chore(deps): bump the npm_and_yarn group across 16 directories with 15 updates by dependabot[bot] · Pull Request #67 · myHerbAI/supabase

dependabot · 2026-03-18T08:15:35Z

Bumps the npm_and_yarn group with 3 updates in the /examples/auth/nextjs directory: next, minimatch and flatted.
Bumps the npm_and_yarn group with 1 update in the /examples/caching/with-cloudflare-workers-kv directory: undici.
Bumps the npm_and_yarn group with 3 updates in the /examples/caching/with-nextjs-13 directory: next, minimatch and flatted.
Bumps the npm_and_yarn group with 3 updates in the /examples/caching/with-nextjs-13-server-components directory: next, minimatch and flatted.
Bumps the npm_and_yarn group with 3 updates in the /examples/realtime/nextjs-auth-presence directory: next, minimatch and flatted.
Bumps the npm_and_yarn group with 2 updates in the /examples/slack-clone/nextjs-slack-clone directory: next and minimatch.
Bumps the npm_and_yarn group with 3 updates in the /examples/todo-list/nextjs-todo-list directory: next, minimatch and flatted.
Bumps the npm_and_yarn group with 2 updates in the /examples/todo-list/sveltejs-todo-list directory: minimatch and svelte.
Bumps the npm_and_yarn group with 6 updates in the /examples/user-management/angular-user-management directory:

Package	From	To
minimatch	`3.1.2`	`3.1.5`
minimatch	`9.0.5`	`9.0.9`
minimatch	`5.1.0`	`5.1.9`
@tootallnate/once	`2.0.0`	`removed`
flatted	`3.2.7`	`3.4.2`
immutable	`4.3.7`	`4.3.8`
serialize-javascript	`6.0.2`	`7.0.4`
@angular/core	`14.2.5`	`21.2.4`

Bumps the npm_and_yarn group with 3 updates in the /examples/user-management/expo-push-notifications directory: minimatch, fast-xml-parser and tar.
Bumps the npm_and_yarn group with 4 updates in the /examples/user-management/expo-user-management directory: minimatch, fast-xml-parser, tar and svgo.
Bumps the npm_and_yarn group with 3 updates in the /examples/user-management/nextjs-user-management directory: next, minimatch and flatted.
Bumps the npm_and_yarn group with 7 updates in the /examples/user-management/nuxt3-user-management directory:

Package	From	To
minimatch	`3.1.2`	`3.1.5`
minimatch	`5.1.6`	`5.1.9`
minimatch	`9.0.5`	`9.0.9`
flatted	`3.3.1`	`3.4.2`
undici	`5.28.4`	`removed`
svgo	`3.3.2`	`3.3.3`
devalue	`5.0.0`	`5.6.4`
simple-git	`3.26.0`	`3.33.0`
unhead	`1.10.4`	`2.1.12`

Bumps the npm_and_yarn group with 1 update in the /examples/user-management/svelte-user-management directory: svelte.
Bumps the npm_and_yarn group with 3 updates in the /examples/user-management/sveltekit-user-management directory: minimatch, undici and svelte.
Bumps the npm_and_yarn group with 1 update in the /examples/with-cloudflare-workers directory: undici.

Updates next from 13.4.3 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

[Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)

Apply server actions transform to node_modules in route handlers (#89380)

ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)

Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)

Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade to swc 54 (#88207)

implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)

tweak LRU sentinel key (#89123)

Credits

Huge thanks to @mischnic, @wyattjoh, and @ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.0.11

Please see this changelog for more information about this security patch.

v15.6.0-canary.61

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

... (truncated)

Commits

bdf3e35 v16.1.7
dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
c68d62d Backport documentation fixes for 16.1.x (#90655)
5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
c95e357 Backport/docs fixes 16.1.x (#90125)
cba6144 [backport] Apply server actions transform to node_modules in route handlers...
3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates flatted from 3.2.7 to 3.4.2

Commits

3bf0909 3.4.2
885ddcc fix CWE-1321
0bdba70 added flatted-view to the benchmark
2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
Additional commits viewable in compare view

Updates undici from 5.20.0 to 7.24.4

Release notes

Sourced from undici's releases.

v7.24.4

What's Changed

fix(fetch): handle URL credentials in dispatch path extraction by @mcollina in nodejs/undici#4892

Full Changelog: nodejs/undici@v7.24.3...v7.24.4

v7.24.3

What's Changed

fix(h2): TypeError: Cannot read properties of null (reading 'push') i… by @hxinhan in nodejs/undici#4881

Full Changelog: nodejs/undici@v7.24.2...v7.24.3

v7.24.2

What's Changed

fix fetch path logic by @KhafraDev in nodejs/undici#4890

remove maxDecompressedMessageSize by @KhafraDev in nodejs/undici#4891

Full Changelog: nodejs/undici@v7.24.1...v7.24.2

v7.24.1

What's Changed

fix: proto pollution by @rahulyadav5524 in nodejs/undici#4885

Full Changelog: nodejs/undici@v7.24.0...v7.24.1

v7.24.0

Undici v7.24.0 Security Release Notes

This release addresses multiple security vulnerabilities in Undici.

Upgrade guidance

All users on v7 should upgrade to v7.24.0 or later.

Fixed advisories

GHSA-2mjp-6q6p-2qxm / CVE-2026-1525 (Medium)
Inconsistent interpretation of HTTP requests (request/response smuggling class issue).

GHSA-f269-vfmq-vjvj / CVE-2026-1528 (High)
Malicious WebSocket 64-bit frame length handling could crash the client.

GHSA-phc3-fgpg-7m6h / CVE-2026-2581 (Medium)
Unbounded memory consumption in deduplication interceptor response buffering (DoS risk).

GHSA-4992-7rv2-5pvq / CVE-2026-1527 (Medium)

... (truncated)

Commits

4991f3e Bumped v7.24.4
ea3a06d fix(fetch): preserve path for credentialed URLs (#4892)
9b96516 Bumped v7.24.3
7926660 Ignore .githuman
9eaa5af fix(h2): TypeError: Cannot read properties of null (reading 'push') in Reques...
a9bfe21 ignore .pi
f2e155b Bumped v7.24.2
4d2d1af remove maxDecompressedMessageSize (#4891)
3a05a4f fix fetch path logic (#4890)
23e3cd3 Bumped v7.24.1
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates next from 13.0.0 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

[Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)

Apply server actions transform to node_modules in route handlers (#89380)

ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)

Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)

Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade to swc 54 (#88207)

implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)

tweak LRU sentinel key (#89123)

Credits

Huge thanks to @mischnic, @wyattjoh, and @ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.0.11

Please see this changelog for more information about this security patch.

v15.6.0-canary.61

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

... (truncated)

Commits

bdf3e35 v16.1.7
dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
c68d62d Backport documentation fixes for 16.1.x (#90655)
5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
c95e357 Backport/docs fixes 16.1.x (#90125)
cba6144 [backport] Apply server actions transform to node_modules in route handlers...
3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates flatted from 3.2.7 to 3.4.2

Commits

3bf0909 3.4.2
885ddcc fix CWE-1321
0bdba70 added flatted-view to the benchmark
2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
Additional commits viewable in compare view

Updates next from 13.0.3 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

[Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)

Apply server actions transform to node_modules in route handlers (#89380)

ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)

Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)

Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade to swc 54 (#88207)

implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)

tweak LRU sentinel key (#89123)

Credits

Huge thanks to @mischnic, @wyattjoh, and @ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.0.11

Please see this changelog for more information about this security patch.

v15.6.0-canary.61

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

... (truncated)

Commits

bdf3e35 v16.1.7
dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
c68d62d Backport documentation fixes for 16.1.x (#90655)
5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
c95e357 Backport/docs fixes 16.1.x (#90125)
cba6144 [backport] Apply server actions transform to node_modules in route handlers...
3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates flatted from 3.2.7 to 3.4.2

Commits

3bf0909 3.4.2
885ddcc fix CWE-1321
0bdba70 added flatted-view to the benchmark
2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
Additional commits viewable in compare view

Updates next from 13.1.6 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

[Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)

Apply server actions transform to node_modules in route handlers (#89380)

ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)

Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)

Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade to swc 54 (#88207)

implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)

tweak LRU sentinel key (#89123)

Credits

Huge thanks to @mischnic, @wyattjoh, and @ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.0.11

Please see this changelog for more information about this security patch.

v15.6.0-canary.61

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

... (truncated)

Commits

bdf3e35 v16.1.7
dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
c68d62d Backport documentation fixes for 16.1.x (#90655)
5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
c95e357 Backport/docs fixes 16.1.x (#90125)
cba6144 [backport] Apply server actions transform to node_modules in route handlers...
3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates flatted from 3.2.7 to 3.4.2

Commits

3bf0909 3.4.2
885ddcc fix CWE-1321
0bdba70 added flatted-view to the benchmark
2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
Additional commits viewable in compare view

Updates next from 12.1.5 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

[Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)

Apply server actions transform to node_modules in route handlers (#89380)

ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)

Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)

Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade to swc 54 (#88207)

implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)

tweak LRU sentinel key (#89123)

Credits

Huge thanks to @mischnic, @wyattjoh, and @ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.0.11

Please see this changelog for more information about this security patch.

v15.6.0-canary.61

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

... (truncated)

Commits

bdf3e35 v16.1.7
dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
c68d62d Backport documentation fixes for 16.1.x (#90655)
5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
c95e357 Backport/docs fixes 16.1.x (#90125)
cba6144 [backport] Apply server actions transform to node_modules in route handlers...
3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates next from 13.1.6 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

[Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)

Apply server actions transform to node_modules in route handlers (#89380)

ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)

Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)

Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade to swc 54 (#88207)

implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)

tweak LRU sentinel key (#89123)

Credits

Huge thanks to @mischnic, @wyattjoh, and @ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.0.11

Please see this changelog for more information about this security patch.

v15.6.0-canary.61

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

... (truncated)

Commits

bdf3e35 v16.1.7

…5 updates Bumps the npm_and_yarn group with 3 updates in the /examples/auth/nextjs directory: [next](https://github.com/vercel/next.js), [minimatch](https://github.com/isaacs/minimatch) and [flatted](https://github.com/WebReflection/flatted). Bumps the npm_and_yarn group with 1 update in the /examples/caching/with-cloudflare-workers-kv directory: [undici](https://github.com/nodejs/undici). Bumps the npm_and_yarn group with 3 updates in the /examples/caching/with-nextjs-13 directory: [next](https://github.com/vercel/next.js), [minimatch](https://github.com/isaacs/minimatch) and [flatted](https://github.com/WebReflection/flatted). Bumps the npm_and_yarn group with 3 updates in the /examples/caching/with-nextjs-13-server-components directory: [next](https://github.com/vercel/next.js), [minimatch](https://github.com/isaacs/minimatch) and [flatted](https://github.com/WebReflection/flatted). Bumps the npm_and_yarn group with 3 updates in the /examples/realtime/nextjs-auth-presence directory: [next](https://github.com/vercel/next.js), [minimatch](https://github.com/isaacs/minimatch) and [flatted](https://github.com/WebReflection/flatted). Bumps the npm_and_yarn group with 2 updates in the /examples/slack-clone/nextjs-slack-clone directory: [next](https://github.com/vercel/next.js) and [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 3 updates in the /examples/todo-list/nextjs-todo-list directory: [next](https://github.com/vercel/next.js), [minimatch](https://github.com/isaacs/minimatch) and [flatted](https://github.com/WebReflection/flatted). Bumps the npm_and_yarn group with 2 updates in the /examples/todo-list/sveltejs-todo-list directory: [minimatch](https://github.com/isaacs/minimatch) and [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte). Bumps the npm_and_yarn group with 6 updates in the /examples/user-management/angular-user-management directory: | Package | From | To | | --- | --- | --- | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` | | [minimatch](https://github.com/isaacs/minimatch) | `5.1.0` | `5.1.9` | | [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `removed` | | [flatted](https://github.com/WebReflection/flatted) | `3.2.7` | `3.4.2` | | [immutable](https://github.com/immutable-js/immutable-js) | `4.3.7` | `4.3.8` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `7.0.4` | | [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `14.2.5` | `21.2.4` | Bumps the npm_and_yarn group with 3 updates in the /examples/user-management/expo-push-notifications directory: [minimatch](https://github.com/isaacs/minimatch), [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) and [tar](https://github.com/isaacs/node-tar). Bumps the npm_and_yarn group with 4 updates in the /examples/user-management/expo-user-management directory: [minimatch](https://github.com/isaacs/minimatch), [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser), [tar](https://github.com/isaacs/node-tar) and [svgo](https://github.com/svg/svgo). Bumps the npm_and_yarn group with 3 updates in the /examples/user-management/nextjs-user-management directory: [next](https://github.com/vercel/next.js), [minimatch](https://github.com/isaacs/minimatch) and [flatted](https://github.com/WebReflection/flatted). Bumps the npm_and_yarn group with 7 updates in the /examples/user-management/nuxt3-user-management directory: | Package | From | To | | --- | --- | --- | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` | | [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` | | [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` | | [undici](https://github.com/nodejs/undici) | `5.28.4` | `removed` | | [svgo](https://github.com/svg/svgo) | `3.3.2` | `3.3.3` | | [devalue](https://github.com/sveltejs/devalue) | `5.0.0` | `5.6.4` | | [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.26.0` | `3.33.0` | | [unhead](https://github.com/unjs/unhead/tree/HEAD/packages/unhead) | `1.10.4` | `2.1.12` | Bumps the npm_and_yarn group with 1 update in the /examples/user-management/svelte-user-management directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte). Bumps the npm_and_yarn group with 3 updates in the /examples/user-management/sveltekit-user-management directory: [minimatch](https://github.com/isaacs/minimatch), [undici](https://github.com/nodejs/undici) and [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte). Bumps the npm_and_yarn group with 1 update in the /examples/with-cloudflare-workers directory: [undici](https://github.com/nodejs/undici). Updates `next` from 13.4.3 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.4.3...v16.1.7) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `flatted` from 3.2.7 to 3.4.2 - [Commits](WebReflection/flatted@v3.2.7...v3.4.2) Updates `undici` from 5.20.0 to 7.24.4 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.20.0...v7.24.4) Updates `next` from 13.0.0 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.4.3...v16.1.7) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `flatted` from 3.2.7 to 3.4.2 - [Commits](WebReflection/flatted@v3.2.7...v3.4.2) Updates `next` from 13.0.3 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.4.3...v16.1.7) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `flatted` from 3.2.7 to 3.4.2 - [Commits](WebReflection/flatted@v3.2.7...v3.4.2) Updates `next` from 13.1.6 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.4.3...v16.1.7) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `flatted` from 3.2.7 to 3.4.2 - [Commits](WebReflection/flatted@v3.2.7...v3.4.2) Updates `next` from 12.1.5 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.4.3...v16.1.7) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `next` from 13.1.6 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.4.3...v16.1.7) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `flatted` from 3.2.7 to 3.4.2 - [Commits](WebReflection/flatted@v3.2.7...v3.4.2) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `svelte` from 3.49.0 to 5.54.0 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG-pre-5.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.54.0/packages/svelte) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 9.0.5 to 9.0.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 5.1.0 to 5.1.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Removes `@tootallnate/once` Updates `flatted` from 3.2.7 to 3.4.2 - [Commits](WebReflection/flatted@v3.2.7...v3.4.2) Updates `immutable` from 4.3.7 to 4.3.8 - [Release notes](https://github.com/immutable-js/immutable-js/releases) - [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md) - [Commits](immutable-js/immutable-js@v4.3.7...v4.3.8) Updates `serialize-javascript` from 6.0.2 to 7.0.4 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.2...v7.0.4) Updates `tar` from 6.2.1 to 7.5.11 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.0...v6.2.1) Updates `@angular/core` from 14.2.5 to 21.2.4 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.4/packages/core) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `fast-xml-parser` from 4.3.2 to 4.5.4 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v4.3.2...v4.5.4) Updates `tar` from 6.2.0 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.0...v6.2.1) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `fast-xml-parser` from 4.5.0 to 4.5.4 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v4.3.2...v4.5.4) Removes `tar` Updates `svgo` from 2.8.0 to 2.8.2 - [Release notes](https://github.com/svg/svgo/releases) - [Commits](svg/svgo@v2.8.0...v2.8.2) Updates `next` from 14.1.1 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.4.3...v16.1.7) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `flatted` from 3.2.7 to 3.4.2 - [Commits](WebReflection/flatted@v3.2.7...v3.4.2) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 5.1.6 to 5.1.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 9.0.5 to 9.0.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `flatted` from 3.3.1 to 3.4.2 - [Commits](WebReflection/flatted@v3.2.7...v3.4.2) Removes `undici` Updates `svgo` from 3.3.2 to 3.3.3 - [Release notes](https://github.com/svg/svgo/releases) - [Commits](svg/svgo@v2.8.0...v2.8.2) Updates `devalue` from 5.0.0 to 5.6.4 - [Release notes](https://github.com/sveltejs/devalue/releases) - [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md) - [Commits](sveltejs/devalue@v5.0.0...v5.6.4) Updates `simple-git` from 3.26.0 to 3.33.0 - [Release notes](https://github.com/steveukx/git-js/releases) - [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md) - [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.33.0/simple-git) Updates `unhead` from 1.10.4 to 2.1.12 - [Release notes](https://github.com/unjs/unhead/releases) - [Commits](https://github.com/unjs/unhead/commits/v2.1.12/packages/unhead) Updates `svelte` from 4.2.19 to 5.54.0 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG-pre-5.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.54.0/packages/svelte) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Removes `undici` Updates `svelte` from 4.2.19 to 5.53.5 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG-pre-5.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.54.0/packages/svelte) Updates `devalue` from 4.3.3 to 5.6.4 - [Release notes](https://github.com/sveltejs/devalue/releases) - [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md) - [Commits](sveltejs/devalue@v5.0.0...v5.6.4) Updates `undici` from 5.20.0 to 7.24.4 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.20.0...v7.24.4) --- updated-dependencies: - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 7.24.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: svelte dependency-version: 5.54.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 9.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 5.1.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@tootallnate/once" dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: immutable dependency-version: 4.3.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 7.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@angular/core" dependency-version: 21.2.4 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-xml-parser dependency-version: 4.5.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 6.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-xml-parser dependency-version: 4.5.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: svgo dependency-version: 2.8.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 5.1.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 9.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: svgo dependency-version: 3.3.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: devalue dependency-version: 5.6.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: simple-git dependency-version: 3.33.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: unhead dependency-version: 2.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: svelte dependency-version: 5.54.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: svelte dependency-version: 5.53.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: devalue dependency-version: 5.6.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 7.24.4 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-03-18T08:17:45Z

Qodana Community for JVM

It seems all right 👌

No new problems were found according to the checks applied

View the detailed Qodana report

To be able to view the detailed Qodana report, you can either:

Register at Qodana Cloud and configure the action
Use GitHub Code Scanning with Qodana
Host Qodana report at GitHub Pages
Inspect and use qodana.sarif.json (see the Qodana SARIF format for details)

To get *.log files or any other Qodana artifacts, run the action with upload-result option set to true,
so that the action will upload the files as the job artifacts:

      - name: 'Qodana Scan'
        uses: JetBrains/qodana-action@v2024.1.9
        with:
          upload-result: true

Contact Qodana team

Contact us at qodana-support@jetbrains.com

Or via our issue tracker: https://jb.gg/qodana-issue
Or share your feedback: https://jb.gg/qodana-discussions

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 18, 2026

This was referenced Mar 18, 2026

chore(deps): bump the npm_and_yarn group across 14 directories with 15 updates #62

Closed

chore(deps): bump the npm_and_yarn group across 16 directories with 15 updates #66

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the npm_and_yarn group across 16 directories with 15 updates#67

chore(deps): bump the npm_and_yarn group across 16 directories with 15 updates#67
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/examples/auth/nextjs/npm_and_yarn-27e8f5b0f8

dependabot bot commented on behalf of github Mar 18, 2026

Uh oh!

github-actions bot commented Mar 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot bot commented on behalf of github Mar 18, 2026

v16.1.7

Core Changes

Credits

v16.1.6

Core Changes

Credits

v16.1.5

v16.0.11

v15.6.0-canary.61

v15.5.13

Core Changes

v7.24.4

What's Changed

v7.24.3

What's Changed

v7.24.2

What's Changed

v7.24.1

What's Changed

v7.24.0

Undici v7.24.0 Security Release Notes

Upgrade guidance

Fixed advisories

v16.1.7

Core Changes

Credits

v16.1.6

Core Changes

Credits

v16.1.5

v16.0.11

v15.6.0-canary.61

v15.5.13

Core Changes

v16.1.7

Core Changes

Credits

v16.1.6

Core Changes

Credits

v16.1.5

v16.0.11

v15.6.0-canary.61

v15.5.13

Core Changes

v16.1.7

Core Changes

Credits

v16.1.6

Core Changes

Credits

v16.1.5

v16.0.11

v15.6.0-canary.61

v15.5.13

Core Changes

v16.1.7

Core Changes

Credits

v16.1.6

Core Changes

Credits

v16.1.5

v16.0.11

v15.6.0-canary.61

v15.5.13

Core Changes

v16.1.7

Core Changes

Credits

v16.1.6

Core Changes

Credits

v16.1.5

v16.0.11

v15.6.0-canary.61

v15.5.13