chore(deps): bump next 15.2.9→15.5.18 + drizzle-orm 0.38.4→0.45.2 (Phase 1b/c)

Security-driven version bumps; both stay within their existing major.

next 15.2.9 → 15.5.18 closes (1 high + 6 moderate next-specific CVEs):
- DoS via Server Components (high)
- Image Optimizer cache key confusion / content injection (moderate)
- Improper middleware redirect handling → SSRF (moderate)
- HTTP request smuggling in rewrites (moderate)
- Unbounded next/image disk cache growth → storage exhaustion (moderate)
- Self-hosted DoS via Image Optimizer remotePatterns (moderate)

drizzle-orm 0.38.4 → 0.45.2 closes:
- SQL injection via improperly escaped SQL identifiers (high)

Drizzle 0.45 changed query-error wrapping: outer Error.message is now
generic ("Failed query: insert into ...") with the postgres error on
.cause. Two integration test suites updated to assert on
cause.code === '23505' (postgres unique_violation) instead of message
regex — more robust + unambiguous.

eslint-config-next bumped 15.2.9 → 15.5.18 to match.
drizzle-kit bumped 0.30.6 → 0.31.10 to match.

Note: next-env.d.ts is auto-generated by next at build time; not
committed here (the new triple-slash routes reference would fail the
project's eslint rule, and CI regenerates it anyway).

Tests: 1185/1185 vitest passing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

package.json

@@ -66,7 +66,7 @@
     "clsx": "^2.1.1",
     "cmdk": "^1.1.1",
     "date-fns": "^4.1.0",
-    "drizzle-orm": "^0.38.4",
+    "drizzle-orm": "^0.45.2",
     "imapflow": "^1.3.3",
     "ioredis": "^5.10.1",
     "iso-3166-2": "^1.0.0",
@@ -75,7 +75,7 @@
     "lucide-react": "^0.460.0",
     "mailparser": "^3.9.8",
     "minio": "^8.0.7",
-    "next": "15.2.9",
+    "next": "15.5.18",
     "next-themes": "^0.4.6",
     "nodemailer": "^6.10.1",
     "openai": "^6.37.0",
@@ -114,10 +114,10 @@
     "@vitest/coverage-v8": "^4.1.5",
     "autoprefixer": "^10.5.0",
     "dotenv": "^17.4.2",
-    "drizzle-kit": "^0.30.6",
+    "drizzle-kit": "^0.31.10",
     "esbuild": "^0.25.12",
     "eslint": "^9.39.4",
-    "eslint-config-next": "15.2.9",
+    "eslint-config-next": "15.5.18",
     "eslint-config-prettier": "^9.1.2",
     "husky": "^9.1.7",
     "lint-staged": "^15.5.2",

tests/integration/ownership-transfer.test.ts

@@ -69,6 +69,8 @@ describe('transferOwnership', () => {
         endDate: null,
         createdBy: 'test',
       }),
-    ).rejects.toThrow(/duplicate key/i);
+    ).rejects.toMatchObject({
+      cause: expect.objectContaining({ code: '23505' }),
+    });
   });
 });

tests/integration/schema-constraints.test.ts

@@ -64,7 +64,9 @@ describe('schema constraints', () => {
           endDate: null, // another open row — should violate partial unique
           createdBy: 'test',
         }),
-      ).rejects.toThrow(/duplicate key|unique/i);
+      ).rejects.toMatchObject({
+        cause: expect.objectContaining({ code: '23505' }),
+      });
     },
   );
 
@@ -104,7 +106,9 @@ describe('schema constraints', () => {
         startDate: new Date(),
         createdBy: 'test',
       }),
-    ).rejects.toThrow(/duplicate key|unique/i);
+    ).rejects.toMatchObject({
+      cause: expect.objectContaining({ code: '23505' }),
+    });
   });
 
   itDb(
@@ -154,7 +158,9 @@ describe('schema constraints', () => {
 
     await expect(
       db.insert(companies).values({ portId: port.id, name: 'AEGEAN HOLDINGS' }),
-    ).rejects.toThrow(/duplicate key|unique/i);
+    ).rejects.toMatchObject({
+      cause: expect.objectContaining({ code: '23505' }),
+    });
   });
 
   itDb('allows same-name companies in different ports', async () => {