grant/proof-of-work
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1.2.0:1 — upgrade to Next.js 15 / React 19
CI / proof-of-work (Next.js app) (push) Has been cancelled
Details
CI / start9/0.4 (StartOS package code) (push) Has been cancelled
Details

Browse Source 
Closes the remaining P1: move off Next 14 onto the CVE-patched Next 15
line (15.5.x), eliminating the framework's RSC DoS/source-exposure
advisories and the middleware-auth-bypass class that applied to the 14.x
auth gate. App Router on Next 15 requires React 19, so react/react-dom
move to 19.x in lockstep; lucide-react and next-themes bump to their
React-19-compatible releases.

The code surface was the Next 15 async-request-API change: params and
searchParams are now Promises. All [id] route handlers (10 files) and the
four server pages that read them now await the resolved value, using a
uniform re-derive idiom that leaves handler bodies untouched. cookies()/
headers() were already awaited, so no other request-API changes were
needed; all routes stay dynamic, so the uncached-by-default change is a
no-op. next.config.js (static CSP) and the middleware matcher are
unchanged. No schema, no API contract change, no data migration.

Verified: tsc + lint clean, 209 tests pass, next build succeeds with the
standalone bundle tracing the Prisma engine.
This commit is contained in:
Keysat
2026-06-13 00:29:47 -05:00
parent 96d8431de9
commit f487204b73
23 changed files with 776 additions and 628 deletions
Download Patch File Download Diff File Expand all files Collapse all files
start9/0.4/startos/versions/index.ts
+7 -1
View File
@@ -15,12 +15,14 @@ import { v_1_1_0_6 } from './v1.1.0.6'
import { v_1_1_0_7 } from './v1.1.0.7'
import { v_1_1_0_8 } from './v1.1.0.8'
import { v_1_1_0_9 } from './v1.1.0.9'
import { v_1_2_0_1 } from './v1.2.0.1'
/**
* Version graph for the `proof-of-work` package.
*
* 1.0.0 line — feature-complete logger + multi-user + library curation.
* 1.1.0 line — Programs (manual + AI) + AI integration.
* 1.2.0 line — platform upgrade (Next.js 15 / React 19).
*
* v1.0.0:1 — initial release, seeded cutover.
* v1.0.0:2 — CSP fix.
@@ -56,9 +58,12 @@ import { v_1_1_0_9 } from './v1.1.0.9'
* v1.1.0:9 — P2 hardening: malformed-body/invalid-date/bad-pagination ->
* 400 (not 500); POST /api/auth rate-limited; rate-limiter XFF
* anti-spoof (rightmost entry); container drops root via su-exec.
* v1.2.0:1 — Next.js 14 -> 15 / React 18 -> 19 upgrade. Closes the Next
* framework RSC + middleware-bypass CVEs; async-params migration
* across all [id] routes + server pages. No schema/data change.
*/
export const versionGraph = VersionGraph.of({
current: v_1_1_0_9,
current: v_1_2_0_1,
other: [
v_1_0_0_1,
v_1_0_0_2,
@@ -75,5 +80,6 @@ export const versionGraph = VersionGraph.of({
v_1_1_0_6,
v_1_1_0_7,
v_1_1_0_8,
v_1_1_0_9,
],
})