[Snyk] Upgrade next from 12.3.4 to 15.0.2

[q1blue]

Snyk has created this PR to upgrade next from 12.3.4 to 15.0.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 1153 versions ahead of your current version.

• The recommended version was released on 22 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Uncontrolled Recursion SNYK-JS-NEXT-8186172	147	No Known Exploit
	Improper Input Validation SNYK-JS-POSTCSS-5926692	147	No Known Exploit
	Resource Exhaustion SNYK-JS-NEXT-6032387	147	Proof of Concept

Release notes

Package name: next

• 15.0.2 - 2024-10-29
  

  Core Changes

  • Read page name from work store in server module map proxy: #71669
  • codemod: should not transform when param is not used: #71664
  • [dynamicIO] complete refactor to prerender: #71687
  • fix: metadata image route normalize path posix for windows: #71673
  • next-codemod(upgrade): optional catch when missing dev script: #71598
  • Avoid server action function indirection in Turbopack: #71628
  • fix: exclude basePath in findSourceMapURL: #71719
  • fix: stack frame text color in dark mode: #71656
  • Fix: revert the bad node binary handling: #71723
  • next-codemod: add empty pnpm-workspace.yaml to test fixtures to bypass PNPM workspace checks: #71726
  • warn on sync access if dynamicIO is not enabled: #71696
  • Update React from 69d4b800-20241021 to 45804af1-20241021: #71718
  • next-upgrade: do not add --turbopack flag when --turbo exists in next dev: #71730
  • feat: stitch errors with react owner stack: #70393
  • [dynamicIO] update data access error and documentation: #71738
  • Test cached form action with revalidate: #71591
  • Upgrade React from 45804af1-20241021 to 28668d39-20241023: #71745
  • Fix race condition when setting client reference manifests: #71741
  • Fix fetch with no-store inside of use cache: #71754
  • Remove the bottom collapse button in dev overlay: #71658
  • [dynamicIO] unify cache filling and lazy-module warming: #71749
  • Don't filter out source location frames through RSC: #71752
  • fix undefined default export error msg: #71762
  • Upgrade React from 28668d39-20241023 to 1631855f-20241023: #71769
  • Enable owner stack in experimental build: #71716
  • feat: add experiment for sharpjs cpu flags: #71733
  • fix: handle server component replay error in error overlay: #71772
  • Don't error asking for prebuilt bundles: #71778
  • Replace turbopack://[project]/... sourcemap uris with file://... in development: #71489
  • misc: update source map paths for bundled Next.js runtime: #71779
  • [dynamicIO] refine error message and docs: #71781
  • next-upgrade: change --turbo to --turbopack if applicable: #71737
  • Show all diff when uncollapse: #71792
  • Sourcemap errors in terminal by default : #71444
  • Fully enable custom error callbacks for app router: #71794
  • Simplify Server Action Webpack plugin: #71721
  • ensure DIO development segment errors are cleared after correcting: #71811
  • Include sourceframe in errors logged in the terminal during development: #71803
  • [dynamicIO] update prerender cache scoping and cache warming for validation: #71822
  • only force stack frame color in tty: #71860
  • Add test for fetch with auth in use cache: #71768
  • Fix race with hot-reloader-client clearing overlay errors: #71771
  • Fix dynamic tracking in dev: #71867
  • Revert "Sourcemap errors in terminal by default (#71444)": #71868
  • Fix fetch caching inside of "use cache": #71793
  • Trace upload: only send traces for current session: #71838
  • Reland "Sourcemap errors in terminal by default": #71877
  • Implement information byte in Server Reference ID and other optimizations: #71463
  • fix: webpack build error on Windows: #71943
  • Run with --enable-source-maps by default in next dev: #71820
  • fix global-error styles: #71914
  • Use registerClientReference for ESM client component modules: #71968
  • Fix missing await of params when metadata is used with an image file: #71871
  • Upgrade React from 1631855f-20241023 to 02c0e824-20241028: #71979
  • Populate sourcemap ignoreList when Webpack is used: #71821
  • [dynamicIO] unify server and client prerender for non-ppr pathway: #71764
  • codemod: add separator to the parenthenese expr: #71993
  • Respect sourcemap's ignore list when printing errors in the terminal: #71908
  • fix console color to be compatible in chrome devtools: #71939
  • Delete obsolete codemod next-dynamic-access-named-export: #72016
  • fix: log the error instance modified extra location info: #71930
  • Compare error stack to dedupe error: #71798

  Example Changes

  • experimental.instrumentationHook is not necessary anymore: #71808
  • Add Jude to nextjs team: #71936

  Misc Changes

  • docs: fix broken link in Architecture/Turbopack documentation: #71412
  • test: migrate rest async api usage in tests: #71663
  • fix: docs for dynamic routing in next 15: #71531
  • Remove the 'new' keyword from the GET function sample code.: #71671
  • chore: fix wrong path of comments: #71682
  • docs(next-config): remove mention of appIsrStatus is on canary: #71695
  • react-sync: Ignore update notices from npm: #71717
  • Docs: Update default marker for fetch cache option: #71728
  • [docs] Fix page.tsx parameter types: #71680
  • [docs] Fix table.js containing TS code: #71677
  • docs(ppr): update note about ppr: #71697
  • docs lint: #71748
  • fixes error message asserts and lints: #71747
  • Fix docs for configuring Turbopack: #71755
  • docs(turbo): add experimental icon to turbo config section: #71761
  • feat(turbopack): Add __turbopack_original__ while tree shaking: #71547
  • test: re-enable test with note: #71789
  • Docs: Remove beta marker from Turbopack docs: #71796
  • Update docs 1: #71812
  • docs lint fixes: #71813
  • docs: remove "use cache" on before code snippet: #71815
  • Next docs broken links: #71823
  • [Turbopack] add optimization based on upper count: #71606
  • chore(turbo-tasks-backend): Use let instead of match for macro bindings: #71756
  • chore(turbo-tasks-backend): Remove collapsible-if lints: #71758
  • removing extra reference: #71853
  • codemod(turbopack): Rewrite Vc fields in structs as ResolvedVc (part 3): #71665
  • Update sync-dynamic-apis.mdx: #71907
  • codemod(turbopack): Rewrite Vc fields in structs as ResolvedVc (part 4): #71804
  • test: remove duplicated flaky test: #71967
  • docs: Fix typo in cacheLife configs in use-cache docs: #71921
  • Fix use cache example line highlights: #71883
  • Allow breakpoints to be set in packages/next/src/compiled: #71986
  • updated upgrade to v15 command in docs: #71643
  • codemod(turbopack): Rewrite Vc fields in structs as ResolvedVc (part 5): #71861
  • Clarify that streaming is blocked on generateMetadata for initial load: #71985
  • Docs: Add legacy tags: #71964
  • Docs: Fix broken link: #72021
  • (docs) use cache: Add text code formatting: #71999
  • docs: update file structure: #71951
  • Documentation Fix: Correct cacheTag Function Usage: #71912
  • correct expire calc & and Nested usage import in use-cache docs: #71899
  • Docs: Address internal use cache comments : #71981
  • Fix swc version mismatch when checking out an older version: #71978

  Credits

  Huge thanks to @ ytori, @ unstubbable, @ huozhi, @ SebassNoob, @ tatsuteb, @ Marukome0743, @ gnoff, @ samcx, @ devjiwonchoi, @ imprakharshukla, @ migueldamota, @ eps1lon, @ ztanner, @ timneutkens, @ cantemizyurek, @ sebmarkbage, @ padmaia, @ ijjk, @ styfle, @ wbinnssmith, @ feedthejim, @ kdy1, @ shuding, @ molebox, @ ismaelrumzan, @ sokra, @ bgw, @ timeyoutakeit, @ AdonisAgelis, @ chicoxyzzy, @ gaojude, @ elitalpa, @ t3dotgg, @ gaearon, @ nisabmohd, @ gadcam, @ delbaoliveira, @ bennettdams, @ wiscaksono, and @ Developerayo for helping!

• 15.0.2-canary.11 - 2024-10-29
  

  Core Changes

  • Upgrade React from 1631855f-20241023 to 02c0e824-20241028: #71979
  • Populate sourcemap ignoreList when Webpack is used: #71821
  • [dynamicIO] unify server and client prerender for non-ppr pathway: #71764
  • codemod: add separator to the parenthenese expr: #71993
  • Respect sourcemap's ignore list when printing errors in the terminal: #71908
  • fix console color to be compatible in chrome devtools: #71939
  • Delete obsolete codemod next-dynamic-access-named-export: #72016
  • fix: log the error instance modified extra location info: #71930
  • Compare error stack to dedupe error: #71798

  Misc Changes

  • codemod(turbopack): Rewrite Vc fields in structs as ResolvedVc (part 5): #71861
  • Clarify that streaming is blocked on generateMetadata for initial load: #71985
  • Docs: Add legacy tags: #71964
  • Docs: Fix broken link: #72021
  • (docs) use cache: Add text code formatting: #71999
  • docs: update file structure: #71951
  • Documentation Fix: Correct cacheTag Function Usage: #71912
  • correct expire calc & and Nested usage import in use-cache docs: #71899
  • Docs: Address internal use cache comments :

[changeset-bot]

⚠️ No Changeset found

Latest commit: be6c218

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR