[Snyk] Security upgrade next from 15.3.0 to 15.3.8

[m1981]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Deserialization of Untrusted Data SNYK-JS-NEXT-14400636	852
	Exposure of Sensitive System Information to an Unauthorized Control Sphere SNYK-JS-NEXT-14400644	678

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Deserialization of Untrusted Data

---

Important

Upgrade next to 15.3.8 in package.json to fix security vulnerabilities.

• Dependencies:
  • Upgrade next from 15.3.0 to 15.3.8 in package.json to fix vulnerabilities.
• Vulnerabilities Fixed:
  • Fixes Deserialization of Untrusted Data (SNYK-JS-NEXT-14400636).
  • Fixes Exposure of Sensitive System Information (SNYK-JS-NEXT-14400644).

^{This description was created by for c8f8c27. You can customize this summary. It will automatically update as commits are pushed.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
mychat	Error		Dec 15, 2025 10:14am

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to c8f8c27 in 26 seconds. Click for details.

• Reviewed 13 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 1 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. package.json:88

• Draft comment:
  Bump Next.js from ^15.3.0 to ^15.3.8 to address known vulnerabilities (SNYK-JS-NEXT-14400636 & SNYK-JS-NEXT-14400644). Ensure no regressions occur.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is about a dependency change, specifically bumping the version of Next.js. It mentions addressing known vulnerabilities, which is informative, and asks to ensure no regressions occur, which is not allowed. Therefore, this comment should be removed.

Workflow ID: wflow_rHSLL0GMIAyVHAda

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[augmentcode]

Review completed. 1 suggestion posted.

Comment augment review to trigger a new review at any time.

[augmentcode]

Since this repo commits pnpm-lock.yaml, changing the next semver range in package.json alone may not update what CI/deployments actually install (the lockfile can keep resolving to the old version). Consider updating the lockfile in this PR so the patched Next.js version is guaranteed to be used and the vulnerabilities are actually remediated.

_{🤖 Was this useful? React with 👍 or 👎}