fix(auth-next,examples): upgrade to Next.js 15.1.9 to patch critical vulnerabilities

rodrigo-fournier-immutable · cursoragent · rodrigo-fournier-immutable · commit c6ad564207f7 · 2026-02-12T16:00:30.000+11:00
- CVE-2025-29927: Authorization Bypass in Middleware (GHSA-f82v-jwr5-mffw) - CVE-2025-55182: RCE in React Server Components (GHSA-9qr9-h5gf-34mp) Co-authored-by: Cursor <cursoragent@cursor.com>
diff --git a/examples/passport/wallets-connect-with-nextjs/package.json b/examples/passport/wallets-connect-with-nextjs/package.json
@@ -9,7 +9,7 @@
     "@imtbl/wallet": "workspace:*",
     "@tanstack/react-query": "^5.51.11",
     "ethers": "^6.13.4",
-    "next": "15.1.6",
+    "next": "15.1.9",
     "next-auth": "^5.0.0-beta.30",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
@@ -21,7 +21,7 @@
     "@types/react": "^18.0.28",
     "@types/react-dom": "^18.0.11",
     "eslint": "^8",
-    "eslint-config-next": "15.1.6",
+    "eslint-config-next": "15.1.9",
     "postcss": "^8",
     "tailwindcss": "^3.4.1",
     "typescript": "^5.6.2"
diff --git a/packages/auth-next-client/package.json b/packages/auth-next-client/package.json
@@ -65,7 +65,7 @@
     "@types/react": "^18.3.5",
     "eslint": "^8.56.0",
     "jest": "^29.7.0",
-    "next": "^15.1.6",
+    "next": "^15.1.9",
     "next-auth": "^5.0.0-beta.30",
     "react": "^18.2.0",
     "tsup": "^8.3.0",
diff --git a/packages/auth-next-server/package.json b/packages/auth-next-server/package.json
@@ -54,7 +54,7 @@
     "@types/node": "^22.10.7",
     "eslint": "^8.56.0",
     "jest": "^29.7.0",
-    "next": "^15.1.6",
+    "next": "^15.1.9",
     "next-auth": "^5.0.0-beta.30",
     "tsup": "^8.3.0",
     "typescript": "^5.6.2"
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
