[Snyk] Security upgrade next from 14.2.13 to 15.0.8

[snyk-io]

Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

• payment-components/next-js/package.json
• payment-components/next-js/pnpm-lock.yaml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-NEXT-15921797	635

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[snyk-io]

This major upgrade to Next.js v15 introduces significant breaking changes that require code modifications and careful review of application behavior.

Key Breaking Changes:

• Asynchronous Request APIs: Several previously synchronous APIs are now asynchronous and require await. This is a mandatory code change. Affected APIs include cookies(), headers(), draftMode(), and accessing params and searchParams in layouts and pages.

  • Example: const cookieStore = cookies() must be changed to const cookieStore = await cookies().

• Caching Behavior Changed: Caching is now opt-in instead of opt-out. fetch requests, GET Route Handlers, and client-side navigations are no longer cached by default. This change requires you to review your application's data fetching patterns to explicitly enable caching where needed to avoid performance regressions.

• React 19 and Node.js Version:

  • The minimum required Node.js version has been raised to 18.18.0.
  • Next.js 15 now requires React 19 for the App Router.

Recommendation:
Use the provided codemod tool (npx @next/codemod@canary upgrade latest) to help automate the migration of the new async APIs. Pay close attention to your application's caching strategy and test thoroughly to ensure performance and data freshness are not negatively impacted by the new defaults.

Source: Official Next.js 15 Upgrade Guide

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

⛔ Snyk checks have failed. 2 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (2)
⛔	Open Source Security	0	2	0	0	2 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[hivel-marco]

PR Complexity Score: 1.7 - Trivial

View Breakdown

• Lines Changed: 392
• Files Changed: 2
• Complexity Added: 0
• Raw Score: 13.84

Overview

This PR upgrades the payment-components/next-js app from Next.js 14.2.13 to 15.0.8.
The change aligns the payment components with the latest Next.js major release and updates the lockfile to pull in all corresponding transitive dependencies.

Key Changes

• Bumps the next dependency from 14.2.13 to 15.0.8 to adopt the latest Next.js features and fixes.
• Updates pnpm-lock.yaml to reflect the new Next.js version, including:
  • New/updated SWC platform binaries for Next 15.
  • Updated styled-jsx and @swc/helpers versions compatible with Next 15.
  • Addition of sharp and related platform-specific image and libvips packages as optional dependencies, used by Next 15.
  • Updated Node.js engine requirement for Next to ^18.18.0 || ^19.8.0 || >= 20.0.0.

Risks & Considerations

• Next.js 15 is a major release; breaking changes from 14.x may affect routing, data fetching, or build behaviour and should be validated in the app.
• The tighter Node.js engine requirement means environments running Node <18.18 or <20 may fail to install or run the app.
• New optional native/image-processing dependencies (sharp and associated platform builds) may introduce platform-specific install issues (especially in CI/CD or container builds) and should be tested across target environments.
• React remains on 18.x, but Next 15 adds optional compatibility with React 19; future React upgrades should be tested carefully with this Next version.

File-level change summary

File	Change summary
payment-components/next-js/package.json	Updates the next dependency from version 14.2.13 to 15.0.8.
payment-components/next-js/pnpm-lock.yaml	Regenerates the lockfile to align with Next.js 15, updating transitive dependencies, Node engine constraints, and adding new optional image-processing/native packages.