Update dependency next to v15 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
next (source)	^14.2.20 -> ^15.0.0

GitHub Vulnerability Alerts

CVE-2025-29927

Impact

It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.

Patches

• For Next.js 15.x, this issue is fixed in 15.2.3
• For Next.js 14.x, this issue is fixed in 14.2.25
• For Next.js 13.x, this issue is fixed in 13.5.9
• For Next.js 12.x, this issue is fixed in 12.3.5
• For Next.js 11.x, consult the below workaround.

Note: Next.js deployments hosted on Vercel are automatically protected against this vulnerability.

Workaround

If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application.

Credits

• Allam Rachid (zhero;)
• Allam Yasser (inzo_)

CVE-2025-32421

Summary
We received a responsible disclosure from Allam Rachid (zhero) for a low-severity race-condition vulnerability in Next.js. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve pageProps data instead of standard HTML.

Learn more here

Credit
Thank you to Allam Rachid (zhero) for the responsible disclosure. This research was rewarded as part of our bug bounty program.

CVE-2025-48068

Summary

A low-severity vulnerability in Next.js has been fixed in version 15.2.2. This issue may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a malicious webpage while npm run dev is active.

Learn more: https://vercel.com/changelog/cve-2025-48068

Credit

Thanks to sapphi-red and Radman Siddiki for responsibly disclosing this issue.

---

Release Notes

vercel/next.js (next)

v15.2.2

Compare Source

Core Changes

• [dev-overlay] fix styling on overflow error messages, add button hover state: #​76771
• Fix: respond 405 status code on OPTIONS request to SSG page: #​76767
• [dev-overlay] Always show relative paths: #​76742
• [metadata] remove the duplicate metadata in the error boundary: #​76791
• Upgrade React from d55cc79b-20250228 to 443b7ff2-20250303: #​76804
• [dev-overlay] Ignore animations on page load: #​76834
• fix: remove useless set-cookie in action-handler: #​76839
• Turbopack: handle task cancelation: #​76831
• Upgrade React from 443b7ff2-20250303 to e03ac20f-20250305: #​76842
• add types for __next_app__ module loading functions: #​74566
• fix duplicated noindex when server action is triggered: #​76847
• fix: don't drop queued actions when navigating: #​75362
• [dev-overlay]: remove dependency on platform for focus trapping: #​76849
• Turbopack: Add turbopack_load_by_url: #​76814
• Add handling of origin in dev mode: #​76880
• [dev-overlay] Stop grouping callstack frames into ignored vs. not ignored: #​76861
• Upgrade React from e03ac20f-20250305 to 029e8bd6-20250306: #​76870
• [dev-overlay] Increase padding if no x button present: #​76898
• fix: prevent incorrect searchParams being applied on certain navs: #​76914
• [dev-overlay] Dim ignore-listed callstack frames when shown: #​76862

Example Changes

• chore(cna): update tailwind styles to be closer to non-tw cna: #​76647

Misc Changes

• Fix canary only warning for devlow-bench: #​76772
• [test] Add special placeholder if stackframes point into dist dir: #​76741
• [test] Use new Redbox matchers in pages/ service-side-dev-errors: #​76779
• [test] Use new Redbox matchers in app/ dynamic-error-trace: #​76783
• [test] Use new Redbox matchers in app/ owner-stack-invalid-element-type: #​76786
• [test] Use new Redbox matchers in app/ hook-functuon-names: #​76785
• [test] Use new Redbox matchers in app/ undefined-default-export: #​76781
• [test] Use new Redbox matchers in server-navigation-error: #​76787
• [test] Fix flaky error-recovery test: #​76789
• [test] Use new Redbox matchers in pages/ gssp-ssr-change-reloading: #​76788
• [docs] update Tailwind CSS installation and configuration instructions: #​76259
• docs: Tailwind v4: #​76801
• chore(docs): update minimumCacheTTL example to 31 days: #​76796
• Turbopack: improve sectioned source maps: #​76627
• [test] Use new Redbox matchers in pages/ middleware-errors: #​76797
• doc: use redirect in client components: #​76332
• [docs] document experimental viewTransition flag: #​76832
• docs(errors): remove confusing good-to-know since global-errors.tsx also show in dev as of 15.2: #​76825
• Turbopack: don't use HashMap in manifests: #​76833
• Update labeler.json: #​76828
• Fix missing turbo command for rust-check: #​76851
• fix(turbopack): Use correct SyntaxContext for __turbopack_esm__: #​73544
• Cleanup pure span handling: #​76846
• Turbopack: remove unused IncludeModulesModule: #​76868
• Update test snapshots for alternative bundler [5/n]: #​76617
• Update test snapshots for alternative bundler [6/n]: #​76768
• [test] Use next.browser instead of webdriver in pages/ client-navigation: #​76867
• fix(turbopack): Use vergen-git2 instead of shadow-rs for napi and next-api crates to fix stale git lock files: #​76773
• Revert "fix(turbopack): Use vergen-git2 instead of shadow-rs for napi and next-api crates to fix stale git lock files": #​76879
• build: Update swc_core to v16.4.0: #​76596
• docs: update Turbopack docs: #​76799
• build: Update lightningcss to v1.0.0-alpha.64: #​76856
• build: Fix warning: #​76890
• Turbopack: fix __dirname: #​76902
• Turbopack: deterministic server action order: #​76905
• docs: reword the docs of veiw transition flag: #​76841
• fix(turbopack): Use vergen-gitcl instead of shadow-rs (or vergen-git2) for napi and next-api crates to fix stale git lock files: #​76889
• Turbopack: ensure default layout is provided in default not-found entrypoint: #​76912
• chore(github): add moar labels: #​76922
• [test] Use new Redbox matchers in pages/ client-navigation/rendering: #​76798
• docs: fix create-next-app cli title: #​76908

Credits

Huge thanks to @​pranathip, @​gaojude, @​ijjk, @​eps1lon, @​Nayeem-XTREME, @​leerob, @​styfle, @​samcx, @​sokra, @​huozhi, @​raunofreiberg, @​mischnic, @​lubieowoce, @​unstubbable, @​ztanner, @​kdy1, @​timneutkens, @​wbinnssmith, @​bgw, and @​oscr for helping!

v15.2.1

Compare Source

Core Changes

• Unify Link and Form prefetching: #​76184
• Turbopack: Ensure server actions sourcemaps tests pass: #​76157
• [dev-overlay] control dark theme in one place: #​76528
• [dev-overlay] change css var for terminal: #​76590
• [dev-overlay] Discriminate stack frame settled typed: #​76517
• Remove obsolete sourcePackage references: #​76550
• refactor: remove unused variable in externals handling: #​76599
• fix: Add popular embedding libraries to serverExternalPackages: #​76574
• [Segment Cache] Implement hash-only navigations: #​76179
• Webpack: abstract away getting compilation spans: #​76579
• report compiler duration for webpack and improve numbers: #​76665
• [dev-overlay] fix dark theme missing close bracket: #​76672
• Remove revalidate property from incremental cache ctx for FETCH kind: #​76500
• [dev-overlay] fix: env name label style was out of sync with error type label: #​76668
• Turbopack: avoid celling source maps before minify: #​76626
• refactor(CI): Merge all four bundler test manifest scripts into one: #​76652
• [metadata] fix duplicate metadata for parallel routes: #​76669
• [Segment Cache] Omit from bundle if flag disabled: #​76622
• [Segment Cache] Support output: "export" mode: #​75671
• [Segment Cache] Refresh on same-page navigation: #​76223
• [metadata] re-enable streaming metadata with PPR: #​76119
• [Segment Cache] Search param fallback handling: #​75990
• [Segment Cache] Fix: canonicalURL omits origin: #​76444
• fix metadata basePath for manifest: #​76681
• Propagate expire time to cache-control header and prerender manifest: #​76207
• Show revalidate/expire columns in build output: #​76343
• Gate alternate bundler behind canary only: #​76634
• [dynamicIO] routes with dynamic segments should be able to be static in dev: #​76691
• [repo] upgrade ts 5.8.2: #​76709
• [metadata]: ensure metadata boundary is only rendered once on client nav: #​76692
• [metadata] clean up redudant options: #​76712
• Fix uniqueness detection for generateStaticParams: #​76713
• Upgrade React from 22e39ea7-20250225 to d55cc79b-20250228: #​76680
• [Turbopack] Compute module batches and use them for chunking: #​76133
• [Dev Tools] Improve keyboard interactions for menu & overlays: #​76754
• Keep server code out of browser chunks: #​76660
• Turbopack: inline minify into code generation and make it a plain function instead of a turbo tasks function: #​76628
• fix edge runtime asset fetch in pages api: #​76750
• Update use-cache-unknown-cache-kind.test.ts snapshot for alternate bundler: #​76682

Example Changes

• docs: fix reading params code blocks: #​76705

Misc Changes

• fix(rustdoc): Fix rustdoc warnings, block on rustdoc failures in CI: #​76448
• Update more global turbo CLI usage: #​76576
• docs: Node.js runtime support for Middleware: #​76556
• build: Update swc_core to v16.0.0: #​76414
• Turbopack: prevent panic in swc issue emitter: #​76595
• Unflake parallel-routes-revalidation test: #​76600
• Fix octokit.rest.issues.addLabels call: #​76601
• [test] Use new Redbox matchers in app/ error-recovery: #​76552
• [test] Use new Redbox matchers in pages/ ReactRefreshLogBox-app-doc: #​76551
• Run nightly bundler integration tests also with React 18: #​76606
• 15.2: Add version history for devIndicators and note on deprecated options: #​76611
• 15.2 docs: document missing htmlLimitedBots option: #​76616
• Update bundler production test manifest: #​76584
• Update bundler development test manifest: #​76585
• Fix test after CI switched to pnpm 10: #​76615
• chore(cna): fix theme extend for tailwind v4: #​76583
• [test] Use new Redbox matchers in app/ ReactRefreshLogBoxMisc: #​76563
• Don’t use native built-ins for additional bundler: #​76577
• Revert "Run nightly bundler integration tests also with React 18": #​76640
• Update bundler production test manifest: #​76643
• Update bundler development test manifest: #​76644
• Turbopack: dedupe middleware-manifest entries: #​76621
• Turbopack: Improve edge tests: #​76607
• Turbopack: add test test for css order: #​76675
• Turbopack: fix order of chunk items in cycles: #​76676
• [ci] Fix test-turbopack-integration not having any shards : #​76355
• Update Turbopack development test manifest: #​76658
• Update Turbopack production test manifest: #​76659
• fix(CI): Upload to areweturboyet immediately after a manifest is updated, not only on a fixed cron schedule: #​76688
• Update test snapshots for alternative bundler [4/n]: #​76578
• fix(turbopack): Fix analysis of private properties: #​76654
• Turbopack: Simplify emitDecoratorMetadata test: #​76678
• [test] Use new Redbox matchers in pages/ ReactRefreshRegression: #​76743
• [test] Remove describeVariants helper: #​76631
• [test] Fix flaky error-recovery test: #​76753
• [test] Use new Redbox matchers in app/ dynamic-error: #​76744
• [test] Use new Redbox matchers in app/ rsc-runtime-errors: #​76745
• Turbopack: avoid panic in module batches: #​76757
• Revert "test: temporarily disable after deploy test": #​74990
• toDisplayRedbox(): replace all occurrences of testDir: #​76618
• Fix: missing close brace in demo code: #​76549
• Disable flaky Turbopack tests: #​76760
• feat(CI): Revalidate vercel data cache on areweturboyet after uploading data to KV store: #​76693
• chore(github): move top prs and feature requests to different Slack channel: #​76764
• Fix flaky Bun test: #​76763

Credits

Huge thanks to @​acdlite, @​bgw, @​ijjk, @​molebox, @​kdy1, @​timneutkens, @​devjiwonchoi, @​mischnic, @​unstubbable, @​eps1lon, @​huozhi, @​philipithomas, @​delbaoliveira, @​samcx, @​wbinnssmith, @​sokra, @​gnoff, @​leerob, @​ztanner, @​raunofreiberg, @​lubieowoce, and @​LihaoWang for helping!

v15.2.0

Compare Source

Core Changes

• Fix unstable_allowDynamic when used with pnpm: #​73732
• [dynamicIO] use new heuristic to track whether server render is dynamic: #​73751
• Fix receiveExpiredTags not always called: #​73759
• error-overlay: Rename "Error" to "Issue": #​72817
• remove redundant segment collection call: #​73773
• Metadata resolvers can be fetched synchronously: #​73771
• Turbopack: migrate client references to single-graph-traversal: #​73322
• next-codemod: update gitignore file for parity for yarn recommendations: #​71963
• feat: error code: #​73332
• Detach next-error-code-swc-plugin from workspace: #​73806
• [CI] Prominent error message for check_error_codes: #​73807
• [Segment Cache] Add PPR header to segment prefetch: #​73756
• fix: path escaping issue on windows: #​73843
• Rename variables in LayoutRouter for clarity: #​73826
• [Segment Cache] Skip prefetched segments on server: #​73626
• [Segment Cache] No data on tree prefetch if no PPR: #​73767
• Remove segmentPath from RSC payload: #​73827
• build: better error if fetching AMP validator fails: #​73851
• Escape the '.' in '.json' when making static data routes.: #​73850
• fix(next@15): use the asset prefix when loading a CSS in App Router: #​72095
• Exclude .test. files from using error code plugin: #​73868
• Refactor telemetry API: #​73865
• Add additional error classes and error codes: #​73862
• refactor: collectAppPageSegments: #​73908
• cleanup unnecessary map in dev server: #​73745
• Retry manifest file loading only in dev mode: #​73900
• Turbopack: ignore empty NEXT_TURBOPACK_TRACING var: #​73903
• Ignore RSC fetch errors after hard navigation: #​73975
• Fix error code check in windows: #​73981
• Separate viewport and metadata in rsc and cache: #​73867
• Add feature flag for new dev overlay: #​73977
• Restore RSC fetch error handling after navigating back: #​73985
• refactor: make locales array immutable: #​74037
• fix: skip rendering dynamic root segment routes: #​74039
• refactor: cache lowercasing all the locales: #​74038
• Add SRI support for Node.js Runtime : #​73891
• Separate bots detection utils: #​74000
• docs: remove a duplicated word in redirect code comment: #​74043
• examples: update gitignore files for parity for yarn recommendations: #​71956
• chore: update turbopack document path in the warning message: #​72597
• Clean up react-dev-overlay before fork: #​74016
• chore(next/image): improve imgopt api bypass detection for unsupported images: #​73909
• [Segment Cache] Add CacheStatus.Empty: #​73667
• chore: move static paths utils into own folder: #​73928
• Delete unused GroupedStackFrames.tsx: #​74028
• [Segment Cache] Move cache key creation to client : #​73853
• feat: added partial shell generation using root params: #​73816
• feat: added error when there's missing root params in generateStaticParams: #​73933
• Remove parentRendered argument: #​73877
• Generate per-segment responses for any static page: #​73945
• feat: added fallback route params to prerender manifest: #​74004
• refactor(turbopack): Make various types directly or indirectly included in State<T> types into OperationValues and/or NonLocalValues: #​74008
• Fork react-dev-overlay for new UI: #​74017
• fix: added fallback source route to prerender manifest: #​74052
• Add storybook for UI testing: #​74032
• [Segment Cache] Support for non-PPR projects/pages: #​73960
• exclude .stories. and .test. files from taskfile watch and error plugin: #​74064
• Upgrade React from 7283a213-20241206 to 372ec00c-20241209: #​73749
• fix: aria attribute typo for error overlay: #​74074
• fix: set x-deployment-id to every middleware prefetch request: #​71193
• Add middleware handler for error code telemetry: #​74088
• Create ErrorOverlay component: #​74073
• fix(typed-routes): Fix route type fallback: #​73271
• Rename root-layout-missing-tags-error.tsx to pascal case: #​74089
• Turbopack: next/dynamic use transitions instead of AST analysis: #​73627
• [Turbopack] fix root and project path usages in a monorepo: #​73552
• support bun.lock as package manager lockfile: #​74056
• Stop sourcemapping function names: #​74085
• Move ErrorIndicator to separate file: #​74090
• Upgrade React from 372ec00c-20241209 to 518d06d2-20241219: #​74155
• used shared worker for lint & typecheck steps: #​74154
• chore(turbopack): Ignore no-vc-struct lint in trybuild proc macro tests: #​74110
• Use provided waitUntil for pending revalidates: #​74164
• Port ErrorPagination: #​74097
• Port LeftIcon RightIcon from ErrorPagination: #​74098
• Port ToolButtonsGroup: #​74099
• [Turbopack] fix import.meta.url in monorepo: #​72612
• refactor: rename the react client error callbacks module: #​74192
• Use ErrorOverlayLayout in Errors component: #​74107
• refactor: remove internal queries, move to request metadata: #​74100
• Fix accessing headers in progressively enhanced form actions: #​74196
• Use Geist font in Dev Overlay: #​74160
• [metadata] Align prefetch head type with head: #​74161
• refactor: error boundary rendering in app-render: #​74259
• [metadata] Merge the metadata resolve apis into one api: #​74191
• [DevOverlay] fix: restore pagination style: #​74296
• fix: update broken links in config-shared.d.ts: #​74122
• fix: fix typos in errors.json & create-component-tree.tsx: #​74471
• Safely retrieve router, improve page reload logic: #​74209
• docs: bump year: #​74475
• [DevOverlay] Remove Dialog Banner: #​74464
• [DevOverlay] Add color palette script: #​74465
• Fix: Preserve intentional percent encoding in search param for client nav: #​74473
• [DevOverlay] Implement New Overlay Layout with Bottom Stacks: #​74466
• [DevOverlay] Add error overlay footer and feedback: #​74472
• [DevOverlay] Remove temporary header children: #​74490
• fix: server functions x-forwarded-host possible multiple values: #​73701
• [DevOverlay] Pass footer message from error containers: #​74493
• feat(rsc): allow host or forwarded: #​74199
• [DevOverlay] Adjust border style for header and footer: #​74480
• feat(next/image): add support for images.qualities in next.config: #​74257
• Upgrade React from 518d06d2-20241219 to 3b009b4c-20250102: #​74492
• fix: add node internals stack frames to ignored list: #​73698
• chore: break calls to forEach into for loops: #​74523
• [DevOverlay] Add error message: #​74541
• [DevOverlay] Add error type label: #​74543
• feat: connect error rating buttons to telemetry API: #​74496
• [metadata] Move metadata rendering adjacent to page component: #​74262
• Delete set-cache-busting-search-param.test.ts: #​74561
• fix: enhance a11y, prevent double firing in error rating: #​74563
• fix: add aria-hidden to error overlay voting icons: #​74568
• Update font data: #​74572
• Upgrade React from 3b009b4c-20250102 to 3ce77d55-20250106: #​74557
• [metadata] Change the array head to single node in flight data: #​74299
• [DevOverlay] Add Toolbar: #​74555
• restore deleted comment in next-app-loader: #​74597
• Turbopack dev: Remove client to server websocket ping event: #​74584
• Fix prerender tags when notFound is called: #​74577
• fix: add prerender abort errors to unstable rethrow: #​74556
• Upgrade React from 3ce77d55-20250106 to 7b402084-20250107: #​74599
• fix: handle optional catchall parameters properly when deployed: #​74562
• refactor: generic dev build indicator: #​74615
• ensure custom cache handlers are preloaded: #​74622
• feat: dev build indicator for App Router: #​74618
• fix fetch lock not being consistently released: #​74623
• Ensure global cache handlers are used properly: #​74626
• Ensure custom Suspense boundaries in layouts resolve if they contain the page: #​74552
• test: exclude the ts testing files from tsconfig during local dev in nextjs repo: #​74647
• Remove unused dependencyFactory plugin code: #​74661
• test: do not log the changes for local dev tsconfig: #​74674
• [metadata] initial support of streaming metadata: #​74619
• Remove PPR feature check from Segment Cache client: #​74669
• [Segment Cache] Add act-inspired internal router testing helper: #​74668
• [Segment Cache] Background segment revalidation: #​74057
• Upgrade React from 7b402084-20250107 to 42687267-20250108: #​74649
• Indicate boolean value for configured experimental features on startup: #​74691
• Implement encryption key into turbopack as hash salt: #​72933
• Show numerical values for configured experimental features: #​74692
• Upgrade React from 42687267-20250108 to 74ea0c73-20250109: #​74693
• feat: DevToolsIndicator: #​74679
• Fix presentation when onerror receives an event without error: #​74643
• refactor: move the global client error code: #​74699
• fix: ts language server rule metadata should allow null: #​74704
• [DevTools] create error state for indicator: #​74717
• [DevOverlay] Add Basic Stories for Error Containers: #​74697
• Add experimental flag for View Transitions: #​74659
• [DevOverlay] Floating Header and Bottom Stacks: #​74581
• [DevOverlay] Add Pagination: #​74583
• Fix @​vercel/og license SPDX expression: #​74745
• [DevOverlay] Add Next.js version staleness indicator: #​74601
• Write errors.json fully formatted: #​74753
• [DevOverlay] Fix style details and correctly pass version info: #​74606
• [DevOverlay] Decouple Dialog component from Error Overlay: #​74638
• [DevOverlay] Apply Turbopack Styling: #​74636
• [DevOverlay] Add Call Stack: #​74658
• [DevOverlay] Add Runtime Error CodeFrame: #​74682
• Do not warn during build for supported modules in the Edge runtime: #​74752
• Ensure metadata doesn't break scroll-to-top on navigation: #​74748
• [Segment Cache] Fix stale time unit conversion: #​74759
• [metadata] add option of configuring ua of async metadata: #​74594
• SingleModuleGraph: yield edge weights during traversal: #​74620
• refactor(turbopack/next-api): Implement NonLocalValue for TracedDiGraph and SingleModuleGraph: #​74506
• Always display version indicator: #​74774
• Update font data: #​74777
• Upgrade React from 74ea0c73-20250109 to 056073de-20250109: #​74754
• [DevOverlay] Improve Storybook Structure: #​74764
• fix: always show indicator in app router: #​74758
• Upgrade React from 056073de-20250109 to 540efebc-20250112: #​74805
• [DevOverlay] Fix Style Regression: #​74768
• Fix output files warning by Turborepo: #​74811
• perf(lint): cache the returned regex result: #​74827
• Upgrade React from 540efebc-20250112 to cabd8a0e-20250113: #​74828
• feat: added rewrite headers after user-supplied rewrites: #​74776
• Add partial support for "use cache" in metadata route handlers: #​74835
• [DevOverlay] Hydration Error Code Frame: #​74822
• fix: when metadatabase is set we should not warn: #​74840
• [DevOverlay] Sync Terminal component with CodeFrame for Build Error: #​74831
• feat: animated dev build/render indicator: #​74833
• Fix mojibake in server action inputs (fixes #​74843): #​74845
• [DevOverlay] Add Turbopack story for Error Containers: #​74834
• Add pagination SEO link tags: #​74737
• chore: fix local development warnings inside next monorepo: #​74863
• fix: eslint rule of using img in metadata routes: #​74864
• Upgrade React from cabd8a0e-20250113 to b3a95caf-20250113: #​74868
• [Segment Cache] Support <Link prefetch={true}>: #​74172
• Remove unnecessary re render on link reveal: #​74670
• [Segment Cache] Cancel prefetch on viewport exit: #​74671
• [Segment Cache] Prioritize hovered links: #​74672
• Refine NextLogo Accessibility and Styling: #​74869
• Disable failed scroll restoration warning: #​74875
• Polish UI for dev indicator popover: #​74872
• [DevTools] Add CMD + . keyboard shortcut to show/hide: #​74878
• [DevOverlay] use buttons for interactive indicator row options: #​74887
• [DevOverlay] close popover/overlay on Esc: #​74889
• Skip client reference manifests for static metadata route handlers: #​74876
• Upgrade React from b3a95caf-20250113 to f0edf41e-20250115: #​74890
• fix: moved down segment path handling after cache headers are set: #​74893
• [Turbopack] improve task optimization: #​74837
• Ensure client reference manifest is traced for global not found page: #​74919
• Polish error feedback row: #​74880
• fix: static indicator for new overlay decoupled from appIsrStatus: #​74933
• [test] Avoid hydration errors in react-compiler tests: #​74928
• feat: write the segment path data out from the incremental cache: #​74892
• Track dynamic IO feature usage: #​74942
• Upgrade React from f0edf41e-20250115 to b158439a-20250115: #​74936
• Turbopack: chunk_group_multiple: #​74859
• [DevOverlay] Fix floating header invisble on small screen: #​74886
• rest errors queue after passing to handler: #​74982
• [DevOverlay] Keep pagination on Build Error: #​74905
• [Segment Cache] Evict client cache on revalidate: #​74874
• Upgrade React from b158439a-20250115 to 5b51a2b9-20250116: #​74993
• [DevOverlay] Gather Feedback per Error: #​74908
• Fix dev server ignores ENOENT error when loading page: #​65213
• refactor: updated route regexp handling to simplify: #​74996
• [DevOverlay] Rename file names to kebab: #​75000
• Fix dhat support for turbo dev: #​67166
• Fix missing revalidate with notFound(): #​75009
• fix: always ensure element before set to weakmap: #​75012
• Fix ping event being sent unintentionally for Pages Router with Turbopack: #​75030
• fix: don't memory-leak promises passed to waitUntil: #​75041
• refactor: include new option for including prefixes: #​75015
• Disable colormin feature from cssnano: #​53393
• types: improve types in app-index: #​75045
• feature(error): capture ssr error in overlay during dev: #​74983
• [DevOverlay] Polish new Error Overlay badge: #​74975
• [DevOverlay]: hook up issue click handlers in NextLogo: #​75069
• error when output: export is used with intercepting routes: #​75058
• Display global-error along dev overlay during development: #​75101
• [DevOverlay] Decouple Error Overlay with DevTools Indicator: #​74999
• [DevOverlay] Open Error Overlay when DevTools Indicator clicked: #​75025
• fix: be more defensive in useMergedRef: #​75088
• [Dev Badge] Focus states and fluid transitioning between states: #​75141
• polish indicator loading behaviour for new dev overlay: #​75149
• clean unused stop: #​75156
• [Segment Cache] Remove segment access tokens: #​75157
• [Segment Cache] Minimize special root key handling: #​75159
• [next:dev] fix: console error conflicting public file: #​75140
• [Turbopack] allow to disable source maps: #​75136
• Allow disabling HTTP request logs in dev server: #​74349
• [metadata] Fix streaming metadata was missing in ssr: #​75155
• fix(turbopack/napi): Flush optional task cache hit statistics upon completion of build: #​75122
• add hostname to default error boundary message: #​75151
• [Segment Cache] Predictable fallback param encoding: #​75166
• misc: remove authors section in the readme: #​75184
• Track use cache usage: #​75007
• Upgrade React from 5b51a2b9-20250116 to 9b62ee71-20250122: #​75187
• fix after export in next-types-plugin: #​75190
• fix: Merge link header from middleware with the ones from React: #​73431
• Restore and enhance error handling for hanging inputs in "use cache": #​74652
• Error handling for hanging promises in "use cache" closures: #​74750
• Fix source mapping of generated cache wrapper calls: #​74987
• [Turbopack] use new backend by default: #​72434
• eslint: allow ts extensions for config: #​75222
• Split entrypoint/route handling into separate dev and prod versions: #​75169
• [Segment Cache] Prioritize route trees over segments: #​75213
• Remove internal_disableSyncDynamicAPIWarnings flag: #​75231
• router.prefetch should not trigger a React update: #​75238
• [DevOverlay] Enable reactOwnerStack when newDevOverlay is enabled: #​75199
• fix: typeof msg should compare to object: #​75221
• [DevOverlay] Align old and new overlay: #​74935
• Introduce standalone experimental.useCache flag: [#​752

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
agent-app-95ln	❌ Failed (Inspect)			May 29, 2025 10:27pm

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
agent-playground-kitt	⬜️ Ignored (Inspect)	Visit Preview		May 29, 2025 10:27pm

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm.
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: next-plugin-preval@1.2.6
npm error Found: next@15.3.3
npm error node_modules/next
npm error   next@"^15.0.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer next@"^9 || ^10 || ^11 || ^12.0.0 || ^13 || ^14" from next-plugin-preval@1.2.6
npm error node_modules/next-plugin-preval
npm error   next-plugin-preval@"^1.2.6" from the root project
npm error
npm error Conflicting peer dependency: next@14.2.29
npm error node_modules/next
npm error   peer next@"^9 || ^10 || ^11 || ^12.0.0 || ^13 || ^14" from next-plugin-preval@1.2.6
npm error   node_modules/next-plugin-preval
npm error     next-plugin-preval@"^1.2.6" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2025-05-29T22_26_54_731Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2025-05-29T22_26_54_731Z-debug-0.log