3 months ago
Hey Railway Team,
I’m unable to deploy my Next.js application on Railway. During deployment, I keep getting an error saying that a security vulnerability is detected and it suggests upgrading Next.js to v15.2.8.
I’ve already upgraded my project to Next.js 15.2.8, verified it in my package.json, reinstalled dependencies, and redeployed — but I’m still getting the same error.
This is extremely frustrating because my client’s production app is currently down, and I’m blocked from deploying any fixes.
Things I’ve already tried:
Upgraded Next.js to 15.2.8
Redeployed multiple times
Confirmed the version locally and in package.json
If anyone has faced this issue before or knows a solution/workaround, please help. This is urgent.
Thanks in advance
6 Replies
3 months ago
Did you push the fix that updates Next to 15.2.8?
3 months ago
Delete your package-lock.json file and node_modules file (locally) and run npm install.
3 months ago
The problem is a mismatch between the lock file and the package.json file.
3 months ago
And then push the new package-lock.json file
3 months ago
It's not always a mismatch, you could also have transient dependencies that depend on a vulnerable version.