[Snyk] Security upgrade next from 13.4.7 to 15.5.15

[snyk-io]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-NEXT-15954202	635

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[snyk-io]

This is a major upgrade from Next.js v13 to v15, which includes multiple significant and breaking changes. Developers must take action to ensure their application remains compatible. Automated code modifications (codemods) are available to assist with the upgrade process.

Breaking Changes in Next.js 14

• Minimum Node.js Version: The required Node.js version was increased to 18.17.
• next export Removed: The next export command has been removed. Use the output: 'export' configuration in next.config.js instead.
• @next/font Removed: The standalone @next/font package is no longer supported and has been replaced by the built-in next/font. A codemod is available for this migration.
• ImageResponse Import Path: The import for ImageResponse has moved from next/server to next/og. A codemod can automate this change.

Breaking Changes in Next.js 15

• React 19 Required: Next.js 15 requires react and react-dom version 19. This introduces its own set of changes, such as replacing useFormState with useActionState.
• Asynchronous Request APIs: Several previously synchronous APIs are now asynchronous and require await. This affects cookies(), headers(), draftMode(), and accessing params and searchParams in pages and layouts.
• Default Caching Behavior: fetch requests, GET Route Handlers, and client-side navigations are no longer cached by default. Caching must now be explicitly configured.
• Minimum Node.js Version: The required Node.js version was updated to 18.18.0.

Recommendation: This is a high-impact upgrade. It is strongly recommended to use the provided codemods to automate as much of the migration as possible. Start by running the upgrade command:
npx @next/codemod@canary upgrade latest

After running the codemod, thoroughly test the application, paying close attention to data fetching, caching logic, and any components that use the newly async APIs. Manual updates will be required, especially for adapting to the new caching defaults and React 19 APIs.

Source: Next.js 14 Upgrade Guide, Next.js 15 Upgrade Guide

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

⛔ Snyk checks have failed. 1 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (1)
⛔	Open Source Security	0	1	0	0	1 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[orca-security-us]

Orca Security Scan Summary

Status	Check	Issues by priority
Passed	Infrastructure as Code	0   0   0   0	View in Orca
Passed	OSS Licenses	0   14   0   0	View in Orca
Passed	SAST	0   0   0   0	View in Orca
Passed	Secrets	0   0   0   0	View in Orca
Passed	Vulnerabilities	0   0   0   0	View in Orca

📦 The following Open Source License Violations have been detected

	PACKAGE	VERSION	LICENSE	FILE PATH
	@img/sharp-libvips-darwin-arm64	1.2.4	LGPL-3.0-or-later	./package-lock.json	View in code
	@img/sharp-libvips-darwin-x64	1.2.4	LGPL-3.0-or-later	./package-lock.json	View in code
	@img/sharp-libvips-linux-arm	1.2.4	LGPL-3.0-or-later	./package-lock.json	View in code
	@img/sharp-libvips-linux-arm64	1.2.4	LGPL-3.0-or-later	./package-lock.json	View in code
	@img/sharp-libvips-linux-ppc64	1.2.4	LGPL-3.0-or-later	./package-lock.json	View in code
	@img/sharp-libvips-linux-riscv64	1.2.4	LGPL-3.0-or-later	./package-lock.json	View in code
	@img/sharp-libvips-linux-s390x	1.2.4	LGPL-3.0-or-later	./package-lock.json	View in code
	@img/sharp-libvips-linux-x64	1.2.4	LGPL-3.0-or-later	./package-lock.json	View in code
	@img/sharp-libvips-linuxmusl-arm64	1.2.4	LGPL-3.0-or-later	./package-lock.json	View in code
	@img/sharp-libvips-linuxmusl-x64	1.2.4	LGPL-3.0-or-later	./package-lock.json	View in code
	@img/sharp-wasm32	0.34.5	Apache-2.0 AND LGPL-3.0-or-later AND MIT	./package-lock.json	View in code
	@img/sharp-win32-arm64	0.34.5	Apache-2.0 AND LGPL-3.0-or-later	./package-lock.json	View in code
	@img/sharp-win32-ia32	0.34.5	Apache-2.0 AND LGPL-3.0-or-later	./package-lock.json	View in code
	@img/sharp-win32-x64	0.34.5	Apache-2.0 AND LGPL-3.0-or-later	./package-lock.json	View in code