chore(deps): bump next from 14.2.35 to 15.5.10#807
chore(deps): bump next from 14.2.35 to 15.5.10#807dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
dependabot
bot
added
dependencies
Branch preview❌ Deploy failed! |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| "fuse.js": "^7.0.0", | ||
| "lodash": "^4.17.21", | ||
| "next": "^14.2.35", | ||
| "next": "^15.5.10", |
There was a problem hiding this comment.
Unsupported Next third-parties version pairing
Medium Severity
Upgrading next to ^15.5.10 while keeping @next/third-parties at ^14.2.35 creates an unsupported version mix. @next/third-parties@14.2.35 declares a peer range for next ^13 || ^14, so this change can cause peer resolution failures in stricter installs and runtime incompatibilities in components importing @next/third-parties/google.
Additional Locations (1)
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/next-15.5.10
branch
from
c719917 to
4fb4f1a
Compare
| "fuse.js": "^7.0.0", | ||
| "lodash": "^4.17.21", | ||
| "next": "^14.2.35", | ||
| "next": "^15.5.10", |
There was a problem hiding this comment.
Nextra 2.13.4 may not support Next.js 15
High Severity
Nextra 2.13.4 and nextra-theme-docs 2.13.4 are pinned to outdated versions that were released before Next.js 15. Research shows that Nextra 4 is the current version supporting Next.js 14 and 15, with significant breaking changes including dropping Pages Router support. While Nextra 2.13.4's peer dependencies technically allow Next.js 15, the framework was not designed or tested against Next.js 15's breaking changes, potentially causing build failures or runtime errors.
Bumps [next](https://github.com/vercel/next.js) from 14.2.35 to 15.5.10. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v15.5.10) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/next-15.5.10
branch
from
4fb4f1a to
c2d0925
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| "fuse.js": "^7.0.0", | ||
| "lodash": "^4.17.21", | ||
| "next": "^14.2.35", | ||
| "next": "^15.5.10", |
There was a problem hiding this comment.
Next.js 15 requires React 19, but React 18 remains
High Severity
Bumping next from ^14.2.35 to ^15.5.10 is a major version upgrade that requires react and react-dom to be updated to version 19, but they remain at ^18.3.1. Next.js 15.5.x has a peer dependency on React 19, so this will cause installation failures (peer dependency conflicts) and potentially runtime errors. The @next/third-parties package also remains pinned at ^14.2.35 and nextra/nextra-theme-docs at 2.13.4, which may not be compatible with Next.js 15.
Bumps next from 14.2.35 to 15.5.10.
Release notes
Sourced from next's releases.
Commits
60a2aa9v15.5.10e5b834dfetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)39a2f6afeat(next/image)!: addimages.maximumResponseBodyconfig (#88183)bf9f084Sync DoS mitigations for React Flightc5de33ev15.5.9dd23399Backport facebook/react#35351 for 15.5.8 (#87086)7526cd6v15.5.81e9ec41Update React Version (#41)16141e5Update React Version (#30)e01e589Backport Next.js changes to v15.5.8 (#23)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Note
Medium Risk
Major Next.js upgrade can introduce build/runtime and routing/rendering behavior changes even though the code diff is dependency-only.
Overview
Upgrades
nextfrom^14.2.35to^15.5.10inpackage.json(major framework version bump, including upstream security patches).Written by Cursor Bugbot for commit c2d0925. This will update automatically on new commits. Configure here.