[Snyk] Security upgrade next from 15.5.3 to 15.5.7

[eliteprox]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• ui/package.json
• ui/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue
	Arbitrary Code Injection SNYK-JS-NEXT-14173355

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection

---

Note

Upgrade Next.js from 15.5.3 to 15.5.7 and update lockfile (including related @next/env and SWC platform binaries).

• Dependencies:
  • Bump next from 15.5.3 to 15.5.7 in ui/package.json.
  • Update ui/package-lock.json entries for next, @next/env, and platform-specific @next/swc-* binaries to 15.5.7.

^{Written by Cursor Bugbot for commit 8834a2d. This will update automatically on new commits. Configure here.}

[cursor]

This is the final PR Bugbot will review for you during this billing cycle

Your free Bugbot reviews will reset on January 15

Details

You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[cursor]

Bug: Version mismatch between package.json and package-lock.json

The version specifier for next is inconsistent between the two files. In package.json, the version is specified as exact "15.5.7" (no caret), but in package-lock.json it's specified as "^15.5.7" (with caret). This mismatch means the lockfile has a different semver range than the source package.json, which could lead to unexpected version resolution behavior or npm warnings about the lockfile being out of sync.

Additional Locations (1)

• ui/package.json#L26-L27

 

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (d4b997e) to head (8834a2d).
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff            @@
##              main       #30   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            1         1           
  Lines           55        55           
=========================================
  Hits            55        55           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.