[Snyk] Upgrade @next/third-parties from 15.3.1 to 15.5.9

[ThinuwanW]

Snyk has created this PR to upgrade @next/third-parties from 15.3.1 to 15.5.9.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 251 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Allocation of Resources Without Limits or Throttling SNYK-JS-AXIOS-12613773	666	Proof of Concept
	Predictable Value Range from Previous Values SNYK-JS-FORMDATA-10841150	666	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-NEXT-12299318	666	Proof of Concept
	Deserialization of Untrusted Data SNYK-JS-NEXT-14400636	666	Proof of Concept
	Improper Link Resolution Before File Access ('Link Following') SNYK-JS-TARFS-10293725	666	No Known Exploit
	Use of Cache Containing Sensitive Information SNYK-JS-NEXT-12301496	666	No Known Exploit
	Improper Neutralization SNYK-JS-NEXTAUTH-13744118	666	Proof of Concept
	Symlink Following SNYK-JS-TARFS-13045213	666	No Known Exploit
	Missing Origin Validation in WebSockets SNYK-JS-NEXT-10259370	666	No Known Exploit
	Missing Source Correlation of Multiple Independent Data SNYK-JS-NEXT-12265451	666	No Known Exploit

Release notes

Package name: @next/third-parties

• 15.5.9 - 2025-12-11
  

  Please see the Next.js Security Update for information about this security patch.

• 15.5.8 - 2025-12-11
  

  v15.5.8

• 15.5.7 - 2025-12-03
• 15.5.6 - 2025-10-17
• 15.5.5 - 2025-10-13
• 15.5.4 - 2025-09-23
• 15.5.3 - 2025-09-10
• 15.5.2 - 2025-08-26
• 15.5.1 - 2025-08-26
• 15.5.1-canary.39 - 2025-09-10
• 15.5.1-canary.38 - 2025-09-10
• 15.5.1-canary.37 - 2025-09-09
• 15.5.1-canary.36 - 2025-09-09
• 15.5.1-canary.35 - 2025-09-08
• 15.5.1-canary.34 - 2025-09-08
• 15.5.1-canary.33 - 2025-09-08
• 15.5.1-canary.32 - 2025-09-07
• 15.5.1-canary.31 - 2025-09-06
• 15.5.1-canary.30 - 2025-09-05
• 15.5.1-canary.29 - 2025-09-05
• 15.5.1-canary.28 - 2025-09-04
• 15.5.1-canary.27 - 2025-09-04
• 15.5.1-canary.26 - 2025-09-04
• 15.5.1-canary.25 - 2025-09-03
• 15.5.1-canary.24 - 2025-09-02
• 15.5.1-canary.23 - 2025-09-01
• 15.5.1-canary.22 - 2025-08-31
• 15.5.1-canary.21 - 2025-08-30
• 15.5.1-canary.20 - 2025-08-29
• 15.5.1-canary.19 - 2025-08-29
• 15.5.1-canary.18 - 2025-08-29
• 15.5.1-canary.17 - 2025-08-28
• 15.5.1-canary.16 - 2025-08-28
• 15.5.1-canary.15 - 2025-08-28
• 15.5.1-canary.14 - 2025-08-27
• 15.5.1-canary.13 - 2025-08-27
• 15.5.1-canary.12 - 2025-08-27
• 15.5.1-canary.11 - 2025-08-26
• 15.5.1-canary.10 - 2025-08-26
• 15.5.1-canary.9 - 2025-08-26
• 15.5.1-canary.8 - 2025-08-25
• 15.5.1-canary.7 - 2025-08-24
• 15.5.1-canary.6 - 2025-08-23
• 15.5.1-canary.5 - 2025-08-22
• 15.5.1-canary.4 - 2025-08-21
• 15.5.1-canary.3 - 2025-08-21
• 15.5.1-canary.2 - 2025-08-20
• 15.5.1-canary.1 - 2025-08-20
• 15.5.1-canary.0 - 2025-08-20
• 15.5.0 - 2025-08-20
• 15.4.10 - 2025-12-11
  

  Please see the Next.js Security Update for information about this security patch.

• 15.4.9 - 2025-12-11
  

  v15.4.9

• 15.4.8 - 2025-12-03
• 15.4.7 - 2025-08-18
• 15.4.6 - 2025-08-06
• 15.4.5 - 2025-07-29
• 15.4.4 - 2025-07-24
• 15.4.3 - 2025-07-22
• 15.4.2 - 2025-07-18
• 15.4.2-canary.56 - 2025-08-19
• 15.4.2-canary.55 - 2025-08-19
• 15.4.2-canary.54 - 2025-08-19
• 15.4.2-canary.53 - 2025-08-18
• 15.4.2-canary.52 - 2025-08-17
• 15.4.2-canary.51 - 2025-08-16
• 15.4.2-canary.50 - 2025-08-16
• 15.4.2-canary.49 - 2025-08-15
• 15.4.2-canary.48 - 2025-08-14
• 15.4.2-canary.47 - 2025-08-14
• 15.4.2-canary.46 - 2025-08-13
• 15.4.2-canary.45 - 2025-08-13
• 15.4.2-canary.44 - 2025-08-13
• 15.4.2-canary.43 - 2025-08-13
• 15.4.2-canary.42 - 2025-08-12
• 15.4.2-canary.41 - 2025-08-12
• 15.4.2-canary.40 - 2025-08-12
• 15.4.2-canary.39 - 2025-08-12
• 15.4.2-canary.38 - 2025-08-11
• 15.4.2-canary.37 - 2025-08-11
• 15.4.2-canary.36 - 2025-08-11
• 15.4.2-canary.35 - 2025-08-09
• 15.4.2-canary.34 - 2025-08-08
• 15.4.2-canary.33 - 2025-08-07
• 15.4.2-canary.32 - 2025-08-06
• 15.4.2-canary.31 - 2025-08-05
• 15.4.2-canary.30 - 2025-08-04
• 15.4.2-canary.29 - 2025-08-03
• 15.4.2-canary.28 - 2025-08-02
• 15.4.2-canary.27 - 2025-08-01
• 15.4.2-canary.26 - 2025-08-01
• 15.4.2-canary.25 - 2025-07-31
• 15.4.2-canary.24 - 2025-07-31
• 15.4.2-canary.23 - 2025-07-31
• 15.4.2-canary.22 - 2025-07-30
• 15.4.2-canary.21 - 2025-07-30
• 15.4.2-canary.20 - 2025-07-29
• 15.4.2-canary.19 - 2025-07-28
• 15.4.2-canary.18 - 2025-07-26
• 15.4.2-canary.17 - 2025-07-25
• 15.4.2-canary.16 - 2025-07-24
• 15.4.2-canary.15 - 2025-07-23
• 15.4.2-canary.14 - 2025-07-22
• 15.4.2-canary.13 - 2025-07-22
• 15.4.2-canary.12 - 2025-07-21
• 15.4.2-canary.11 - 2025-07-21
• 15.4.2-canary.10 - 2025-07-19
• 15.4.2-canary.9 - 2025-07-18
• 15.4.2-canary.8 - 2025-07-18
• 15.4.2-canary.7 - 2025-07-17
• 15.4.2-canary.6 - 2025-07-17
• 15.4.2-canary.5 - 2025-07-16
• 15.4.2-canary.4 - 2025-07-16
• 15.4.2-canary.3 - 2025-07-16
• 15.4.2-canary.2 - 2025-07-16
• 15.4.2-canary.1 - 2025-07-15
• 15.4.2-canary.0 - 2025-07-14
• 15.4.1 - 2025-07-14
• 15.4.0 - 2025-07-14
• 15.4.0-canary.130 - 2025-07-14
• 15.4.0-canary.129 - 2025-07-13
• 15.4.0-canary.128 - 2025-07-12
• 15.4.0-canary.127 - 2025-07-11
• 15.4.0-canary.126 - 2025-07-11
• 15.4.0-canary.123 - 2025-07-09
• 15.4.0-canary.122 - 2025-07-09
• 15.4.0-canary.121 - 2025-07-09
• 15.4.0-canary.120 - 2025-07-09
• 15.4.0-canary.119 - 2025-07-08
• 15.4.0-canary.118 - 2025-07-08
• 15.4.0-canary.116 - 2025-07-06
• 15.4.0-canary.115 - 2025-07-05
• 15.4.0-canary.114 - 2025-07-04
• 15.4.0-canary.113 - 2025-07-03
• 15.4.0-canary.112 - 2025-07-03
• 15.4.0-canary.111 - 2025-07-03
• 15.4.0-canary.110 - 2025-07-02
• 15.4.0-canary.109 - 2025-07-02
• 15.4.0-canary.108 - 2025-07-01
• 15.4.0-canary.107 - 2025-07-01
• 15.4.0-canary.106 - 2025-07-01
• 15.4.0-canary.105 - 2025-07-01
• 15.4.0-canary.104 - 2025-06-30
• 15.4.0-canary.103 - 2025-06-29
• 15.4.0-canary.102 - 2025-06-27
• 15.4.0-canary.101 - 2025-06-27
• 15.4.0-canary.100 - 2025-06-26
• 15.4.0-canary.99 - 2025-06-26
• 15.4.0-canary.98 - 2025-06-26
• 15.4.0-canary.97 - 2025-06-26
• 15.4.0-canary.96 - 2025-06-25
• 15.4.0-canary.95 - 2025-06-24
• 15.4.0-canary.94 - 2025-06-23
• 15.4.0-canary.93 - 2025-06-23
• 15.4.0-canary.92 - 2025-06-22
• 15.4.0-canary.91 - 2025-06-21
• 15.4.0-canary.90 - 2025-06-21
• 15.4.0-canary.89 - 2025-06-20
• 15.4.0-canary.88 - 2025-06-20
• 15.4.0-canary.87 - 2025-06-19
• 15.4.0-canary.86 - 2025-06-18
• 15.4.0-canary.85 - 2025-06-18
• 15.4.0-canary.84 - 2025-06-16
• 15.4.0-canary.83 - 2025-06-14
• 15.4.0-canary.82 - 2025-06-13
• 15.4.0-canary.81 - 2025-06-13
• 15.4.0-canary.80 - 2025-06-12
• 15.4.0-canary.79 - 2025-06-11
• 15.4.0-canary.78 - 2025-06-11
• 15.4.0-canary.77 - 2025-06-11
• 15.4.0-canary.76 - 2025-06-10
• 15.4.0-canary.75 - 2025-06-10
• 15.4.0-canary.74 - 2025-06-10
• 15.4.0-canary.73 - 2025-06-09
• 15.4.0-canary.72 - 2025-06-08
• 15.4.0-canary.71 - 2025-06-07
• 15.4.0-canary.70 - 2025-06-06
• 15.4.0-canary.69 - 2025-06-06
• 15.4.0-canary.68 - 2025-06-05
• 15.4.0-canary.67 - 2025-06-04
• 15.4.0-canary.66 - 2025-06-04
• 15.4.0-canary.65 - 2025-06-04
• 15.4.0-canary.64 - 2025-06-04
• 15.4.0-canary.63 - 2025-06-03
• 15.4.0-canary.62 - 2025-06-03
• 15.4.0-canary.61 - 2025-06-01
• 15.4.0-canary.60 - 2025-05-31
• 15.4.0-canary.59 - 2025-05-30
• 15.4.0-canary.58 - 2025-05-30
• 15.4.0-canary.57 - 2025-05-29
• 15.4.0-canary.56 - 2025-05-28
• 15.4.0-canary.55 - 2025-05-27
• 15.4.0-canary.54 - 2025-05-27
• 15.4.0-canary.53 - 2025-05-26
• 15.4.0-canary.52 - 2025-05-25
• 15.4.0-canary.51 - 2025-05-24
• 15.4.0-canary.50 - 2025-05-23
• 15.4.0-canary.49 - 2025-05-23
• 15.4.0-canary.48 - 2025-05-22
• 15.4.0-canary.47 - 2025-05-21
• 15.4.0-canary.46 - 2025-05-21
• 15.4.0-canary.45 - 2025-05-21
• 15.4.0-canary.44 - 2025-05-20
• 15.4.0-canary.43 - 2025-05-20
• 15.4.0-canary.42 - 2025-05-19
• 15.4.0-canary.41 - 2025-05-19
• 15.4.0-canary.40 - 2025-05-19
• 15.4.0-canary.39 - 2025-05-18
• 15.4.0-canary.38 - 2025-05-17
• 15.4.0-canary.37 - 2025-05-16
• 15.4.0-canary.36 - 2025-05-15
• 15.4.0-canary.35 - 2025-05-15
• 15.4.0-canary.34 - 2025-05-13
• 15.4.0-canary.33 - 2025-05-13
• 15.4.0-canary.31 - 2025-05-10
• 15.4.0-canary.30 - 2025-05-09
• 15.4.0-canary.29 - 2025-05-09
• 15.4.0-canary.28 - 2025-05-08
• 15.4.0-canary.27 - 2025-05-08
• 15.4.0-canary.26 - 2025-05-07
• 15.4.0-canary.24 - 2025-05-06
• 15.4.0-canary.23 - 2025-05-05
• 15.4.0-canary.22 - 2025-05-05
• 15.4.0-canary.21 - 2025-05-05
• 15.4.0-canary.20 - 2025-05-03
• 15.4.0-canary.19 - 2025-05-02
• 15.4.0-canary.18 - 2025-05-01
• 15.4.0-canary.17 - 2025-04-30
• 15.4.0-canary.16 - 2025-04-30
• 15.4.0-canary.15 - 2025-04-29
• 15.4.0-canary.14 - 2025-04-28
• 15.4.0-canary.13 - 2025-04-28
• 15.4.0-canary.12 - 2025-04-27
• 15.4.0-canary.11 - 2025-04-26
• 15.4.0-canary.10 - 2025-04-25
• 15.4.0-canary.9 - 2025-04-24
• 15.4.0-canary.8 - 2025-04-24
• 15.4.0-canary.7 - 2025-04-23
• 15.4.0-canary.6 - 2025-04-23
• 15.4.0-canary.5 - 2025-04-23
• 15.4.0-canary.4 - 2025-04-22
• 15.4.0-canary.3 - 2025-04-22
• 15.4.0-canary.2 - 2025-04-21
• 15.4.0-canary.1 - 2025-04-21
• 15.4.0-canary.0 - 2025-04-21
• 15.3.8 - 2025-12-11
  

  Please see the Next.js Security Update for information about this security patch.

• 15.3.7 - 2025-12-11
  

  v15.3.7

• 15.3.6 - 2025-12-03
• 15.3.5 - 2025-07-03
• 15.3.4 - 2025-06-18
• 15.3.3 - 2025-05-29
• 15.3.2 - 2025-05-06
• 15.3.1 - 2025-04-17

from @next/third-parties GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

This PR upgrades @next/third-parties from version 15.3.1 to 15.5.9 to address multiple security vulnerabilities including high and critical severity issues related to SSRF, deserialization, and other security concerns in transitive dependencies.

Changes:

• Upgrade @next/third-parties package from 15.3.1 to 15.5.9 (251 versions ahead)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The upgrade to @next/third-parties version 15.5.9 creates a major version mismatch with the Next.js framework version (14.2.28) specified in the dependencies. The @next/third-parties package version should match the major version of Next.js being used. This mismatch could lead to compatibility issues, runtime errors, or unexpected behavior. Consider either upgrading Next.js to version 15.x or using @next/third-parties version 14.x instead.

Suggested change

	"@next/third-parties": "^15.5.9",
	"@next/third-parties": "^14.2.28",