Update nextjs

[elie222]

Generated description

Below is a concise technical summary of the changes proposed in this PR:
Upgrade the next framework, the serwist service worker library, and the pnpm package manager to their latest versions, incorporating various transitive dependency updates.

Latest Contributors(2)

User	Commit	Date
elie222	fix-logger-serialize	December 21, 2025
joshwerner001@gmail.com	Use-tldts-to-parse-dom...	November 25, 2025

This pull request is reviewed by Baz. Review like a pro on (Baz).

Summary by CodeRabbit

• Chores
  • Updated core framework and project dependencies to their latest stable versions
  • Updated package manager to the latest version for improved tooling

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
inbox-zero	Ready	Preview	Dec 31, 2025 1:08am

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

This pull request updates dependency versions across two package.json files: Next.js and Serwist packages in the web application are bumped, and the pnpm package manager version is upgraded in the root configuration.

Changes

Cohort / File(s)	Summary
Web Application Dependencies apps/web/package.json	Updated @serwist/next (9.2.3 → 9.4.2), next (16.0.10 → 16.1.1), and serwist devDependency (9.2.3 → 9.4.2)
Root Package Manager package.json	Updated packageManager field from pnpm@10.24.0 to pnpm@10.27.0

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• Upgrade nextjs to fix vulnerability #1054: Upgrades next dependency in apps/web/package.json (15.5.6 → 15.5.7), following a similar dependency update pattern
• Upgrade nextjs #1092: Modifies apps/web/package.json to upgrade the next dependency to a different target version

Poem

🐰 Hop along, dependencies grow,
Version bumps from high to low,
Next and Serwist, pnpm too,
Fresh updates for me and you! ✨

Pre-merge checks

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Update nextjs' is vague and doesn't accurately reflect the full scope of changes, which include updates to Next.js, Serwist, and pnpm package manager.	Consider a more descriptive title like 'Update Next.js, Serwist, and pnpm to latest versions' to better reflect all the main changes in the changeset.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ad85d52 and 11607b6.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• apps/web/package.json

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/web/package.json

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[macroscopeapp]

Update web app dependencies to Next.js 16.1.1 and Serwist 9.4.2 and bump repository package manager to pnpm 10.27.0

Upgrade next and serwist versions in apps/web/package.json and update the repository packageManager to pnpm@10.27.0 in package.json; regenerate pnpm-lock.yaml.

📍Where to Start

Start with dependency version changes in apps/web/package.json and confirm lockfile updates in pnpm-lock.yaml.

---

Macroscope summarized 11607b6.

[cubic-dev-ai]

1 issue found across 4 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="apps/web/tsconfig.json">

<violation number="1" location="apps/web/tsconfig.json:21">
P1: Specifying `types` restricts TypeScript to only include listed packages globally, excluding all other `@types/*` packages (like `@types/node`, `@types/react`, `@types/react-dom`). Either add all needed types to the array, or consider including the serwist typings via a triple-slash reference in a `.d.ts` file instead.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

package.json (1)

28-28: pnpm@10.27.0 is valid and secure; note the semi-breaking change in virtual store layout.

pnpm@10.27.0 is a legitimate, released version with no associated security advisories or CVEs. However, v10.27.0 includes a semi-breaking change: unscoped packages are now stored under an "@" directory in the global virtual store to maintain a uniform 4-level directory depth. This change may affect scripts or tooling that depend on the previous virtual store path structure, so verify that your build and development workflow are compatible with this layout change.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4278c08 and ad85d52.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• apps/web/package.json
• apps/web/tsconfig.json
• package.json

🧰 Additional context used

📓 Path-based instructions (5)

**/package.json

📄 CodeRabbit inference engine (.cursor/rules/installing-packages.mdc)

Use pnpm as the package manager

Files:

• package.json
• apps/web/package.json

!(pages/_document).{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

Don't use the next/head module in pages/_document.js on Next.js projects

Files:

• package.json
• apps/web/tsconfig.json
• apps/web/package.json

apps/web/**/*.{ts,tsx,js,jsx,json,css}

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

Format code with Prettier

Files:

• apps/web/tsconfig.json
• apps/web/package.json

apps/web/**/*.{example,ts,json}

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

Add environment variables to .env.example, env.ts, and turbo.json

Files:

• apps/web/tsconfig.json
• apps/web/package.json

apps/web/package.json

📄 CodeRabbit inference engine (.cursor/rules/installing-packages.mdc)

Don't install packages in root; install in apps/web workspace instead

Files:

• apps/web/package.json

🧠 Learnings (21)

📚 Learning: 2025-11-25T14:37:45.660Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/installing-packages.mdc:0-0
Timestamp: 2025-11-25T14:37:45.660Z
Learning: Applies to **/package.json : Use `pnpm` as the package manager

Applied to files:

• package.json

📚 Learning: 2025-11-25T14:38:56.992Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:56.992Z
Learning: Use Turborepo with pnpm workspaces for project dependency management

Applied to files:

• package.json

📚 Learning: 2025-11-25T14:42:08.869Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/ultracite.mdc:0-0
Timestamp: 2025-11-25T14:42:08.869Z
Learning: Applies to **/*.{ts,tsx} : Use `import type` for types

Applied to files:

• apps/web/tsconfig.json

📚 Learning: 2025-11-25T14:42:08.869Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/ultracite.mdc:0-0
Timestamp: 2025-11-25T14:42:08.869Z
Learning: Applies to **/*.{ts,tsx} : Don't use user-defined types

Applied to files:

• apps/web/tsconfig.json

📚 Learning: 2025-11-25T14:42:08.869Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/ultracite.mdc:0-0
Timestamp: 2025-11-25T14:42:08.869Z
Learning: Applies to **/*.{ts,tsx} : Use `export type` for types

Applied to files:

• apps/web/tsconfig.json

📚 Learning: 2025-11-25T14:42:08.869Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/ultracite.mdc:0-0
Timestamp: 2025-11-25T14:42:08.869Z
Learning: Applies to **/*.{ts,tsx} : Don't use implicit any type on variable declarations

Applied to files:

• apps/web/tsconfig.json

📚 Learning: 2025-11-25T14:38:07.606Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm.mdc:0-0
Timestamp: 2025-11-25T14:38:07.606Z
Learning: Applies to apps/web/utils/ai/**/*.ts : Use TypeScript types for all LLM function parameters and return values, and define clear interfaces for complex input/output structures

Applied to files:

• apps/web/tsconfig.json

📚 Learning: 2025-11-25T14:42:08.869Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/ultracite.mdc:0-0
Timestamp: 2025-11-25T14:42:08.869Z
Learning: Applies to **/*.{ts,tsx} : Use the namespace keyword instead of the module keyword to declare TypeScript namespaces

Applied to files:

• apps/web/tsconfig.json

📚 Learning: 2025-11-25T14:42:08.869Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/ultracite.mdc:0-0
Timestamp: 2025-11-25T14:42:08.869Z
Learning: Applies to **/*.{ts,tsx} : Don't use any or unknown as type constraints

Applied to files:

• apps/web/tsconfig.json

📚 Learning: 2025-11-25T14:42:08.869Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/ultracite.mdc:0-0
Timestamp: 2025-11-25T14:42:08.869Z
Learning: Applies to **/*.{ts,tsx} : Don't use the any type

Applied to files:

• apps/web/tsconfig.json

📚 Learning: 2025-11-25T14:42:08.869Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/ultracite.mdc:0-0
Timestamp: 2025-11-25T14:42:08.869Z
Learning: Applies to **/*.{ts,tsx} : Don't use primitive type aliases or misleading types

Applied to files:

• apps/web/tsconfig.json

📚 Learning: 2025-11-25T14:42:08.869Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/ultracite.mdc:0-0
Timestamp: 2025-11-25T14:42:08.869Z
Learning: Applies to **/*.{js,jsx,ts,tsx} : Use `with { type: "json" }` for JSON module imports

Applied to files:

• apps/web/tsconfig.json

📚 Learning: 2025-11-25T14:38:37.508Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/prisma-enum-imports.mdc:0-0
Timestamp: 2025-11-25T14:38:37.508Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Always import Prisma enums from `@/generated/prisma/enums` instead of `@/generated/prisma/client` to avoid Next.js bundling errors in client components

Applied to files:

• apps/web/tsconfig.json

📚 Learning: 2025-12-21T12:21:37.794Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-12-21T12:21:37.794Z
Learning: Applies to apps/web/**/*.{ts,tsx} : Use TypeScript with strict null checks

Applied to files:

• apps/web/tsconfig.json

📚 Learning: 2025-11-25T14:42:08.869Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/ultracite.mdc:0-0
Timestamp: 2025-11-25T14:42:08.869Z
Learning: Applies to **/*.{js,jsx,ts,tsx} : Make sure to use the "use strict" directive in script files

Applied to files:

• apps/web/tsconfig.json

📚 Learning: 2025-11-25T14:38:32.328Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/posthog-feature-flags.mdc:0-0
Timestamp: 2025-11-25T14:38:32.328Z
Learning: Applies to **/*.{ts,tsx} : Always define types for A/B test variant flags (e.g., `type PricingVariant = "control" | "variant-a" | "variant-b"`) and provide type safety through type casting

Applied to files:

• apps/web/tsconfig.json

📚 Learning: 2025-11-25T14:42:08.869Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/ultracite.mdc:0-0
Timestamp: 2025-11-25T14:42:08.869Z
Learning: Applies to **/*.{js,jsx,ts,tsx} : Make sure typeof expressions are compared to valid values

Applied to files:

• apps/web/tsconfig.json

📚 Learning: 2025-11-25T14:42:08.869Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/ultracite.mdc:0-0
Timestamp: 2025-11-25T14:42:08.869Z
Learning: Applies to **/*.{js,jsx,ts,tsx} : Use `node:assert/strict` over `node:assert`

Applied to files:

• apps/web/tsconfig.json

📚 Learning: 2025-11-25T14:38:56.992Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:56.992Z
Learning: Main Next.js application is located in `apps/web`

Applied to files:

• apps/web/package.json

📚 Learning: 2025-11-25T14:40:13.649Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/ui-components.mdc:0-0
Timestamp: 2025-11-25T14:40:13.649Z
Learning: Applies to **/*.{tsx,ts,jsx,js} : Use `next/image` package for images

Applied to files:

• apps/web/package.json

📚 Learning: 2025-11-25T14:40:15.063Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/ui-components.mdc:0-0
Timestamp: 2025-11-25T14:40:15.063Z
Learning: Applies to **/*.{tsx,ts} : Use `next/image` package for images

Applied to files:

• apps/web/package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Baz Reviewer
• GitHub Check: cubic · AI code reviewer
• GitHub Check: test
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (3)

apps/web/tsconfig.json (1)

21-23: LGTM!

Adding the serwist type declarations to the TypeScript compiler options is the correct approach for enabling ambient typings. This aligns well with the serwist package updates in the PR.

apps/web/package.json (2)

78-78: No action needed: @serwist/next and serwist versions are compatible.

The @serwist/next 9.2.3 package has no peer dependency constraint on serwist version—it only requires next >=14.0.0 and typescript >=5.0.0. Both packages are in the v9 series and serwist 9.4.2 is a patch release with no breaking changes. Patch version differences between related packages are normal and acceptable.

Likely an incorrect or invalid review comment.

---

200-200: serwist 9.4.2 is compatible with Next.js 16.1.1, but verify Next.js 16 configuration requirements.

serwist 9.4.2 is compatible with Next.js 16.1.1. However, ensure the following Next.js 16 considerations are addressed:

• Turbopack support: Service-worker development and local PWA testing are not fully supported by Turbopack. Run next dev --webpack for PWA testing if needed.
• Async-only request APIs: Next.js 16 made cookies, headers, draftMode, and params/searchParams async-only. Update service-worker and API route code to use async patterns.
• Node and TypeScript versions: Next.js 16 requires Node ≥ 20.x and TypeScript ≥ 5.x.
• Middleware conventions: Next.js 16 changed middleware naming and behavior; update if Serwist integration uses old conventions.

No explicit breaking changes were found between serwist 9.2.3 and 9.4.2 specifically.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​serwist/​next@​9.2.3 ⏵ 9.4.2			+1	+4

View full report