diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index c3564cef..d7f09579 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -3412,6 +3412,11 @@ packages:
     engines: {node: '>=10'}
     hasBin: true
 
+  semver@7.8.0:
+    resolution: {integrity: sha512-AcM7dV/5ul4EekoQ29Agm5vri8JNqRyj39o0qpX6vDF2GZrtutZl5RwgD1XnZjiTAfncsJhMI48QQH3sN87YNA==}
+    engines: {node: '>=10'}
+    hasBin: true
+
   send@1.2.1:
     resolution: {integrity: sha512-1gnZf7DFcoIcajTjTwjwuDjzuz4PPcY2StKPlsGAQ1+YH20IRVrBaXSWmdjowTJ6u8Rc01PoYOGHXfP1mYcZNQ==}
     engines: {node: '>= 18'}
@@ -5791,7 +5796,7 @@ snapshots:
       '@petamoriken/float16': 3.9.3
       debug: 4.4.3
       env-paths: 3.0.0
-      semver: 7.7.4
+      semver: 7.8.0
       shell-quote: 1.8.3
       which: 4.0.0
     transitivePeerDependencies:
@@ -6452,6 +6457,8 @@ snapshots:
 
   semver@7.7.4: {}
 
+  semver@7.8.0: {}
+
   send@1.2.1:
     dependencies:
       debug: 4.4.3
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index a7afc8aa..89c32f6a 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -12,7 +12,7 @@ catalogs:
     vitest: 3.1.3
   security:
     '@clerk/nextjs': 6.39.3
-    next: 15.5.15
+    next: 15.5.18
     vite: 8.0.9
 
 # Supply-chain hardening — see skills/stash-supply-chain-security/