diff --git a/starters/nextjs/shopify-ecommerce/pnpm-lock.yaml b/starters/nextjs/shopify-ecommerce/pnpm-lock.yaml
index adc84167..4949ba86 100644
--- a/starters/nextjs/shopify-ecommerce/pnpm-lock.yaml
+++ b/starters/nextjs/shopify-ecommerce/pnpm-lock.yaml
@@ -1822,6 +1822,7 @@ packages:
   next@15.0.3:
     resolution: {integrity: sha512-ontCbCRKJUIoivAdGB34yCaOcPgYXr9AAkV/IwqFfWWTXEPUgLYkSkqBhIk9KK7gGmgjc64B+RdoeIDM13Irnw==}
     engines: {node: ^18.18.0 || ^19.8.0 || >= 20.0.0}
+    deprecated: This version has a security vulnerability. Please upgrade to a patched version. See https://nextjs.org/blog/CVE-2025-66478 for more details.
     hasBin: true
     peerDependencies:
       '@opentelemetry/api': ^1.1.0