chore: downgrade Next.js to 15.3.2 to support the open-next adapter

[dario-piotrowicz]

Description

Currently the open-next build of the site is quite broken (I think that went unnoticed because the CI check got disabled due to flakes?) and I am trying to get it back into a good shape

One thing I noticed is that currently the site uses Next.js 15.4.3, unfortunately that's not supported by the open-next adapter:
https://github.com/opennextjs/opennextjs-cloudflare/blob/d07f4cf2e59a68a54d01f0c9b0a6d0f9ebd3268a/packages/cloudflare/src/cli/build/build.ts#L100-L108

@vicb will be working into supporting that as soon as possible, however likely he won't be able to do it until around the end of August.

So I am opening this PR to downgrade the Next.js version so that the site uses a version that is supported by open-next. I hope this is acceptable (and as we discussed, generally open-next might indeed fall a bit behind the official Next.js releases, so this should hopefully not be completely surprising).

Validation

I manually checked the open-next built of the site locally and with this change it works as expected.

Related Issues

Check List

• I have read the Contributing Guidelines and made commit messages that follow the guideline.
• I have run pnpm format to ensure the code follows the style guide.
• I have run pnpm test to check if all tests are passing.
• I have run pnpm build to check if the website builds without errors.
• I've covered new added functionality with unit tests if necessary.

[Copilot]

Pull Request Overview

This PR downgrades Next.js from version 15.4.3 to 15.3.2 to restore compatibility with the open-next adapter for Cloudflare deployment. The open-next build is currently broken due to version incompatibility, and this change addresses the issue until the adapter can support newer Next.js versions.

• Downgrade Next.js dependency to maintain open-next adapter compatibility
• Restore functionality for Cloudflare deployment builds

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
nodejs-org	✅ Ready (Inspect)	Visit Preview	Jul 24, 2025 3:32pm

[MattIPv4]

I'm okay with this downgrade and the low sev vuln it reintroduces, but @nodejs/web-infra / @nodejs/nodejs-website do y'all know if the dependency review check will error on every subsequent PR if we force-merge this, or if it truly only checks the diff?

[MattIPv4]

I flagged this in Slack, but it'd be good to make sure that open-next actually has a correctly defined peerDependencies so we can't update next to a version that is incompatible (though that also worries me that open-next is so restrictive about what versions it is compatible with and might hold us back)?

[avivkeller]

I'm okay with this downgrade and the low sev vuln it reintroduces, but @nodejs/web-infra / @nodejs/nodejs-website do y'all know if the dependency review check will error on every subsequent PR if we force-merge this, or if it truly only checks the diff?

It only checks the diff

[ovflowd]

Downgrading to 15.3.2 will break static builds using Turborepo.

[ovflowd]

+ there's a security vulnerability

[MattIPv4]

Ah yes, if this is gonna break static builds, then it's probably a no-go 👍

[github-actions]

Lighthouse Results

URL	Performance	Accessibility	Best Practices	SEO	Report
/en	🟢 94	🟢 100	🟢 100	🟢 100	🔗
/en/about	🟢 100	🟢 97	🟢 100	🟠 88	🔗
/en/about/previous-releases	🟢 99	🟢 93	🟢 100	🟠 89	🔗
/en/download	🟢 95	🟢 100	🟢 100	🟢 100	🔗
/en/blog	🟢 100	🟢 100	🟢 96	🟢 100	🔗

[avivkeller]

I'm against downgrading to a known vulnerable version.

Static builds no work

[ovflowd]

I understand this might be frustrating, @dario-piotrowicz as we are updating versions and y'all are doing the thankless work of keeping it up to date. I believe as @MattIPv4 mentioned, going forward best we can do is to ensure that we don't upgrade before OpenNext states a version being compatible.

It's not like we have a rush to upgrade. Things are stable. But eventually we of course appreciate being on the latest versions that are safe and stable and ensure we don't stay too behind 😅

[dario-piotrowicz]

I'm against downgrading to a known vulnerable version.

Understandable 👍 (although the vulnerability seems to be low risk)

[dario-piotrowicz]

I understand this might be frustrating, @dario-piotrowicz as we are updating versions and y'all are doing the thankless work of keeping it up to date. I believe as @MattIPv4 mentioned, going forward best we can do is to ensure that we don't upgrade before OpenNext states a version being compatible.

We would have caught that sooner I believe, if the CI open-next build test wasn't disabled, I apologize for that (I assume that it's been disabled because of the flakiness?), hopefully once it's reinstated (and de-flaked) it should help preventing this type of issues

It's not like we have a rush to upgrade. Things are stable. But eventually we of course appreciate being on the latest versions that are safe and stable and ensure we don't stay too behind 😅

Indeed, there's no particular rush, I'm ok waiting for the adapter to support 13.4 (although it'll likely take a minute).

I think we can discuss this further with the Cloudflare team, I don't know if there are any SLAs/guarantees or mitigations that we can make around this, but it's definitely something worth discussing (as this issue is not going away).

[dario-piotrowicz]

Closing the PR as there seem to be a clear consensus here that no downgrade of Next.js should happen at this point.

Unfortunately that means that the open-next build won't be functioning for the time being, please let me know if I should open an issue or update the documentation regarding this.