chore(deps): bump next from 16.1.7 to 16.2.0

[dependabot]

Bumps next from 16.1.7 to 16.2.0.

Release notes

Sourced from next's releases.

v16.2.0

[!TIP]
Check out our Next v16.2 Blog Post to learn more about this release.

Core Changes

• Upgrade React from f93b9fd4-20251217 to 65eec428-20251218: #87323
• Turbopack: Create junction points instead of symlinks on Windows: #87606
• Turbopack: Symlink handling follow-up: #87637
• Add experimental routing package for resolving adapter routes: #86404
• Ensure outputs are correct with cache components in deployment adapters: #87018
• Move off of deprecated url.parse: #87257
• [strict-route-types] Add experimental.strictRouteTypes config: #87378
• misc: fix type check log for CI envs: #87838
• fix: revalidateTag with profile should not trigger client cache invalidation: #88069
• chore: warn when running tests against stale build: #88001
• Redesign default error pages with cleaner, more user-friendly UI: #87988
• dx: avoid next-env.d.ts change in dev: #88103
• prevent browser cache from using stale RSC responses from previous builds: #86554
• [strict-route-types] Typecheck App Router page props: #87386
• [strict-route-types] Enforce common React Component return types in App Router: #87389
• [strict-route-types] Switch to satisfies when validating page and route modules: #87398
• [strict-route-types] Don't reject number in config.api.bodyParser.sizeLimit when validating route: #87633
• Revert "dx: avoid next-env.d.ts change in dev": #88153
• [strict-route-types] Typecheck pages router routes in absence of App Router: #87628
• [strict-route-types] Ensure cache profiles and routes are type-checked even if .next is excluded: #87768
• add compilation error for taint when not enabled: #88173
• feat(next/image)!: add images.maximumResponseBody config: #88183
• Add maximum size limit for postponed body parsing: #88175
• metadata: use fixed segment in dynamic routes with static metadata files: #88113
• feat: add --experimental-cpu-prof flag for dev, build, and start: #87946
• Add experimental option to use no-cache instead of no-store in dev: #88182
• fix overlay frames cannot be opened sometimes: #88210
• Handle pnpm-workspace.yaml while searching for monorepo root: #74818
• Add more debug logs to 'use cache' wrapper: #88219
• Omit unused arguments from 'use cache' function calls: #86920
• Only log pending revalidates... debug log if applicable: #88221
• fix(next/image): bump sharp@0.34.5: #88238
• Disallow javascript urls in router methods and redirects: #88185
• Fix relative same host redirects in node middleware: #88253
• Remove loadConfig from main development process, pass value from child process: #88230
• Update deploy adapters outputs and handler interfaces for node and edge: #88247
• Move Ready in time before handler initialization: #88235
• next/image: support custom cache handlers: #88248
• feat: add Claude Code plugin marketplace with Cache Components skill: #87993
• refactor: consolidate PPR into cacheComponents architecture: #88243
• Turbopack: include fewer traced files for standalone: #88322
• feat(turbopack): add resolve plugin condition variant of Always and Never: #88190
• perf: use length = 0 to clear the logging array: #88244
• Time logs: Show full millisecond instead of 1 decimal: #88313

... (truncated)

Commits

• c5c94df v16.2.0
• 649d302 Unflake router events deploy test (#91589)
• bcd9c19 docs: Clarify ignoreBuildErrors behavior (#91367)
• 3683192 v16.2.0-canary.104
• b61823d SRI turbopack documentation (#90477)
• 0ca967b Add group depth tracking to instant validation boundary discovery (#91208)
• a41bef9 improve allowedDevOrigins error (#91521)
• 75c51c6 Turbopack: Use debug = "line-tables-only" for dev builds (#91539)
• 39e705c Turbopack: Merge release-with-assertions-no-lto profile into release-with-ass...
• 4de2201 [turbopack] Share scratch buffer across shards using thread local (#90167)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
volvox-website	Ready	Preview, Comment	Mar 19, 2026 11:37pm

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.

[greptile-apps]

Greptile Summary

This PR is a Dependabot-generated minor version upgrade of next from 16.1.7 to 16.2.0, along with a consistent update to pnpm-lock.yaml to reflect the new resolved packages.

• package.json: next pinned version changed from 16.1.7 → 16.2.0.
• pnpm-lock.yaml: All @next/* packages, platform SWC binaries, and dependent peer-resolution strings (@sentry/nextjs, @vercel/analytics, @vercel/speed-insights, @next/third-parties) updated to reference 16.2.0. Two transitive packages also received patch bumps consistent with the new release: @emnapi/runtime (1.9.0 → 1.9.1) and baseline-browser-mapping (2.10.8 → 2.10.9).
• The lock file is internally consistent — no version mismatches or stale references detected.
• Notable changes in 16.2.0 include: disallowing javascript: URLs in router methods/redirects (security improvement), a new images.maximumResponseBody config for next/image, redesigned default error pages, experimental.strictRouteTypes support, and various Turbopack improvements.

Confidence Score: 5/5

• This PR is safe to merge — it is a routine minor version bump with no application code changes.
• The change is a pure dependency version upgrade generated by Dependabot. The lock file is fully consistent with the version change, all peer-dependency resolution strings are correctly updated, and the 16.1.x → 16.2.x bump is a minor release with no breaking changes flagged. No application source files were modified.
• No files require special attention.

Important Files Changed

Filename	Overview
package.json	Bumps next dependency from 16.1.7 to 16.2.0; no other changes.
pnpm-lock.yaml	Lock file correctly updated: next, all @next/swc-* platform binaries, @next/env, and dependent peer-resolution strings for @next/third-parties, @sentry/nextjs, @vercel/analytics, and @vercel/speed-insights all updated to reference 16.2.0; transitive bumps of @emnapi/runtime (1.9.0→1.9.1) and baseline-browser-mapping (2.10.8→2.10.9) are consistent with what 16.2.0 ships.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Dependabot detects new next release] --> B[Bump next 16.1.7 → 16.2.0 in package.json]
    B --> C[Update pnpm-lock.yaml]
    C --> D["@next/env 16.1.7 → 16.2.0"]
    C --> E["@next/swc-* platform binaries 16.1.7 → 16.2.0"]
    C --> F["Peer-resolution strings updated\n(@sentry/nextjs, @vercel/analytics,\n@vercel/speed-insights, @next/third-parties)"]
    C --> G["Transitive bumps\n(@emnapi/runtime 1.9.0→1.9.1,\nbaseline-browser-mapping 2.10.8→2.10.9)"]

Loading

_{Last reviewed commit: "chore(deps): bump ne..."}

[morph-subagents]

🤖 Morph Preview Test

Preview URL: https://volvox-website-7yn9tp61q-volvox-llc.vercel.app

AI Summary

Issues:

• None found

Verified:

• Client-side routing and anchor navigation remain smooth across the homepage and dynamic project pages.
• Responsive layout and mobile menu functionality are fully operational at 375px width.
• Interactive elements, including primary CTA buttons and external link routing, perform as expected.
• Core rendering of text, images, and layout components shows no regressions following the framework upgrade.

Recording

View full session →

---

_{Automated testing by Morph}

[dependabot]

Superseded by #212.