I have updated to NextJS v15.5.9 as advised
However, in the lock file, this is marked as deprecated.
But the notification points back to Next.js Security Update: December 11, 2025 | Next.js
Which tells me to update TO 15.5.9
The blog currently does NOT contain a newer post of any sort.
Is this deprecation in error, or is the link incorrect?
Hi @rogerwillcocks-9993, welcome to the Vercel Community!
I’m sorry for the confusion. As per NPM https://www.npmjs.com/package/next/v/15.5.9 is not deprecated.
Can you share where you see the warning?
Also, you can always check you are on a safe version by running the npx fix-react2shell-next command.
Here’s our diff:
- next@15.5.7:
- resolution: {integrity: sha512-+t2/0jIJ48kUpGKkdlhgkv+zPTEOoXyr60qXe68eB/pl3CMJaLeIGjzp5D6Oqt25hCBiBTt8wEeeAzfJvUKnPQ==}
+ next@15.5.9:
+ resolution: {integrity: sha512-agNLK89seZEtC5zUHwtut0+tNrc0Xw4FT/Dg+B/VLEo9pAcS9rtTKpek3V6kVcVwsB2YlqMaHdfZL4eLEVYuCg==}
engines: {node: ^18.18.0 || ^19.8.0 || >= 20.0.0}
deprecated: This version has a security vulnerability. Please upgrade to a patched version. See
for more details.
But looking at it again, I’m wondering if that actually means that pnpm failed to removed the deprecated information instead.
I see. Yeah, it seems like a file editing mistake because I did an installation myself from a safe version to 15.5.9 and it didn’t give deprecated warning
You should be safe as long as npx fix-react2shell-next is not flagging anything.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
