[Snyk] Upgrade next from 12.3.4 to 15.1.1

[q1blue]

Snyk has created this PR to upgrade next from 12.3.4 to 15.1.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 1249 versions ahead of your current version.

• The recommended version was released 22 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Uncontrolled Recursion SNYK-JS-NEXT-8186172	83	No Known Exploit
	Missing Authorization SNYK-JS-NEXT-8520073	83	No Known Exploit
	Resource Exhaustion SNYK-JS-NEXT-6032387	83	Proof of Concept
	Improper Input Validation SNYK-JS-POSTCSS-5926692	83	No Known Exploit

Release notes

Package name: next

• 15.1.1 - 2024-12-17
• 15.1.1-canary.27 - 2025-01-07
• 15.1.1-canary.26 - 2025-01-06
• 15.1.1-canary.25 - 2025-01-03
• 15.1.1-canary.24 - 2025-01-02
• 15.1.1-canary.23 - 2024-12-28
• 15.1.1-canary.22 - 2024-12-27
• 15.1.1-canary.21 - 2024-12-26
• 15.1.1-canary.20 - 2024-12-25
• 15.1.1-canary.19 - 2024-12-24
• 15.1.1-canary.18 - 2024-12-23
• 15.1.1-canary.17 - 2024-12-22
• 15.1.1-canary.16 - 2024-12-20
• 15.1.1-canary.15 - 2024-12-20
• 15.1.1-canary.14 - 2024-12-19
• 15.1.1-canary.13 - 2024-12-18
• 15.1.1-canary.12 - 2024-12-18
• 15.1.1-canary.11 - 2024-12-17
• 15.1.1-canary.10 - 2024-12-17
• 15.1.1-canary.7 - 2024-12-16
  

  Core Changes

  • Ignore RSC fetch errors after hard navigation: #73975
  • Fix error code check in windows: #73981
  • Separate viewport and metadata in rsc and cache: #73867
  • Add feature flag for new dev overlay: #73977
  • Restore RSC fetch error handling after navigating back: #73985

  Misc Changes

  • docs: fix sitemap changelog table formatting: #73760
  • fix(docs): vitest manual setup: #73754
  • docs: fix file extension and missing export: #73842
  • docs: update tailwind.config.ts to use satisfies operator: #73924
  • docs: Fix MDX syntax error: #73970
  • chore(next-custom-transforms): Mark fixture outputs as generated: #73918
  • docs(use-cache): add missing jsx switcher example and types: #73473
  • docs(internalization): add typescript examples and fix params as promise: #73240
  • docs: add missing quotation marks in exmaple code: #73720
  • chore(turbo-tasks-macros): Remove use of associated items for NativeFunction construction: #73929
  • refactor(turbo-tasks-macros): Strip (already hidden) doc attributes from inline function signatures: #73931
  • chore(github): fix wrong-issue-template body: #74003

  Credits

  Huge thanks to @ davidhu2000, @ attilarepka, @ JamBalaya56562, @ mischnic, @ unstubbable, @ gaojude, @ bgw, @ devpla, @ dydals3440, @ huozhi, @ devjiwonchoi, and @ samcx for helping!

• 15.1.1-canary.6 - 2024-12-15
  

  Example Changes

  • examples: remove with-tailwindcss example: #73919

  Misc Changes

  • Docs: fix typo in examples page: #73907
  • docs: add next.config.ts code switcher to Redirecting docs: #73848
  • docs: add tsx switcher to linking and navigation: #73846
  • docs: update file structure on contribution guide: #73778
  • docs: add next-intlayer into i18n solution list: #73750
  • docs: minor typos and fixes: #73955

  Credits

  Huge thanks to @ delbaoliveira, @ JamBalaya56562, @ aymericzip, and @ leerob for helping!

• 15.1.1-canary.5 - 2024-12-14
  

  Core Changes

  • Turbopack: ignore empty NEXT_TURBOPACK_TRACING var: #73903

  Misc Changes

  • chore(github): add issue_wrong_template workflow: #73882
  • docs(mdx): add a dynamic imports section for App Router: #73466
  • chore: increase test sharding: #73852
  • fix(turbo): sassOptions silenceDeprecations was not overwritten with user options: #73937

  Credits

  Huge thanks to @ samcx, @ wyattjoh, @ mischnic, and @ devjiwonchoi for helping!

• 15.1.1-canary.4 - 2024-12-13
  

  Core Changes

  • Retry manifest file loading only in dev mode: #73900

  Example Changes

  • chore(docs): add missing search: '' on remotePatterns: #73925

  Misc Changes

  • Correct typo in Update 04-images-and-fonts.mdx: #73790

  Credits

  Huge thanks to @ styfle, @ ollyw, and @ unstubbable for helping!

• 15.1.1-canary.3 - 2024-12-13
  

  Core Changes

  • Exclude .test. files from using error code plugin: #73868
  • Refactor telemetry API: #73865
  • Add additional error classes and error codes: #73862
  • refactor: collectAppPageSegments: #73908
  • cleanup unnecessary map in dev server: #73745

  Misc Changes

  • refactor(turbo-tasks): Derive NonLocalValue by default in value/value_trait macros: #73766
  • refactor(turbo-tasks): Implement NonLocalValue for State<T> where T: NonLocalValue: #73770
  • chore(github): fix typo in close-issue-message: #73878
  • Docs: Remove unstable_expirePath and unstable_expireTag docs: #73856
  • Docs: Create Examples section: #73858
  • Docs clean up: Merge and delete content from routing/index.mdx: #73859
  • Docs clean up: delete defining-routes.mdx and pages.mdx: #73863
  • Turbopack: store ChunkingType in single-module-graph: #73837
  • chore(turbopack-browser): Pedantically fix minor typos in comments about TraitRef: #73772
  • chore(docs): update version history of next/image: #73923
  • docs: update WebVitals component: #73869

  Credits

  Huge thanks to @ bgw, @ gaojude, @ samcx, @ delbaoliveira, @ ztanner, @ mischnic, @ styfle, and @ abdonrd for helping!

• 15.1.1-canary.2 - 2024-12-12
  

  Core Changes

  • [Segment Cache] Add PPR header to segment prefetch: #73756
  • fix: path escaping issue on windows: #73843
  • Rename variables in LayoutRouter for clarity: #73826
  • [Segment Cache] Skip prefetched segments on server: #73626
  • [Segment Cache] No data on tree prefetch if no PPR: #73767
  • Remove segmentPath from RSC payload: #73827
  • build: better error if fetching AMP validator fails: #73851
  • Escape the '.' in '.json' when making static data routes.: #73850
  • fix(next@15): use the asset prefix when loading a CSS in App Router: #72095

  Misc Changes

  • feat: Update swc_core to v9.0.0: #73696
  • Turbopack: resolve some to-resolved-in-loop: #73794
  • Bump Rust version: #73169
  • fix(turbopack): Enable explicit_resource_management transform: #73802
  • docs: fix code block extension on after and error handling: #73844
  • Revert "feat: Update swc_core to v9.0.0": #73866

  Credits

  Huge thanks to @ acdlite, @ kdy1, @ mischnic, @ lubieowoce, @ JamBalaya56562, @ creationix, @ ijjk, and @ noreiller for helping!

• 15.1.1-canary.1 - 2024-12-11
  

  Core Changes

  • Fix receiveExpiredTags not always called: #73759
  • error-overlay: Rename "Error" to "Issue": #72817
  • remove redundant segment collection call: #73773
  • Metadata resolvers can be fetched synchronously: #73771
  • Turbopack: migrate client references to single-graph-traversal: #73322
  • next-codemod: update gitignore file for parity for yarn recommendations: #71963
  • feat: error code: #73332
  • Detach next-error-code-swc-plugin from workspace: #73806
  • [CI] Prominent error message for check_error_codes: #73807

  Misc Changes

  • Turbopack: support module workers: #72614
  • docs: add versions to connection API: #73798
  • Increase test retries from 1 to 2: #73795
  • refactor(turbo-tasks): Implement NonLocalValue for all ResolvedVcs and OperationVcs: #73764
  • docs: supporting after for providers: #73743
  • [E2E] Fix config file conflict: #73818

  Credits

  Huge thanks to @ ijjk, @ eps1lon, @ ztanner, @ gnoff, @ mischnic, @ Marukome0743, @ leerob, @ gaojude, @ unstubbable, @ bgw, and @ lubieowoce for helping!

• 15.1.1-canary.0 - 2024-12-10
  

  Core Changes

  • Fix unstable_allowDynamic when used with pnpm: #73732
  • [dynamicIO] use new heuristic to track whether server render is dynamic: #73751

  Misc Changes

  • Add NEXT_PRIVATE_SKIP_CANARY_CHECK env for bench job: #73763
  • refactor(turbopack): Add NonLocalValue derives to types deriving TraceRawVcs: #73714

  Credits

  Huge thanks to @ ijjk, @ unstubbable, @ bgw, and @ gnoff for helping!

• 15.1.0 - 2024-12-10
• 15.0.4 - 2024-12-05
• 15.0.4-canary.52 - 2024-12-10
• 15.0.4-canary.51 - 2024-12-10
• 15.0.4-canary.50 - 2024-12-10
• 15.0.4-canary.49 - 2024-12-09
• 15.0.4-canary.48 - 2024-12-08
• 15.0.4-canary.47 - 2024-12-07
• 15.0.4-canary.46 - 2024-12-06
• 15.0.4-canary.45 - 2024-12-05
• 15.0.4-canary.44 - 2024-12-05
• 15.0.4-canary.43 - 2024-12-05
• 15.0.4-canary.42 - 2024-12-05
• 15.0.4-canary.41 - 2024-12-04
• 15.0.4-canary.40 - 2024-12-04
• 15.0.4-canary.39 - 2024-12-04
• 15.0.4-canary.38 - 2024-12-04
• 15.0.4-canary.37 - 2024-12-03
• 15.0.4-canary.36 - 2024-12-03
• 15.0.4-canary.34 - 2024-12-02
• 15.0.4-canary.33 - 2024-11-30
• 15.0.4-canary.32 - 2024-11-29
• 15.0.4-canary.31 - 2024-11-28
• 15.0.4-canary.30 - 2024-11-27
• 15.0.4-canary.29 - 2024-11-26
• 15.0.4-canary.28 - 2024-11-25
• 15.0.4-canary.27 - 2024-11-24
• 15.0.4-canary.26 - 2024-11-24
• 15.0.4-canary.25 - 2024-11-23
• 15.0.4-canary.24 - 2024-11-22
• 15.0.4-canary.23 - 2024-11-21
• 15.0.4-canary.22 - 2024-11-21
• 15.0.4-canary.21 - 2024-11-20
• 15.0.4-canary.20 - 2024-11-19
• 15.0.4-canary.19 - 2024-11-18
• 15.0.4-canary.18 - 2024-11-18
• 15.0.4-canary.17 - 2024-11-18
• 15.0.4-canary.16 - 2024-11-18
• 15.0.4-canary.15 - 2024-11-17
• 15.0.4-canary.14 - 2024-11-16
• 15.0.4-canary.13 - 2024-11-15
• 15.0.4-canary.12 - 2024-11-14
• 15.0.4-canary.11 - 2024-11-13
• 15.0.4-canary.10 - 2024-11-13
• 15.0.4-canary.9 - 2024-11-13
• 15.0.4-canary.8 - 2024-11-13
• 15.0.4-canary.7 - 2024-11-12
• 15.0.4-canary.6 - 2024-11-11
• 15.0.4-canary.5 - 2024-11-10
• 15.0.4-canary.4 - 2024-11-09
• 15.0.4-canary.3 - 2024-11-08
• 15.0.4-canary.2 - 2024-11-08
• 15.0.3 - 2024-11-07
• 15.0.3-canary.9 - 2024-11-07
• 15.0.3-canary.8 - 2024-11-06
• 15.0.3-canary.7 - 2024-11-05
• 15.0.3-canary.6 - 2024-11-04
• 15.0.3-canary.5 - 2024-11-03
• 15.0.3-canary.4 - 2024-11-01
• 15.0.3-canary.3 - 2024-10-31
• 15.0.3-canary.2 - 2024-10-30
• 15.0.3-canary.1 - 2024-10-29
• 15.0.3-canary.0 - 2024-10-29
• 15.0.2 - 2024-10-29
• 15.0.2-canary.11 - 2024-10-29
• 15.0.2-canary.10 - 2024-10-28
• 15.0.2-canary.9 - 2024-10-27
• 15.0.2-canary.8 - 2024-10-26
• 15.0.2-canary.7 - 2024-10-25
• 15.0.2-canary.6 - 2024-10-24
• 15.0.2-canary.5 - 2024-10-24
• 15.0.2-canary.4 - 2024-10-24
• 15.0.2-canary.3 - 2024-10-24
• 15.0.2-canary.2 - 2024-10-23
• 15.0.2-canary.1 - 2024-10-23
• 15.0.2-canary.0 - 2024-10-23
• 15.0.1 - 2024-10-23
• 15.0.1-canary.3 - 2024-10-22
• 15.0.1-canary.2 - 2024-10-22
• 15.0.1-canary.1 - 2024-10-21
• 15.0.1-canary.0 - 2024-10-21
• 15.0.0 - 2024-10-21
• 15.0.0-rc.1 - 2024-10-15
• 15.0.0-rc.0 - 2024-05-23
• 15.0.0-canary.205 - 2024-10-21
• 15.0.0-canary.204 - 2024-10-21
• 15.0.0-canary.203 - 2024-10-21
• 15.0.0-canary.202 - 2024-10-20
• 15.0.0-canary.201 - 2024-10-20
• 15.0.0-canary.200 - 2024-10-19
• 15.0.0-canary.199 - 2024-10-19
• 15.0.0-canary.198 - 2024-10-18
• 15.0.0-canary.197 - 2024-10-17
• 15.0.0-canary.196 - 2024-10-16
• 15.0.0-canary.195 - 2024-10-15
• 15.0.0-canary.194 - 2024-10-15
• 15.0.0-canary.193 - 2024-10-15
• 15.0.0-canary.192 - 2024-10-15
• 15.0.0-canary.191 - 2024-10-14
• 15.0.0-canary.190 - 2024-10-13
• 15.0.0-canary.189 - 2024-10-13
• 15.0.0-canary.188 - 2024-10-13
• 15.0.0-canary.187 - 2024-10-12
• 15.0.0-canary.186 - 2024-10-12
• 15.0.0-canary.185 - 2024-10-11
• 15.0.0-canary.184 - 2024-10-11
• 15.0.0-canary.183 - 2024-10-10
• 15.0.0-canary.182 - 2024-10-09
• 15.0.0-canary.181 - 2024-10-09
• 15.0.0-canary.179 - 2024-10-04
• 15.0.0-canary.178 - 2024-10-04
• 15.0.0-canary.177 - 2024-10-02
• 15.0.0-canary.176 - 2024-10-02
• 15.0.0-canary.175 - 2024-10-01
• 15.0.0-canary.174 - 2024-10-01
• 15.0.0-canary.173 - 2024-09-28
• 15.0.0-canary.172 - 2024-09-27
• 15.0.0-canary.171 - 2024-09-25
• 15.0.0-canary.170 - 2024-09-25
• 15.0.0-canary.169 - 2024-09-25
• 15.0.0-canary.168 - 2024-09-25
• 15.0.0-canary.167 - 2024-09-24
• 15.0.0-canary.166 - 2024-09-24
• 15.0.0-canary.165 - 2024-09-24
• 15.0.0-canary.164 - 2024-09-23
• 15.0.0-canary.163 - 2024-09-23
• 15.0.0-canary.162 - 2024-09-22
• 15.0.0-canary.161 - 2024-09-20
• 15.0.0-canary.160 - 2024-09-19
• 15.0.0-canary.159 - 2024-09-18
• 15.0.0-canary.158 - 2024-09-17
• 15.0.0-canary.157 - 2024-09-16
• 15.0.0-canary.156 - 2024-09-14
• 15.0.0-canary.155 - 2024-09-13
• 15.0.0-canary.154 - 2024-09-13
• 15.0.0-canary.153 - 2024-09-12
• 15.0.0-canary.152 - 2024-09-12
• 15.0.0-canary.151 - 2024-09-11
• 15.0.0-canary.150 - 2024-09-11
• 15.0.0-canary.149 - 2024-09-10
• 15.0.0-canary.148 - 2024-09-10
• 15.0.0-canary.147 - 2024-09-09
• 15.0.0-canary.146 - 2024-09-08
• 15.0.0-canary.145 - 2024-09-07
• 15.0.0-canary.144 - 2024-09-06
• 15.0.0-canary.143 - 2024-09-05
• 15.0.0-canary.142 - 2024-09-05
• 15.0.0-canary.141 - 2024-09-04
• 15.0.0-canary.140 - 2024-09-03
• 15.0.0-canary.139 - 2024-09-02
• 15.0.0-canary.138 - 2024-09-01
• 15.0.0-canary.137 - 2024-08-31
• 15.0.0-canary.136 - 2024-08-30
• 15.0.0-canary.135 - 2024-08-30
• 15.0.0-canary.134 - 2024-08-28
• 15.0.0-canary.133 - 2024-08-28
• 15.0.0-canary.132 - 2024-08-28
• 15.0.0-canary.131 - 2024-08-26
• 15.0.0-canary.130 - 2024-08-25
• 15.0.0-canary.129 - 2024-08-24
• 15.0.0-canary.128 - 2024-08-23
• 15.0.0-canary.127 - 2024-08-22
• 15.0.0-canary.126 - 2024-08-22
• 15.0.0-canary.125 - 2024-08-21
• 15.0.0-canary.124 - 2024-08-21
• 15.0.0-canary.123 - 2024-08-21
• 15.0.0-canary.122 - 2024-08-20
• 15.0.0-canary.121 - 2024-08-20
• 15.0.0-canary.120 - 2024-08-17
• 15.0.0-canary.119 - 2024-08-16
• 15.0.0-canary.118 - 2024-08-16
• 15.0.0-canary.117 - 2024-08-16
• 15.0.0-canary.116 - 2024-08-16
• 15.0.0-canary.115 - 2024-08-13
• 15.0.0-canary.114 - 2024-08-13
• 15.0.0-canary....

[changeset-bot]

⚠️ No Changeset found

Latest commit: 2d0abbd

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

Report too large to display inline

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Critical CVE	npm/[email protected]	CVE: GHSA-fj58-h2fr-3pp2 SQL Injection and Cross-site Scripting in class-validator (CRITICAL) Affected versions: < 0.14.0 Patched version: 0.14.0	api/package.json api/pnpm-lock.yaml pnpm-lock.yaml	⚠︎

View full report↗︎

Next steps

What is a critical CVE?

Contains a Critical Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]