chore: update nextjs packages

[aimensahnoun]

Summary by CodeRabbit

• Chores
  • Updated the framework to the latest stable patch version for improved stability and bug fixes.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Updated the Next.js dependency version in package.json from a flexible semver range (^15.1.0) to a fixed patch version (15.1.9). This is a pinned version change with no alterations to project configuration, scripts, or codebase logic.

Changes

Cohort / File(s)	Summary
Dependency version bump package.json	Updated Next.js from ^15.1.0 to 15.1.9 (pinned exact version)

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: update nextjs packages' accurately reflects the main change: updating the Next.js dependency from version 15.1.0 to 15.1.9 in package.json.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 209-upgrade-react-server-components-in-easyinvoice-and-portal-to-fix-critical-cve-2025-55182

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

package.json (2)

14-14: Align @next/third-parties version with next version.

next is pinned to 15.1.9 while @next/third-parties remains at the flexible range ^15.1.0. These should be aligned to the same version for consistency and to avoid potential incompatibilities.

Apply this diff to align the versions:

-    "@next/third-parties": "^15.1.0",
+    "@next/third-parties": "15.1.9",

Also applies to: 30-30

---

30-30: Update eslint-config-next to match the next version.

eslint-config-next is at version 14.1.0, which is significantly behind next 15.1.9. Update it to the corresponding 15.x version to maintain compatibility with the linter and Next.js framework.

Apply this diff to update eslint-config-next:

-    "eslint-config-next": "14.1.0",
+    "eslint-config-next": "15.1.9",

Also applies to: 45-45

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 15afd2e and eba40a9.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json (1 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: sstefdev
Repo: RequestNetwork/invoicing-template PR: 105
File: pages/invoice/[id].tsx:49-58
Timestamp: 2025-01-20T18:08:18.127Z
Learning: In the Request Network invoicing template, validation for invoice IDs is handled at the component level using requestnetwork/single-invoice/react, rather than in getServerSideProps. The Next.js default 404 handling is sufficient for missing invoice IDs in the URL.

Learnt from: rodrigopavezi
Repo: RequestNetwork/invoicing-template PR: 67
File: next.config.mjs:4-7
Timestamp: 2024-11-15T13:54:27.358Z
Learning: In `next.config.mjs`, the externalization of `pino-pretty` in the webpack configuration is necessary for the application to run correctly.

📚 Learning: 2024-11-15T13:54:27.358Z

Learnt from: rodrigopavezi
Repo: RequestNetwork/invoicing-template PR: 67
File: next.config.mjs:4-7
Timestamp: 2024-11-15T13:54:27.358Z
Learning: In `next.config.mjs`, the externalization of `pino-pretty` in the webpack configuration is necessary for the application to run correctly.

Applied to files:

• package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (3)

package.json (3)

30-30: Consider the implications of pinning the version.

The change moves from a flexible semver range (^15.1.0) to a pinned patch version (15.1.9). While this improves reproducibility, it prevents automatic minor and patch updates. Ensure this is the intended long-term versioning strategy, especially for security updates.

Is pinning to an exact version intentional, or should a range like ^15.1.9 or ~15.1.9 be used instead?

---

30-36: No action needed — This project uses Next.js Pages Router, not the App Router. The async Request API changes introduced in Next.js 15 (cookies(), headers(), params, searchParams, draftMode) only apply to App Router. The codebase uses getServerSideProps and the traditional Pages Router patterns, which remain unaffected by these changes.

---

30-30: CVE-2025-55182 is confirmed as fixed in Next.js 15.1.9.

This is a critical (CVSS 10.0) vulnerability in React Server Components that affects React 19 and downstream frameworks like Next.js. Next.js 15.1.9 is an officially patched version addressing this security issue (downstream CVE-2025-66478). The upgrade is appropriate and necessary.