[Snyk] Upgrade next from 15.3.5 to 15.5.2 #79

AlexSwensen · 2025-09-17T09:47:17Z

Snyk has created this PR to upgrade next from 15.3.5 to 15.5.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 234 versions ahead of your current version.
The recommended version was released 21 days ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Server-side Request Forgery (SSRF) SNYK-JS-NEXT-12299318	401	Proof of Concept
Use of Cache Containing Sensitive Information SNYK-JS-NEXT-12301496	401	No Known Exploit
Missing Source Correlation of Multiple Independent Data SNYK-JS-NEXT-12265451	401	No Known Exploit

Release notes

Package name: next

15.5.2 - 2025-08-26
15.5.1 - 2025-08-26
15.5.1-canary.39 - 2025-09-10
15.5.1-canary.38 - 2025-09-10
15.5.1-canary.37 - 2025-09-09
15.5.1-canary.36 - 2025-09-09
15.5.1-canary.35 - 2025-09-08
15.5.1-canary.34 - 2025-09-08
15.5.1-canary.33 - 2025-09-08
15.5.1-canary.32 - 2025-09-07
15.5.1-canary.31 - 2025-09-06
15.5.1-canary.30 - 2025-09-05
15.5.1-canary.29 - 2025-09-05
15.5.1-canary.28 - 2025-09-04
15.5.1-canary.27 - 2025-09-04
15.5.1-canary.26 - 2025-09-04
15.5.1-canary.25 - 2025-09-03
15.5.1-canary.24 - 2025-09-02
15.5.1-canary.23 - 2025-09-01
15.5.1-canary.22 - 2025-08-31
15.5.1-canary.21 - 2025-08-30
15.5.1-canary.20 - 2025-08-29
15.5.1-canary.19 - 2025-08-29
15.5.1-canary.18 - 2025-08-29
15.5.1-canary.17 - 2025-08-28
15.5.1-canary.16 - 2025-08-28
15.5.1-canary.15 - 2025-08-28
15.5.1-canary.14 - 2025-08-27
15.5.1-canary.13 - 2025-08-27
15.5.1-canary.12 - 2025-08-27
15.5.1-canary.11 - 2025-08-26
15.5.1-canary.10 - 2025-08-26
15.5.1-canary.9 - 2025-08-26
Core Changes
- feat(build): add client param parsing support for PPR routes: #82621
Credits

Huge thanks to @ wyattjoh for helping!
15.5.1-canary.8 - 2025-08-25
Core Changes
- Unhook WebSocket: #82931
- Destructure loadComponents where possible: #82986
- optimize server action refresh logic: #82674
Misc Changes
- Turbopack: more incremental all_server_paths: #82892
- Turbopack: throw large static metadata error earlier: #82939
- Turbopack: don't treat metadata routes as RSC: #82911
- Turbopack: remove blocking thread limit to avoid deadlocks: #82961
- Update 07-fetching-data.mdx: #82862
- Turbopack: fix race condition in unit test: #82989
- Turbopack: support pattern into exports field: #82757
- Turbopack: fix NFT tracing of sharp 0.34: #82340
- Turbopack: skip db lookups on the initial build: #82405
- Fetch tag before reset for create-release-branch: #83006
- Update Rspack development test manifest: #82984
- Update Rspack production test manifest: #82983
- Ensure tags are fetched for release branch: #83012
- Turbopack: prefetch restoring of task dependencies: #82960
- Turbopack: add ffmpeg-static NFT test: #82985
- temporarily disable flaky deploy test: #83032
- fix: add '.next/types/**/*.ts' to the pages router TSConfig: #83029
Credits

Huge thanks to @ unstubbable, @ sokra, @ mischnic, @ sleekLancelot, @ ijjk, @ vercel-release-bot, @ timneutkens, @ ztanner, and @ bgub for helping!
15.5.1-canary.7 - 2025-08-24
Misc Changes
- [turbopack] Optimize export const to bind readonly values not getters: #82760
- fix: change "noUnknownAtRules" to "warn" for Biome: #82974
Credits

Huge thanks to @ lukesandberg and @ bgub for helping!
15.5.1-canary.6 - 2025-08-23
Misc Changes
- Turbopack: Lazy decompress medium value compressed blocks: #82257
- Turbopack: bigger small value blocks: #82370
- Turbopack: remove value compression dictionary: #82338
Credits

Huge thanks to @ sokra for helping!
15.5.1-canary.5 - 2025-08-22
Core Changes
- Add special marker in terminal if all error stack frames are ignore-listed: #82915
- fix(edge-runtime): clone requests properly: #82878
- Rename WebSocket file: #82930
- fix: add path normalization to getRelativePath for Windows: #82918
Misc Changes
- Turbopack: add a CLI to NFT: #82815
- Turbopack: print failing module during panic: #82938
- [turbopack] Fix a few small things in the analyzer: #82899
- Update Rspack production test manifest: #82925
- Turbopack: parallel drop data before shutdown: #82335
- Update Rspack development test manifest: #82924
Credits

Huge thanks to @ eps1lon, @ Kikobeats, @ mischnic, @ unstubbable, @ lukesandberg, @ vercel-release-bot, @ sokra, and @ bgub for helping!
15.5.1-canary.4 - 2025-08-21
Core Changes
- Turbopack: fix the require.cache clear logic: #82876
- Use deterministic env for public env vars: #82859
- fix: typesafe linking to route handlers and pages API routes: #82858
- fix: aliased navigations should apply scroll handling: #82900
- Remove experimental appDocumentPreloading: #82895
- Route modules: Call setReferenceManifestsSingleton for app-route to match app-page: #82908
- Update prettier project dependency from 3.2.5 to 3.6.2: #82896
- Do not modify parsedUrl collecting params: #82907
- feat: add typesafety with config.typedRoutes to redirect() and permanentRedirect(): #82860
- Skip emitting pages router entries when only app router present: #82444
Misc Changes
- Turbopack: sort keys in individual to make order deterministic: #82891
- Turbopack: run more unit tests in multi thread runtime: #82889
- Bump wasmer to 6.1.0-rc.3: #82885
- Turbopack: run all unit tests with a fixed amount of worker threads to avoid overloading with many CPUs: #82890
- Bump swc to v36: #82886
- Update Rspack production test manifest: #82869
- [turbopack] Add support for partial glob matches: #82906
Credits

Huge thanks to @ sokra, @ mischnic, @ bgub, @ ztanner, @ timneutkens, @ P41T0, @ vercel-release-bot, @ lukesandberg, @ ijjk, and @ huozhi for helping!
15.5.1-canary.3 - 2025-08-21
Misc Changes
- Turbopack: use parallel execution helpers: #82667
- Turbopack: allow to customize the parallel execution of turbo-persistence: #82668
- Turbopack: use block in place for db writes: #82380
- Turbopack: improve compaction: #82375
- Turbopack: sync NFT context configs: #82781
- Turbopack: fix invalid NFT entry with file behind symlink: #82887
Credits

Huge thanks to @ sokra and @ mischnic for helping!
15.5.1-canary.2 - 2025-08-20
Example Changes
- docs: add missing RLS step to Next.js tutorial: #82714
Misc Changes
- fix: avoid importing types that will be unused: #82856
- Turbopack: add parallel execution helpers: #82666
Credits

Huge thanks to @ bgub, @ Karthikeya-Thatipamula, and @ sokra for helping!
15.5.1-canary.1 - 2025-08-20
Core Changes
- fix: missing next/link types with typedRoutes: #82814
- [types] refactor shared types: #82844
- fix: update the config.api.responseLimit type: #82852
- fix: update validation return types: #82854
Misc Changes
- Update Rspack production test manifest: #82813
- Turbopack: run unit tests in multi threaded runtime: #82665
Credits

Huge thanks to @ chungweileong94, @ vercel-release-bot, @ sokra, @ huozhi, and @ bgub for helping!
15.5.1-canary.0 - 2025-08-20
Core Changes
- docs: mention turbopack config codemod: #82183
- [devtools] Shim overlay on server: #82791
- Turbopack: pass cache handler path as relative path to Rust: #82780
- Remove unused code: #82774
- [perf] only load next config once when start next dev server: #82654
- [Cache Components] Error for Sync IO in Server Components during Static Prerender: #82500
- Upgrade React from 0bdb9206-20250818 to 03fda05d-20250820: #82847
Example Changes
- fix: update @ types/node to resolve Vite 7.x peer dependency conflict: #82794
Misc Changes
- docs: fix typo in Image#priority: #82806
- [test] update existing passed tests for cache components suite: #82830
- [test] fix cache components build error in next-form tests: #82841
Credits

Huge thanks to @ wbinnssmith, @ charpeni, @ mischnic, @ timneutkens, @ huozhi, @ Hareesh108, and @ gnoff for helping!
15.5.0 - 2025-08-20
15.4.7 - 2025-08-18
15.4.6 - 2025-08-06
15.4.5 - 2025-07-29
15.4.4 - 2025-07-24
15.4.3 - 2025-07-22
15.4.2 - 2025-07-18
15.4.2-canary.56 - 2025-08-19
15.4.2-canary.55 - 2025-08-19
15.4.2-canary.54 - 2025-08-19
15.4.2-canary.53 - 2025-08-18
15.4.2-canary.52 - 2025-08-17
15.4.2-canary.51 - 2025-08-16
15.4.2-canary.50 - 2025-08-16
15.4.2-canary.49 - 2025-08-15
15.4.2-canary.48 - 2025-08-14
15.4.2-canary.47 - 2025-08-14
15.4.2-canary.46 - 2025-08-13
15.4.2-canary.45 - 2025-08-13
15.4.2-canary.44 - 2025-08-13
15.4.2-canary.43 - 2025-08-13
15.4.2-canary.42 - 2025-08-12
15.4.2-canary.41 - 2025-08-12
15.4.2-canary.40 - 2025-08-12
15.4.2-canary.39 - 2025-08-12
15.4.2-canary.38 - 2025-08-11
15.4.2-canary.37 - 2025-08-11
15.4.2-canary.36 - 2025-08-11
15.4.2-canary.35 - 2025-08-09
15.4.2-canary.34 - 2025-08-08
15.4.2-canary.33 - 2025-08-07
15.4.2-canary.32 - 2025-08-06
15.4.2-canary.31 - 2025-08-05
15.4.2-canary.30 - 2025-08-04
15.4.2-canary.29 - 2025-08-03
15.4.2-canary.28 - 2025-08-02
15.4.2-canary.27 - 2025-08-01
15.4.2-canary.26 - 2025-08-01
15.4.2-canary.25 - 2025-07-31
15.4.2-canary.24 - 2025-07-31
15.4.2-canary.23 - 2025-07-31
15.4.2-canary.22 - 2025-07-30
15.4.2-canary.21 - 2025-07-30
15.4.2-canary.20 - 2025-07-29
15.4.2-canary.19 - 2025-07-28
15.4.2-canary.18 - 2025-07-26
15.4.2-canary.17 - 2025-07-25
15.4.2-canary.16 - 2025-07-24
15.4.2-canary.15 - 2025-07-23
15.4.2-canary.14 - 2025-07-22
15.4.2-canary.13 - 2025-07-22
15.4.2-canary.12 - 2025-07-21
15.4.2-canary.11 - 2025-07-21
15.4.2-canary.10 - 2025-07-19
15.4.2-canary.9 - 2025-07-18
15.4.2-canary.8 - 2025-07-18
15.4.2-canary.7 - 2025-07-17
15.4.2-canary.6 - 2025-07-17
15.4.2-canary.5 - 2025-07-16
15.4.2-canary.4 - 2025-07-16
15.4.2-canary.3 - 2025-07-16
15.4.2-canary.2 - 2025-07-16
15.4.2-canary.1 - 2025-07-15
15.4.2-canary.0 - 2025-07-14
15.4.1 - 2025-07-14
15.4.0 - 2025-05-30
15.4.0-canary.130 - 2025-07-14
15.4.0-canary.129 - 2025-07-13
15.4.0-canary.128 - 2025-07-12
15.4.0-canary.127 - 2025-07-11
15.4.0-canary.126 - 2025-07-11
15.4.0-canary.123 - 2025-07-09
15.4.0-canary.122 - 2025-07-09
15.4.0-canary.121 - 2025-07-09
15.4.0-canary.120 - 2025-07-09
15.4.0-canary.119 - 2025-07-08
15.4.0-canary.118 - 2025-07-08
15.4.0-canary.116 - 2025-07-06
15.4.0-canary.115 - 2025-07-05
15.4.0-canary.114 - 2025-07-04
15.4.0-canary.113 - 2025-07-03
15.4.0-canary.112 - 2025-07-03
15.4.0-canary.111 - 2025-07-03
15.4.0-canary.110 - 2025-07-02
15.4.0-canary.109 - 2025-07-02
15.4.0-canary.108 - 2025-07-01
15.4.0-canary.107 - 2025-07-01
15.4.0-canary.106 - 2025-07-01
15.4.0-canary.105 - 2025-07-01
15.4.0-canary.104 - 2025-06-30
15.4.0-canary.103 - 2025-06-29
15.4.0-canary.102 - 2025-06-27
15.4.0-canary.101 - 2025-06-27
15.4.0-canary.100 - 2025-06-26
15.4.0-canary.99 - 2025-06-26
15.4.0-canary.98 - 2025-06-26
15.4.0-canary.97 - 2025-06-26
15.4.0-canary.96 - 2025-06-25
15.4.0-canary.95 - 2025-06-24
15.4.0-canary.94 - 2025-06-23
15.4.0-canary.93 - 2025-06-23
15.4.0-canary.92 - 2025-06-22
15.4.0-canary.91 - 2025-06-21
15.4.0-canary.90 - 2025-06-21
15.4.0-canary.89 - 2025-06-20
15.4.0-canary.88 - 2025-06-20
15.4.0-canary.87 - 2025-06-19
15.4.0-canary.86 - 2025-06-18
15.4.0-canary.85 - 2025-06-18
15.4.0-canary.84 - 2025-06-16
15.4.0-canary.83 - 2025-06-14
15.4.0-canary.82 - 2025-06-13
15.4.0-canary.81 - 2025-06-13
15.4.0-canary.80 - 2025-06-12
15.4.0-canary.79 - 2025-06-11
15.4.0-canary.78 - 2025-06-11
15.4.0-canary.77 - 2025-06-11
15.4.0-canary.76 - 2025-06-10
15.4.0-canary.75 - 2025-06-10
15.4.0-canary.74 - 2025-06-10
15.4.0-canary.73 - 2025-06-09
15.4.0-canary.72 - 2025-06-08
15.4.0-canary.71 - 2025-06-07
15.4.0-canary.70 - 2025-06-06
15.4.0-canary.69 - 2025-06-06
15.4.0-canary.68 - 2025-06-05
15.4.0-canary.67 - 2025-06-04
15.4.0-canary.66 - 2025-06-04
15.4.0-canary.65 - 2025-06-04
15.4.0-canary.64 - 2025-06-04
15.4.0-canary.63 - 2025-06-03
15.4.0-canary.62 - 2025-06-03
15.4.0-canary.61 - 2025-06-01
15.4.0-canary.60 - 2025-05-31
15.4.0-canary.59 - 2025-05-30
15.4.0-canary.58 - 2025-05-30
15.4.0-canary.57 - 2025-05-29
15.4.0-canary.56 - 2025-05-28
15.4.0-canary.55 - 2025-05-27
15.4.0-canary.54 - 2025-05-27
15.4.0-canary.53 - 2025-05-26
15.4.0-canary.52 - 2025-05-25
15.4.0-canary.51 - 2025-05-24
15.4.0-canary.50 - 2025-05-23
15.4.0-canary.49 - 2025-05-23
15.4.0-canary.48 - 2025-05-22
15.4.0-canary.47 - 2025-05-21
15.4.0-canary.46 - 2025-05-21
15.4.0-canary.45 - 2025-05-21
15.4.0-canary.44 - 2025-05-20
15.4.0-canary.43 - 2025-05-20
15.4.0-canary.42 - 2025-05-19
15.4.0-canary.41 - 2025-05-19
15.4.0-canary.40 - 2025-05-19
15.4.0-canary.39 - 2025-05-18
15.4.0-canary.38 - 2025-05-17
15.4.0-canary.37 - 2025-05-16
15.4.0-canary.36 - 2025-05-15
15.4.0-canary.35 - 2025-05-15
15.4.0-canary.34 - 2025-05-13
15.4.0-canary.33 - 2025-05-13
15.4.0-canary.31 - 2025-05-10
15.4.0-canary.30 - 2025-05-09
15.4.0-canary.29 - 2025-05-09
15.4.0-canary.28 - 2025-05-08
15.4.0-canary.27 - 2025-05-08
15.4.0-canary.26 - 2025-05-07
15.4.0-canary.24 - 2025-05-06
15.4.0-canary.23 - 2025-05-05
15.4.0-canary.22 - 2025-05-05
15.4.0-canary.21 - 2025-05-05
15.4.0-canary.20 - 2025-05-03
15.4.0-canary.19 - 2025-05-02
15.4.0-canary.18 - 2025-05-01
15.4.0-canary.17 - 2025-04-30
15.4.0-canary.16 - 2025-04-30
15.4.0-canary.15 - 2025-04-29
15.4.0-canary.14 - 2025-04-28
15.4.0-canary.13 - 2025-04-28
15.4.0-canary.12 - 2025-04-27
15.4.0-canary.11 - 2025-04-26
15.4.0-canary.10 - 2025-04-25
15.4.0-canary.9 - 2025-04-24
15.4.0-canary.8 - 2025-04-24
15.4.0-canary.7 - 2025-04-23
15.4.0-canary.6 - 2025-04-23
15.4.0-canary.5 - 2025-04-23
15.4.0-canary.4 - 2025-04-22
15.4.0-canary.3 - 2025-04-22
15.4.0-canary.2 - 2025-04-21
15.4.0-canary.1 - 2025-04-21
15.4.0-canary.0 - 2025-04-21
15.3.5 - 2025-07-03

from next GitHub release notes

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.
Snyk has automatically assigned this pull request, set who gets assigned.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI3NjM5MDRlYy01M2ZjLTQ0ODQtODZmOC01MTRmN2VmMGRjOGQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6Ijc2MzkwNGVjLTUzZ...

Snyk has created this PR to upgrade next from 15.3.5 to 15.5.2. See this package in npm: next See this project in Snyk: https://app.snyk.io/org/alexswensen/project/ae65291c-c953-4d20-bbc8-2deb65d28dff?utm_source=github&utm_medium=referral&page=upgrade-pr

vercel · 2025-09-17T09:47:21Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
alexswensen-io	Error			Sep 17, 2025 9:47am

coderabbitai · 2025-09-17T09:47:25Z

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch snyk-upgrade-216970045b5084cab100631cb624947f

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Copilot

Pull Request Overview

This is a security-focused dependency upgrade that updates Next.js from version 15.3.5 to 15.5.2, addressing multiple vulnerabilities including high-severity Server-side Request Forgery (SSRF) and medium-severity cache security issues.

Updates Next.js dependency from 15.3.5 to 15.5.2 (234 versions ahead)
Fixes high-severity SSRF vulnerability (SNYK-JS-NEXT-12299318)
Resolves medium-severity cache information leakage (SNYK-JS-NEXT-12301496) and low-severity data correlation issue (SNYK-JS-NEXT-12265451)

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

Copilot AI review requested due to automatic review settings September 17, 2025 09:47

AlexSwensen self-assigned this Sep 17, 2025

vercel bot had a problem deploying to Preview September 17, 2025 09:47 Failure

Copilot AI reviewed Sep 17, 2025

View reviewed changes

[Snyk] Upgrade next from 15.3.5 to 15.5.2 #79

Are you sure you want to change the base?

[Snyk] Upgrade next from 15.3.5 to 15.5.2 #79

Uh oh!

Conversation

AlexSwensen commented Sep 17, 2025

Snyk has created this PR to upgrade next from 15.3.5 to 15.5.2.

Issues fixed by the recommended upgrade:

Core Changes

Credits

Core Changes

Misc Changes

Credits

Misc Changes

Credits

Misc Changes

Credits

Core Changes

Misc Changes

Credits

Core Changes

Misc Changes

Credits

Misc Changes

Credits

Example Changes

Misc Changes

Credits

Core Changes

Misc Changes

Credits

Core Changes

Example Changes

Misc Changes

Credits

Uh oh!

vercel bot commented Sep 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

coderabbitai bot commented Sep 17, 2025

Review skipped

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull Request Overview

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

vercel bot commented Sep 17, 2025 •

edited

Loading