Skip to content

chore(deps-dev): bump eslint-config-next from 15.5.15 to 16.2.6#305

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/eslint-config-next-16.2.4
Open

chore(deps-dev): bump eslint-config-next from 15.5.15 to 16.2.6#305
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/eslint-config-next-16.2.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 29, 2026

Copy link
Copy Markdown
Contributor

Bumps eslint-config-next from 15.5.15 to 16.2.6.

Release notes

Sourced from eslint-config-next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

Moderate:

Low:

Core Changes

  • fix: preserve HTTP access fallbacks during prerender recovery (#92231)
  • Fix fallback route params case in app-page handler (#91737)
  • Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)
  • Patch setHeader for direct route handlers (#93101)
  • Include deployment id in cacheHandlers keys (#93453)
  • Fix double-encoding of URL pathname parts in client param parsing (#93491)

v16.2.5

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for eslint-config-next since your current version.


Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot requested a review from glassBead-tc as a code owner April 29, 2026 02:58
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 29, 2026
@vercel

vercel Bot commented Apr 29, 2026

Copy link
Copy Markdown
Contributor

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
thoughtbox-web-two Ready Ready Preview, Comment May 16, 2026 5:09am

@greptile-apps

greptile-apps Bot commented Apr 29, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This Dependabot PR bumps eslint-config-next from 15.5.15 to 16.2.4 — a major version jump — while leaving the next runtime on ^15.2.0. The two packages are released in lockstep by the Next.js team and are intended to share the same major version; running the v16 ESLint plugin against a v15 project can yield incorrect lint results.

  • P1: eslint-config-next@16.2.4 should not be used with next@15.x; the bundled @next/eslint-plugin-next@16.2.4 rules may enforce Next.js 16 conventions and produce false positives or miss valid warnings on a Next.js 15 codebase. Either pin eslint-config-next back to ^15.2.0 or simultaneously bump next to ^16.x.

Confidence Score: 3/5

Not safe to merge as-is due to a major version mismatch between eslint-config-next and next

A single P1 finding (cross-major package mismatch) that directly affects linting correctness; no P0 issues present

apps/web/package.jsoneslint-config-next major version needs to align with the next major version

Important Files Changed

Filename Overview
apps/web/package.json Bumps eslint-config-next to ^16.2.4 while next stays on ^15.2.0, creating a cross-major peer mismatch
pnpm-lock.yaml Lockfile updated consistently; confirms next@15.5.15 vs eslint-config-next@16.2.4 and adds @babel/core@7.29.0 as a transitive dep for next

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["next lint / CI"] --> B["eslint-config-next@16.2.4\n(@next/eslint-plugin-next@16.2.4)"]
    A --> C["next@15.5.15 runtime"]
    B -- "enforces Next.js 16 rules" --> D{{"Version mismatch ⚠️"}}
    C -- "Next.js 15 project" --> D
    D --> E["Potential false positives\nor missed warnings"]
Loading
Prompt To Fix All With AI
This is a comment left during a code review.
Path: apps/web/package.json
Line: 36

Comment:
**Major version mismatch between `eslint-config-next` and `next`**

`eslint-config-next` is being bumped to `16.2.4` while `next` remains at `^15.2.0` (resolved to `15.5.15` in the lockfile). Historically these packages are versioned and released together; the ESLint plugin rules bundled in `@next/eslint-plugin-next@16.2.4` may enforce or assume Next.js 16 project conventions (e.g. new App Router APIs, metadata, middleware shapes), which can produce false positives or suppress valid warnings on a Next.js 15 project. The recommended practice is to keep `eslint-config-next` on the same major as `next`.

```suggestion
"eslint-config-next": "^15.2.0",
```

How can I resolve this? If you propose a fix, please make it concise.

Reviews (1): Last reviewed commit: "chore(deps-dev): bump eslint-config-next..." | Re-trigger Greptile

Comment thread apps/web/package.json Outdated
"autoprefixer": "^10.4.21",
"eslint": "^9",
"eslint-config-next": "^15.2.0",
"eslint-config-next": "^16.2.4",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Major version mismatch between eslint-config-next and next

eslint-config-next is being bumped to 16.2.4 while next remains at ^15.2.0 (resolved to 15.5.15 in the lockfile). Historically these packages are versioned and released together; the ESLint plugin rules bundled in @next/eslint-plugin-next@16.2.4 may enforce or assume Next.js 16 project conventions (e.g. new App Router APIs, metadata, middleware shapes), which can produce false positives or suppress valid warnings on a Next.js 15 project. The recommended practice is to keep eslint-config-next on the same major as next.

Suggested change
"eslint-config-next": "^16.2.4",
"eslint-config-next": "^15.2.0",
Prompt To Fix With AI
This is a comment left during a code review.
Path: apps/web/package.json
Line: 36

Comment:
**Major version mismatch between `eslint-config-next` and `next`**

`eslint-config-next` is being bumped to `16.2.4` while `next` remains at `^15.2.0` (resolved to `15.5.15` in the lockfile). Historically these packages are versioned and released together; the ESLint plugin rules bundled in `@next/eslint-plugin-next@16.2.4` may enforce or assume Next.js 16 project conventions (e.g. new App Router APIs, metadata, middleware shapes), which can produce false positives or suppress valid warnings on a Next.js 15 project. The recommended practice is to keep `eslint-config-next` on the same major as `next`.

```suggestion
"eslint-config-next": "^15.2.0",
```

How can I resolve this? If you propose a fix, please make it concise.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/eslint-config-next-16.2.4 branch from c323854 to c5056b5 Compare April 30, 2026 08:43
Bumps [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) from 15.5.15 to 16.2.6.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v16.2.6/packages/eslint-config-next)

---
updated-dependencies:
- dependency-name: eslint-config-next
  dependency-version: 16.2.4
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps-dev): bump eslint-config-next from 15.5.15 to 16.2.4 chore(deps-dev): bump eslint-config-next from 15.5.15 to 16.2.6 May 16, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/eslint-config-next-16.2.4 branch from c5056b5 to e2799a8 Compare May 16, 2026 05:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants