Skip to content

build(deps): bump next from 16.0.9 to 16.0.10 in the npm_and_yarn group across 1 directory #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
anmorgunov merged 1 commit into from
Dec 14, 2025
Merged

build(deps): bump next from 16.0.9 to 16.0.10 in the npm_and_yarn group across 1 directory #34

anmorgunov merged 1 commit into from
Dec 14, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 13, 2025
edited by greptile-apps bot
Loading

Bumps the npm_and_yarn group with 1 update in the / directory: next.

Updates next from 16.0.9 to 16.0.10

Release notes

Sourced from next's releases.

v16.0.10

Please see the Next.js Security Update for information about this security patch.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Greptile Overview

Greptile Summary

This PR updates Next.js from 16.0.9 to 16.0.10, which is a critical security patch release. The update addresses a security vulnerability detailed in the Next.js Security Update.

  • Updated next dependency to version 16.0.10 in package.json
  • Updated lockfile with new integrity hashes for Next.js core and all platform-specific SWC binaries (darwin-arm64, darwin-x64, linux-arm64-gnu, linux-arm64-musl, linux-x64-gnu, linux-x64-musl, win32-arm64-msvc, win32-x64-msvc)
  • No breaking changes or functional modifications expected
  • The security patch backports a React fix ([Flight] Add extra loop protection facebook/react#35351) for version 16.0.9

This is a straightforward dependency bump generated by Dependabot with no code changes required.

Confidence Score: 5/5

  • This PR is safe to merge immediately - it's a critical security patch with no breaking changes
  • This is an automated security patch from Dependabot that updates Next.js from 16.0.9 to 16.0.10. The update is a patch version bump that addresses a security vulnerability documented in the official Next.js security advisory. The changes are limited to version numbers and integrity hashes in the dependency files, with no code modifications required. The update maintains compatibility with all existing peer dependencies (React 19.2.0, babel-plugin-react-compiler 1.0.0) and requires no configuration changes.
  • No files require special attention - both files are standard dependency updates

Important Files Changed

File Analysis

Filename Score Overview
package.json 5/5 Bumped next from 16.0.9 to 16.0.10 for critical security patch
pnpm-lock.yaml 5/5 Updated lockfile with Next.js 16.0.10 and all platform-specific SWC binaries

Sequence Diagram

sequenceDiagram
    participant D as Dependabot
    participant R as Repository
    participant P as package.json
    participant L as pnpm-lock.yaml
    participant N as Next.js Registry

    D->>N: Check for Next.js updates
    N-->>D: Version 16.0.10 available (security patch)
    D->>P: Update next: 16.0.9 → 16.0.10
    D->>L: Update lockfile dependencies
    L->>N: Fetch new integrity hashes
    N-->>L: Return @next/[email protected] hash
    N-->>L: Return @next/swc-* binaries hashes
    L->>L: Update snapshots for all platforms
    D->>R: Create PR #34 with security update
Loading

@dependabot
build(deps): bump next in the npm_and_yarn group across 1 directory
4eede13 
Bumps the npm_and_yarn group with 1 update in the / directory: [next](https://github.com/vercel/next.js).


Updates `next` from 16.0.9 to 16.0.10
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.0.9...v16.0.10)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 16.0.10
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 13, 2025
greptile-apps[bot]
greptile-apps bot reviewed Dec 13, 2025
View reviewed changes
Copy link

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 file reviewed, no comments

Edit Code Review Agent Settings | Greptile

@anmorgunov anmorgunov added type/security a vulnerability or security-related concern and removed dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 14, 2025
@anmorgunov anmorgunov merged commit 8a4754d into master Dec 14, 2025
3 checks passed
@anmorgunov anmorgunov deleted the dependabot/npm_and_yarn/npm_and_yarn-3b9adafb77 branch December 14, 2025 13:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

type/security a vulnerability or security-related concern

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anmorgunov