[Snyk] Security upgrade next from 14.2.14 to 16.1.7

[decause-gov]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	HTTP Request Smuggling SNYK-JS-NEXT-15674558	104
	Allocation of Resources Without Limits or Throttling SNYK-JS-NEXT-15674556	66

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[decause-gov]

This is a high-risk upgrade, spanning two major versions from Next.js 14 to 16. It introduces numerous significant breaking changes that require substantial code and configuration modifications.

Next.js 15 Breaking Changes

• Default Caching Behavior (High Impact): The most critical change is that caching is now opt-in. Previously, fetch requests, GET Route Handlers, and client-side navigations were cached by default. In v15, they are uncached by default. Applications relying on the old caching behavior may experience performance degradation or increased API usage. You must explicitly add caching where needed.
• Asynchronous Request APIs (High Impact): Several core APIs are now asynchronous and require await. This affects cookies(), headers(), draftMode(), params, and searchParams. A codemod is available to help automate this migration.
• React 19 Upgrade: This version requires an upgrade to react@19, which has its own breaking changes (e.g., useFormState is deprecated for useActionState).
• Node.js Requirement: The minimum required Node.js version is raised to 18.18.0.

Next.js 16 Breaking Changes

• Node.js Requirement: Support for Node.js 18 is dropped. The minimum required version is now 20.9+.
• Turbopack is the Default Bundler: Turbopack replaces Webpack as the default bundler for both development and production builds (next dev and next build). Projects with custom

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.