build(deps): bump next from 14.2.35 to 15.5.10 in /packages/web#2
Closed
dependabot[bot] wants to merge 1 commit into
Closed
build(deps): bump next from 14.2.35 to 15.5.10 in /packages/web#2dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [next](https://github.com/vercel/next.js) from 14.2.35 to 15.5.10. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v15.5.10) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
Author
|
Looks like next is up-to-date now, so this is no longer needed. |
dependabot
Bot
deleted the
dependabot/npm_and_yarn/packages/web/next-15.5.10
branch
mikepsinn
added a commit
that referenced
this pull request
May 13, 2026
Per Mike: Codex agents should be able to verify their work against the dev server's actual stderr, not just HTTP status codes. Pages return 200 with runtime errors hidden in the log (e.g., this session: /dev/email/* returns 200 while emitting "Attempted to call EmailRenderSurface() from the server" — fix looked verified by status alone). - CLAUDE.md HVD #2: orchestrator pre-warms with stdout/stderr redirect to packages/web/.dev-server.log; dispatch prompts include the path. - .claude/codex-delegation.md: new "Dev server logs" subsection with the redirect command + the dispatch-prompt language Codex needs to tail and grep the log after each route load. - .gitignore: .dev-server.log and .next.stale-* (saw a stale-* dir appear and get committed by accident this session). qa-passed: skipped — pure meta-config (CLAUDE.md, .claude/, .gitignore) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
mikepsinn
added a commit
that referenced
this pull request
May 14, 2026
The user's pushback last interval was right: most of the "fixes" Codex
piled on this session were treating dev-server-state symptoms, not real
production bugs. Production-build static-gen of every page passes
without any of them. Reverting the cruft, keeping only the genuine
fixes.
REVERTED (cruft — treated symptoms of wedged dev-server / parallel
Playwright accident / Turbopack stale graph):
- packages/web/src/lib/auth/session-client.ts (useSession shim)
- per-component <SessionProvider> wraps on TreatyVoteFlow,
RepresentedPersonConversionForm, TaskShareButtons
- adaptive/client.tsx, adaptive/server.ts, adaptive/types.ts,
adaptive/index.tsx, adaptive/__tests__/ (createAdaptiveComponent +
EmailRenderSurface + withRenderSurface — over-engineered for a
theoretical concurrent-render race that never reproduced under
healthy server conditions)
- ParameterValueWeb facade indirection (folded into ParameterValue.tsx
directly — the client component IS the public export, matching
origin/main's shape)
- ParameterValue.server.tsx / ParameterValueServer.tsx (both retracted)
KEPT (real architectural improvements):
- humanity-manager-promotion split: -content (single-source copy),
.web.tsx (Dialog values), .email.tsx (link values, inline styles).
Each render path explicitly picks the right ParameterValue variant.
- ParameterValue.tsx: simplified to the direct client Dialog component
with formatParameterValueText / hasParameterMetadata helpers in
ParameterValue.core.ts and a sibling ParameterValueEmail.tsx for
server-safe email rendering.
- adaptive/email-styles.ts: kept (it's just style constants, not
routing logic; used by email modules).
VISUAL-STABILITY FIXES (real pre-existing branch latent bugs surfaced
this session):
- Footer.tsx: wrap description block in <div> not <p>. <p> + Radix
Dialog children triggered HTML reparse → hydration mismatch.
- civilization-os-loader.tsx: drop styled-jsx (which forces a client
boundary) in favor of plain <style> tags so server `loading.tsx`
callers stay server-safe.
- /api/auth/post-signin/route.ts: parse empty body as `{}` instead of
throwing SyntaxError. Real pre-existing bug; route test added.
- visual-regression.spec.ts: retain pageerror.stack on capture so
intermittent React errors give source locations.
- visual-routes.ts: /employees uses a deterministic data-visual-section
selector instead of an overdue-count-dependent text match (CI seed
coverage gap had been masking the section-deletion guard).
- post-signin route fix has a focused route test.
ALSO IN THIS COMMIT (orthogonal meta-tooling that piled up):
- .codex/hooks/* and .codex/hooks.json deleted (Mike's call: prefer
Claude-Code-side hooks, fewer agent guardrails for Codex).
- New .claude/hooks/codex-dispatch-blather.mjs (blocks Codex prompts
with > 3 enumeration items per [[state-the-goal-not-the-script]]).
- .claude/codex-delegation.md: new "NEVER run `next build`" rule
(concrete failure this session) + "Dev server logs" section telling
Codex where to tail.
- .claude/hooks/verify-ui-changes.mjs: voice gate skips e2e/ and
__tests__/ (TypeScript test code uses `error.stack`, `error.message`
etc. legitimately — voice rules are for user-facing copy only).
COPY-SNAPSHOT gate skips when a sibling page.logged-*.md was
regenerated after the staged .tsx mtime.
- .claude/safety-gate.mjs: blocked-pattern check runs first
(CodeRabbit/claude-review on PR #79 flagged the prior ordering bug).
- CLAUDE.md HVD #2: dev server orchestrator pre-warms with stdout/
stderr redirect to packages/web/.dev-server.log; dispatch prompts
pass the log path to Codex.
- TODO.md: handoff/decision notes preserved.
magic-link-email.test.ts rewritten to test pure host-dispatch helpers
instead of mocking sendReactEmail and asserting on the mock. Test the
boundary, not the wiring.
monthly-chain-digest.server.ts uses Person.displayName only (no
user.email fallback) per the Display Identity rule.
Email snapshots regenerated post-render.
qa-passed: skipped — manual revert + simplification, typecheck:fast clean. GitHub Actions web-validate is the verifier.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
mikepsinn
added a commit
that referenced
this pull request
May 14, 2026
Per Mike: Codex agents should be able to verify their work against the dev server's actual stderr, not just HTTP status codes. Pages return 200 with runtime errors hidden in the log (e.g., this session: /dev/email/* returns 200 while emitting "Attempted to call EmailRenderSurface() from the server" — fix looked verified by status alone). - CLAUDE.md HVD #2: orchestrator pre-warms with stdout/stderr redirect to packages/web/.dev-server.log; dispatch prompts include the path. - .claude/codex-delegation.md: new "Dev server logs" subsection with the redirect command + the dispatch-prompt language Codex needs to tail and grep the log after each route load. - .gitignore: .dev-server.log and .next.stale-* (saw a stale-* dir appear and get committed by accident this session). qa-passed: skipped — pure meta-config (CLAUDE.md, .claude/, .gitignore) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
mikepsinn
added a commit
that referenced
this pull request
May 14, 2026
The user's pushback last interval was right: most of the "fixes" Codex
piled on this session were treating dev-server-state symptoms, not real
production bugs. Production-build static-gen of every page passes
without any of them. Reverting the cruft, keeping only the genuine
fixes.
REVERTED (cruft — treated symptoms of wedged dev-server / parallel
Playwright accident / Turbopack stale graph):
- packages/web/src/lib/auth/session-client.ts (useSession shim)
- per-component <SessionProvider> wraps on TreatyVoteFlow,
RepresentedPersonConversionForm, TaskShareButtons
- adaptive/client.tsx, adaptive/server.ts, adaptive/types.ts,
adaptive/index.tsx, adaptive/__tests__/ (createAdaptiveComponent +
EmailRenderSurface + withRenderSurface — over-engineered for a
theoretical concurrent-render race that never reproduced under
healthy server conditions)
- ParameterValueWeb facade indirection (folded into ParameterValue.tsx
directly — the client component IS the public export, matching
origin/main's shape)
- ParameterValue.server.tsx / ParameterValueServer.tsx (both retracted)
KEPT (real architectural improvements):
- humanity-manager-promotion split: -content (single-source copy),
.web.tsx (Dialog values), .email.tsx (link values, inline styles).
Each render path explicitly picks the right ParameterValue variant.
- ParameterValue.tsx: simplified to the direct client Dialog component
with formatParameterValueText / hasParameterMetadata helpers in
ParameterValue.core.ts and a sibling ParameterValueEmail.tsx for
server-safe email rendering.
- adaptive/email-styles.ts: kept (it's just style constants, not
routing logic; used by email modules).
VISUAL-STABILITY FIXES (real pre-existing branch latent bugs surfaced
this session):
- Footer.tsx: wrap description block in <div> not <p>. <p> + Radix
Dialog children triggered HTML reparse → hydration mismatch.
- civilization-os-loader.tsx: drop styled-jsx (which forces a client
boundary) in favor of plain <style> tags so server `loading.tsx`
callers stay server-safe.
- /api/auth/post-signin/route.ts: parse empty body as `{}` instead of
throwing SyntaxError. Real pre-existing bug; route test added.
- visual-regression.spec.ts: retain pageerror.stack on capture so
intermittent React errors give source locations.
- visual-routes.ts: /employees uses a deterministic data-visual-section
selector instead of an overdue-count-dependent text match (CI seed
coverage gap had been masking the section-deletion guard).
- post-signin route fix has a focused route test.
ALSO IN THIS COMMIT (orthogonal meta-tooling that piled up):
- .codex/hooks/* and .codex/hooks.json deleted (Mike's call: prefer
Claude-Code-side hooks, fewer agent guardrails for Codex).
- New .claude/hooks/codex-dispatch-blather.mjs (blocks Codex prompts
with > 3 enumeration items per [[state-the-goal-not-the-script]]).
- .claude/codex-delegation.md: new "NEVER run `next build`" rule
(concrete failure this session) + "Dev server logs" section telling
Codex where to tail.
- .claude/hooks/verify-ui-changes.mjs: voice gate skips e2e/ and
__tests__/ (TypeScript test code uses `error.stack`, `error.message`
etc. legitimately — voice rules are for user-facing copy only).
COPY-SNAPSHOT gate skips when a sibling page.logged-*.md was
regenerated after the staged .tsx mtime.
- .claude/safety-gate.mjs: blocked-pattern check runs first
(CodeRabbit/claude-review on PR #79 flagged the prior ordering bug).
- CLAUDE.md HVD #2: dev server orchestrator pre-warms with stdout/
stderr redirect to packages/web/.dev-server.log; dispatch prompts
pass the log path to Codex.
- TODO.md: handoff/decision notes preserved.
magic-link-email.test.ts rewritten to test pure host-dispatch helpers
instead of mocking sendReactEmail and asserting on the mock. Test the
boundary, not the wiring.
monthly-chain-digest.server.ts uses Person.displayName only (no
user.email fallback) per the Display Identity rule.
Email snapshots regenerated post-render.
qa-passed: skipped — manual revert + simplification, typecheck:fast clean. GitHub Actions web-validate is the verifier.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
mikepsinn
added a commit
that referenced
this pull request
May 16, 2026
- settings.json: register enforce-theory-of-mind-on-copy-edit.mjs on the Write matcher (was only on Edit/MultiEdit). Caught by CodeRabbit MAJOR, chatgpt-codex P1, and claude-review #2 — the hook script's own guard at line 81 explicitly accepts Write, and brand-new copy files created via Write were bypassing reader-simulation enforcement. - enforce-copy-review-before-commit.mjs: fix `git commit-tree` false positive. The previous `commit\b` regex matched `commit-tree` because `-` is a non-word char. Switch to a negative lookahead `commit(?!\S)` and add `-P` to the allowed config-prefix flags. (claude-review #1, Copilot #5.) - enforce-copy-review-before-commit.mjs: tighten the before/after heuristic. The prior `before…after` within 400 chars and `was…now` within 200 chars matched ordinary narrative prose ("before commit, review; after that, ship"), making the gate near-no-op. Require explicit labeled markers (**BEFORE:** / **AFTER:** or OLD: / NEW:) that match the template the hook prints on failure. (claude-review #3, Copilot #4, chatgpt-codex P2 — converges on marker-based.) - enforce-theory-of-mind-on-copy-edit.mjs: drop unnecessary capturing group in `\bblocker(s)?\b` → `\bblockers?\b`. (CodeRabbit nit.) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
9 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps next from 14.2.35 to 15.5.10.
Release notes
Sourced from next's releases.
Commits
60a2aa9v15.5.10e5b834dfetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)39a2f6afeat(next/image)!: addimages.maximumResponseBodyconfig (#88183)bf9f084Sync DoS mitigations for React Flightc5de33ev15.5.9dd23399Backport facebook/react#35351 for 15.5.8 (#87086)7526cd6v15.5.81e9ec41Update React Version (#41)16141e5Update React Version (#30)e01e589Backport Next.js changes to v15.5.8 (#23)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.