chore(deps): bump next to non-vulnerable versions

[wotschofsky]

Summary

Upgrade all next installations to their respective non-vulnerable patch version.

We are getting notifications from our security tooling and would like to resolve those. I see that at least for the packages, next is only used for types. But since you've pinned exact versions, we cannot just upgrade next ourselves. Upgrading to non-vulnerable version should help silence these error messages.

Testing

Business logic tests added:

none

Visuals

none

Checklist

none

[Copilot]

Pull request overview

This PR upgrades Next.js across multiple packages to address security vulnerabilities by moving to the latest non-vulnerable patch releases within each minor version series.

• Upgrades next from 15.3.1 to 15.3.6 in demo applications
• Upgrades next from 15.2.4 to 15.2.6 in React and compiler packages
• Updates the pnpm lockfile with corresponding dependency resolutions and SWC compiler binaries

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.

File	Description
pnpm-lock.yaml	Updates Next.js version resolutions, SWC compiler binaries (15.2.5 and 15.3.5), and transitive dependencies like caniuse-lite and detect-libc
packages/react/package.json	Upgrades Next.js from 15.2.4 to 15.2.6 in both devDependencies and peerDependencies
packages/compiler/package.json	Upgrades Next.js from 15.2.4 to 15.2.6 in devDependencies
demo/next-app/package.json	Upgrades Next.js from 15.3.1 to 15.3.6 in dependencies

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.