chore(deps-dev): bump next from 15.5.7 to 16.0.8

[dependabot]

Bumps next from 15.5.7 to 16.0.8.

Release notes

Sourced from next's releases.

v16.0.8

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Update react version in cna templates (#86950)

Credits

Huge thanks to @​huozhi for helping!

v16.0.7

Please see CVE-2025-66478 for additional details about this release.

v16.0.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• bump the browserslist version to silence a warning in CI (#86625)

Credits

Huge thanks to @​lukesandberg for helping!

v16.0.5

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix(nodejs-middleware): await for body cloning to be properly finalized (#85418)

Credits

Huge thanks to @​lucasadrianof for helping!

v16.0.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: Rename proxy.js to middleware.js in NFT file (#86214)
• fix: prevent fetch abort errors propagating to user error boundaries (#86277)
• Turbopack: fix passing project options from napi (#86256)

Credits

... (truncated)

Commits

• 817ee56 v16.0.8
• b298173 Update react version in cna templates (#86950)
• 7492122 v16.0.7
• d21259d update version script
• b1a04a8 Update React Version (#11)
• aab1edc v16.0.6
• 279f2e3 bump the browserslist version to silence a warning in CI (#86625)
• 89ccb9f v16.0.5
• 75f63f7 backport fix(nodejs-middleware): await for body cloning to be properly finali...
• d440c75 v16.0.4
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
next	[>= 13.a, < 14]

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 7408e9d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[sentry]

Bug: Next.js 16's default Turbopack conflicts with existing webpack() configuration, causing build failure.
_{Severity: CRITICAL | Confidence: High}

🔍 Detailed Analysis

When running next build with Next.js 16.0.8, Turbopack becomes the active bundler by default. The packages/docs/next.config.js contains a custom webpack() configuration for jsx-to-string-loader. Next.js 16 intentionally aborts the build when a traditional webpack() configuration is detected alongside Turbopack, leading to an immediate build failure. The package.json scripts do not include the --webpack flag to opt out of Turbopack, nor is there a turbopack.rules configuration to replace the webpack setup.

💡 Suggested Fix

Migrate the jsx-to-string-loader configuration to Turbopack's turbopack.rules format, or add the --webpack flag to the next build script in package.json to opt out of Turbopack.

🤖 Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: packages/docs/package.json#L50

Potential issue: When running `next build` with Next.js 16.0.8, Turbopack becomes the
active bundler by default. The `packages/docs/next.config.js` contains a custom
`webpack()` configuration for `jsx-to-string-loader`. Next.js 16 intentionally aborts
the build when a traditional `webpack()` configuration is detected alongside Turbopack,
leading to an immediate build failure. The `package.json` scripts do not include the
`--webpack` flag to opt out of Turbopack, nor is there a `turbopack.rules` configuration
to replace the webpack setup.

_{Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 6415171}

[PascalZajac]

Seems we have 3 options here:

1. Manually update the build commands to force webpack usage
2. Add turbopack configuration to silence the warning
3. Actually migrate to turbopack

[PascalZajac]

> big-design@ start /Users/pascal.zajac/Sites/cloud-dev-vm/bcappvm/codebases/microapps/big-design
> turbo start --filter @bigcommerce/docs

╭──────────────────────────────────────────────────────────────────────────╮
│                                                                          │
│                     Update available v2.6.1 ≫ v2.6.3                     │
│    Changelog: https://github.com/vercel/turborepo/releases/tag/v2.6.3    │
│          Run "pnpm dlx @turbo/codemod@latest update" to update           │
│                                                                          │
│          Follow @turborepo for updates: https://x.com/turborepo          │
╰──────────────────────────────────────────────────────────────────────────╯
turbo 2.6.1

• Packages in scope: @bigcommerce/docs
• Running start in 1 packages
• Remote caching disabled
@bigcommerce/docs:start: cache bypass, force executing e3346949351f4860
@bigcommerce/docs:start: 
@bigcommerce/docs:start: > @bigcommerce/docs@1.9.0 start /Users/pascal.zajac/Sites/cloud-dev-vm/bcappvm/codebases/microapps/big-design/packages/docs
@bigcommerce/docs:start: > next
@bigcommerce/docs:start: 
@bigcommerce/docs:start:    ▲ Next.js 16.0.8 (Turbopack)
@bigcommerce/docs:start:    - Local:         http://localhost:3000
@bigcommerce/docs:start:    - Network:       http://127.0.2.2:3000
@bigcommerce/docs:start: 
@bigcommerce/docs:start:  ✓ Starting...
@bigcommerce/docs:start:  ✓ Ready in 256ms

[chanceaclark]

Can you double check when you run next build && next start, otherwise looks good! Thanks for updating these!

[PascalZajac]

That did reveal a few issues:

➜  docs git:(dependabot/npm_and_yarn/next-16.0.8) npx next build && npx next start
   ▲ Next.js 16.0.8 (Turbopack)

 ✓ Finished TypeScript in 5.1s    
   Creating an optimized production build ...
Turbopack build encountered 1 warnings:
./packages/docs/_
Module not found: Can't resolve 'styled-jsx/style.js'


https://nextjs.org/docs/messages/module-not-found


 ✓ Compiled successfully in 5.1s
 ✓ Collecting page data using 9 workers in 2.1s    
 ✓ Generating static pages using 9 workers (60/60) in 1064.8ms
 ✓ Exporting using 9 workers (60/60) in 422.6ms
 ✓ Finalizing page optimization in 588.0ms    

Route (pages)
┌ ○ /
├   /_app
├ ○ /404
├ ○ /accordion-panel
├ ○ /action-bar
├ ○ /alert
├ ○ /anchor-nav
├ ○ /badge
├ ○ /box
├ ○ /breakpoints (599 ms)
├ ○ /button (600 ms)
├ ○ /button-group
├ ○ /checkbox
├ ○ /collapse
├ ○ /colors (599 ms)
├ ○ /counter (599 ms)
├ ○ /datepicker
├ ○ /display (599 ms)
├ ○ /dropdown (603 ms)
├ ○ /feature-set
├ ○ /file-uploader (607 ms)
├ ○ /flex (632 ms)
├ ○ /form (599 ms)
├ ○ /grid
├ ○ /header
├ ○ /icons
├ ○ /inline-message
├ ○ /input
├ ○ /link
├ ○ /lozenge
├ ○ /margin
├ ○ /message
├ ○ /modal
├ ○ /multi-select (632 ms)
├ ○ /offset-pagination (632 ms)
├ ○ /padding (660 ms)
├ ○ /page (632 ms)
├ ○ /panel (632 ms)
├ ○ /pill-tabs (632 ms)
├ ○ /popover
├ ○ /progress-bar
├ ○ /progress-circle (632 ms)
├ ○ /radio
├ ○ /search (632 ms)
├ ○ /select
├ ○ /spacing
├ ○ /statefulTable
├ ○ /statefulTree
├ ○ /stateless-pagination
├ ○ /status-message
├ ○ /stepper
├ ○ /switch
├ ○ /table (660 ms)
├ ○ /tabs (659 ms)
├ ○ /textarea (659 ms)
├ ○ /timepicker
├ ○ /toggle (660 ms)
├ ○ /tooltip (661 ms)
├ ○ /typography (659 ms)
└ ○ /worksheet (659 ms)

○  (Static)  prerendered as static content

   ▲ Next.js 16.0.8
   - Local:         http://localhost:3000
   - Network:       http://127.0.2.2:3000

 ✓ Starting...
Error: "next start" does not work with "output: export" configuration. Use "npx serve@latest out" instead.
    at ignore-listed frames

(I am unsure how much the 2nd one is just me blindly following commands)

[chanceaclark]

If you run pnpm why styled-jsx you'll see it as a dependency of next. However, it looks like turbopack can't resolve that module. I pull this branch down and installing the dependency fixed the issue pnpm add styled-jsx@5.1.6 -S.

Regarding the next start command, I forgot it doesn't work on static builds anymore, you'll have to use npx serve@latest out to run the static site. (I also had to set NODE_ENV to development when building so that the basePath doesn't change)

From my testing with my changes it seems like it works:

[dependabot]

A newer version of next exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

[golcinho]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.