Bump the npm_and_yarn group across 98 directories with 1 update

[dependabot]

Bumps the npm_and_yarn group with 1 update in the /app-directory/css-in-js directory: next.
Bumps the npm_and_yarn group with 1 update in the /app-directory/redirect-with-fallback directory: next.
Bumps the npm_and_yarn group with 1 update in the /app-directory/share-state directory: next.
Bumps the npm_and_yarn group with 1 update in the /apps/vibe-coding-platform directory: next.
Bumps the npm_and_yarn group with 1 update in the /cdn/custom-error-pages-app-dir directory: next.
Bumps the npm_and_yarn group with 1 update in the /cdn/custom-error-pages-public-dir directory: next.
Bumps the npm_and_yarn group with 1 update in the /cdn/mintlify-docs-rewrite directory: next.
Bumps the npm_and_yarn group with 1 update in the /ci-cd/turborepo-github-actions directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/ab-testing-simple directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/ab-testing-statsig directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/add-header directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/basic-auth-password directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/bot-protection-botd directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/bot-protection-datadome directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/clerk-authentication directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/cookies directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/crypto directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/feature-flag-apple-store directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/feature-flag-configcat directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/feature-flag-hypertune directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/feature-flag-launchdarkly directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/feature-flag-optimizely directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/feature-flag-posthog directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/feature-flag-split directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/geolocation directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/geolocation-country-block directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/geolocation-script directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/hostname-rewrites directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/i18n directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/image-response directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/ip-blocking directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/ip-blocking-datadome directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/json-response directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/jwt-authentication directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/maintenance-page directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/modify-request-header directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/power-parity-pricing directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/power-parity-pricing-strategies directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/query-params-filter directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/redirects-bloom-filter directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/redirects-upstash directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/rewrites-upstash directory: next.
Bumps the npm_and_yarn group with 1 update in the /edge-middleware/user-agent-based-rendering directory: next.
Bumps the npm_and_yarn group with 1 update in the /flags-sdk/experimentation-statsig directory: next.
Bumps the npm_and_yarn group with 1 update in the /flags-sdk/flagsmith directory: next.
Bumps the npm_and_yarn group with 1 update in the /flags-sdk/growthbook directory: next.
Bumps the npm_and_yarn group with 1 update in the /flags-sdk/hypertune directory: next.
Bumps the npm_and_yarn group with 1 update in the /flags-sdk/launchdarkly directory: next.
Bumps the npm_and_yarn group with 1 update in the /flags-sdk/openfeature directory: next.
Bumps the npm_and_yarn group with 1 update in the /flags-sdk/posthog directory: next.
Bumps the npm_and_yarn group with 1 update in the /flags-sdk/reflag directory: next.
Bumps the npm_and_yarn group with 1 update in the /framework-boilerplates/blitzjs directory: next.
Bumps the npm_and_yarn group with 1 update in the /framework-boilerplates/nextjs directory: next.
Bumps the npm_and_yarn group with 1 update in the /framework-boilerplates/storybook directory: next.
Bumps the npm_and_yarn group with 1 update in the /microfrontends/nextjs-multi-zones directory: next.
Bumps the npm_and_yarn group with 1 update in the /microfrontends/saas-microservices directory: next.
Bumps the npm_and_yarn group with 1 update in the /plop-templates/example directory: next.
Bumps the npm_and_yarn group with 1 update in the /python/vibe-coding-ide/frontend directory: next.
Bumps the npm_and_yarn group with 1 update in the /python/vibe-coding-ide/frontend/templates/next directory: next.
Bumps the npm_and_yarn group with 1 update in the /python/vibe-coding-ide/frontend/templates/next_stack directory: next.
Bumps the npm_and_yarn group with 1 update in the /python/vibe-coding-ide/frontend/templates/react-fastapi/frontend directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/alt-tag-generator directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/auth-with-ory directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/aws-dynamodb directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/aws-neptune-analytics directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/aws-s3-image-upload directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/cms-contentstack-commerce directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/combining-data-fetching-strategies directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/flags-sdk directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/image-fallback directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/image-offset directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/loading-web-fonts directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/microfrontends directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/mint-nft directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/nx-monorepo directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/on-demand-isr directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/pagination-with-ssg directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/platforms-slate-supabase directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/reduce-image-bandwidth-usage directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/reuse-responses directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/saas-microservices directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/script-component-ad directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/script-component-strategies directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/subdomain-auth directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/web3-authentication directory: next.
Bumps the npm_and_yarn group with 1 update in the /solutions/web3-data-fetching directory: next.
Bumps the npm_and_yarn group with 1 update in the /starter/cms-payload directory: next.
Bumps the npm_and_yarn group with 1 update in the /starter/cms-sanity-graphql-fragments directory: next.
Bumps the npm_and_yarn group with 1 update in the /starter/personalization-builder-io directory: next.
Bumps the npm_and_yarn group with 1 update in the /starter/turborepo-with-hono directory: next.
Bumps the npm_and_yarn group with 1 update in the /storage/kv-redis-starter directory: next.
Bumps the npm_and_yarn group with 1 update in the /storage/postgres-drizzle directory: next.
Bumps the npm_and_yarn group with 1 update in the /storage/postgres-kysely directory: next.
Bumps the npm_and_yarn group with 1 update in the /storage/postgres-starter directory: next.
Bumps the npm_and_yarn group with 1 update in the /toolbar/toolbar-launchdarkly directory: next.
Bumps the npm_and_yarn group with 1 update in the /toolbar/toolbar-optimizely directory: next.
Bumps the npm_and_yarn group with 1 update in the /toolbar/toolbar-split directory: next.
Bumps the npm_and_yarn group with 1 update in the /toolbar/toolbar-statsig directory: next.

Updates next from 16.0.10 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• [Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)
• Apply server actions transform to node_modules in route handlers (#89380)
• ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)
• feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)
• Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)
• Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)
• fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​unstubbable, @​styfle, @​eps1lon, and @​ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

Commits

• bdf3e35 v16.1.7
• dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
• 9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
• 36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
• 93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
• c68d62d Backport documentation fixes for 16.1.x (#90655)
• 5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
• c95e357 Backport/docs fixes 16.1.x (#90125)
• cba6144 [backport] Apply server actions transform to node_modules in route handlers...
• 3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
• Additional commits viewable in compare view

Updates next from 16.0.10 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• [Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)
• Apply server actions transform to node_modules in route handlers (#89380)
• ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)
• feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)
• Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)
• Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)
• fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​unstubbable, @​styfle, @​eps1lon, and @​ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

Commits

• bdf3e35 v16.1.7
• dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
• 9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
• 36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
• 93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
• c68d62d Backport documentation fixes for 16.1.x (#90655)
• 5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
• c95e357 Backport/docs fixes 16.1.x (#90125)
• cba6144 [backport] Apply server actions transform to node_modules in route handlers...
• 3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
• Additional commits viewable in compare view

Updates next from 16.0.10 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• [Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)
• Apply server actions transform to node_modules in route handlers (#89380)
• ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)
• feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)
• Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)
• Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)
• fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​unstubbable, @​styfle, @​eps1lon, and @​ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

Commits

• bdf3e35 v16.1.7
• dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
• 9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
• 36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
• 93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
• c68d62d Backport documentation fixes for 16.1.x (#90655)
• 5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
• c95e357 Backport/docs fixes 16.1.x (#90125)
• cba6144 [backport] Apply server actions transform to node_modules in route handlers...
• 3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
• Additional commits viewable in compare view

Updates next from 16.0.10 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• [Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)
• Apply server actions transform to node_modules in route handlers (#89380)
• ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)
• feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)
• Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)
• Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)
• fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​unstubbable, @​styfle, @​eps1lon, and @​ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

Commits

• bdf3e35 v16.1.7
• dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
• 9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
• 36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
• 93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
• c68d62d Backport documentation fixes for 16.1.x (#90655)
• 5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
• c95e357 Backport/docs fixes 16.1.x (#90125)
• cba6144 [backport] Apply server actions transform to node_modules in route handlers...
• 3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
• Additional commits viewable in compare view

Updates next from 16.1.1 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• [Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)
• Apply server actions transform to node_modules in route handlers (#89380)
• ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)
• feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)
• Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)
• Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)
• fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​unstubbable, @​styfle, @​eps1lon, and @​ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

Commits

• bdf3e35 v16.1.7
• dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
• 9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
• 36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
• 93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
• c68d62d Backport documentation fixes for 16.1.x (#90655)
• 5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
• c95e357 Backport/docs fixes 16.1.x (#90125)
• cba6144 [backport] Apply server actions transform to node_modules in route handlers...
• 3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
• Additional commits viewable in compare view

Updates next from 16.1.1 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• [Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)
• Apply server actions transform to node_modules in route handlers (#89380)
• ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)
• feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)
• Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)
• Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)
• fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​unstubbable, @​styfle, @​eps1lon, and @​ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

Commits

• bdf3e35 v16.1.7
• dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
• 9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
• 36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
• 93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
• c68d62d Backport documentation fixes for 16.1.x (#90655)
• 5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
• c95e357 Backport/docs fixes 16.1.x (#90125)
• cba6144 [backport] Apply server actions transform to node_modules in route handlers...
• 3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
• Additional commits viewable in compare view

Updates next from 16.0.10 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• [Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)
• Apply server actions transform to node_modules in route handlers (#89380)
• ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)
• feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)
• Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)
• Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)
• fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​unstubbable, @​styfle, @​eps1lon, and @​ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

Commits

• bdf3e35 v16.1.7
• dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
• 9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
• 36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
• 93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
• c68d62d Backport documentation fixes for 16.1.x (#90655)
• 5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
• c95e357 Backport/docs fixes 16.1.x (#90125)
• cba6144 [backport] Apply server actions transform to node_modules in route handlers...
• 3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
• Additional commits viewable in compare view

Updates next from 16.0.10 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• [Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)
• Apply server actions transform to node_modules in route handlers (#89380)
• ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)
• feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)
• Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)
• Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)
• fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​unstubbable, @​styfle, @​eps1lon, and @​ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

Commits

• bdf3e35 v16.1.7
• dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
• 9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
• 36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
• 93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
• c68d62d Backport documentation fixes for 16.1.x (#90655)
• 5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
• c95e357 Backport/docs fixes 16.1.x (#90125)
• cba6144 [backport] Apply server actions transform to node_modules in route handlers...
• 3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
• Additional commits viewable in compare view

Updates next from 16.0.10 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• [Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)
• Apply server actions transform to node_modules in route handlers (#89380)
• ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)
• feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)
• Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)
• Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)
• fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​unstubbable, @​styfle, @​eps1lon, and @​ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

Commits

• bdf3e35 v16.1.7
• dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
• 9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
• 36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
• 93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
• c68d62d Backport documentation fixes for 16.1.x (#90655)
• 5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
• c95e357 Backport/docs fixes 16.1.x (#90125)
• cba6144 [backport] Apply server actions transform to node_modules in route handlers...
• 3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
• Additional commits viewable in compare view

Updates next from 16.0.10 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• [Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)
• Apply server actions transform to node_modules in route handlers (#89380)
• ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)
• feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)
• Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)
• Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)
• fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​unstubbable, @​styfle, @​eps1lon, and @​ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

Commits

• bdf3e35 v16.1.7
• dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
• 9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
• 36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
• 93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
• c68d62d Backport documentation fixes for 16.1.x (#90655)
• 5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
• c95e357 Backport/docs fixes 16.1.x (

[dependabot]

Superseded by #51.