 - 2025-07-30
  • 15.4.2-canary.21 - 2025-07-30
  • 15.4.2-canary.20 - 2025-07-29
  • 15.4.2-canary.19 - 2025-07-28

    Core Changes

    • Turbopack: write tasks doesn't need to be session dependent, as effects will restore: #78727
    • [sourcemaps] Fully sourcemap stacks on the Server: #81904
    • fix(Rspack): use loaderContext.utils.contextify to replace ModuleFilenameHelpers.createFilename: #82104
    • next/root-params: #80255
    • fix(next/image): fix image-optimizer.ts headers: #82114
    • Upgrade React from 19baee81-20250725 to eaee5308-20250728: #82120
    • Fix validateRSCRequestHeaders incorrect redirect: #82119
    • fix(next/image): improve and simplify detect-content-type: #82118
    • [CacheComponents] Use fallback params when validating dynamic routes in dev: #82069

    Misc Changes

    • Turbopack: only schedule tasks when task becomes active on active counter increase: #81414
    • docs: Update styling example links : #82111
    • [turbopack] Documentation fixes for rcstr! and a tiny improvement to hash: #82084
    • [turbopack] Improve our const compatible hash routine performance: #82088

    Credits

    Huge thanks to @ sokra, @ eps1lon, @ icyJoseph, @ SyMind, @ lubieowoce, @ styfle, @ gaojude, and @ lukesandberg for helping!

  • 15.4.2-canary.18 - 2025-07-26

    Core Changes

    • Revert "Upgrade vercel og and remove yoga type patching (#81937)": #82066
    • Optimize segment data routes: #82033

    Credits

    Huge thanks to @ huozhi and @ ijjk for helping!

  • 15.4.2-canary.17 - 2025-07-25

    Core Changes

    • Upgrade vercel og and remove yoga type patching: #81937
    • [perf] cache load config results: #80570
    • Turbopack: use prototype for turbopack context for better runtime performance: #81547
    • [reactcompiler] Test with latest RC: #82002
    • [devtools] Fix various exhaustive-deps violations: #82010
    • [devtools] Apply React Compiler to Next.js DevTools source: #82004
    • Upgrade React from edac0dde-20250723 to 3d14fcf0-20250724: #82020
    • Adjusted the warning message to be more descriptive: #82054
    • Track fallback params on workUnitStore: #82003
    • Fix API stripping JSON incorrectly: #82061
    • Upgrade React from 3d14fcf0-20250724 to 19baee81-20250725: #82063
    • use FetchStrategy to control prefetching behavior everywhere: #82032
    • [Segment Cache] set fetchStrategy on segments from a dynamic request: #82059

    Misc Changes

    • Update Rspack development test manifest: #82038
    • [test] Allow running lint-eslint on a specific directory: #82009
    • Adjusted the warning message to be more descriptive: #82052
    • Update Rspack production test manifest: #82039
    • [turbopack] mark rcstr! allocated Rcstr values as 'static' and stop refcounting them: #81994

    Credits

    Huge thanks to @ huozhi, @ vercel-release-bot, @ sokra, @ eps1lon, @ Cy-Tek, @ gnoff, @ lukesandberg, @ ijjk, and @ lubieowoce for helping!

  • 15.4.2-canary.16 - 2025-07-24

    Core Changes

    • Initial MCP implementation: #81770
    • Fix: Unresolved param in x-nextjs-rewritten-query: #81991
    • Turbopack: Add an option to use system TLS certificates (fixes #79060, fixes #79059): #81818
    • Turbopack: Remove unused proxy option in turbo-tasks-fetch, lightly document HTTP_PROXY/HTTPS_PROXY environment variables: #81905
    • Upgrade React from 7513996f-20250722 to edac0dde-20250723: #81984
    • [devtools] Cleanup folder structure: #82012
    • [devtools] Fix "open in editor" for locations in stackframes: #82013
    • [Segment Cache] Fix: Key by rewritten search: #81986

    Misc Changes

    • Turbopack: improve named spans in tracing: #81458
    • Turbopack: update mimalloc: #81993
    • Turbopack: Update bundled webpki-roots: #81906
    • Allow specifying CLI version for e2e deploy: #81998
    • Turbopack: Move fs watcher anyhow::Context import inline to fix compilation warnings: #81997
    • Add link to manually trigger preview builds: #81977
    • Update Rspack production test manifest: #82007
    • Update Rspack development test manifest: #82008
    • Turbopack: Make turbo-tasks-fetch a bit more OOP-like: #81995

    Credits

    Huge thanks to @ sokra, @ acdlite, @ bgw, @ ijjk, @ eps1lon, and @ vercel-release-bot for helping!

  • 15.4.2-canary.15 - 2025-07-23

    Core Changes

    • Upgrade React from e9638c33-20250721 to 7513996f-20250722: #81940
    • Upgrade to swc v33: #81750
    • Remove extra base-server code: #81944
    • Turbopack: flatten sourceInfo to avoid objects, reorder args, compress node.js entry: #81545
    • Fix dynamicParams false layout case in dev: #81990

    Misc Changes

    • [test] workaround test that needs stylus: #81965
    • Bump to swc_sourcemap 9.3.3: #81971
    • fix(Turbopack): Remove the duplicate SlowFilesystem warning: #81972
    • CI: add workflow_branch data to deploy test failure message: #81949
    • Update Rspack production test manifest: #81961
    • Update Rspack development test manifest: #81960
    • [turbopack] Rename ClientReferenceSet: #81942
    • Turbopack: fix scope hoisting variable renaming bug: #81640
    • Revert "[test] workaround test that needs stylus": #81981
    • [docs] fix rewrites example wording: #81985

    Credits

    Huge thanks to @ huozhi, @ mischnic, @ Cy-Tek, @ ztanner, @ vercel-release-bot, @ ijjk, @ lukesandberg, @ sokra, and @ allenzhou101 for helping!

  • 15.4.2-canary.14 - 2025-07-22

    Misc Changes

    • Update Rspack development test manifest: #81913
    • Update Rspack production test manifest: #81914
    • Turbopack: Use workaround for rustc miscompilation bug on macos intel: #81950

    Credits

    Huge thanks to @ vercel-release-bot and @ bgw for helping!

  • 15.4.2-canary.13 - 2025-07-22

    Core Changes

    • Stabilize node middleware support: #81907
    • Add run-turbopack-compiler trace span: #81917
    • fix: support calling onClose multiple times in edge-ssr-app: #81911
    • fix: logging the correct process for listened port: #81903
    • Build: Include rewrites in manifest generation: #81894
    • Routing: Clean up some code: #81932
    • [sourcemaps] Ensure codeframe when calling Client Functions from Server: #81918
    • [segment explorer] missing file suggestion: #81617
    • [turbopack] Always print trace labels in headers: #81728
    • Revert "[metadata] use https protocol for schema urls": #81934

    Misc Changes

    • Turbopack: Track variable usage inside of visit_assign_target_pat: #81654
    • Turbopack: Replace current_value set/restore mutation pattern with a safer with_pat_value helper: #81696
    • Docs: Document global-not-found: #81803
    • [router-act] Fixes related to segment inlining: #81896
    • [test] Add dedicated test for error when client functions are called from server components: #81930
    • Fix an issue in how css references are collected under next build --turbopack: #81704
    • Turbopack: Update notify-rs crate, remove workaround for fixed bug: #81909

    Credits

    Huge thanks to @ bgw, @ ijjk, @ mischnic, @ delbaoliveira, @ lubieowoce, @ huozhi, @ timneutkens, @ acdlite, @ eps1lon, and @ lukesandberg for helping!

  • 15.4.2-canary.12 - 2025-07-21

    Core Changes

    • Upgrade React from dffacc7b-20250717 to e9638c33-20250721: #81899
    • chore(devtools): sync todos to linear: #81901
    • Introduce 'use cache: private': #81816
    • chore(deps): update browserslist: #81851
    • Remove web-server from edge-ssr-app: #81389

    Misc Changes

    • Remove experimental.strictNextHead: #81882
    • Remove some random commas: #81875
    • Turbopack: Add cache for reqwest clients: #81742
    • Update Rspack development test manifest: #81878
    • Update Rspack production test manifest:

@snyk-bot
feat: upgrade next from 14.1.0 to 15.4.5
d892d01 
Snyk has created this PR to upgrade next from 14.1.0 to 15.4.5.

See this package in npm:
next

See this project in Snyk:
https://app.snyk.io/org/nerds-github/project/98338644-c771-41bf-b65a-8c7d591db0e3?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nerdy-tech-com-gitub @snyk-bot