Skip to content

chore(deps): bump next from 16.2.4 to 16.2.6 in /tooling/tailwind#256

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/tooling/tailwind/next-16.2.6
Open

chore(deps): bump next from 16.2.4 to 16.2.6 in /tooling/tailwind#256
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/tooling/tailwind/next-16.2.6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 12, 2026
edited
Loading

Bumps next from 16.2.4 to 16.2.6.

Release notes

Sourced from next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

Moderate:

Low:

Core Changes

  • fix: preserve HTTP access fallbacks during prerender recovery (#92231)
  • Fix fallback route params case in app-page handler (#91737)
  • Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)
  • Patch setHeader for direct route handlers (#93101)
  • Include deployment id in cacheHandlers keys (#93453)
  • Fix double-encoding of URL pathname parts in client param parsing (#93491)

v16.2.5

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

... (truncated)

Commits
  • ee6e79b v16.2.6
  • afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
  • 97a154e Turbopack: Fix middleware matcher suffix (#93590)
  • 83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
  • 7b222b9 [backport][test] Pin package manager to patch versions (#93595)
  • a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
  • 766148f v16.2.5
  • 0dd9483 fix: add explicit checks for RSC header (#83) (#98)
  • d166096 fix proxy matching for segment prefetch URLs (#89) (#96)
  • 9d50c0b Strip next-resume header from incoming requests (#92)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 12, 2026
@dependabot dependabot Bot requested a review from aamoghS as a code owner May 12, 2026 05:57
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 12, 2026

@dependabot merge

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 12, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/next 16.2.6 🟢 6.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • tooling/tailwind/package.json

@dependabot
chore(deps): bump next from 16.2.4 to 16.2.6 in /tooling/tailwind
3236d7d 
Bumps [next](https://github.com/vercel/next.js) from 16.2.4 to 16.2.6.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.2.4...v16.2.6)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 16.2.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump next from 16.2.3 to 16.2.6 in /tooling/tailwind chore(deps): bump next from 16.2.4 to 16.2.6 in /tooling/tailwind May 16, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/tooling/tailwind/next-16.2.6 branch from 0e14c68 to 3236d7d Compare May 16, 2026 04:51
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 16, 2026

@dependabot merge

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aamoghS aamoghS Awaiting requested review from aamoghS aamoghS is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants