sec: bump next 15.5.10 → 15.5.14 (CVE-2026-27980)

[scale-ballen]

Summary

• Upgrade Next.js from 15.5.10 to 15.5.14 to resolve CVE-2026-27980 (severity 7.5 HIGH)
• Lockfile regenerated with npm install — 0 vulnerabilities from npm audit

CVE resolved

CVE	Severity	Score	Package	Current	Fix
CVE-2026-27980	HIGH	7.5	next	15.5.10	15.5.14

Test plan

• CI passes
• After merge, update submodule pointer in scaleapi/agentex

🤖 Generated with Claude Code

Greptile Summary

Security patch that bumps Next.js from 15.5.10 to 15.5.14 to resolve CVE-2026-27980 (severity 7.5 HIGH). The lockfile was cleanly regenerated with only the expected next, @next/env, and @next/swc-* packages updated — no unrelated dependency changes snuck in.

• next pinned version updated in package.json (15.5.10 → 15.5.14)
• Lockfile updates @next/env and all 8 platform-specific @next/swc-* binaries to 15.5.14
• All resolved URLs point to the official npm registry
• No changes to next.config.ts or application code required

Confidence Score: 5/5

• This PR is safe to merge — it is a minimal, well-scoped security dependency bump with no application code changes.
• Score of 5: The change is limited to a single dependency version bump in package.json and its corresponding lockfile regeneration. No application code, configuration, or other dependencies are modified. All resolved URLs are from the npm registry. The bump is a patch-level update within the same minor series (15.5.x), minimizing risk of breaking changes.
• No files require special attention.

Important Files Changed

Filename	Overview
agentex-ui/package.json	Bumps next from 15.5.10 to 15.5.14 — a pinned minor version bump to resolve CVE-2026-27980. No other dependency changes.
agentex-ui/package-lock.json	Lockfile regenerated for Next.js 15.5.14 — updates next, @next/env, and all @next/swc-* platform binaries. All resolved URLs point to the npm registry. No unrelated dependency changes.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["package.json<br/>next: 15.5.10 → 15.5.14"] --> B["npm install"]
    B --> C["package-lock.json regenerated"]
    C --> D["@next/env 15.5.14"]
    C --> E["@next/swc-* binaries 15.5.14"]
    C --> F["next 15.5.14"]
    F --> G["CVE-2026-27980 resolved"]

Loading

_{Reviews (1): Last reviewed commit: "sec: bump next 15.5.10 → 15.5.14 (CVE-20..." | Re-trigger Greptile}

[danielmillerp]

please test to make sure things work as expected !

[greptile-apps]

No reviewable files after applying ignore patterns.

[rajk04-scaleai]

please test to make sure things work as expected !

CI is green + completed a local smoketest