Conversation
Bumps [next](https://github.com/vercel/next.js) from 15.4.6 to 15.5.14. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.4.6...v15.5.14) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.14 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Codacy's Analysis Summary0 new issues (≤ 1 medium issue)
|
![codacy-production[bot]](https://avatars.githubusercontent.com/in/56611?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull Request Overview
While this PR updates Next.js to 15.5.14 to include important security patches and bug fixes, it introduces a critical peer dependency conflict. Next.js 15 officially requires React 19, but the current configuration retains React 18.3.1. This will result in installation failures in strict environments and potential runtime errors. Furthermore, the presence of react-native in the project complicates a potential React 19 upgrade. This PR should not be merged until the React versioning strategy is resolved and basic build verification is performed. Codacy analysis indicates the changes are technically up to standards, but the dependency logic is fundamentally flawed.
About this PR
- No regression tests or build logs were provided to verify that the version bump does not break existing application functionality or the CI/CD pipeline.
- The coverage report is empty for this PR, making it impossible to determine if existing tests exercise the updated dependency logic or if the framework update has degraded testability.
Test suggestions
- Verify that the application builds successfully using Next.js 15.5.14.
- Verify that existing rewrites still function correctly following the http-proxy security patch.
- Confirm that pages using next/image still render correctly with the new LRU disk cache changes.
Prompt proposal for missing tests
Consider implementing these tests if applicable:
1. Verify that the application builds successfully using Next.js 15.5.14.
2. Verify that existing rewrites still function correctly following the http-proxy security patch.
3. Confirm that pages using next/image still render correctly with the new LRU disk cache changes.
🗒️ Improve review quality by adding custom instructions
| "mongoose": "^8.12.1", | ||
| "newrelic": "^13.6.5", | ||
| "next": "^15.4.6", | ||
| "next": "^15.5.14", |
There was a problem hiding this comment.
🔴 HIGH RISK
Next.js 15 officially requires React 19 as a peer dependency. Using version ^18.3.1 will cause installation conflicts and potential runtime issues. Given the presence of react-native ^0.76.2 in the project, you should determine if a full upgrade to React 19 is feasible or if the project should remain on Next.js 14 to maintain compatibility with the current React 18 stack. Try running the following prompt in your coding agent: > Upgrade react and react-dom to ^19.0.0 and resolve peer dependency conflicts, or downgrade next to ^14.2.0 if React 18 must be preserved for react-native.
Bumps next from 15.4.6 to 15.5.14.
Release notes
Sourced from next's releases.
Commits
d7b012dv15.5.142b05251[backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...f88cee9Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...cfd5f53v15.5.1315f2891[backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...d23f41cv15.5.128e75765fix unlock in publish-native6cef992[backport] normalize CRLF line endings in jscodeshift tests on Windows (#8800...7a94645Apply needs for publishReleasebbfd4e3v15.5.11Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.