deps: update next to 16.1.7 #32

Open

minori wants to merge 1 commits from dependencies/update-next into main

pull from: dependencies/update-next

merge into: nhcarrigan:main

nhcarrigan:main

nhcarrigan:dependencies/update-postcss

nhcarrigan:dependencies/update--eslint-eslintrc

nhcarrigan:dependencies/update-tailwindcss

nhcarrigan:dependencies/update--tailwindcss-postcss

nhcarrigan:dependencies/update-cspell

nhcarrigan:dependencies/update-eslint

nhcarrigan:dependencies/update--types-node

Conversation 0 Commits 1 Files Changed 2 +46 -60

minori commented 2026-03-27 07:00:54 -07:00

Owner

Copy Link

Dependency Update

Updates next from 16.1.6 to 16.1.7.

Type

dependencies

Changelog

Changelog

v16.1.7

Note

This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• [Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)
• Apply server actions transform to node_modules in route handlers (#89380)
• ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)
• feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)
• Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)
• Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)
• fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping!

---

✨ This PR was created by Minori, your friendly dependency updater! 🌸

## Dependency Update Updates **next** from `16.1.6` to `16.1.7`. ### Type dependencies ### Changelog ## Changelog ### v16.1.7 > [!NOTE] > This release is backporting bug fixes. It does **not** include all pending features/changes on canary. ### Core Changes - [Cache Components] Prevent streaming fetch calls from hanging in dev (#89194) - Apply server actions transform to node_modules in route handlers (#89380) - ensure `maxPostponedStateSize` is always respected (See: [CVE-2026-27979](https://github.com/vercel/next.js/security/advisories/GHSA-h27x-g6w4-24gq)) - feat(next/image): add lru disk cache and `images.maximumDiskCacheSize` (See: [CVE-2026-27980](https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8)) - Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: [CVE-2026-27977](https://github.com/vercel/next.js/security/advisories/GHSA-jcc7-9wpm-mj36)) - Disallow Server Action submissions from privacy-sensitive contexts by default (See: [CVE-2026-27978](https://github.com/vercel/next.js/security/advisories/GHSA-mq59-m269-xvcx)) - fix: patch http-proxy to prevent request smuggling in rewrites (See: [CVE-2026-29057](https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8)) ### Credits Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping! --- ✨ This PR was created by Minori, your friendly dependency updater! 🌸

minori added 1 commit 2026-03-27 07:00:54 -07:00

deps: update next to 16.1.7 6ff9febb9f

All checks were successful

Hide all checks

Node.js CI / CI (pull_request) Successful in 40s

Required

Details

Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 58s

Details

This pull request doesn't have enough required approvals yet. 0 of 1 approvals granted from users or teams on the allowlist.

This branch is out-of-date with the base branch

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin dependencies/update-next:dependencies/update-next

git checkout dependencies/update-next

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

aspect

code

Concerns the software code in the repository

aspect

dx

Concerns developers' experience with the codebase

aspect

interface

Concerns end-users' experience with the software

aspect

text

Concerns the documentation material in the repository

contribute

good first issue

A great opportunity for a team member to learn a new codebase

contribute

help wanted

Open for anyone on our team to grab.

contribute

staff only

Restricted to our executive leadership.

goal

addition

Addition of new feature

goal

fix

Bug fix

goal

improvement

Improvement to an existing feature

points

1

Very simple issue requiring minimal effort and complexity.

points

13

Extremely complex issue representing major undertakings. Should be broken down into smaller pieces.

points

2

Simple issue that requires a bit more thought or investigation.

points

3

Moderate complexity issue requiring more substantial work.

points

5

Complex issue requiring significant effort and expertise.

points

8

Very complex issue requiring extensive work and deep expertise.

priority

critical

1

Must be fixed ASAP

priority

high

2

Stalls work on the project or its dependents

priority

low

4

Low priority and doesn't need to be rushed

priority

medium

3

Not blocking but should be fixed soon

priority

none

5

No priority, should only be performed when a developer is available

status

awaiting triage

Has not been triaged & therefore, not ready for work

status

blocked

Blocked and therefore not ready for work

status

discarded

Will not be worked on

status

discontinued

Not suitable for work as repo is in maintenance

status

label work required

Needs proper labelling before it can be worked on

status

ready for dev

Ready for work

status

ticket work required

Needs more details before it can be worked on

talk

discussion

Open for discussions and feedback

talk

question

Can be resolved with an answer

time

1 day

Approximately one full day of development work.

time

1-2 weeks

One to two weeks of focused development effort.

time

2-3 days

Two to three days of development effort.

time

4-5 days

Approximately one week of development work.

time

<1 day

Less than one day of focused work. Quick fixes or simple tasks.

time

>2 weeks

More than two weeks of development work. Must be broken down into smaller pieces.

No Label

Milestone

No items

No Milestone

Assignees

Clear assignees

gurkirat hanna hikari minori naomi rain teklu tim

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: nhcarrigan/blog#32