Skip to content

chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates#390

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-117ae90cef
Closed

chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates#390
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-117ae90cef

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 17, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 1 update in the / directory: next.
Bumps the npm_and_yarn group with 1 update in the /cdk directory: minimatch.

Updates next from 16.1.6 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • [Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)
  • Apply server actions transform to node_modules in route handlers (#89380)
  • ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)
  • feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)
  • Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)
  • Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)
  • fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​unstubbable, @​styfle, @​eps1lon, and @​ztanner for helping!

Commits
  • bdf3e35 v16.1.7
  • dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
  • 9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
  • 36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
  • 93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
  • c68d62d Backport documentation fixes for 16.1.x (#90655)
  • 5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
  • c95e357 Backport/docs fixes 16.1.x (#90125)
  • cba6144 [backport] Apply server actions transform to node_modules in route handlers...
  • 3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
  • Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

Updates minimatch from 3.1.2 to 3.1.5

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 17, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-117ae90cef branch from b143c4f to 007e7a3 Compare April 1, 2026 01:50
…updates

Bumps the npm_and_yarn group with 1 update in the / directory: [next](https://github.com/vercel/next.js).
Bumps the npm_and_yarn group with 1 update in the /cdk directory: [minimatch](https://github.com/isaacs/minimatch).


Updates `next` from 16.1.6 to 16.1.7
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.1.6...v16.1.7)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 16.1.7
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-117ae90cef branch from 007e7a3 to cacf078 Compare April 1, 2026 06:14
@dependabot @github

dependabot Bot commented on behalf of github Apr 15, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #424.

@dependabot dependabot Bot closed this Apr 15, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm_and_yarn-117ae90cef branch April 15, 2026 08:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants