Upgrading to Next 15: End-to-End Tests and CVE Fixes
TL;DR: I upgraded the VibeCoding project to Next 15, resolving several CVEs and enhancing end-to-end tests. This technical deep-dive explores the changes made and lessons learned.
The Problem
The project was running on an older version of Next.js, which had several known vulnerabilities (CVEs) that needed to be addressed. Specifically, the project was using version 14.x, and there were several high-severity CVEs reported for this version. Additionally, the end-to-end tests were not comprehensive, and there was a need to improve test coverage.
What I Tried First
Initially, I attempted to upgrade to Next 15 using the automated upgrade tool provided by Next.js. However, this process encountered several issues, including conflicts with custom plugins and outdated dependencies.
npm install next@latest
This command updated the package.json file, but several manual changes were required to complete the upgrade.
The Implementation
The upgrade involved several key steps:
Step 1: Update package.json and Lockfiles
I updated the package.json file to reflect the new version of Next.js and ran npm install to update the lockfiles.
// package.json
"dependencies": {
"next": "^15.0.0",
// ...
}
Step 2: Resolve CVEs
I identified and addressed several CVEs reported for the previous version of Next.js. This involved updating dependencies and modifying code to prevent exploitation.
// content/2026/07/11/VS/changelog.md
## 2026-07-11 VS
### Changed
- Bumped version to 1.7.0 in `package.json`, `apps/api/package.json`, and updated lockfiles:
- `package-lock.json` (version updated from 1.6.1 to 1.7.0)
Step 3: Enhance End-to-End Tests
I added new end-to-end tests to ensure better coverage of the application's functionality. This involved using a testing framework like Cypress to write and run tests.
// cypress/integration/dashboard.spec.js
describe('Dashboard', () => {
it('renders successfully', () => {
cy.visit('/dashboard');
cy.get('h1').should('contain', 'VibeCoding Dashboard');
});
});
Key Takeaway
The key takeaway from this experience is the importance of regularly updating dependencies and addressing known vulnerabilities. This not only improves the security of the application but also ensures compatibility with the latest features and fixes.
What's Next
The next step is to continue improving the test coverage and exploring new features in Next 15. This includes leveraging new APIs and components to enhance the application's functionality and user experience.
npm run test:e2e
By following these steps and taking a proactive approach to maintenance and testing, I can ensure the VibeCoding project remains secure, efficient, and scalable.
vibecoding #buildinpublic #nextjs #security
Part of my Build in Public series — sharing the real process of building SaaS projects from Playa del Carmen, México.
Repo: zaerohell/content-automation · 2026-07-12
#playadev #buildinpublic
Top comments (0)