chore: Downgrade Next to 15.3.0

[joeauyeung]

What does this PR do?

Fixes local performance issues found in 15.3.2

• Fixes #XXXX (GitHub issue number)
• Fixes CAL-XXXX (Linear issue number - should be visible at the bottom of the GitHub issue description)

Visual Demo (For contributors especially)

A visual demonstration is strongly recommended, for both the original and new change (video / image - any one).

Video Demo (if applicable):

• Show screen recordings of the issue or feature.
• Demonstrate how to reproduce the issue, the behavior before and after the change.

Image Demo (if applicable):

• Add side-by-side screenshots of the original and updated change.
• Highlight any significant change(s).

Mandatory Tasks (DO NOT REMOVE)

• I have self-reviewed the code (A decent size PR without self-review might be rejected).
• I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. If N/A, write N/A here and check the checkbox.
• I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

• Are there environment variables that should be set?
• What are the minimal test data to have?
• What is expected (happy path) to have (input and output)?
• Any other important info that could help to test that PR

Checklist

• I haven't read the contributing guide
• My code doesn't follow the style guidelines of this project
• I haven't commented my code, particularly in hard-to-understand areas
• I haven't checked if my changes generate no new warnings

---

Summary by cubic

Downgraded Next.js from version 15.3.2 to 15.3.0 to fix local performance issues.

• Dependencies
  • Updated package.json to use Next.js 15.3.0.

[cubic-dev-ai]

cubic found 1 issue across 1 file. Review it in cubic.dev

_{React with 👍 or 👎 to teach cubic. Tag @cubic-dev-ai to give specific feedback.}

[cubic-dev-ai]

Using a caret (^) version range still allows npm to install newer patch versions like 15.3.2, so the intended downgrade to exactly 15.3.0 is not guaranteed.

Suggested change

	"next": "^15.3.0",
	"next": "15.3.0",

[graphite-app]

Graphite Automations

"Add consumer team as reviewer" took an action on this PR • (06/09/25)

1 reviewer was added to this PR based on Keith Williams's automation.

[hbjORbj]

Turned it draft because we aren't sure if this is the issue yet

[hbjORbj]

While other team members are okay, for some reason, Sean's experiencing a local dev slowness after the next.js version upgrade from 15.3.0 to 15.3.3. The version upgrade isn't really worth blocking Sean's work, so this is a valid merge, IMO, at least for now

[cubic-dev-ai]

cubic found 1 issue across 1 file. Review it in cubic.dev

_{React with 👍 or 👎 to teach cubic. Tag @cubic-dev-ai to give specific feedback.}

[cubic-dev-ai]

Using a caret (^) keeps the version range open, so npm may still install 15.3.2 or any later 15.x patch release, which defeats the intention of downgrading to 15.3.0 to avoid the reported performance issues.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
cal-eu	❌ Failed (Inspect)			Jun 9, 2025 4:08pm

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
cal	⬜️ Ignored (Inspect)	Visit Preview		Jun 9, 2025 4:08pm

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​nestjs/​schematics@​10.2.3
	http@​0.0.1-security
	jest@​29.7.0
	@​types/​express@​4.17.23
	querystring@​0.2.1
	next@​13.5.11
	@​calcom/​platform-libraries@​0.0.2
	@​types/​fs-extra@​11.0.4
	@​types/​luxon@​3.6.2
	qs-stringify@​1.2.1
	@​calcom/​platform-libraries@​0.0.208
	jest-date-mock@​1.0.10
	connect@​3.7.0
	passport-jwt@​4.0.1
	@​types/​passport-jwt@​3.0.13
	next-api-middleware@​1.0.1
	reflect-metadata@​0.1.14
	passport@​0.7.0
	@​nest-lab/​throttler-storage-redis@​1.0.0
See 40 more rows in the dashboard

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert (click for details)
Block		http@0.0.1-security is Known malware. Note: Package has been removed from the npm registry due to security concerns. This is a placeholder package published by the npm security team to prevent malicious usage of the package name. The original package likely contained harmful code. From: apps/api/package.json → npm/http@0.0.1-security ℹ Read more on: This package | This alert | What is known malware? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: It is strongly recommended that malware is removed from your codebase. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/http@0.0.1-security. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[github-actions]

E2E results are ready!

• Workflow #62645.2 latest results