[Snyk] Security upgrade next from 13.4.12 to 16.1.7

[snyk-io]

Snyk has created this PR to fix 2 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

• usage-based-subscriptions/package.json
• usage-based-subscriptions/pnpm-lock.yaml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-NEXT-15674556	545
	HTTP Request Smuggling SNYK-JS-NEXT-15674558	515

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[snyk-io]

This is a major upgrade across three versions (v14, v15, and v16) of Next.js, introducing a very high number of significant breaking changes. A direct upgrade is not feasible and will require a multi-stage migration with substantial code refactoring. The risk of production impact without a thorough migration plan is high.

Key Breaking Changes

1. Environment and Build System:

• Node.js Requirement: The minimum required Node.js version is now 20.9+. Support for Node.js 16 and 18 has been dropped.
• React 19 Upgrade: Next.js 15 and later require React 19, which has its own breaking changes (e.g., useFormState is replaced by useActionState).
• Turbopack is Default: Turbopack is now the default bundler. Custom Webpack configurations will break and must be migrated or explicitly opted out of by using the --webpack flag.

2. API and Data Fetching:

• Async Request APIs: This is a fundamental change. Access to cookies, headers, params, and searchParams is now asynchronous and must be awaited. This will affect nearly all pages, layouts, and components that use this data.
• Caching is Now Opt-In: The caching model has been inverted. fetch requests, GET Route Handlers, and client-side navigations are no longer cached by default. You must explicitly opt-in to caching to retain previous behavior.

3. Deprecated and Removed Features:

• next export Removed: The next export command is gone. Use the output: 'export' setting in next.config.js for static exports.
• middleware.ts Replaced: middleware.ts is deprecated in favor of proxy.ts and now only supports the Node.js runtime. Edge runtime support for middleware is removed.
• **next lint Removed

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.