grant/proof-of-work
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1.2.0:1 — upgrade to Next.js 15 / React 19
CI / proof-of-work (Next.js app) (push) Has been cancelled
Details
CI / start9/0.4 (StartOS package code) (push) Has been cancelled
Details

Browse Source 
Closes the remaining P1: move off Next 14 onto the CVE-patched Next 15
line (15.5.x), eliminating the framework's RSC DoS/source-exposure
advisories and the middleware-auth-bypass class that applied to the 14.x
auth gate. App Router on Next 15 requires React 19, so react/react-dom
move to 19.x in lockstep; lucide-react and next-themes bump to their
React-19-compatible releases.

The code surface was the Next 15 async-request-API change: params and
searchParams are now Promises. All [id] route handlers (10 files) and the
four server pages that read them now await the resolved value, using a
uniform re-derive idiom that leaves handler bodies untouched. cookies()/
headers() were already awaited, so no other request-API changes were
needed; all routes stay dynamic, so the uncached-by-default change is a
no-op. next.config.js (static CSP) and the middleware matcher are
unchanged. No schema, no API contract change, no data migration.

Verified: tsc + lint clean, 209 tests pass, next build succeeds with the
standalone bundle tracing the Prisma engine.
This commit is contained in:
Keysat
2026-06-13 00:29:47 -05:00
parent 96d8431de9
commit f487204b73
23 changed files with 776 additions and 628 deletions
Download Patch File Download Diff File Expand all files Collapse all files
start9/0.4/startos/versions/v1.2.0.1.ts
+34
View File
@@ -0,0 +1,34 @@
import { IMPOSSIBLE, VersionInfo } from '@start9labs/start-sdk'
/**
* v1.2.0:1 — Next.js 14 -> 15 / React 18 -> 19 upgrade (2026-06-13).
*
* The remaining P1 from the full-eval queue: move off Next.js 14 onto the
* CVE-patched Next 15 line (15.5.x), closing the framework's RSC
* DoS/source-exposure advisories and the middleware-auth-bypass class that
* applied to the 14.x `middleware.ts` auth gate. App Router on Next 15
* requires React 19, so react/react-dom move to 19.x in lockstep
* (lucide-react + next-themes bumped to their React-19-compatible releases).
*
* Code surface was the Next 15 async-request-API change: `params` and
* `searchParams` are now Promises. All `[id]` route handlers (10 files) and
* the four server pages that read them now `await` the resolved value;
* `cookies()`/`headers()` were already awaited from the earlier auth work, so
* no other request-API changes were needed. All routes remain dynamic, so the
* Next 15 "uncached by default" change is a no-op here. next.config.js (static
* CSP) and the middleware matcher are unchanged.
*
* App-code + dependency upgrade only — no schema, no API contract change, no
* data migration. Existing /data survives untouched.
*/
export const v_1_2_0_1 = VersionInfo.of({
version: '1.2.0:1',
releaseNotes: {
en_US:
'Platform upgrade: the app now runs on Next.js 15 and React 19, picking up the framework security patches and a more current runtime. No new features and no data changes — this is a maintenance release, and your existing data is untouched.',
},
migrations: {
up: async () => {},
down: IMPOSSIBLE,
},
})