You didn't change a single dependency and yet your build is suddenly failing. It is a frustrating situation that often points to a critical update in your underlying environment. A remote code execution vulnerability in Next.js 15.x and 16.x App Router has been identified and it requires immediate patching to secure your applications. Additionally, Composer 2.9 has landed on Upsun PHP images. Here is the breakdown: Security patches are now required for specific Next.js versions to prevent remote execution. Composer 2.9 is being shipped as is to ensure environments stay current. Fresh dependencies are essential for maintaining a secure and functional workflow. You have options to resolve build failures and get back to shipping code.…