Skip to content

chore(deps): bump next from 16.1.7 to 16.2.6#987

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/next-16.2.6
Open

chore(deps): bump next from 16.1.7 to 16.2.6#987
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/next-16.2.6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 30, 2026
edited by cursor Bot
Loading

Copy link
Copy Markdown

Bumps next from 16.1.7 to 16.2.6.

Release notes

Sourced from next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

Moderate:

Low:

Core Changes

  • fix: preserve HTTP access fallbacks during prerender recovery (#92231)
  • Fix fallback route params case in app-page handler (#91737)
  • Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)
  • Patch setHeader for direct route handlers (#93101)
  • Include deployment id in cacheHandlers keys (#93453)
  • Fix double-encoding of URL pathname parts in client param parsing (#93491)

v16.2.5

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

... (truncated)

Commits
  • ee6e79b v16.2.6
  • afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
  • 97a154e Turbopack: Fix middleware matcher suffix (#93590)
  • 83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
  • 7b222b9 [backport][test] Pin package manager to patch versions (#93595)
  • a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
  • 766148f v16.2.5
  • 0dd9483 fix: add explicit checks for RSC header (#83) (#98)
  • d166096 fix proxy matching for segment prefetch URLs (#89) (#96)
  • 9d50c0b Strip next-resume header from incoming requests (#92)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.


Note

Medium Risk
Patch-level Next.js upgrade with many security fixes (middleware/RSC/SSR), which can affect routing, i18n middleware, and builds even though only deps changed.

Overview
Upgrades the docs site’s Next.js dependency from 16.1.7 to 16.2.6 in package.json, with pnpm-lock.yaml refreshed so nextra, nextra-theme-docs, and @next/third-parties resolve against the new next version (platform @next/swc-* packages and related transitive bumps such as caniuse-lite, sharp helpers, and @swc/helpers).

There are no application source changes—only the framework version and lockfile. @next/third-parties remains pinned at 16.1.7 while peer-resolving to next@16.2.6.

Reviewed by Cursor Bugbot for commit abbb682. Bugbot is set up for automated code reviews on this repo. Configure here.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 30, 2026
@vercel

vercel Bot commented May 30, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs Error Error Jun 12, 2026 11:59pm

Request Review

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-16.2.6 branch from bf44c11 to 05999bd Compare May 30, 2026 23:21
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-16.2.6 branch from 05999bd to 26f8dd6 Compare June 3, 2026 23:09
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-16.2.6 branch from 26f8dd6 to e87d9c6 Compare June 4, 2026 23:58
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-16.2.6 branch from e87d9c6 to a69afe8 Compare June 8, 2026 19:03
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-16.2.6 branch from a69afe8 to f59fb05 Compare June 8, 2026 23:02
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-16.2.6 branch from f59fb05 to 74c3893 Compare June 9, 2026 23:43
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-16.2.6 branch from 74c3893 to df6555b Compare June 11, 2026 16:58
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-16.2.6 branch from df6555b to 7995168 Compare June 12, 2026 10:17
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-16.2.6 branch from 7995168 to 21f1c97 Compare June 12, 2026 17:59
@dependabot
chore(deps): bump next from 16.1.7 to 16.2.6
abbb682 
Bumps [next](https://github.com/vercel/next.js) from 16.1.7 to 16.2.6.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.1.7...v16.2.6)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 16.2.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-16.2.6 branch from 21f1c97 to abbb682 Compare June 12, 2026 23:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants