Skip to content

chore(dev-deps)(deps-dev): bump the build-tools group across 1 directory with 3 updates#478

Open
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/npm_and_yarn/dev/build-tools-7357b974ea
Open

chore(dev-deps)(deps-dev): bump the build-tools group across 1 directory with 3 updates#478
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/npm_and_yarn/dev/build-tools-7357b974ea

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 9, 2026
edited
Loading

Bumps the build-tools group with 3 updates in the / directory: @next/bundle-analyzer, autoprefixer and postcss.

Updates @next/bundle-analyzer from 16.1.5 to 16.2.4

Release notes

Sourced from @​next/bundle-analyzer's releases.

v16.2.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • chore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (#92713)
  • Turbopack: fix filesystem watcher config not applying follow_symlinks(false) (#92631)
  • Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (#92580)
  • Compiler: Support boolean and number primtives in next.config defines (#92731)
  • turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during recomputation (#92725)
  • Turbopack: shorter error for ChunkGroupInfo::get_index_of (#92814)
  • Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (#92828)
  • Adding more system info to the 'initialize project' trace (#92427)

Credits

Huge thanks to @​Badbird5907, @​lukesandberg, @​andrewimm, @​sokra, and @​mischnic for helping!

v16.2.3

[!NOTE] This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.

Core Changes

  • Ensure app-page reports stale ISR revalidation errors via onRequestError (#92282)
  • Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#91981 through #92273)
  • Deduplicate output assets and detect content conflicts on emit (#92292)
  • Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
  • turbo-tasks-backend: stability fixes for task cancellation and error handling (#92254)

Credits

Huge thanks to @​icyJoseph, @​sokra, @​wbinnssmith, @​eps1lon and @​ztanner for helping!

v16.2.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • backport: Move expanded adapters docs to API reference (#92115) (#92129)
  • Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
  • [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
  • next.config.js: Accept an option for serverFastRefresh (#91968)
  • Turbopack: enable server HMR for app route handlers (#91466)
  • Turbopack: exclude metadata routes from server HMR (#92034)
  • Fix CI for glibc linux builds
  • Backport: disable bmi2 in qfilter #92177
  • [backport] Fix CSS HMR on Safari (#92174)

... (truncated)

Commits

Updates autoprefixer from 10.4.23 to 10.5.0

Release notes

Sourced from autoprefixer's releases.

10.5.0 “Each Endeavouring, All Achieving”

  • Added mask-position-x and mask-position-y support (by @​toporek).

10.4.27

  • Removed development key from package.json.

10.4.26

  • Reduced package size.

10.4.25

  • Fixed broken gradients on CSS Custom Properties (by @​serger777).

10.4.24

  • Made Autoprefixer a little faster (by @​Cherry).
Changelog

Sourced from autoprefixer's changelog.

10.5.0 “Each Endeavouring, All Achieving”

  • Added mask-position-x and mask-position-y support (by @​toporek).

10.4.27

  • Removed development key from package.json.

10.4.26

  • Reduced package size.

10.4.25

  • Fixed broken gradients on CSS Custom Properties (by @​serger777).

10.4.24

  • Made Autoprefixer a little faster (by @​Cherry).
Commits

Updates postcss from 8.5.6 to 8.5.12

Release notes

Sourced from postcss's releases.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).
Changelog

Sourced from postcss's changelog.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).
Commits
  • 9bc81c4 Release 8.5.12 version
  • 85c4d7d Another try to fix coverage
  • 94484ca Try to fix coverage
  • c64b748 Load only .map source maps
  • aaec7b7 Avoid throwing JSON parsing errors for non-JSON source maps
  • 233fb26 Mention original author of the solution
  • 2502f75 Release 8.5.11 version
  • 5ca1901 Speed up parsing many nested brackets
  • 42b5337 Update dependencies
  • 7e36e15 Cache node.raws locally in Stringifier hot methods
  • Additional commits viewable in compare view

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Mar 9, 2026

Assignees

The following users could not be added as assignees: KaustavGhosh, kaustavghosh. Either they do not exist or they do not have the correct permissions to be added as an assignee.

Milestone

The specified milestone could not be found on this repository. If you view a milestone, the final part of the page URL, after milestone, is the identifier. For example: https://github.com/<org>/<repo>/milestone/3.

Labels

The following labels could not be found: auto-merge-candidate, dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@netlify
Copy link
Copy Markdown

netlify Bot commented Mar 9, 2026
edited
Loading

Deploy Preview for familiarise canceled.

Name Link
🔨 Latest commit 17b605c
🔍 Latest deploy log https://app.netlify.com/projects/familiarise/deploys/69eed947f7116b0008ecffc4

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dev/build-tools-7357b974ea branch from ab96038 to bd6fb3c Compare March 16, 2026 03:35
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dev/build-tools-7357b974ea branch 2 times, most recently from 99dd8bd to 0687920 Compare March 26, 2026 12:36
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dev/build-tools-7357b974ea branch 2 times, most recently from 3b5d9c3 to 42283c3 Compare April 6, 2026 00:41
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dev/build-tools-7357b974ea branch 2 times, most recently from b19752d to 050ea4b Compare April 20, 2026 03:34
@dependabot
chore(dev-deps)(deps-dev): bump the build-tools group across 1 direct…
17b605c 
…ory with 3 updates

Bumps the build-tools group with 3 updates in the / directory: [@next/bundle-analyzer](https://github.com/vercel/next.js/tree/HEAD/packages/next-bundle-analyzer), [autoprefixer](https://github.com/postcss/autoprefixer) and [postcss](https://github.com/postcss/postcss).


Updates `@next/bundle-analyzer` from 16.1.5 to 16.2.4
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v16.2.4/packages/next-bundle-analyzer)

Updates `autoprefixer` from 10.4.23 to 10.5.0
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md)
- [Commits](postcss/autoprefixer@10.4.23...10.5.0)

Updates `postcss` from 8.5.6 to 8.5.12
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.6...8.5.12)

---
updated-dependencies:
- dependency-name: "@next/bundle-analyzer"
  dependency-version: 16.1.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: build-tools
- dependency-name: autoprefixer
  dependency-version: 10.4.27
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: build-tools
- dependency-name: postcss
  dependency-version: 8.5.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: build-tools
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dev/build-tools-7357b974ea branch from 050ea4b to 17b605c Compare April 27, 2026 03:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants