Skip to content

chore(deps): bump next from 14.2.21 to 15.5.18#3695

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/next-15.5.18
Open

chore(deps): bump next from 14.2.21 to 15.5.18#3695
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/next-15.5.18

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 21, 2026
edited
Loading

Bumps next from 14.2.21 to 15.5.18.

Release notes

Sourced from next's releases.

v15.5.18

This release contains security fixes for the following advisories:

High:

Moderate:

Low:

v15.5.16

This release contains security fixes for the following advisories:

High:

Moderate:

Low:

v15.5.15

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

v15.5.14

[!NOTE]

... (truncated)

Commits
  • 9ff92ce v15.5.18
  • 00ebe23 [backport] Disable build caches for production/staging/force-preview deploys ...
  • 62c97ab v15.5.17
  • 423623a Turbopack: Match proxy matchers with webpack implementation (#93594)
  • fa78739 Turbopack: Fix middleware matcher suffix (#93590)
  • 36e62c6 [backport] Turbopack: more strict vergen setup (#93588)
  • 36589b5 [backport][test] Pin package manager to patch versions (#93596)
  • ad6fd4e v15.5.16
  • 79d7dff Ignore malformed CSP nonce headers (#103)
  • c4f6908 router-server: guard upgrade proxy against absolute-url SSRF (#77) (#102)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 21, 2026
@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented May 21, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: d034dac

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

devin-ai-integration[bot]
devin-ai-integration Bot reviewed May 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.

Open in Devin Review

@dependabot
chore(deps): bump next from 14.2.21 to 15.5.18
d034dac 
Bumps [next](https://github.com/vercel/next.js) from 14.2.21 to 15.5.18.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.21...v15.5.18)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.5.18
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump next from 15.3.3 to 15.5.18 chore(deps): bump next from 14.2.21 to 15.5.18 May 22, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-15.5.18 branch from 9fa381b to d034dac Compare May 22, 2026 11:34
devin-ai-integration[bot]
devin-ai-integration Bot reviewed May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 1 new potential issue.

View 3 additional findings in Devin Review.

Open in Devin Review

Comment thread references/nextjs-realtime/package.json
"langsmith": "^0.2.15",
"lucide-react": "^0.451.0",
"next": "14.2.21",
"next": "15.5.18",
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration Bot May 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 Next.js 14→15 major version bump without updating async API usage (cookies, params, searchParams)

The references/nextjs-realtime project is upgraded from Next.js 14.2.21 to 15.5.18 (a major version bump), but the source code still uses Next.js 14 synchronous patterns for cookies(), params, and searchParams — all of which became asynchronous (Promise-based) in Next.js 15.

Affected files and patterns

cookies() not awaited:

  • references/nextjs-realtime/src/app/runs/[id]/page.tsx:6: const cookieStore = cookies() — needs await
  • references/nextjs-realtime/src/app/batches/[id]/page.tsx:6: const cookieStore = cookies() — needs await
  • references/nextjs-realtime/src/app/actions.ts:15: cookies().set(...) — needs (await cookies()).set(...)
  • references/nextjs-realtime/src/app/actions.ts:38: cookies().set(...) — needs (await cookies()).set(...)

params not a Promise:

  • references/nextjs-realtime/src/app/runs/[id]/page.tsx:5: { params: { id: string } } — should be Promise<{ id: string }>
  • references/nextjs-realtime/src/app/batches/[id]/page.tsx:5: same
  • references/nextjs-realtime/src/app/csv/[id]/page.tsx:8: same (also searchParams)
  • references/nextjs-realtime/src/app/ai/[id]/page.tsx:7: same (also searchParams)
  • references/nextjs-realtime/src/app/uploads/[id]/page.tsx:8: same (also searchParams)
  • references/nextjs-realtime/src/app/realtime/[id]/page.tsx:4: same

Other reference projects already on Next.js 15 (e.g., references/realtime-hooks-test, references/ai-chat) correctly use params: Promise<{...}> with await params.

Prompt for agents 
The nextjs-realtime reference project is being upgraded from Next.js 14 to 15, but the source code still uses synchronous Next.js 14 API patterns. In Next.js 15, cookies(), params, and searchParams are all Promise-based and must be awaited.

Files that need updating:

1. src/app/actions.ts: Change cookies().set(...) to (await cookies()).set(...) on lines 15 and 38.

2. src/app/runs/[id]/page.tsx: Change params type to Promise<{ id: string }> and await it. Change cookies() to await cookies().

3. src/app/batches/[id]/page.tsx: Same changes as runs page.

4. src/app/csv/[id]/page.tsx: Change both params and searchParams types to Promises and await them.

5. src/app/ai/[id]/page.tsx: Same as csv page.

6. src/app/uploads/[id]/page.tsx: Same as csv page.

7. src/app/realtime/[id]/page.tsx: Change params type to Promise<{ id: string }> and await it.

See references/realtime-hooks-test/src/app/run/[id]/page.tsx and references/ai-chat/src/app/chats/[chatId]/page.tsx for correct Next.js 15 patterns already used in this repo.
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants