OUT-3723: patch nextjs version for latest vulnerability

[SandipBajracharya]

No description provided.

[linear-code]

OUT-3723

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
dropbox-integration	Ready	Preview, Comment	May 13, 2026 3:40pm

[greptile-apps]

Greptile Summary

This PR applies the May 2026 Next.js security release, upgrading next from 15.5.15 to 15.5.18 and react/react-dom from 19.1.6 to 19.1.7 to patch multiple CVEs (including high-severity DoS CVE-2025-55184, medium-severity source-code exposure CVE-2025-55183, and an upstream React issue). The pnpm-lock.yaml is regenerated to match.

• package.json: three version bumps — next 15.5.15→15.5.18, react 19.1.6→19.1.7, react-dom 19.1.6→19.1.7.
• pnpm-lock.yaml: all peer-dependency resolution strings updated consistently; @emnapi/runtime@1.4.5 removed as it is no longer a transitive dependency of the new Next.js build.

Confidence Score: 5/5

Targeted security patch with no functional changes — safe to merge immediately.

Both version bumps match exactly what the official May 2026 Vercel security advisory prescribes (Next.js 15.x → 15.5.18, react-server-dom-* 19.1.x → 19.1.7). The lock file is regenerated consistently with no unexpected dependency changes beyond the removal of the now-unused @emnapi/runtime@1.4.5. There are no logic, API-surface, or configuration changes.

No files require special attention.

Important Files Changed

Filename	Overview
package.json	Bumps next 15.5.15→15.5.18 and react/react-dom 19.1.6→19.1.7, matching the May 2026 Vercel security advisory for CVE-2025-55183/55184 and the upstream React issue
pnpm-lock.yaml	Lock file regenerated consistently; all peer-dependency resolution strings updated to the new Next.js/React versions; @emnapi/runtime@1.4.5 removed as no longer required by the new Next.js build

_{Reviews (1): Last reviewed commit: "fix(OUT-3723): patch nextjs version for ..." | Re-trigger Greptile}

[priosshrsth]

lgtm