chore(deps): update npm minor dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@next/env (source)	16.1.6 → 16.2.6
@playwright/test (source)	1.57.0 → 1.59.1
@tailwindcss/postcss (source)	4.1.18 → 4.3.0
@vitejs/plugin-react (source)	5.1.4 → 5.2.0
knip (source)	5.82.1 → 5.88.1
lefthook	2.0.15 → 2.1.6
next (source)	16.1.6 → 16.2.6
react-hook-form (source)	7.71.2 → 7.75.0
stripe	20.2.0 → 20.4.1
tailwindcss (source)	4.1.18 → 4.3.0
testcontainers	11.11.0 → 11.14.0
vitest (source)	4.0.18 → 4.1.5
zod (source)	4.3.6 → 4.4.3

---

Release Notes

vercel/next.js (@​next/env)

v16.2.6

Compare Source

This release contains security fixes for the following advisories:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

v16.2.5

Compare Source

This release contains security fixes for the following advisories:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

v16.2.4

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• chore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (#​92713)
• Turbopack: fix filesystem watcher config not applying follow_symlinks(false) (#​92631)
• Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (#​92580)
• Compiler: Support boolean and number primtives in next.config defines (#​92731)
• turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during recomputation (#​92725)
• Turbopack: shorter error for ChunkGroupInfo::get_index_of (#​92814)
• Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (#​92828)
• Adding more system info to the 'initialize project' trace (#​92427)

Credits

Huge thanks to @​Badbird5907, @​lukesandberg, @​andrewimm, @​sokra, and @​mischnic for helping!

v16.2.3

Compare Source

[!NOTE]
This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.

Core Changes

• Ensure app-page reports stale ISR revalidation errors via onRequestError (#​92282)
• Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#​91981 through #​92273)
• Deduplicate output assets and detect content conflicts on emit (#​92292)
• Fix styled-jsx race condition: styles lost due to concurrent rendering (#​92459)
• turbo-tasks-backend: stability fixes for task cancellation and error handling (#​92254)

Credits

Huge thanks to @​icyJoseph, @​sokra, @​wbinnssmith, @​eps1lon and @​ztanner for helping!

v16.2.2

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• backport: Move expanded adapters docs to API reference (#​92115) (#​92129)
• Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#​92130)
• [create-next-app] Skip interactive prompts when CLI flags are provided (#​91840)
• next.config.js: Accept an option for serverFastRefresh (#​91968)
• Turbopack: enable server HMR for app route handlers (#​91466)
• Turbopack: exclude metadata routes from server HMR (#​92034)
• Fix CI for glibc linux builds
• Backport: disable bmi2 in qfilter #​92177
• [backport] Fix CSS HMR on Safari (#​92174)

Credits

Huge thanks to @​nextjs-bot, @​icyJoseph, @​ijjk, @​gaojude, @​wbinnssmith, @​lukesandberg, and @​bgw for helping!

v16.2.1

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• docs: post release amends (#​91715)
• docs: fix broken Activity Patterns demo link in preserving UI state guide (#​91698)
• Fix adapter outputs for dynamic metadata routes (#​91680)
• Turbopack: fix webpack loader runner layer (#​91727)
• Fix server actions in standalone mode with cacheComponents (#​91711)
• turbo-persistence: remove Unmergeable mmap advice (#​91713)
• Fix layout segment optimization: move app-page imports to server-utility transition (#​91701)
• Turbopack: lazy require metadata and handle TLA (#​91705)
• [turbopack] Respect {eval:true} in worker_threads constructors (#​91666)

Credits

Huge thanks to @​icyJoseph, @​abhishekmardiya, @​ijjk, @​mischnic, @​unstubbable, @​sokra, and @​lukesandberg for helping!

v16.2.0

Compare Source

[!TIP]
Check out our Next v16.2 Blog Post to learn more about this release.

Core Changes

• Upgrade React from f93b9fd4-20251217 to 65eec428-20251218: #​87323
• Turbopack: Create junction points instead of symlinks on Windows: #​87606
• Turbopack: Symlink handling follow-up: #​87637
• Add experimental routing package for resolving adapter routes: #​86404
• Ensure outputs are correct with cache components in deployment adapters: #​87018
• Move off of deprecated url.parse: #​87257
• [strict-route-types] Add experimental.strictRouteTypes config: #​87378
• misc: fix type check log for CI envs: #​87838
• fix: revalidateTag with profile should not trigger client cache invalidation: #​88069
• chore: warn when running tests against stale build: #​88001
• Redesign default error pages with cleaner, more user-friendly UI: #​87988
• dx: avoid next-env.d.ts change in dev: #​88103
• prevent browser cache from using stale RSC responses from previous builds: #​86554
• [strict-route-types] Typecheck App Router page props: #​87386
• [strict-route-types] Enforce common React Component return types in App Router: #​87389
• [strict-route-types] Switch to satisfies when validating page and route modules: #​87398
• [strict-route-types] Don't reject number in config.api.bodyParser.sizeLimit when validating route: #​87633
• Revert "dx: avoid next-env.d.ts change in dev": #​88153
• [strict-route-types] Typecheck pages router routes in absence of App Router: #​87628
• [strict-route-types] Ensure cache profiles and routes are type-checked even if .next is excluded: #​87768
• add compilation error for taint when not enabled: #​88173
• feat(next/image)!: add images.maximumResponseBody config: #​88183
• Add maximum size limit for postponed body parsing: #​88175
• metadata: use fixed segment in dynamic routes with static metadata files: #​88113
• feat: add --experimental-cpu-prof flag for dev, build, and start: #​87946
• Add experimental option to use no-cache instead of no-store in dev: #​88182
• fix overlay frames cannot be opened sometimes: #​88210
• Handle pnpm-workspace.yaml while searching for monorepo root: #​74818
• Add more debug logs to 'use cache' wrapper: #​88219
• Omit unused arguments from 'use cache' function calls: #​86920
• Only log pending revalidates... debug log if applicable: #​88221
• fix(next/image): bump sharp@​0.34.5: #​88238
• Disallow javascript urls in router methods and redirects: #​88185
• Fix relative same host redirects in node middleware: #​88253
• Remove loadConfig from main development process, pass value from child process: #​88230
• Update deploy adapters outputs and handler interfaces for node and edge: #​88247
• Move Ready in time before handler initialization: #​88235
• next/image: support custom cache handlers: #​88248
• feat: add Claude Code plugin marketplace with Cache Components skill: #​87993
• refactor: consolidate PPR into cacheComponents architecture: #​88243
• Turbopack: include fewer traced files for standalone: #​88322
• feat(turbopack): add resolve plugin condition variant of Always and Never: #​88190
• perf: use length = 0 to clear the logging array: #​88244
• Time logs: Show full millisecond instead of 1 decimal: #​88313
• [turbopack] Enable inferring module side effects by default: #​87216
• Track search string as part of "refresh state": #​87203
• Pass RouteTree into navigation function: #​87256
• Read from segment cache unknown routes: #​87293
• Pass loading boundary as part of RSC data: #​87825
• Revert "refactor: consolidate PPR into cacheComponents architecture (#​88243)": #​88421
• fix: support TypeScript noUncheckedSideEffectImports for CSS imports: #​88199
• Don't import typescript at runtime: #​88321
• fix: use RDC for server action requests: #​88129
• Warn when overriding Cache-Control header on /_next/ routes: #​88353
• [prebuilt-skew-protection] feat: adding in automatic deploymentId: #​88012
• Revert "[prebuilt-skew-protection] feat: adding in automatic deploymentId": #​88449
• Turbopack: Update reqwest, remove experimental system TLS feature: #​88290
• Revert "prevent browser cache from using stale RSC responses from pre…: #​88457
• Turbopack: retain loader tree order for metadata: #​88487
• Turbopack: more dead code: #​88505
• fix(build): prevent route handler manifests from inheriting unrelated client components: #​88419
• Upgrade React from 65eec428-20251218 to 3e1abcc8-20260113: #​88530
• Better typesafety for interopDefault: #​88486
• keep next-env.d.s unchanged between dev and build: #​88428
• Remove sibling caches from CacheNode tree: #​87991
• Upgrade React from 3e1abcc8-20260113 to 4a3d993e-20260114: #​88547
• Finish deleting Mutable from router implementation: #​88046
• fetch(next/image): reduce maximumResponseBody from 300MB to 50MB: #​88588
• [CC] Fix dev validation error from server action bound args: #​88600
• Fix incorrect 'Ready in' time for next start: #​88589
• feat: server action logging: #​88277
• Log browser error and warnings in terminal: #​88352
• Upgrade React from 4a3d993e-20260114 to bef88f7c-20260116: #​88649
• fix: make RedirectType constant properties literal types: #​88653
• Turbopack: add support for matching loaders on resource queries: #​88644
• fix: capture promisified setImmediate separately: #​88346
• fix: setImmediate[util.promisify.custom] access fails in edge runtime: #​88685
• Fix --debug-build-paths bracket escaping for glob patterns: #​88660
• Add negation pattern support to --debug-build-paths: #​88654
• Only filter next config if experimental flag is enabled: #​88733
• [Devtool Indicator] Fix cross alignment: #​88664
• Turbopack: don't use build id for pages router client-side manifests: #​88641
• Allow inspecting server with next start --inspect: #​88744
• Turbopack: Add --debug-build-paths support to filter routes: #​88655
• Upgrade React from bef88f7c-20260116 to 41b3e9a6-20260119: #​88756
• Use rewritten pathname for implicit cache tags: #​88732
• Upgrade React from 41b3e9a6-20260119 to d2908752-20260119: #​88774
• Add experimental_gesturePush to App Router: #​88776
• Rename rewroteURL to rewrittenPathname in request metadata: #​88751
• Simplify getImplicitTags to accept pathname instead of url object: #​88753
• Add NEXT_DEPLOYMENT_ID global: #​86738
• Turbopack: remove deployment id suffix from client reference manifest chunks: #​88741
• Inject <html data-dpl-id> and don't inline it into JS anymore: #​88761
• [metadata] match the Metadata and ResolvedMetadata type: #​88739
• Reuse bfcache data during Full prefetches: #​88606
• Embed static sibling info in route tree: #​88692
• Fix revalidatePath with params and trailing slash when deployed: #​88623
• fix: preserve cache behavior for PPR fallback shells with root params: #​88556
• Upgrade React from d2908752-20260119 to b546603b-20260121: #​88860
• stabilize browser log forward options: #​88857
• [devtools] Wrap long file names of stack frames in the error overlay: #​88886
• [devtools] Fix notch coloring of error overlay in forced colors mode: #​88892
• Remove deploymentId from App Router RenderOptsPartial: #​88866
• feat: implement LRU cache with invocation ID scoping for minimal mode response cache: #​88509
• [prebuilt-skew-protection] feat: adding in automatic deploymentId: #​88496
• [devtool] Add hydration diff indicator for diff lines: #​88919
• Revert "[prebuilt-skew-protection] feat: adding in automatic deploymentId": #​88942
• [turbopack] add task type infromation to the print_cache_item_size feature: #​88925
• Upgrade React from b546603b-20260121 to 24d8716e-20260123: #​88963
• Turbopack: add ?dpl= to all asset urls returned by Turbopack: #​88828
• feat(next-codemod): add agents-md command for AI coding agents: #​88961
• Update font data: #​88975
• Improve agents-md prompt to force doc retrieval: #​88997
• [Reapply] Add useEffectEvent to disallowed React APIs in Server Components: #​88985
• Apply fixes for onBuildComplete and route module: #​88831
• Rename renderOpts.nextExport to isBuildTimePrerendering: #​88951
• docs: fix typos in README.mds: #​89022
• refactor: consume global-error from loader tree: #​88437
• Fix chunk loading when using __turbopack_load_by_url__ with query: #​88899
• [mcp] change the mcp endpoint response to JSON: #​88911
• Reapply "[turbopack] Add bundling support for worker_threads" (#​88725): #​88967
• fix: ensure LRU cache items have minimum size of 1 to prevent unbounded growth: #​89040
• Upgrade React from 24d8716e-20260123 to 8c34556c-20260126: #​89066
• Use null-prototype objects in server actions manifests: #​89069
• Re-enable types-and-precompiled: #​89070
• Apply segment changes to adapters outputs: #​89072
• Improve no response route handler error: #​89036
• Limit number of server action arguments to 1000: #​89068
• [prebuilt-skew-protection] feat: adding in automatic deploymentId: #​88958
• Decouple route stale time from segment-level data: #​88834
• Decouple route and segment cache lifecycles: #​88989
• [ci] Silence baseline-browser-mapping warnings: #​89175
• [Cache Components] Prevent streaming fetch calls from hanging in dev: #​89171
• React types update: #​89110
• [nextjs] feat: removing length requirement: #​89173
• add GPTBot to matcher for known bots: #​89188
• Ensure .md licenses are included in vendored packages: #​89201
• Switch development log item format as JSON: #​89168
• IsolatedDevBuild flag removal: #​89167
• fix: coerce HEAD to GET for internal images: #​84180
• Upgrade React from 10680271-20260126 to 230772f9-20260128: #​89250
• Upgrade tar used to extract SWC binary : #​89158
• Sort prerender manifest routes: #​89246
• Track vary params for segments without server-side param access: #​88998
• Optimistic routing: client-side route prediction: #​88965
• Keep pages/404.js to be able to dynamically render it anyway: #​89263
• fix: fully static pages should emit & serve static rsc payloads: #​89202
• fix: CSRF origin matching should be case-insensitive: #​89127
• fix(build): format runAfterProductionCompile duration as human-readable time: #​89232
• fix(router): support BigInt in query parameters: #​89213
• Update font data: #​89200
• Update font data: #​89272
• Turbopack: add support for contentType condition for webpack loaders: #​89156
• Revert "fix(router): support BigInt in query parameters": #​89283
• Track vary params during static prerendering: #​89267
• Improve lock dir error message: #​89119
• Ensures browserslist doesn't issue outdated warnings for baseline-browser-mapping: #​89287
• Replace build id in Pages data routes with deployment id: #​88959
• Upgrade React from 230772f9-20260128 to da641178-20260129: #​89301
• Inline handler dependencies instead of tracing: #​89269
• Turbopack: add rules.*.type config to allow changing the type of a module: #​88788
• Add experimental.varyParams feature flag: #​89307
• Fix/zlib mem node: #​89099
• Revert "Replace build id in Pages data routes with deployment id (#​88959)": #​89323
• Turbopack: Rename crates/napi to crates/next-napi-bindings and update crate name: #​89314
• feat: detect @​typescript/native-preview as alternative TypeScript compiler: #​89149
• Revert "Fix/zlib mem node": #​89322
• Turbopack: FreeVarReference::ReportUsage: #​89302
• Make Server Function logging opt-in via logging.serverFunctions: #​89321
• Restore default-enabled Server Function logging: #​89407
• Re-add build-complete traces for webpack: #​89402
• Skip Server Function logging for 'use cache' functions: #​89408
• Replace flight navigation build id field with header: #​88855
• Upgrade React from da641178-20260129 to ed4bd540-20260202: #​89401
• Upgrade React from ed4bd540-20260202 to b1533b03-20260203: #​89444
• Upgrade React from b1533b03-20260203 to 3e00319b-20260203: #​89449
• Rename CACHE_ONE_YEAR for clarity and fix usage: #​89450
• [Codemod] Fix agents-md on Windows: #​89319
• Experimental deferred entries handling: #​88347
• Add experimental.reportSystemEnvInlining for Turbopack: #​89304
• fix: use signal-based exit codes to prevent inspector blocking exit: #​89351
• Add Instant Navigation Testing API: #​89465
• Support MPA navigations in instant(): #​89469
• Handle Pages data route skew with deployment id header, take 2: #​89325
• Include owner stack for forwarded errors if available: #​89493
• [CC] Rename "unstable_prefetch" to "unstable_instant": #​89448
• Ensure module contexts are always included in adapter traces: #​89508
• Don't insert build id comment in HTML: #​89478
• Clarify type checking error message: #​89525
• Require explicit cacheLife on outer "use cache" when nesting short-lived caches: #​89481
• [Instant] Instant validation in Dev: #​89077
• Upgrade React from 3e00319b-20260203 to 95ffd6cd-20260205: #​89550
• Turbpopack: fix is_persistent_caching_enabled: #​89533
• Fix a small doc typo: #​89553
• Ensure _middleware is consistent in adapter for name/id: #​89559
• Ensure Errors with deep causal chains respect inspect depth: #​89594
• refactor: extract route discovery into unified discoverRoutes() API: #​88971
• Ensure static metadata are static outputs for adapters: #​89574
• Resolve local variable references in error code SWC plugin: #​89596
• Turbopack: Add --experimental-server-fast-refresh CLI flag: #​89274
• Fix deployment id header when proxying: #​89593
• fix: deprecated util._extend: #​89614
• Fix missing non-deferred turbopack build items: #​89616
• Revert "Ensure _middleware is consistent in adapter for name/id": #​89624
• Omit unused arguments for server actions: #​89651
• Upgrade React from 95ffd6cd-20260205 to 2dd9b7cf-20260208: #​89681
• Include AggregateError.errors in terminal output: #​88999
• fix(image): findClosestQuality returns 0 for low quality values: #​89621
• Upgrade React from 2dd9b7cf-20260208 to 272441a9-20260209: #​89722
• Avoid using unclosing prefetch streams in the browser: #​89610
• Pass shouldCache to all manifest loading calls: #​89713
• Add 2nd cloned body to FinalizationRegistry. Only used RuntimeStyles component for webpack: #​88577
• Tracing: trace render times as render-path: #​89763
• Turbopack: Server HMR infrastructure: #​88870
• Turbopack: Reorganize runtime files into shared/runtime directory: #​89461
• [Instant] Validation on client navs: #​89777
• Turbopack: extract core hmr client logic into shared runtime: #​88912
• Turbopack: Fix slow filesystem benchmark warning for next dev: #​89798
• Add turbopackIgnoreIssue config to suppress Turbopack warnings: #​89682
• Add support for with type: "text" under a new experimental flag, following what webpack did: #​89560
• Remove unused devtools code handling React without use: #​89793
• [devtools] Wrap overlay in Activity: #​89818
• Add CSS URL deployment ID suffix support: #​89771
• Fix cascading LRU eviction during prefetch batches: #​89766
• Refactor prerenderManifest passing: #​89765
• [AI] Ship bundled docs in next and generate AGENTS.md in create-next-app: #​89850
• Turbopack: Implement server hmr in nodejs dev runtime: #​89130
• Allow sitemap.ts and sitemap/page.tsx to coexist in Turbopack: #​89789
• [fragment-scroll] Cleanup scroll and focus restoration in layout router: #​83110
• [fragment-scroll] Add experimental.appNewScrollHandler: #​83107
• [Instant] Fix crash with search params: #​89922
• Fix memory leak in dev mode caused by fast-set-immediate: #​89779
• Trace upload: include experimental flag states: #​89845
• Upgrade React from 272441a9-20260209 to 6066c782-20260212: #​89923
• Add a better error message for when turbopack cannot be loaded: #​89633
• fix: support multiple icon formats with same base name (icon.png + icon.svg): #​89504
• Turbopack: Move turbopackIgnoreIssue from experimental to turbopack.ignoreIssue: #​89817
• Build with dev runtimes when --debug-prerender is set: #​89834
• Append deployment id query string for next-font: #​89960
• Fix parallel routes with deferred entries: #​89967
• Rename node extension utils for clarity: #​89970
• Model abandoning by signal: #​89971
• Fix missing incremental cache in middleware unstable_cache: #​89980
• Run fast immediates during prerender abort to fix flaky I/O stack traces: #​89969
• [fragment-scroll] Ensure hoisted elements don't break scroll-to-top on page navigations: #​83108
• dx: Include path count in export error message: #​89333
• fix(agents-md): use require.resolve() to get the installed next version: #​89166
• docs: agent skills, pr-status script, and AGENTS.md updates (1/8): #​89857
• Ignore prefetch={true} on Links to routes with instant: #​90061
• Expand deferred entries test suite and fix turbopack build: #​90057
• Use StageController for runtime prerendering: #​89972
• Improve task pipelining: #​90065
• fix(next/legacy/image): add deployment id (dpl) query string support: #​89956
• Cache expected missing manifest read: #​89908
• Use for...in instead of Object.keys for parallelRouteKey traversal: #​89905
• [Instant] allow non-blocking dynamic holes and errors in shared parents: #​89875
• Move prefetch hints from CacheNodeSeedData to FlightRouterState: #​90066
• [Instant] Don't block on client APIs that wouldn't block in the browser: #​89924
• [devtools] Add support for error causes in the dev overlay: #​90108
• Unify runInSequentialTasks across all sequential task work: #​89978
• Cleanup all stage promises on abort: #​89984
• segment cache: fix segment cache normalizer: #​90111
• Handle null history.state in client-side router popstate handler: #​90083
• Don't parse default postponedsizelimit: #​89906
• Turbopack: handle invalid RSC imports via importmap: #​88146
• [create-next-app] Improve AGENTS.md prompt wording: #​90118
• ensure maxPostponedStateSize is always respected: #​90060
• Upgrade React from 6066c782-20260212 to 4842fbea-20260217: #​90144
• [fragment-scroll] Stop focusing the first focusable host descendant: #​89903
• fix: normalize loopback only in hostname: #​90158
• Only error for sync IO after runtime in segments that would be runtime prefetched: #​89979
• [refactor] Replace runtime prefetch sentinel transform stream: #​90160
• fix: use Buffer.indexOf in uint8array helpers for faster byte scanning (3/8): #​89864
• Automatically build and clear native build when running pnpm build: #​89819
• fix(cache): DCE to avoid pulling server internals into browser bundles (4/8): #​89865
• Attach active src route to next global: #​90171
• Fix OTEL propagation and add direct entrypoint e2e coverage: #​90181
• Use cookie as sole protocol for instant navigation testing: #​89871
• Simplify metadata tag rendering to flat imperative style: #​90209
• Prevent unhandled rejection filter from being bundled into the server runtime: #​90205
• [Instant] speed up test instant-validation suite: #​90214
• Turbopack: fix static asset skew protection for edge and prerenders: #​90238
• Remove workStore from params/searchParams/pathname function signatures: #​90215
• Remove workStore from metadata resolution chain: #​90217
• [Instant] export "Instant" config type: #​90257
• Replace getDynamicParamFromSegment closure with interpolatedParams in metadata: #​90249
• [Instant] Dev Tools toggle for Instant Navigation Mode: #​90222
• [instant] Include declaration location of instant config in validation errors: #​90169
• Turbopack: rename ServerPaths to AssetPaths: #​90234
• feat(next/image): add lru disk cache and images.maximumDiskCacheSize: #​89963
• Revert "Handle null history.state in client-side router popstate handler": #​90268
• [devtools] Omit empty looking error messages: #​90256
• Fix runtime prefetch isPartial byte stripping when deployed: #​90272
• Upgrade React from `2ba3065

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.