chore: upgrate nextJS version to avoid vulnerabilities

[aimensahnoun]

TL;DR

Upgraded Next.js from version 15.1.9 to 15.1.11.

What changed?

This PR updates the Next.js dependency from version 15.1.9 to 15.1.11 in both package.json and package-lock.json files. The corresponding @next/env package was also updated to match the new version.

How to test?

1. Pull the changes and run npm install
2. Start the development server with npm run dev
3. Verify that the application runs correctly with no regressions
4. Check that any Next.js specific features continue to work as expected

Why make this change?

Keeping Next.js up to date ensures we have the latest bug fixes, security patches, and performance improvements. Version 15.1.11 likely contains important fixes that will improve the stability and security of our application.

Summary by CodeRabbit

• Chores
  • Updated Next.js to the latest patch version for improved stability and performance.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Next.js dependency version updated from 15.1.9 to 15.1.11 in package.json. No other dependencies modified. No code changes or functional alterations.

Changes

Cohort / File(s)	Summary
Dependency update package.json	Bumped Next.js version from 15.1.9 to 15.1.11

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

• No functional code changes
• Single-line dependency version bump
• No impact on logic, control flow, or exports

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: upgrading Next.js to a newer version for security reasons. It is clear, specific, and directly related to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 12-12-chore_upgrate_nextjs_version_to_avoid_vulnerabilities

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0fd1de9 and 8f767bf.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*

⚙️ CodeRabbit configuration file

**/*: - Only comment on issues that would block merging — ignore minor or stylistic concerns.

• Restrict feedback to errors, security risks, or functionality-breaking problems.
• Do not post comments on code style, formatting, or non-critical improvements.
• Keep reviews short: flag only issues that make the PR unsafe to merge.
• Limit review comments to 3–5 items maximum, unless additional blockers exist.
• Group similar issues into a single comment instead of posting multiple notes.
• Skip repetition — if a pattern repeats, mention it once at a summary level only.
• Do not add general suggestions; focus strictly on merge-blocking concerns.
• If there are no critical problems, respond with minimal approval (e.g., 'Looks good'). Do not add additional review.
• Avoid line-by-line commentary unless it highlights a critical bug or security hole.
• Highlight only issues that could cause runtime errors, data loss, or severe maintainability issues.
• Ignore minor optimization opportunities — focus solely on correctness and safety.
• Provide a top-level summary of critical blockers rather than detailed per-line notes.
• Comment only when the issue must be resolved before merge — otherwise, remain silent.
• When in doubt, err on the side of fewer comments — brevity and blocking issues only.
• Avoid posting any refactoring issues

Files:

• package.json

🧠 Learnings (1)

📚 Learning: 2024-11-15T13:54:27.358Z

Learnt from: rodrigopavezi
Repo: RequestNetwork/invoicing-template PR: 67
File: next.config.mjs:4-7
Timestamp: 2024-11-15T13:54:27.358Z
Learning: In `next.config.mjs`, the externalization of `pino-pretty` in the webpack configuration is necessary for the application to run correctly.

Applied to files:

• package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (1)

package.json (1)

30-32: Verify React 18 compatibility with Next.js 15.1.11 in this repo

This repo is pinned to react/react-dom ^18 (Lines 31-32). Please confirm Next 15.1.11 works with your router mode and doesn’t require React 19 for your setup.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[aimensahnoun]

• chore: upgrate nextJS version to avoid vulnerabilities #116 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR performs a clean patch version upgrade of Next.js from 15.1.9 to 15.1.11, updating both the main package and the corresponding @next/env dependency with matching versions and correct integrity hashes.

• Upgraded next from 15.1.9 to 15.1.11 in package.json
• Updated @next/env to 15.1.11 to match the Next.js version
• All integrity hashes properly updated in package-lock.json
• No breaking changes expected in this patch version bump

Confidence Score: 5/5

• This PR is safe to merge with minimal risk - it's a straightforward patch version upgrade with no breaking changes
• Score reflects the nature of a patch version bump (15.1.9 → 15.1.11) which typically contains only bug fixes and security patches without breaking changes. The changes are limited to version numbers and integrity hashes, with proper consistency between next and @next/env versions. No code changes required.
• No files require special attention

Important Files Changed

File Analysis

Filename	Score	Overview
package.json	5/5	Updated next dependency from 15.1.9 to 15.1.11, straightforward patch version bump
package-lock.json	5/5	Lock file updated to reflect Next.js 15.1.11 with matching @next/env version, integrity hashes updated correctly

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant PM as Package Manager
    participant NPM as NPM Registry
    participant App as Next.js Application

    Dev->>PM: Update package.json (next: 15.1.11)
    Dev->>PM: Run npm install
    PM->>NPM: Fetch next@15.1.11
    PM->>NPM: Fetch @next/env@15.1.11
    NPM-->>PM: Return packages with integrity hashes
    PM->>PM: Verify integrity hashes
    PM->>PM: Update package-lock.json
    PM-->>Dev: Dependencies installed
    Dev->>App: Start application (npm run dev)
    App->>App: Load Next.js 15.1.11
    App-->>Dev: Application running with updated version

Loading

[greptile-apps]

_{1 file reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}