chore(deps): bump next from 16.1.5 to 16.1.7 in /docs#188
chore(deps): bump next from 16.1.5 to 16.1.7 in /docs#188dependabot[bot] wants to merge 1 commit intomasterfrom
Conversation
Bumps [next](https://github.com/vercel/next.js) from 16.1.5 to 16.1.7. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.1.5...v16.1.7) --- updated-dependencies: - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
javascript
There was a problem hiding this comment.
Pull request overview
Updates the docs site’s Next.js dependency to pick up the latest 16.1.x bugfixes and security patches.
Changes:
- Bump
nextfrom16.1.5to16.1.7indocs/package.json - Regenerate
docs/pnpm-lock.yamlto reflect the newnextversion and updated transitive dependencies
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| docs/package.json | Updates the next dependency version used by the docs app. |
| docs/pnpm-lock.yaml | Updates the lockfile entries for next@16.1.7 and related transitive dependency resolutions. |
Files not reviewed (1)
- docs/pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "mermaid": "^11.12.1", | ||
| "next": "16.1.5", | ||
| "next": "16.1.7", | ||
| "next-themes": "^0.4.6", |
There was a problem hiding this comment.
The docs deploy workflow installs dependencies with bun install --frozen-lockfile (see .github/workflows/deploy-static-pages.yml), and docs/bun.lockb is present in the repo. This PR updates package.json and pnpm-lock.yaml but not bun.lockb, which can cause CI installs to fail (frozen lockfile) or to keep resolving the old next version if Bun is using bun.lockb. Please update docs/bun.lockb to match this bump, or switch the workflow/package manager to consistently use pnpm-lock.yaml and remove/ignore bun.lockb.
Bumps next from 16.1.5 to 16.1.7.
Release notes
Sourced from next's releases.
Commits
bdf3e35v16.1.7dc98c04[backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...9023c0a[backport] Disallow Server Action submissions from privacy-sensitive contexts...36a97b9Allow blocking cross-site dev-only websocket connections from privacy-sensiti...93c3993[backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...c68d62dBackport documentation fixes for 16.1.x (#90655)5214ac1[backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)c95e357Backport/docs fixes 16.1.x (#90125)cba6144[backport] Apply server actions transform tonode_modulesin route handlers...3db9063[backport] [Cache Components] Prevent streaming fetch calls from hanging in d...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.