[Snyk] Upgrade next from 15.3.3 to 15.5.9

[orbuskila]

Snyk has created this PR to upgrade next from 15.3.3 to 15.5.9.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 249 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Server-side Request Forgery (SSRF) SNYK-JS-NEXT-12299318	329	Proof of Concept
	Deserialization of Untrusted Data SNYK-JS-NEXT-14400636	329	Proof of Concept
	Use of Cache Containing Sensitive Information SNYK-JS-NEXT-12301496	329	No Known Exploit
	Missing Source Correlation of Multiple Independent Data SNYK-JS-NEXT-12265451	329	No Known Exploit
	Arbitrary Code Injection SNYK-JS-NEXT-14173355	329	Mature
	Exposure of Sensitive System Information to an Unauthorized Control Sphere SNYK-JS-NEXT-14400644	329	No Known Exploit

Release notes

Package name: next

• 15.5.9 - 2025-12-11
  

  Please see the Next.js Security Update for information about this security patch.

• 15.5.8 - 2025-12-11
  

  v15.5.8

• 15.5.7 - 2025-12-03
• 15.5.6 - 2025-10-17
• 15.5.5 - 2025-10-13
• 15.5.4 - 2025-09-23
• 15.5.3 - 2025-09-10
• 15.5.2 - 2025-08-26
• 15.5.1 - 2025-08-26
• 15.5.1-canary.39 - 2025-09-10
• 15.5.1-canary.38 - 2025-09-10
• 15.5.1-canary.37 - 2025-09-09
• 15.5.1-canary.36 - 2025-09-09
• 15.5.1-canary.35 - 2025-09-08
• 15.5.1-canary.34 - 2025-09-08
• 15.5.1-canary.33 - 2025-09-08
• 15.5.1-canary.32 - 2025-09-07
• 15.5.1-canary.31 - 2025-09-06
• 15.5.1-canary.30 - 2025-09-05
• 15.5.1-canary.29 - 2025-09-05
• 15.5.1-canary.28 - 2025-09-04
• 15.5.1-canary.27 - 2025-09-04
• 15.5.1-canary.26 - 2025-09-04
• 15.5.1-canary.25 - 2025-09-03
• 15.5.1-canary.24 - 2025-09-02
• 15.5.1-canary.23 - 2025-09-01
• 15.5.1-canary.22 - 2025-08-31
• 15.5.1-canary.21 - 2025-08-30
• 15.5.1-canary.20 - 2025-08-29
• 15.5.1-canary.19 - 2025-08-29
• 15.5.1-canary.18 - 2025-08-29
• 15.5.1-canary.17 - 2025-08-28
• 15.5.1-canary.16 - 2025-08-28
• 15.5.1-canary.15 - 2025-08-28
• 15.5.1-canary.14 - 2025-08-27
• 15.5.1-canary.13 - 2025-08-27
• 15.5.1-canary.12 - 2025-08-27
• 15.5.1-canary.11 - 2025-08-26
• 15.5.1-canary.10 - 2025-08-26
• 15.5.1-canary.9 - 2025-08-26
• 15.5.1-canary.8 - 2025-08-25
• 15.5.1-canary.7 - 2025-08-24
• 15.5.1-canary.6 - 2025-08-23
• 15.5.1-canary.5 - 2025-08-22
• 15.5.1-canary.4 - 2025-08-21
• 15.5.1-canary.3 - 2025-08-21
• 15.5.1-canary.2 - 2025-08-20
• 15.5.1-canary.1 - 2025-08-20
• 15.5.1-canary.0 - 2025-08-20
• 15.5.0 - 2025-08-20
• 15.4.10 - 2025-12-11
  

  Please see the Next.js Security Update for information about this security patch.

• 15.4.9 - 2025-12-11
  

  v15.4.9

• 15.4.8 - 2025-12-03
• 15.4.7 - 2025-08-18
• 15.4.6 - 2025-08-06
• 15.4.5 - 2025-07-29
• 15.4.4 - 2025-07-24
• 15.4.3 - 2025-07-22
• 15.4.2 - 2025-07-18
• 15.4.2-canary.56 - 2025-08-19
• 15.4.2-canary.55 - 2025-08-19
• 15.4.2-canary.54 - 2025-08-19
• 15.4.2-canary.53 - 2025-08-18
• 15.4.2-canary.52 - 2025-08-17
• 15.4.2-canary.51 - 2025-08-16
• 15.4.2-canary.50 - 2025-08-16
• 15.4.2-canary.49 - 2025-08-15
• 15.4.2-canary.48 - 2025-08-14
• 15.4.2-canary.47 - 2025-08-14
• 15.4.2-canary.46 - 2025-08-13
• 15.4.2-canary.45 - 2025-08-13
• 15.4.2-canary.44 - 2025-08-13
• 15.4.2-canary.43 - 2025-08-13
• 15.4.2-canary.42 - 2025-08-12
• 15.4.2-canary.41 - 2025-08-12
• 15.4.2-canary.40 - 2025-08-12
• 15.4.2-canary.39 - 2025-08-12
• 15.4.2-canary.38 - 2025-08-11
• 15.4.2-canary.37 - 2025-08-11
• 15.4.2-canary.36 - 2025-08-11
• 15.4.2-canary.35 - 2025-08-09
• 15.4.2-canary.34 - 2025-08-08
• 15.4.2-canary.33 - 2025-08-07
• 15.4.2-canary.32 - 2025-08-06
• 15.4.2-canary.31 - 2025-08-05
• 15.4.2-canary.30 - 2025-08-04
• 15.4.2-canary.29 - 2025-08-03
• 15.4.2-canary.28 - 2025-08-02
• 15.4.2-canary.27 - 2025-08-01
• 15.4.2-canary.26 - 2025-08-01
• 15.4.2-canary.25 - 2025-07-31
• 15.4.2-canary.24 - 2025-07-31
• 15.4.2-canary.23 - 2025-07-31
• 15.4.2-canary.22 - 2025-07-30
• 15.4.2-canary.21 - 2025-07-30
• 15.4.2-canary.20 - 2025-07-29
• 15.4.2-canary.19 - 2025-07-28
• 15.4.2-canary.18 - 2025-07-26
• 15.4.2-canary.17 - 2025-07-25
• 15.4.2-canary.16 - 2025-07-24
• 15.4.2-canary.15 - 2025-07-23
• 15.4.2-canary.14 - 2025-07-22
• 15.4.2-canary.13 - 2025-07-22
• 15.4.2-canary.12 - 2025-07-21
• 15.4.2-canary.11 - 2025-07-21
• 15.4.2-canary.10 - 2025-07-19
• 15.4.2-canary.9 - 2025-07-18
• 15.4.2-canary.8 - 2025-07-18
• 15.4.2-canary.7 - 2025-07-17
• 15.4.2-canary.6 - 2025-07-17
• 15.4.2-canary.5 - 2025-07-16
• 15.4.2-canary.4 - 2025-07-16
• 15.4.2-canary.3 - 2025-07-16
• 15.4.2-canary.2 - 2025-07-16
• 15.4.2-canary.1 - 2025-07-15
• 15.4.2-canary.0 - 2025-07-14
• 15.4.1 - 2025-07-14
• 15.4.0 - 2025-05-30
• 15.4.0-canary.130 - 2025-07-14
• 15.4.0-canary.129 - 2025-07-13
• 15.4.0-canary.128 - 2025-07-12
• 15.4.0-canary.127 - 2025-07-11
• 15.4.0-canary.126 - 2025-07-11
• 15.4.0-canary.123 - 2025-07-09
• 15.4.0-canary.122 - 2025-07-09
• 15.4.0-canary.121 - 2025-07-09
• 15.4.0-canary.120 - 2025-07-09
• 15.4.0-canary.119 - 2025-07-08
• 15.4.0-canary.118 - 2025-07-08
• 15.4.0-canary.116 - 2025-07-06
• 15.4.0-canary.115 - 2025-07-05
• 15.4.0-canary.114 - 2025-07-04
• 15.4.0-canary.113 - 2025-07-03
• 15.4.0-canary.112 - 2025-07-03
• 15.4.0-canary.111 - 2025-07-03
• 15.4.0-canary.110 - 2025-07-02
• 15.4.0-canary.109 - 2025-07-02
• 15.4.0-canary.108 - 2025-07-01
• 15.4.0-canary.107 - 2025-07-01
• 15.4.0-canary.106 - 2025-07-01
• 15.4.0-canary.105 - 2025-07-01
• 15.4.0-canary.104 - 2025-06-30
• 15.4.0-canary.103 - 2025-06-29
• 15.4.0-canary.102 - 2025-06-27
• 15.4.0-canary.101 - 2025-06-27
• 15.4.0-canary.100 - 2025-06-26
• 15.4.0-canary.99 - 2025-06-26
• 15.4.0-canary.98 - 2025-06-26
• 15.4.0-canary.97 - 2025-06-26
• 15.4.0-canary.96 - 2025-06-25
• 15.4.0-canary.95 - 2025-06-24
• 15.4.0-canary.94 - 2025-06-23
• 15.4.0-canary.93 - 2025-06-23
• 15.4.0-canary.92 - 2025-06-22
• 15.4.0-canary.91 - 2025-06-21
• 15.4.0-canary.90 - 2025-06-21
• 15.4.0-canary.89 - 2025-06-20
• 15.4.0-canary.88 - 2025-06-20
• 15.4.0-canary.87 - 2025-06-19
• 15.4.0-canary.86 - 2025-06-18
• 15.4.0-canary.85 - 2025-06-18
• 15.4.0-canary.84 - 2025-06-16
• 15.4.0-canary.83 - 2025-06-14
• 15.4.0-canary.82 - 2025-06-13
• 15.4.0-canary.81 - 2025-06-13
• 15.4.0-canary.80 - 2025-06-12
• 15.4.0-canary.79 - 2025-06-11
• 15.4.0-canary.78 - 2025-06-11
• 15.4.0-canary.77 - 2025-06-11
• 15.4.0-canary.76 - 2025-06-10
• 15.4.0-canary.75 - 2025-06-10
• 15.4.0-canary.74 - 2025-06-10
• 15.4.0-canary.73 - 2025-06-09
• 15.4.0-canary.72 - 2025-06-08
• 15.4.0-canary.71 - 2025-06-07
• 15.4.0-canary.70 - 2025-06-06
• 15.4.0-canary.69 - 2025-06-06
• 15.4.0-canary.68 - 2025-06-05
• 15.4.0-canary.67 - 2025-06-04
• 15.4.0-canary.66 - 2025-06-04
• 15.4.0-canary.65 - 2025-06-04
• 15.4.0-canary.64 - 2025-06-04
• 15.4.0-canary.63 - 2025-06-03
• 15.4.0-canary.62 - 2025-06-03
• 15.4.0-canary.61 - 2025-06-01
• 15.4.0-canary.60 - 2025-05-31
• 15.4.0-canary.59 - 2025-05-30
• 15.4.0-canary.58 - 2025-05-30
• 15.4.0-canary.57 - 2025-05-29
• 15.4.0-canary.56 - 2025-05-28
• 15.4.0-canary.55 - 2025-05-27
• 15.4.0-canary.54 - 2025-05-27
• 15.4.0-canary.53 - 2025-05-26
• 15.4.0-canary.52 - 2025-05-25
• 15.4.0-canary.51 - 2025-05-24
• 15.4.0-canary.50 - 2025-05-23
• 15.4.0-canary.49 - 2025-05-23
• 15.4.0-canary.48 - 2025-05-22
• 15.4.0-canary.47 - 2025-05-21
• 15.4.0-canary.46 - 2025-05-21
• 15.4.0-canary.45 - 2025-05-21
• 15.4.0-canary.44 - 2025-05-20
• 15.4.0-canary.43 - 2025-05-20
• 15.4.0-canary.42 - 2025-05-19
• 15.4.0-canary.41 - 2025-05-19
• 15.4.0-canary.40 - 2025-05-19
• 15.4.0-canary.39 - 2025-05-18
• 15.4.0-canary.38 - 2025-05-17
• 15.4.0-canary.37 - 2025-05-16
• 15.4.0-canary.36 - 2025-05-15
• 15.4.0-canary.35 - 2025-05-15
• 15.4.0-canary.34 - 2025-05-13
• 15.4.0-canary.33 - 2025-05-13
• 15.4.0-canary.31 - 2025-05-10
• 15.4.0-canary.30 - 2025-05-09
• 15.4.0-canary.29 - 2025-05-09
• 15.4.0-canary.28 - 2025-05-08
• 15.4.0-canary.27 - 2025-05-08
• 15.4.0-canary.26 - 2025-05-07
• 15.4.0-canary.24 - 2025-05-06
• 15.4.0-canary.23 - 2025-05-05
• 15.4.0-canary.22 - 2025-05-05
• 15.4.0-canary.21 - 2025-05-05
• 15.4.0-canary.20 - 2025-05-03
• 15.4.0-canary.19 - 2025-05-02
• 15.4.0-canary.18 - 2025-05-01
• 15.4.0-canary.17 - 2025-04-30
• 15.4.0-canary.16 - 2025-04-30
• 15.4.0-canary.15 - 2025-04-29
• 15.4.0-canary.14 - 2025-04-28
• 15.4.0-canary.13 - 2025-04-28
• 15.4.0-canary.12 - 2025-04-27
• 15.4.0-canary.11 - 2025-04-26
• 15.4.0-canary.10 - 2025-04-25
• 15.4.0-canary.9 - 2025-04-24
• 15.4.0-canary.8 - 2025-04-24
• 15.4.0-canary.7 - 2025-04-23
• 15.4.0-canary.6 - 2025-04-23
• 15.4.0-canary.5 - 2025-04-23
• 15.4.0-canary.4 - 2025-04-22
• 15.4.0-canary.3 - 2025-04-22
• 15.4.0-canary.2 - 2025-04-21
• 15.4.0-canary.1 - 2025-04-21
• 15.4.0-canary.0 - 2025-04-21
• 15.3.8 - 2025-12-11
  

  Please see the Next.js Security Update for information about this security patch.

• 15.3.7 - 2025-12-11
  

  v15.3.7

• 15.3.6 - 2025-12-03
• 15.3.5 - 2025-07-03
• 15.3.4 - 2025-06-18
• 15.3.3 - 2025-05-29

from next GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[Copilot]

Pull request overview

This pull request upgrades Next.js from version 15.3.3 to 15.5.9 to address multiple security vulnerabilities identified by Snyk, including a critical arbitrary code injection vulnerability and several high/medium severity issues.

Changes:

• Upgrades Next.js package version in package.json
• Updates package-lock.json with new Next.js version and associated dependencies (sharp, @next/swc packages, etc.)

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
llama_stack/ui/package.json	Updates Next.js dependency from 15.3.3 to 15.5.9
llama_stack/ui/package-lock.json	Updates resolved versions for Next.js and its dependencies including sharp image processing library and platform-specific SWC binaries

Files not reviewed (1)

• llama_stack/ui/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.