Skip to content

build(deps): bump the npm_and_yarn group across 1 directory with 2 updates#6

Merged
Param-10 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-2517be5de4
Jun 23, 2026
Merged

build(deps): bump the npm_and_yarn group across 1 directory with 2 updates#6
Param-10 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-2517be5de4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 2 updates in the / directory: next and postcss.

Updates next from 16.2.0 to 16.2.9

Release notes

Sourced from next's releases.

v16.2.9

Empty release to ensure next@latest points at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.

v16.2.8

Release with no changes in an attempt to fix next@latest pointing at a prerelease version.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Backport documentation fixes for v16.2 (#93804)
  • [backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)
  • [backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)
  • [backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)
  • [backport] Encode non-ASCII characters in cache tags at construction (#93918)
  • [backport] Fix server action forwarding loop with middleware rewrites (#93919)
  • [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
  • [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
  • [backport] Fix "type: module" in project dir when using standalone or adapters (#94050)
  • [backport] Propagate adapter preferred regions (#94200)
  • [16.2.x] Don't drop FormData entries (#94240)
  • [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @​eps1lon, @​icyJoseph, @​unstubbable, @​mischnic, @​bgw, @​timneutkens, and @​lukesandberg for helping!

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

Moderate:

... (truncated)

Commits
  • f37fad9 v16.2.9
  • d9aaaed [cd] Allow tagging semver-lower releases as @latest if @latest po… (#94627)
  • 6f16804 v16.2.8
  • 0dbc1d5 [16.2.x][cd] Ensure release can be triggered on old branches (#94598)
  • 90e3c81 [16.2.x] Align Actions dependencies with Canary (#94339)
  • 83f402c [16.2.x][cd] Stop fetching all tags when searching parent tag (#94334)
  • 411c455 v16.2.7
  • c63224f [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolut...
  • 63115c7 [16.2.x] Don't drop FormData entries (#94240)
  • aef22fd [backport] Propagate adapter preferred regions (#94200)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.


Updates postcss from 8.5.9 to 8.5.10

Release notes

Sourced from postcss's releases.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).
Changelog

Sourced from postcss's changelog.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

…dates

Bumps the npm_and_yarn group with 2 updates in the / directory: [next](https://github.com/vercel/next.js) and [postcss](https://github.com/postcss/postcss).


Updates `next` from 16.2.0 to 16.2.9
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.2.0...v16.2.9)

Updates `postcss` from 8.5.9 to 8.5.10
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.9...8.5.10)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 16.2.9
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 23, 2026
@vercel

vercel Bot commented Jun 23, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
polaris Ready Ready Preview, Comment Jun 23, 2026 7:03pm

@Param-10 Param-10 merged commit 73b2b41 into main Jun 23, 2026
5 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm_and_yarn-2517be5de4 branch June 23, 2026 19:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant