[Snyk] Upgrade next from 15.1.5 to 15.4.6

[kimsoo527]

Snyk has created this PR to upgrade next from 15.1.5 to 15.4.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 356 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	HTTP Request Smuggling SNYK-JS-NEXT-10598339	636	No Known Exploit
	Race Condition SNYK-JS-NEXT-10176058	636	Proof of Concept
	Use of Cache Containing Sensitive Information SNYK-JS-NEXT-12301496	636	No Known Exploit
	Missing Origin Validation in WebSockets SNYK-JS-NEXT-10259370	636	No Known Exploit
	Missing Source Correlation of Multiple Independent Data SNYK-JS-NEXT-12265451	636	No Known Exploit
	Improper Authorization SNYK-JS-NEXT-9508709	636	Mature

Release notes

Package name: next

• 15.4.6 - 2025-08-06
• 15.4.5 - 2025-07-29
• 15.4.4 - 2025-07-24
• 15.4.3 - 2025-07-22
• 15.4.2 - 2025-07-18
• 15.4.2-canary.56 - 2025-08-19
• 15.4.2-canary.55 - 2025-08-19
• 15.4.2-canary.54 - 2025-08-19
• 15.4.2-canary.53 - 2025-08-18
• 15.4.2-canary.52 - 2025-08-17
• 15.4.2-canary.51 - 2025-08-16
• 15.4.2-canary.50 - 2025-08-16
• 15.4.2-canary.49 - 2025-08-15
• 15.4.2-canary.48 - 2025-08-14
• 15.4.2-canary.47 - 2025-08-14
• 15.4.2-canary.46 - 2025-08-13
• 15.4.2-canary.45 - 2025-08-13
• 15.4.2-canary.44 - 2025-08-13
• 15.4.2-canary.43 - 2025-08-13
• 15.4.2-canary.42 - 2025-08-12
• 15.4.2-canary.41 - 2025-08-12
• 15.4.2-canary.40 - 2025-08-12
• 15.4.2-canary.39 - 2025-08-12
• 15.4.2-canary.38 - 2025-08-11
• 15.4.2-canary.37 - 2025-08-11
• 15.4.2-canary.36 - 2025-08-11
• 15.4.2-canary.35 - 2025-08-09
• 15.4.2-canary.34 - 2025-08-08
• 15.4.2-canary.33 - 2025-08-07
• 15.4.2-canary.32 - 2025-08-06
• 15.4.2-canary.31 - 2025-08-05
  

  Core Changes

  • fix: OTel root span should indicate error status on exceptions: #82212
  • [Cache Components] Allow span creation while prerendering: #82350
  • feat(turbopack): improve compile-time define value to support more data types and expr evaluation: #81042
  • [Pages] fix: _error page's req.url can be overwritten to dynamic param on minimal mode: #82347
  • [Pages] fix: use asPath for query-only navigation with useRouter: #82236
  • loader tree: add special segment name to virtual parallel route segments: #82383

  Misc Changes

  • Documentation: Removed reference to treeShaking in 08-turbopack.mdx: #82352
  • Turbopack: run styled-jsx after typescript transform: #82359
  • Turbopack: pass is_development to next_page_config: #82363
  • refactor(turbo-tasks-fs): change FS to_sys_path to be synchronous: #82341
  • Turbopack: clean up some old TODOs: #82364
  • Docs: Updating guides on PPR and ISR: #81307
  • fix(Turbopack): Address duplicated metadata image modules when they are impored: #82367
  • Bump swc to 35: #82237

  Credits

  Huge thanks to @ huperniketes, @ mischnic, @ xusd320, @ devjiwonchoi, @ MichalMoravik, @ gnoff, @ Cy-Tek, and @ ztanner for helping!

• 15.4.2-canary.30 - 2025-08-04
  

  Core Changes

  • fix: next/root-params erroring when rerendering after action: #82326
  • Remove params from segment path: #82249
  • Upgrade React from c260b38d-20250731 to be11cb5c-20250804: #82339

  Example Changes

  • docs: Improve Content Security Policy documentation: #80580

  Misc Changes

  • Turbopack: set env in tracing context: #75254
  • [test] Update snapshots: #82327
  • chore: fix eslint-typechecked-require with template: #82328
  • docs: add React Developer Tools section for debugging: #82320
  • docs: Clarify revalidatePath : #82142
  • Turbopack: Update jsonc-parser, dedupe with SWC: #82343
  • [turbopack] vibecode a benchmark runner for module-cost: #82287

  Credits

  Huge thanks to @ mischnic, @ eps1lon, @ lubieowoce, @ PuppyOne, @ acdlite, @ icyJoseph, @ bgw, and @ lukesandberg for helping!

• 15.4.2-canary.29 - 2025-08-03
  

  Core Changes

  • Update font data: #82292

  Credits

  Huge thanks to @ vercel-release-bot for helping!

• 15.4.2-canary.28 - 2025-08-02
  

  Core Changes

  • feat: automatically generate route types: #81396
  • [Cache Components] Reset PrerenderStore after generating RSC payload: #82286
  • Include eslint-plugin-react-hooks in React sync: #82294
  • [devtools] Remove unnecessary cascading update: #82295
  • Turbopack: name the module factory function: #73553

  Misc Changes

  • Turbopack: Remove the lazy-regex dependency: #82288
  • Turbopack: move block offsets from header to footer: #82047
  • Turbopack: Streaming write of SST files: #82048
  • [turbopack] Use Arrays instead of objects to bootstrap chunks: #81877

  Credits

  Huge thanks to @ bgub, @ bgw, @ gnoff, @ sokra, @ eps1lon, and @ lukesandberg for helping!

• 15.4.2-canary.27 - 2025-08-01
  

  Core Changes

  • Turbopack: Compact only at the end for short sessions: #82224
  • feat: add fallback root params support for prefetch segment data routes: #82282
  • feat: add route context to prerender error messages: #82283

  Misc Changes

  • docs: to indicate that redirect can be used in both server and client…: #82092
  • Turbopack: improve compression dictionary generation: #80061
  • test: reduce artificial timeouts in runtime prefetch tests: #82276
  • Turbopack: fix glob with empty alternative branch: #82275
  • [turbopack] Optimize ESM exports: #82214
  • [turbopack] Fix a snapshot test: #82281
  • [turbopack] Avoid calling find_server_entries in the whole_app_module_graph case: #81943
  • docs: Add Tolgee to app router localization resources: #81366
  • Update Rspack development test manifest: #82268
  • Update Rspack production test manifest: #82267

  Credits

  Huge thanks to @ sokra, @ candymask0712, @ lubieowoce, @ mischnic, @ lukesandberg, @ wyattjoh, @ stepan662, and @ vercel-release-bot for helping!

• 15.4.2-canary.26 - 2025-08-01
  

  Core Changes

  • Mark bun builtin modules as external (fixes #75220): #77616

  Misc Changes

  • [turbopack] Adopt rcstr! more consistently: #80552
  • Turbopack: use mimalloc v3: #82221
  • Turbopack: no need to avoid allocations anymore: #82222
  • Turbopack: ensure max merge segments is respected accros families: #82223

  Credits

  Huge thanks to @ lukesandberg, @ sokra, and @ Jarred-Sumner for helping!

• 15.4.2-canary.25 - 2025-07-31
  

  Core Changes

  • Upgrade React from 9784cb37-20250730 to c260b38d-20250731: #82247
  • [Cache Components] Runtime prefetching: #81088
  • Parse dynamic params on the client: #82185

  Misc Changes

  • fix: turbopack loader ipc field mapping: #82112
  • Turbopack: fix dev test manifest: #82241
  • fix(Turbopack): Fix duplicated layout rendering in edge cases: #81948

  Credits

  Huge thanks to @ dlehmhus, @ mischnic, @ Cy-Tek, @ lubieowoce, and @ acdlite for helping!

• 15.4.2-canary.24 - 2025-07-31
  

  Core Changes

  • Fix: Don't bail out of prefetch if head is missing: #82216

  Misc Changes

  • Turbopack: implement shutdown for backing storage correct: #82220
  • Update Rspack development test manifest: #82227

  Credits

  Huge thanks to @ acdlite, @ sokra, and @ vercel-release-bot for helping!

• 15.4.2-canary.23 - 2025-07-31
  

  Core Changes

  • Revert "Initial MCP implementation (#81770)": #82217
  • Revert "Upgrade @ vercel og (#82201)": #82219

  Misc Changes

  • Update Rspack production test manifest: #82108
  • Update Rspack development test manifest: #82192

  Credits

  Huge thanks to @ vercel-release-bot, @ sokra, and @ huozhi for helping!

• 15.4.2-canary.22 - 2025-07-30
  

  Core Changes

  • allow root params access in private caches: #82125
  • [devtool] bump base-ui to 1.0.0-beta.2: #82206
  • Upgrade @ vercel og: #82201
  • Upgrade React from 9be531cd-20250729 to 9784cb37-20250730: #82207
  • Fix: the unexpected clearing of symbolic link directories: #82191
  • [next-dev] Set TURBOPACK env before loading config: #82162
  • fix: display multiple lockfile warn if neither outputFileTracingRoot or turbopack.root option is provided: #82164

  Misc Changes

  • Turbopack: Use Path/PathBuf for all of the invalidation logic: #82132
  • Turbopack: Use a BTreeMap in InvalidatorMap to avoid many O(n) traversals when finding child paths: #82133
  • Turbopack: Watch the root and every parent directory in non-recursive mode: #82129
  • Turbopack: Remove unused ignored_subpaths feature from DiskWatcher: #82210
  • Grammar fix on forms.mdx: #82209

  Credits

  Huge thanks to @ lubieowoce, @ huozhi, @ bgw, @ startracex, @ chadfennell, and @ devjiwonchoi for helping!

• 15.4.2-canary.21 - 2025-07-30
• 15.4.2-canary.20 - 2025-07-29
• 15.4.2-canary.19 - 2025-07-28
• 15.4.2-canary.18 - 2025-07-26
• 15.4.2-canary.17 - 2025-07-25
• 15.4.2-canary.16 - 2025-07-24
• 15.4.2-canary.15 - 2025-07-23
• 15.4.2-canary.14 - 2025-07-22
• 15.4.2-canary.13 - 2025-07-22
• 15.4.2-canary.12 - 2025-07-21
• 15.4.2-canary.11 - 2025-07-21
• 15.4.2-canary.10 - 2025-07-19
• 15.4.2-canary.9 - 2025-07-18
• 15.4.2-canary.8 - 2025-07-18
• 15.4.2-canary.7 - 2025-07-17
• 15.4.2-canary.6 - 2025-07-17
• 15.4.2-canary.5 - 2025-07-16
• 15.4.2-canary.4 - 2025-07-16
• 15.4.2-canary.3 - 2025-07-16
• 15.4.2-canary.2 - 2025-07-16
• 15.4.2-canary.1 - 2025-07-15
• 15.4.2-canary.0 - 2025-07-14
• 15.4.1 - 2025-07-14
• 15.4.0 - 2025-05-30
• 15.4.0-canary.130 - 2025-07-14
• 15.4.0-canary.129 - 2025-07-13
• 15.4.0-canary.128 - 2025-07-12
• 15.4.0-canary.127 - 2025-07-11
• 15.4.0-canary.126 - 2025-07-11
• 15.4.0-canary.123 - 2025-07-09
• 15.4.0-canary.122 - 2025-07-09
• 15.4.0-canary.121 - 2025-07-09
• 15.4.0-canary.120 - 2025-07-09
• 15.4.0-canary.119 - 2025-07-08
• 15.4.0-canary.118 - 2025-07-08
• 15.4.0-canary.116 - 2025-07-06
• 15.4.0-canary.115 - 2025-07-05
• 15.4.0-canary.114 - 2025-07-04
• 15.4.0-canary.113 - 2025-07-03
• 15.4.0-canary.112 - 2025-07-03
• 15.4.0-canary.111 - 2025-07-03
• 15.4.0-canary.110 - 2025-07-02
• 15.4.0-canary.109 - 2025-07-02
• 15.4.0-canary.108 - 2025-07-01
• 15.4.0-canary.107 - 2025-07-01
• 15.4.0-canary.106 - 2025-07-01
• 15.4.0-canary.105 - 2025-07-01
• 15.4.0-canary.104 - 2025-06-30
• 15.4.0-canary.103 - 2025-06-29
• 15.4.0-canary.102 - 2025-06-27
• 15.4.0-canary.101 - 2025-06-27
• 15.4.0-canary.100 - 2025-06-26
• 15.4.0-canary.99 - 2025-06-26
• 15.4.0-canary.98 - 2025-06-26
• 15.4.0-canary.97 - 2025-06-26
• 15.4.0-canary.96 - 2025-06-25
• 15.4.0-canary.95 - 2025-06-24
• 15.4.0-canary.94 - 2025-06-23
• 15.4.0-canary.93 - 2025-06-23
• 15.4.0-canary.92 - 2025-06-22
• 15.4.0-canary.91 - 2025-06-21
• 15.4.0-canary.90 - 2025-06-21
• 15.4.0-canary.89 - 2025-06-20
• 15.4.0-canary.88 - 2025-06-20
• 15.4.0-canary.87 - 2025-06-19
• 15.4.0-canary.86 - 2025-06-18
• 15.4.0-canary.85 - 2025-06-18
• 15.4.0-canary.84 - 2025-06-16
• 15.4.0-canary.83 - 2025-06-14
• 15.4.0-canary.82 - 2025-06-13
• 15.4.0-canary.81 - 2025-06-13
• 15.4.0-canary.80 - 2025-06-12
• 15.4.0-canary.79 - 2025-06-11
• 15.4.0-canary.78 - 2025-06-11
• 15.4.0-canary.77 - 2025-06-11
• 15.4.0-canary.76 - 2025-06-10
• 15.4.0-canary.75 - 2025-06-10
• 15.4.0-canary.74 - 2025-06-10
• 15.4.0-canary.73 - 2025-06-09
• 15.4.0-canary.72 - 2025-06-08
• 15.4.0-canary.71 - 2025-06-07
• 15.4.0-canary.70 - 2025-06-06
• 15.4.0-canary.69 - 2025-06-06
• 15.4.0-canary.68 - 2025-06-05
• 15.4.0-canary.67 - 2025-06-04
• 15.4.0-canary.66 - 2025-06-04
• 15.4.0-canary.65 - 2025-06-04
• 15.4.0-canary.64 - 2025-06-04
• 15.4.0-canary.63 - 2025-06-03
• 15.4.0-canary.62 - 2025-06-03
• 15.4.0-canary.61 - 2025-06-01
• 15.4.0-canary.60 - 2025-05-31
• 15.4.0-canary.59 - 2025-05-30
• 15.4.0-canary.58 - 2025-05-30
• 15.4.0-canary.57 - 2025-05-29
• 15.4.0-canary.56 - 2025-05-28
• 15.4.0-canary.55 - 2025-05-27
• 15.4.0-canary.54 - 2025-05-27
• 15.4.0-canary.53 - 2025-05-26
• 15.4.0-canary.52 - 2025-05-25
• 15.4.0-canary.51 - 2025-05-24
• 15.4.0-canary.50 - 2025-05-23
• 15.4.0-canary.49 - 2025-05-23
• 15.4.0-canary.48 - 2025-05-22
• 15.4.0-canary.47 - 2025-05-21
• 15.4.0-canary.46 - 2025-05-21
• 15.4.0-canary.45 - 2025-05-21
• 15.4.0-canary.44 - 2025-05-20
• 15.4.0-canary.43 - 2025-05-20
• 15.4.0-canary.42 - 2025-05-19
• 15.4.0-canary.41 - 2025-05-19
• 15.4.0-canary.40 - 2025-05-19
• 15.4.0-canary.39 - 2025-05-18
• 15.4.0-canary.38 - 2025-05-17
• 15.4.0-canary.37 - 2025-05-16
• 15.4.0-canary.36 - 2025-05-15
• 15.4.0-canary.35 - 2025-05-15
• 15.4.0-canary.34 - 2025-05-13
• 15.4.0-canary.33 - 2025-05-13
• 15.4.0-canary.31 - 2025-05-10
• 15.4.0-canary.30 - 2025-05-09
• 15.4.0-canary.29 - 2025-05-09
• 15.4.0-canary.28 - 2025-05-08
• 15.4.0-canary.27 - 2025-05-08
• 15.4.0-canary.26 - 2025-05-07
• 15.4.0-canary.24 - 2025-05-06
• 15.4.0-canary.23 - 2025-05-05
• 15.4.0-canary.22 - 2025-05-05
• 15.4.0-canary.21 - 2025-05-05
• 15.4.0-canary.20 - 2025-05-03
• 15.4.0-canary.19 - 2025-05-02
• 15.4.0-canary.18 - 2025-05-01
• 15.4.0-canary.17 - 2025-04-30
• 15.4.0-canary.16 - 2025-04-30
• 15.4.0-canary.15 - 2025-04-29
• 15.4.0-canary.14 - 2025-04-28
• 15.4.0-canary.13 - 2025-04-28
• 15.4.0-canary.12 - 2025-04-27
• 15.4.0-canary.11 - 2025-04-26
• 15.4.0-canary.10 - 2025-04-25
• 15.4.0-canary.9 - 2025-04-24
• 15.4.0-canary.8 - 2025-04-24
• 15.4.0-canary.7 - 2025-04-23
• 15.4.0-canary.6 - 2025-04-23
• 15.4.0-canary.5 - 2025-04-23
• 15.4.0-canary.4 - 2025-04-22
• 15.4.0-canary.3 - 2025-04-22
• 15.4.0-canary.2 - 2025-04-21
• 15.4.0-canary.1 - 2025-04-21
• 15.4.0-canary.0 - 2025-04-21
• 15.3.5 - 2025-07-03
• 15.3.4 - 2025-06-18
• 15.3.3 - 2025-05-29
• 15.3.2 - 2025-05-06
• 15.3.1 - 2025-04-17
• 15.3.1-canary.15 - 2025-04-19
• 15.3.1-canary.14 - 2025-04-18
• 15.3.1-canary.13 - 2025-04-17
• 15.3.1-canary.12 - 2025-04-17
• 15.3.1-canary.11 - 2025-04-16
• 15.3.1-canary.10

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
ways	Ready	Preview	Comment	Sep 5, 2025 8:37am
ways-h7kv	Ready	Preview	Comment	Sep 5, 2025 8:37am
ways-qihf	Ready	Preview	Comment	Sep 5, 2025 8:37am
ways-ul82	Ready	Preview	Comment	Sep 5, 2025 8:37am

[chatgpt-codex-connector]

Codex Review: Here are some suggestions.

About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you open a pull request for review, mark a draft as ready, or comment "@codex review". If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex fix this CI failure" or "@codex address that feedback".

[chatgpt-codex-connector]

[P1] Align lockfile entry with pinned Next.js version

The lockfile now declares the root dependency on next as ^15.4.6 while package.json pins it to 15.4.6. This mismatch will cause npm ci to fail because the lockfile no longer matches package.json, and it defeats the intent of pinning by allowing future installs to float to 15.?.x when the lockfile is regenerated. Update the lockfile so that the dependency spec matches the exact version in package.json.

Useful? React with 👍 / 👎.