chore(deps): bump next from 14.2.35 to 15.5.14 in /dev-packages/e2e-tests/test-applications/nextjs-orpc

[dependabot]

Bumps next from 14.2.35 to 15.5.14.

Release notes

Sourced from next's releases.

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)
• Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @​styfle and @​lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​ztanner for helping!

v15.5.12

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

• fix unlock in publish-native

This is a re-release of v15.5.11 applying the turbopack changes.

v15.5.11

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Tracing: Fix memory leak in span map (#85529)
• fix: ensure LRU cache items have minimum size of 1 to prevent unbounded growth (#89134)
• Turbopack: fix NFT tracing of sharp 0.34 (#82340)
• Turbopack: support pattern into exports field (#82757)
• NFT tracing fixes (#84155 and #85323)
• Turbopack: validate CSS without computing all paths (#83810)
• feat: implement LRU cache with invocation ID scoping for minimal mode response cache (#89129)

Credits

Huge thanks to @​timneutkens, @​mischnic, @​ztanner, and @​wyattjoh for helping!

Commits

• d7b012d v15.5.14
• 2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
• f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
• cfd5f53 v15.5.13
• 15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
• d23f41c v15.5.12
• 8e75765 fix unlock in publish-native
• 6cef992 [backport] normalize CRLF line endings in jscodeshift tests on Windows (#8800...
• 7a94645 Apply needs for publishRelease
• bbfd4e3 v15.5.11
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

New Features ✨

Deps

• Bump mongodb-memory-server-global from 10.1.4 to 11.0.1 by dependabot in #19888
• Bump stacktrace-parser from 0.1.10 to 0.1.11 by dependabot in #19887

Bug Fixes 🐛

• (cloudflare) Forward ctx argument to Workflow.do user callback by Lms24 in #19891
• (core) Return same value from startSpan as callback returns by s1gr1d in #19300
• (deps) Bump socket.io-parser to 4.2.6 to fix CVE-2026-33151 by chargome in #19880
• (nestjs) Add node to nest metadata by chargome in #19875
• (serverless) Add node to metadata by nicohrubec in #19878

Internal Changes 🔧

• (astro) Re-enable server island tracing e2e test in Astro 6 by Lms24 in #19872

• (deps) Bump next from 14.2.35 to 15.5.14 in /dev-packages/e2e-tests/test-applications/nextjs-orpc by dependabot[bot] in #19907

• (lint) Resolve oxlint warnings by isaacs in #19893
• (node-integration-tests) Remove unnecessary file-type dependency by Lms24 in #19824
• (sveltekit) Replace recast + @babel/parser with acorn by roli-lpci in #19533

---

_{🤖 This preview updates automatically when you update the PR.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Next.js 15 requires React 19 but React 18 pinned

High Severity

Bumping next from 14 to 15.5.14 without updating react and react-dom from 18.3.1 to React 19 will likely break the build. Next.js 15 requires React 19 for the App Router, which this project uses (src/app/). Other Next.js 15 test apps in this repo (nextjs-15, nextjs-15-intl) use "react": "latest" and "react-dom": "latest" to resolve to React 19.

Additional Locations (1)

• dev-packages/e2e-tests/test-applications/nextjs-orpc/package.json#L22-L24

 

[Lms24]

not bumping major versions in tests

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.