[Snyk] Upgrade next from 13.4.11 to 15.0.1

[WontonSam]

Snyk has created this PR to upgrade next from 13.4.11 to 15.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 812 versions ahead of your current version.

• The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	169	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ZOD-5925617	169	Proof of Concept
	HTTP Request Smuggling SNYK-JS-NEXT-6828456	169	No Known Exploit
	Denial of Service (DoS) SNYK-JS-NEXT-7442548	169	No Known Exploit
	Uncontrolled Recursion SNYK-JS-NEXT-8186172	169	No Known Exploit
	Resource Exhaustion SNYK-JS-NEXT-6032387	169	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-NEXT-6828457	169	Proof of Concept
	Improper Input Validation SNYK-JS-POSTCSS-5926692	169	No Known Exploit

Release notes

Package name: next

• 15.0.1 - 2024-10-23
• 15.0.1-canary.3 - 2024-10-22
  

  Core Changes

  • fix: next package resolving in dev overlay: #71632
  • Improve type coverage of setup-dev-bundler: #71443
  • fix(turbo-tasks): Implement ValueDebugFormat for ResolvedVc: #71173
  • Add --turbopack CLI flag: #71657
  • [dynamicIO] detect metadata boundaries in dev using server component stacks: #71666

  Example Changes

  • chore: Update with-supabase to be compatible with Nextjs 15: #71631
  • Update Sanity example to next v15: #71640

  Misc Changes

  • react-sync: Automatically update peer dependencies in libraries: #71636
  • chore(docs): fix typo in image.mdx docs: #71647
  • docs: remove the canary note on instrumentation: #71649
  • test: fix async api tests: #71652
  • Enable source maps for pnpm debug: #71653
  • codemod(turbopack): Rewrite more Vc fields in structs as ResolvedVc: #71172

  Credits

  Huge thanks to @ huozhi, @ eps1lon, @ ivasilov, @ styfle, @ bgw, @ stipsan, @ timneutkens, and @ gnoff for helping!

• 15.0.1-canary.2 - 2024-10-22
  

  Core Changes

  • fix: handle terminal color in chrome console: #71581
  • [dynamicIO] Update prerender to use Fizz prerender: #71580
  • misc(next-upgrade): reuse process.cwd() value: #71558
  • [dynamicIO]: dev navigations should show disallowed dynamic errors: #71595
  • next-lint: Use ESLint v9 by default: #71371
  • fix: prevent router errors from being logged on the client: #71583

  Misc Changes

  • Turbopack: Always use blob: URLs for assets in middleware: #71471
  • fix: metadata image route Windows path escaping: #71615
  • fix: third-parties package peer dependency: #71620
  • Fix module_resolution: "nodenext" with mjs or cjs: #71635

  Credits

  Huge thanks to @ huozhi, @ gnoff, @ devjiwonchoi, @ ztanner, @ mischnic, and @ lubieowoce for helping!

• 15.0.1-canary.1 - 2024-10-21
  

  Core Changes

  • Avoid triggering memory leak false positive with makeHangingPromise: #71579
  • Upgrade React from 65a56d0e-20241020 to 69d4b800-20241021: #71568
  • avoid logging stacks for internal errors: #71575
  • Avoid server action endpoint function indirection: #71572

  Misc Changes

  • docs(ppr): remove v14 mention for ppr: #71498
  • docs: fix upgrade codemod command: #71578

  Credits

  Huge thanks to @ samcx, @ ztanner, @ gnoff, and @ unstubbable for helping!

• 15.0.1-canary.0 - 2024-10-21
  

  Core Changes

  • Reland "[dynamicIO] warn for disallowed dynamic in dev": #71567
  • next-upgrade: prompt (un)install only when there's a change: #71308
  • chore(next-codemod): remove @ next/font from optional Next.js packages to install: #71563
  • [dynamicIO] Avoid triggering memory leak false positive with makeHangingPromise: #71576

  Credits

  Huge thanks to @ gnoff and @ devjiwonchoi for helping!

• 15.0.0 - 2024-10-21
  

  Core Changes

  • refactor: next-flight-client-module-loader return conditions: #64348
  • Fix Server Action error logs for unhandled POST requests: #64315
  • Shared Revalidate Timings: #64370
  • Freeze loaded manifests: #64313
  • test: skip turbopack build test: #64356
  • Fix: css in next/dynamic component in edge runtime: #64382
  • Fix more Turbopack build tests: #64384
  • use pathToFileUrl to make esm import()s work with absolute windows paths: #64386
  • Improve rendering performance: #64408
  • Fix the method prop case in Server Actions transform: #64398
  • fix(next-lint): update option --report-unused-disable-directives to --report-unused-disable-directives-severity: #64405
  • Revert "Fix: css in next/dynamic component in edge runtime": #64442
  • default fetchCache to no-store when force-dynamic is set: #64145
  • router restore should take priority over pending actions: #64449
  • Fix client boundary inheritance for barrel optimization: #64467
  • improve turborepo caching: #64493
  • Update font data: #64481
  • BREAKING CHANGE: remove deprecated analyticsId from config, and the corresponding performance-relayer files and tests: #64199
  • feat: strip traceparent header from cachekey: #64499
  • Fix typo in dynamic-rendering.ts: #64365
  • fix(next): global not-found not working on multi-root layouts: #63053
  • chore(next): add keywords on package.json: #64173
  • Fix DynamicServerError not being thrown in fetch: #64511
  • fix: lib/helpers/install.ts to better support pnpm and properly respect root argument: #64418
  • fix(next): Metadata.openGraph values not resolving basic values when type is set: #63620
  • disable production chunking in dev: #64488
  • update turbopack: #64501
  • Turbopack: Allow client components to be imported in app routes: #64520
  • refactor: remove always truthy flag: #64522
  • Turbopack: don’t show long internal stack traces on build errors: #64427
  • next/script: Correctly apply async and defer props: #52939
  • chore(next/font): update @ capsizecss/metrics package: #64528
  • feat: add information that revalidate interval is in seconds: #64229
  • Typo "Minifer" in config.ts: #64359
  • Enhance types for Node and Edge envionments: #64454
  • feat: Add a validation for postcss with useLightningcss: #64379
  • fix HMR for cases where chunking changes: #64367
  • perf: improve Pages Router server rendering performance: #64461
  • Fix cjs client components tree-shaking: #64558
  • fix refresh behavior for discarded actions: #64532
  • fix: filter out middleware requests in logging: #64549
  • chore: remove unused rust dependencies: #62176
  • fix(next-swc): correctly set wasm fallback for known target triples: #64567
  • memoize layout router context: #64575
  • fix incorrect refresh request when basePath is set: #64589
  • fix TypeError edge-case for parallel slots rendered multiple times: #64271
  • Fix ASL bundling for dynamic css: #64451
  • Revert "fix(next): global not-found not working on multi-root layouts": #64601
  • chore(test): run related E2E deploy tests on PRs: #63763
  • Improve top level await coverage: #64508
  • Upgrade typescript to 5.3: #64043
  • add pathname normalizer for actions: #64592
  • Fix experimental/testmode by removing console.log: #64670
  • Don't output .test.ts files in next/font: #63472
  • Fix reporting when performance.measure doesn't exist (Edge): #64669
  • Reduce amount of data passed to collectBuildTraces: #59665
  • fix(next-server): 'quiet' setting delegate for custom server: #64512
  • Revert "chore(test): run related E2E deploy tests on PRs": #64682
  • update turbopack: #64686
  • Fix: resolve mixed re-exports module as cjs: #64681
  • Revert "fix TypeError edge-case for parallel slots rendered multiple times": #64690
  • Fix typo: 'serverComponentsExtenalPackages' should be 'serverComponentsExternalPackages': #64705
  • prevent erroneous route interception during lazy fetch: #64692
  • Add @ appsignal/nodejs to the external packages list: #64503
  • fix root page revalidation when redirecting in a server action: #64730
  • Clean-up fetch metrics tracking: #64746
  • [actions] Enforce body limit using Transform stream: #64694
  • Turbopack: Don’t show stack traces for internal modules: #64228
  • Reapply "chore(test): run related E2E deploy tests on PRs" (#64682): #64712
  • fix(fetch-cache): fix typo: #64786
  • fix: remove traceparent from cachekey should not remove traceparent from original object: #64727
  • fix interception route rewrite regex not supporting hyphenated segments: #64805
  • Disable ncc cache instead of cache cleaning: #64804
  • Move next-swc Turborepo config to packages/next-swc: #64789
  • build: Update swc_core to v0.90.33: #64553
  • Enable loading source maps for Next Server and React: #64527
  • fix: mixing namespace import and named import client components: #64809
  • fext(next): extend next.config for mdxRs support options: #64801
  • skip test_e2e_deploy_related when triggered from a fork: #64893
  • fix(fetch-cache): fix additional typo, add type & data validation: #64799
  • feat(next-core): support parsing matcher config object: #64678
  • Fix mixed exports in server component with barrel optimization: #64894
  • fix: improve tsconfig extends checks: #61413
  • Fix next/image usage in mdx: #64875
  • fix dynamic route interception not working when deployed with middleware: #64923
  • feat(turbopack): Handle fragments in requests: #64232
  • feat(turbopack): Check for duplicate parallel routes: #64181
  • Speed up createNext test suite isolation: #64909
  • fix(rewrites): support external rewrite destination: #64943
  • Ensure edge prerender-manifest is minimal: #64946
  • remove special-cased prefetch kind in dev mode: #64941
  • feat: support import attributes: #59480
  • NextJS App router: add isolated-vm to server-external-packages.json: #64749
  • Add next experimental-test command: #64352
  • Revert "feat: support import attributes": #65001
  • NODE_OPTIONS updates: #65006
  • Update React from 14898b6a9 to c3048aab4: #64798
  • initialize ALS with cookies in middleware: #65008
  • feat(next/image)!: remove squoosh in favor of sharp as optional dependency: #63321
  • fix: Workaround acorn bug/version issue by using SWC:

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.