build(deps): bump next from 15.5.15 to 15.5.18#219
Conversation
Bumps [next](https://github.com/vercel/next.js) from 15.5.15 to 15.5.18. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.15...v15.5.18) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.18 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Size changesDetails📦 Next.js Bundle Analysis for react-devThis analysis was generated by the Next.js Bundle Analysis action. 🤖
|
| Page | Size (compressed) |
|---|---|
global |
116.59 KB (🟡 +206 B) |
Details
The global bundle is the javascript bundle that loads alongside every page. It is in its own category because its impact is much higher - an increase to its size means that every page on your website loads slower, and a decrease means every page loads faster.
Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis
If you want further insight into what is behind the changes, give @next/bundle-analyzer a try!
There was a problem hiding this comment.
Pull request overview
Updates the site’s Next.js dependency from 15.5.15 to 15.5.18 to pick up the upstream patch release, including multiple security fixes referenced in the PR description.
Changes:
- Bump
nextinpackage.jsonto15.5.18. - Refresh
yarn.lockto align transitive@next/*packages and platform SWC binaries with15.5.18.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| package.json | Updates the pinned Next.js version to 15.5.18. |
| yarn.lock | Updates lockfile entries for next@15.5.18 and related @next/* packages/binaries; removes 15.5.15 references. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Bumps next from 15.5.15 to 15.5.18.
Release notes
Sourced from next's releases.
Commits
9ff92cev15.5.1800ebe23[backport] Disable build caches for production/staging/force-preview deploys ...62c97abv15.5.17423623aTurbopack: Match proxy matchers with webpack implementation (#93594)fa78739Turbopack: Fix middleware matcher suffix (#93590)36e62c6[backport] Turbopack: more strict vergen setup (#93588)36589b5[backport][test] Pin package manager to patch versions (#93596)ad6fd4ev15.5.1679d7dffIgnore malformed CSP nonce headers (#103)c4f6908router-server: guard upgrade proxy against absolute-url SSRF (#77) (#102)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.