You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Empty release to ensure next@latest points at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.
[!NOTE]
This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.
Core Changes
Ensure app-page reports stale ISR revalidation errors via onRequestError (#92282)
Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#91981 through #92273)
Deduplicate output assets and detect content conflicts on emit (#92292)
Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
turbo-tasks-backend: stability fixes for task cancellation and error handling (#92254)
To trigger a single review, invoke the @coderabbitai review command.
You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.
🔍 Trigger a full review
Note
.coderabbit.yaml has unrecognized properties
CodeRabbit is using all valid settings from your configuration. Unrecognized properties (listed below) have been ignored and may indicate typos or deprecated fields that can be removed.
⚠️ Parsing warnings (1)
Validation error: Unrecognized key(s) in object: 'finishing_touches'
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
Comment @coderabbitai help to get the list of available commands and usage tips.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^15.5.2→^16.0.0Release Notes
vercel/next.js (@next/third-parties)
v16.2.9Compare Source
Empty release to ensure
next@latestpoints at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.v16.2.8Compare Source
Release with no changes in an attempt to fix
next@latestpointing at a prerelease version.v16.2.7Compare Source
Core Changes
playwright-coreto resolve_finishedPromiseonrequestFailed(#93920)router.querycorruption withbasePath+rewrites(#93917)FormDataentries (#94240)Credits
Huge thanks to @eps1lon, @icyJoseph, @unstubbable, @mischnic, @bgw, @timneutkens, and @lukesandberg for helping!
v16.2.6Compare Source
Security Fixes
The following advisories have been addressed:
High:
Moderate:
Low:
Core Changes
cacheHandlerskeys (#93453)v16.2.5Compare Source
Security Fixes
The following advisories have been addressed:
High:
Moderate:
Low:
Core Changes
cacheHandlerskeys (#93453)v16.2.4Compare Source
Core Changes
Credits
Huge thanks to @Badbird5907, @lukesandberg, @andrewimm, @sokra, and @mischnic for helping!
v16.2.3Compare Source
Core Changes
Credits
Huge thanks to @icyJoseph, @sokra, @wbinnssmith, @eps1lon and @ztanner for helping!
v16.2.2Compare Source
Core Changes
Credits
Huge thanks to @nextjs-bot, @icyJoseph, @ijjk, @gaojude, @wbinnssmith, @lukesandberg, and @bgw for helping!
v16.2.1Compare Source
Core Changes
cacheComponents(#91711){eval:true}in worker_threads constructors (#91666)Credits
Huge thanks to @icyJoseph, @abhishekmardiya, @ijjk, @mischnic, @unstubbable, @sokra, and @lukesandberg for helping!
v16.2.0Compare Source
Core Changes
f93b9fd4-20251217to65eec428-20251218: #87323experimental.strictRouteTypesconfig: #87378satisfieswhen validating page and route modules: #87398numberinconfig.api.bodyParser.sizeLimitwhen validating route: #87633images.maximumResponseBodyconfig: #88183'use cache'wrapper: #88219'use cache'function calls: #86920pending revalidates...debug log if applicable: #88221noUncheckedSideEffectImportsfor CSS imports: #88199/_next/routes: #8835365eec428-20251218to3e1abcc8-20260113: #88530interopDefault: #884863e1abcc8-20260113to4a3d993e-20260114: #885474a3d993e-20260114tobef88f7c-20260116: #88649--debug-build-pathsbracket escaping for glob patterns: #88660--debug-build-paths: #88654next start --inspect: #88744--debug-build-pathssupport to filter routes: #88655bef88f7c-20260116to41b3e9a6-20260119: #8875641b3e9a6-20260119tod2908752-20260119: #88774rewroteURLtorewrittenPathnamein request metadata: #88751getImplicitTagsto accept pathname instead of url object: #88753NEXT_DEPLOYMENT_IDglobal: #86738<html data-dpl-id>and don't inline it into JS anymore: #88761revalidatePathwith params and trailing slash when deployed: #88623d2908752-20260119tob546603b-20260121: #88860deploymentIdfrom App RouterRenderOptsPartial: #88866b546603b-20260121to24d8716e-20260123: #88963?dpl=to all asset urls returned by Turbopack: #88828useEffectEventto disallowed React APIs in Server Components: #88985renderOpts.nextExporttoisBuildTimePrerendering: #88951README.mds: #89022__turbopack_load_by_url__with query: #8889924d8716e-20260123to8c34556c-20260126: #89066baseline-browser-mappingwarnings: #89175.mdlicenses are included in vendored packages: #8920110680271-20260126to230772f9-20260128: #89250tarused to extract SWC binary : #89158browserslistdoesn't issue outdated warnings forbaseline-browser-mapping: #89287230772f9-20260128toda641178-20260129: #89301rules.*.typeconfig to allow changing the type of a module: #88788logging.serverFunctions: #89321'use cache'functions: #89408da641178-20260129toed4bd540-20260202: #89401ed4bd540-20260202tob1533b03-20260203: #89444b1533b03-20260203to3e00319b-20260203: #89449experimental.reportSystemEnvInliningfor Turbopack: #89304instant(): #89469cacheLifeon outer"use cache"when nesting short-lived caches: #894813e00319b-20260203to95ffd6cd-20260205: #89550discoverRoutes()API: #8897195ffd6cd-20260205to2dd9b7cf-20260208: #89681AggregateError.errorsin terminal output: #889992dd9b7cf-20260208to272441a9-20260209: #89722next dev: #89798type: "text"under a new experimental flag, following what webpack did: #89560use: #89793experimental.appNewScrollHandler: #83107272441a9-20260209to6066c782-20260212: #89923--debug-prerenderis set: #89834require.resolve()to get the installednextversion: #89166prefetch={true}on Links to routes withinstant: #900616066c782-20260212to4842fbea-20260217: #90144pnpm build: #89819Configuration
📅 Schedule: (in timezone Asia/Seoul)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.