[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps
[eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next)
from 16.1.1 to 16.1.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">eslint-config-next's
releases</a>.</em></p>
<blockquote>
<h2>v16.1.6</h2>
<blockquote>
<p>[!NOTE]
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Upgrade to swc 54 (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/88207">#88207</a>)</li>
<li>implement LRU cache with invocation ID scoping for minimal mode
response cache (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/88509">#88509</a>)</li>
<li>tweak LRU sentinel key (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/89123">#89123</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/mischnic"><code>@mischnic</code></a>, <a
href="https://github.com/wyattjoh"><code>@wyattjoh</code></a>, and <a
href="https://github.com/ztanner"><code>@ztanner</code></a> for
helping!</p>
<h2>v16.1.5</h2>
<p>Please refer the following changelogs for more information about this
security release:</p>
<p><a
href="https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472">https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472</a>
<a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">https://vercel.com/changelog/summary-of-cve-2026-23864</a></p>
<h2>v16.1.4</h2>
<blockquote>
<p>[!NOTE]
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Only filter next config if experimental flag is enabled (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/88733">#88733</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/mischnic"><code>@mischnic</code></a> for
helping!</p>
<h2>v16.1.3</h2>
<blockquote>
<p>[!NOTE]
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Fix linked list bug in LRU deleteFromLru (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/88652">#88652</a>)</li>
<li>Fix relative same host redirects in node middleware (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/88253">#88253</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/acdlite"><code>@acdlite</code></a> and <a
href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p>
<h2>v16.1.2</h2>
<blockquote>
<p>[!NOTE]
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="adf8c612ad"><code>adf8c61</code></a>
v16.1.6</li>
<li><a
href="acba4a6b9f"><code>acba4a6</code></a>
v16.1.5</li>
<li><a
href="60de6c2114"><code>60de6c2</code></a>
v16.1.4</li>
<li><a
href="f01cf07ab1"><code>f01cf07</code></a>
v16.1.3</li>
<li><a
href="cb436b3613"><code>cb436b3</code></a>
v16.1.2</li>
<li>See full diff in <a
href="https://github.com/vercel/next.js/commits/v16.1.6/packages/eslint-config-next">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
from 20.19.27 to 25.2.3.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps
[@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query)
from 5.90.12 to 5.90.21.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/TanStack/query/releases"><code>@tanstack/react-query</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@tanstack/react-query-persist-client</code><a
href="https://github.com/5"><code>@5</code></a>.90.21</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies []:
<ul>
<li><code>@tanstack/query-persist-client-core</code><a
href="https://github.com/5"><code>@5</code></a>.91.18</li>
<li><code>@tanstack/react-query</code><a
href="https://github.com/5"><code>@5</code></a>.90.19</li>
</ul>
</li>
</ul>
<h2><code>@tanstack/react-query</code><a
href="https://github.com/5"><code>@5</code></a>.90.21</h2>
<h3>Patch Changes</h3>
<ul>
<li>refactor(react-query/useQueries): remove unreachable 'willFetch'
branch in suspense promise collection (<a
href="https://redirect.github.com/TanStack/query/pull/10082">#10082</a>)</li>
</ul>
<h2><code>@tanstack/react-query-persist-client</code><a
href="https://github.com/5"><code>@5</code></a>.90.20</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies []:
<ul>
<li><code>@tanstack/query-persist-client-core</code><a
href="https://github.com/5"><code>@5</code></a>.91.17</li>
<li><code>@tanstack/react-query</code><a
href="https://github.com/5"><code>@5</code></a>.90.18</li>
</ul>
</li>
</ul>
<h2><code>@tanstack/react-query</code><a
href="https://github.com/5"><code>@5</code></a>.90.20</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="e7258c5cb3"><code>e7258c5</code></a>]:
<ul>
<li><code>@tanstack/query-core</code><a
href="https://github.com/5"><code>@5</code></a>.90.20</li>
</ul>
</li>
</ul>
<h2><code>@tanstack/react-query-persist-client</code><a
href="https://github.com/5"><code>@5</code></a>.90.19</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies []:
<ul>
<li><code>@tanstack/query-persist-client-core</code><a
href="https://github.com/5"><code>@5</code></a>.91.16</li>
<li><code>@tanstack/react-query</code><a
href="https://github.com/5"><code>@5</code></a>.90.17</li>
</ul>
</li>
</ul>
<h2><code>@tanstack/react-query</code><a
href="https://github.com/5"><code>@5</code></a>.90.19</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="53fc74ebb1"><code>53fc74e</code></a>]:
<ul>
<li><code>@tanstack/query-core</code><a
href="https://github.com/5"><code>@5</code></a>.90.19</li>
</ul>
</li>
</ul>
<h2><code>@tanstack/react-query-persist-client</code><a
href="https://github.com/5"><code>@5</code></a>.90.18</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="4be3ad730c"><code>4be3ad7</code></a>]:
<ul>
<li><code>@tanstack/react-query</code><a
href="https://github.com/5"><code>@5</code></a>.90.16</li>
<li><code>@tanstack/query-persist-client-core</code><a
href="https://github.com/5"><code>@5</code></a>.91.15</li>
</ul>
</li>
</ul>
<h2><code>@tanstack/react-query</code><a
href="https://github.com/5"><code>@5</code></a>.90.18</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="dea1614aaa"><code>dea1614</code></a>]:
<ul>
<li><code>@tanstack/query-core</code><a
href="https://github.com/5"><code>@5</code></a>.90.18</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md"><code>@tanstack/react-query</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>5.90.21</h2>
<h3>Patch Changes</h3>
<ul>
<li>refactor(react-query/useQueries): remove unreachable 'willFetch'
branch in suspense promise collection (<a
href="https://redirect.github.com/TanStack/query/pull/10082">#10082</a>)</li>
</ul>
<h2>5.90.20</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="e7258c5cb3"><code>e7258c5</code></a>]:
<ul>
<li><code>@tanstack/query-core</code><a
href="https://github.com/5"><code>@5</code></a>.90.20</li>
</ul>
</li>
</ul>
<h2>5.90.19</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="53fc74ebb1"><code>53fc74e</code></a>]:
<ul>
<li><code>@tanstack/query-core</code><a
href="https://github.com/5"><code>@5</code></a>.90.19</li>
</ul>
</li>
</ul>
<h2>5.90.18</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="dea1614aaa"><code>dea1614</code></a>]:
<ul>
<li><code>@tanstack/query-core</code><a
href="https://github.com/5"><code>@5</code></a>.90.18</li>
</ul>
</li>
</ul>
<h2>5.90.17</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="269351b8ce"><code>269351b</code></a>]:
<ul>
<li><code>@tanstack/query-core</code><a
href="https://github.com/5"><code>@5</code></a>.90.17</li>
</ul>
</li>
</ul>
<h2>5.90.16</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix(react-query): allow retryOnMount when throwOnError is function
(<a
href="https://redirect.github.com/TanStack/query/pull/9338">#9338</a>)</p>
</li>
<li>
<p>Updated dependencies [<a
href="7f47906eac"><code>7f47906</code></a>]:</p>
<ul>
<li><code>@tanstack/query-core</code><a
href="https://github.com/5"><code>@5</code></a>.90.16</li>
</ul>
</li>
</ul>
<h2>5.90.15</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="fccef797d5"><code>fccef79</code></a>]:
<ul>
<li><code>@tanstack/query-core</code><a
href="https://github.com/5"><code>@5</code></a>.90.15</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="08050cb3eb"><code>08050cb</code></a>
ci: Version Packages (<a
href="https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10115">#10115</a>)</li>
<li><a
href="c5def66a18"><code>c5def66</code></a>
refactor(react-query/useQueries): remove unreachable 'willFetch' branch
in su...</li>
<li><a
href="da2ff5aeb8"><code>da2ff5a</code></a>
chore(vite.config): exclude '<strong>tests</strong>' directory from
coverage reports (<a
href="https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10084">#10084</a>)</li>
<li><a
href="2a592d241b"><code>2a592d2</code></a>
test(react-query/suspense): add test cases for 'static' staleTime with
number...</li>
<li><a
href="7e3ea62364"><code>7e3ea62</code></a>
test(react-query/QueryResetErrorBoundary): relocate 'issue-9728' test
and mig...</li>
<li><a
href="dee5d3e9e4"><code>dee5d3e</code></a>
test(react-query/ssr): add 'useMutation' and 'useMutationState' tests
for SSR...</li>
<li><a
href="7ac4e20ddb"><code>7ac4e20</code></a>
ci: Version Packages (<a
href="https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10067">#10067</a>)</li>
<li><a
href="9ff3de7981"><code>9ff3de7</code></a>
Upgrade to Vitest v4 (<a
href="https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/9862">#9862</a>)</li>
<li><a
href="0525ad1248"><code>0525ad1</code></a>
ci: Version Packages (<a
href="https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10047">#10047</a>)</li>
<li><a
href="53fc74ebb1"><code>53fc74e</code></a>
fix(query-core): fix combine not updating when queries change with
stable ref...</li>
<li>Additional commits viewable in <a
href="https://github.com/TanStack/query/commits/@tanstack/react-query@5.90.21/packages/react-query">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a
href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a>
Actions), a new releaser for <code>@tanstack/react-query</code> since
your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps
[react](https://github.com/facebook/react/tree/HEAD/packages/react) and
[@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react).
These dependencies needed to be updated together.
Updates `react` from 19.2.3 to 19.2.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/releases">react's
releases</a>.</em></p>
<blockquote>
<h2>19.2.4 (January 26th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Add more DoS mitigations to Server Actions, and harden Server
Components (<a
href="https://redirect.github.com/facebook/react/pull/35632">#35632</a>
by <a href="https://github.com/gnoff"><code>@gnoff</code></a>, <a
href="https://github.com/lubieowoce"><code>@lubieowoce</code></a>, <a
href="https://github.com/sebmarkbage"><code>@sebmarkbage</code></a>, <a
href="https://github.com/unstubbable"><code>@unstubbable</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="90ab3f89f4"><code>90ab3f8</code></a>
Version 19.2.4</li>
<li>See full diff in <a
href="https://github.com/facebook/react/commits/v19.2.4/packages/react">compare
view</a></li>
</ul>
</details>
<br />
Updates `@types/react` from 19.2.7 to 19.2.10
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [next](https://github.com/vercel/next.js) from 16.1.1 to 16.1.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v16.1.6</h2>
<blockquote>
<p>[!NOTE]
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Upgrade to swc 54 (<a
href="https://redirect.github.com/vercel/next.js/issues/88207">#88207</a>)</li>
<li>implement LRU cache with invocation ID scoping for minimal mode
response cache (<a
href="https://redirect.github.com/vercel/next.js/issues/88509">#88509</a>)</li>
<li>tweak LRU sentinel key (<a
href="https://redirect.github.com/vercel/next.js/issues/89123">#89123</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/mischnic"><code>@mischnic</code></a>, <a
href="https://github.com/wyattjoh"><code>@wyattjoh</code></a>, and <a
href="https://github.com/ztanner"><code>@ztanner</code></a> for
helping!</p>
<h2>v16.1.5</h2>
<p>Please refer the following changelogs for more information about this
security release:</p>
<p><a
href="https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472">https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472</a>
<a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">https://vercel.com/changelog/summary-of-cve-2026-23864</a></p>
<h2>v16.1.4</h2>
<blockquote>
<p>[!NOTE]
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Only filter next config if experimental flag is enabled (<a
href="https://redirect.github.com/vercel/next.js/issues/88733">#88733</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/mischnic"><code>@mischnic</code></a> for
helping!</p>
<h2>v16.1.3</h2>
<blockquote>
<p>[!NOTE]
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Fix linked list bug in LRU deleteFromLru (<a
href="https://redirect.github.com/vercel/next.js/issues/88652">#88652</a>)</li>
<li>Fix relative same host redirects in node middleware (<a
href="https://redirect.github.com/vercel/next.js/issues/88253">#88253</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/acdlite"><code>@acdlite</code></a> and <a
href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p>
<h2>v16.1.2</h2>
<blockquote>
<p>[!NOTE]
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="adf8c612ad"><code>adf8c61</code></a>
v16.1.6</li>
<li><a
href="098c0c0f2b"><code>098c0c0</code></a>
[backport][ci] Make gh auth status optional when triggering a release
(<a
href="https://redirect.github.com/vercel/next.js/issues/89100">#89100</a>)</li>
<li><a
href="a43df3279b"><code>a43df32</code></a>
Backport/docs fixes jan 25 16.1.x (<a
href="https://redirect.github.com/vercel/next.js/issues/89124">#89124</a>)</li>
<li><a
href="d6d573493e"><code>d6d5734</code></a>
tweak LRU sentinel cache key (<a
href="https://redirect.github.com/vercel/next.js/issues/89123">#89123</a>)</li>
<li><a
href="4324698881"><code>4324698</code></a>
backport: implement LRU cache with invocation ID scoping for minimal
mode res...</li>
<li><a
href="23c4649853"><code>23c4649</code></a>
[backport] Upgrade to swc 54 (<a
href="https://redirect.github.com/vercel/next.js/issues/88207">#88207</a>)
(<a
href="https://redirect.github.com/vercel/next.js/issues/89103">#89103</a>)</li>
<li><a
href="acba4a6b9f"><code>acba4a6</code></a>
v16.1.5</li>
<li><a
href="e1d1fc6525"><code>e1d1fc6</code></a>
Add maximum size limit for postponed body parsing (<a
href="https://redirect.github.com/vercel/next.js/issues/88175">#88175</a>)</li>
<li><a
href="500ec83743"><code>500ec83</code></a>
fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (<a
href="https://redirect.github.com/vercel/next.js/issues/88588">#88588</a>)</li>
<li><a
href="1caaca3cdb"><code>1caaca3</code></a>
feat(next/image)!: add <code>images.maximumResponseBody</code> config
(<a
href="https://redirect.github.com/vercel/next.js/issues/88183">#88183</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vercel/next.js/compare/v16.1.1...v16.1.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps
[react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom)
from 19.2.3 to 19.2.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/releases">react-dom's
releases</a>.</em></p>
<blockquote>
<h2>19.2.4 (January 26th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Add more DoS mitigations to Server Actions, and harden Server
Components (<a
href="https://redirect.github.com/facebook/react/pull/35632">#35632</a>
by <a href="https://github.com/gnoff"><code>@gnoff</code></a>, <a
href="https://github.com/lubieowoce"><code>@lubieowoce</code></a>, <a
href="https://github.com/sebmarkbage"><code>@sebmarkbage</code></a>, <a
href="https://github.com/unstubbable"><code>@unstubbable</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="90ab3f89f4"><code>90ab3f8</code></a>
Version 19.2.4</li>
<li>See full diff in <a
href="https://github.com/facebook/react/commits/v19.2.4/packages/react-dom">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot]