Skip to content

deps(npm): bump the ui-dependencies group with 7 updates#124

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/ui-dependencies-40b4542678
Open

deps(npm): bump the ui-dependencies group with 7 updates#124
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/ui-dependencies-40b4542678

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 2, 2026

Bumps the ui-dependencies group with 7 updates:

Package From To
next 16.2.6 16.2.7
react 19.2.6 19.2.7
@types/react 19.2.15 19.2.16
react-dom 19.2.6 19.2.7
eslint 10.4.0 10.4.1
eslint-config-next 16.2.6 16.2.7
wrangler 4.95.0 4.97.0

Updates next from 16.2.6 to 16.2.7

Release notes

Sourced from next's releases.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Backport documentation fixes for v16.2 (#93804)
  • [backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)
  • [backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)
  • [backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)
  • [backport] Encode non-ASCII characters in cache tags at construction (#93918)
  • [backport] Fix server action forwarding loop with middleware rewrites (#93919)
  • [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
  • [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
  • [backport] Fix "type: module" in project dir when using standalone or adapters (#94050)
  • [backport] Propagate adapter preferred regions (#94200)
  • [16.2.x] Don't drop FormData entries (#94240)
  • [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @​eps1lon, @​icyJoseph, @​unstubbable, @​mischnic, @​bgw, @​timneutkens, and @​lukesandberg for helping!

Commits
  • 9bd3c26 v16.2.7
  • c63224f [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolut...
  • 63115c7 [16.2.x] Don't drop FormData entries (#94240)
  • aef22fd [backport] Propagate adapter preferred regions (#94200)
  • f126e72 [backport] Fix "type: module" in project dir when using standalone or adapter...
  • bda3e2a [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
  • 7e16e07 [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
  • 6139f4b [backport] Fix server action forwarding loop with middleware rewrites (#93919)
  • c021d10 [backport] Encode non-ASCII characters in cache tags at construction (#93918)
  • 9184ddb [backport] Fix catch-all router.query corruption with basePath + `rewrite...
  • Additional commits viewable in compare view

Updates react from 19.2.6 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.


Updates @types/react from 19.2.15 to 19.2.16

Commits

Updates react-dom from 19.2.6 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.


Updates @types/react from 19.2.15 to 19.2.16

Commits

Updates eslint from 10.4.0 to 10.4.1

Release notes

Sourced from eslint's releases.

v10.4.1

Bug Fixes

  • e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)
  • d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)
  • f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)
  • c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)
  • 27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)

Documentation

  • 61b0add docs: remove deprecated rule from related rules of max-params (#20921) (Tanuj Kanti)
  • 305d5b9 docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)
  • 49b0202 docs: fix display: none of ad (#20901) (Tanuj Kanti)
  • 9067f94 docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)
  • c91b041 docs: Update README (GitHub Actions Bot)
  • e349265 docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)

Chores

  • b0e466b test: add data property to invalid tests cases for rules (#20924) (Tanuj Kanti)
  • f78838b test: add CodePath type coverage (#20904) (Pixel998)
  • 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20922) (Francesco Trotta)
  • 002942c ci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)
  • 64bca24 chore: update ecosystem plugins (#20912) (ESLint Bot)
  • 6d7c832 chore: ignore fflate updates in renovate (#20908) (Pixel998)
  • b2c8638 ci: bump pnpm/action-setup from 6.0.7 to 6.0.8 (#20889) (dependabot[bot])
  • a9b8d7f chore: increase maxBuffer for ecosystem tests (#20881) (sethamus)
  • b702ead chore: update ecosystem update PR settings (#20884) (Pixel998)
  • 507f60e chore: update ecosystem plugins (#20882) (ESLint Bot)
  • 92f5c5b test: add unit test for message-count (#20878) (kuldeep kumar)
  • df32108 chore: add @​eslint/markdown and typescript-eslint ecosystem tests (#20837) (sethamus)
  • 327f91d chore: use includeIgnoreFile internally (#20876) (Kirk Waiblinger)
  • f0dc4bd chore: pin fflate@0.8.2 (#20877) (Milos Djermanovic)
  • 0f4bd25 ci: run Discord alert for ecosystem test failures (#20873) (Copilot)
Commits
  • 4a3d15a 10.4.1
  • 43e7e2b Build: changelog update for 10.4.1
  • e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930)
  • b0e466b test: add data property to invalid tests cases for rules (#20924)
  • d4ce898 fix: propagate failures from delegated commands (#20917)
  • f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916)
  • f78838b test: add CodePath type coverage (#20904)
  • 61b0add docs: remove deprecated rule from related rules of max-params (#20921)
  • 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20...
  • 002942c ci: declare contents:read on update-readme workflow (#20919)
  • Additional commits viewable in compare view

Updates eslint-config-next from 16.2.6 to 16.2.7

Release notes

Sourced from eslint-config-next's releases.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Backport documentation fixes for v16.2 (#93804)
  • [backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)
  • [backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)
  • [backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)
  • [backport] Encode non-ASCII characters in cache tags at construction (#93918)
  • [backport] Fix server action forwarding loop with middleware rewrites (#93919)
  • [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
  • [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
  • [backport] Fix "type: module" in project dir when using standalone or adapters (#94050)
  • [backport] Propagate adapter preferred regions (#94200)
  • [16.2.x] Don't drop FormData entries (#94240)
  • [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @​eps1lon, @​icyJoseph, @​unstubbable, @​mischnic, @​bgw, @​timneutkens, and @​lukesandberg for helping!

Commits

Updates wrangler from 4.95.0 to 4.97.0

Release notes

Sourced from wrangler's releases.

wrangler@4.97.0

Minor Changes

  • #13996 94b29f7 Thanks @​vaishnav-mk! - Add restart-from-step options to wrangler workflows instances restart

    You can now restart a Workflow instance from a specific step using --from-step-name, with optional --from-step-count and --from-step-type disambiguation. These options work for both remote Workflow instances and local wrangler dev --local sessions.

Patch Changes

  • #14141 b210c5e Thanks @​MattieTK! - Add re-authentication hint to account fetch error messages

    When Wrangler fails to automatically retrieve account IDs, the error messages now suggest running wrangler login as a troubleshooting step. This addresses confusion for users who encounter these errors after OAuth system changes or other authentication issues.

  • #14078 aec1bb8 Thanks @​MattieTK! - Bump am-i-vibing from 0.1.1 to 0.4.0

    This updates the agentic environment detection library to the latest version, which includes improved detection coverage for newer AI coding agents.

  • #14147 e06cbb7 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260529.1 1.20260601.1

  • #14027 9a26191 Thanks @​matingathani! - Gracefully handle EMFILE error when assets directory exceeds OS watcher limit

    Previously, when wrangler dev was pointed at an assets directory with more than ~4,096 subdirectories, the chokidar file watcher threw an EMFILE: too many open files error that was not caught, causing an infinite error loop that made the dev server unresponsive.

    Now the error is caught and wrangler:

    1. Logs a clear warning explaining the platform watcher limit was hit
    2. Recommends reducing the number of subdirectories by flattening or restructuring the assets directory
    3. Disables the assets watcher gracefully so the dev server continues working without hot-reload

  • #14041 5565823 Thanks @​matingathani! - Fix wrangler complete printing the AI skills prompt into shell completion output

    Previously, running eval "$(wrangler complete zsh)" (or any other shell) would fail with errors like zsh: command not found: --install-skills because the interactive AI agent skills installation prompt was included in the completion script output.

    The skills prompt is now skipped when running wrangler complete, so the generated completion script is clean and can be sourced correctly.

  • #13881 890fca7 Thanks @​matingathani! - Show a clear error when --metadata is not valid JSON instead of silently ignoring the value

  • #14149 6fc9777 Thanks @​mattjohnsonpint! - Fix wrangler deploy --upload-source-maps silently skipping source maps when the entry file ends with magic comments after //# sourceMappingURL=

    Wrangler previously assumed the //# sourceMappingURL= comment was the last non-empty line of a module. Tools like sentry-cli sourcemaps inject append a //# debugId= comment after it, which silently caused source maps to be omitted from the upload form, most commonly when deploying with --no-bundle --upload-source-maps. Wrangler now scans trailing magic comments (lines starting with //# or //@) and detects the //# sourceMappingURL= comment regardless of which other magic comments follow it.

  • #14105 337e912 Thanks @​dario-piotrowicz! - Remove trailing periods from URLs in terminal output

    URLs printed to the terminal with a sentence-ending period (e.g. https://example.com/path.) would include the period when clicked in some terminal emulators, causing 404 errors. This removes trailing periods from all URLs displayed in CLI output across wrangler, miniflare, vitest-pool-workers, and workers-utils.

... (truncated)

Commits
  • 0b60424 Version Packages (#14142)
  • 42288d4 fix: Include currentAgentSkillsInstalled in command telemetry events (#14155)
  • 6fc9777 [wrangler] fix: don't assume sourceMappingURL is on the last line (#14149)
  • 94b29f7 [workflows] Restart from step (#13996)
  • e06cbb7 Bump the workerd-and-workers-types group with 2 updates (#14147)
  • 5565823 [wrangler] Fix wrangler complete printing AI skills prompt into shell compl...
  • 8e7b74f [wrangler] fix: send Workflows schedules as { cron } objects on deploy (#14150)
  • 9a26191 [wrangler] fix: gracefully handle EMFILE when assets watcher exceeds director...
  • aec1bb8 [wrangler] Bump am-i-vibing from 0.1.1 to 0.4.0 (#14078)
  • 890fca7 [wrangler] fix: show clear error when --metadata is not valid JSON (#13881)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(npm): bump the ui-dependencies group with 7 updates
9ca51a1 
Bumps the ui-dependencies group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [next](https://github.com/vercel/next.js) | `16.2.6` | `16.2.7` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.6` | `19.2.7` |
| [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.15` | `19.2.16` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.6` | `19.2.7` |
| [eslint](https://github.com/eslint/eslint) | `10.4.0` | `10.4.1` |
| [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) | `16.2.6` | `16.2.7` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.95.0` | `4.97.0` |


Updates `next` from 16.2.6 to 16.2.7
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.2.6...v16.2.7)

Updates `react` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `@types/react` from 19.2.15 to 19.2.16
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Updates `react-dom` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `@types/react` from 19.2.15 to 19.2.16
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Updates `eslint` from 10.4.0 to 10.4.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.4.0...v10.4.1)

Updates `eslint-config-next` from 16.2.6 to 16.2.7
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v16.2.7/packages/eslint-config-next)

Updates `wrangler` from 4.95.0 to 4.97.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.97.0/packages/wrangler)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 16.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ui-dependencies
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ui-dependencies
- dependency-name: "@types/react"
  dependency-version: 19.2.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: ui-dependencies
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ui-dependencies
- dependency-name: "@types/react"
  dependency-version: 19.2.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: ui-dependencies
- dependency-name: eslint
  dependency-version: 10.4.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: ui-dependencies
- dependency-name: eslint-config-next
  dependency-version: 16.2.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: ui-dependencies
- dependency-name: wrangler
  dependency-version: 4.97.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: ui-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 2, 2026
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented Jun 2, 2026
edited
Loading

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs		 github-readme-leetcode-card 9ca51a1 Commit Preview URL

Branch Preview URL		 Jun 02 2026, 08:57 PM

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Jun 2, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednext@​16.2.6 ⏵ 16.2.753 -1410091 +19970
Updatedeslint-config-next@​16.2.6 ⏵ 16.2.7991006798 +1100
Updated@​types/​react@​19.2.15 ⏵ 19.2.16100 +11007996 +2100
Updatedreact@​19.2.6 ⏵ 19.2.71001008497100
Updatedwrangler@​4.95.0 ⏵ 4.97.099 +110092 +196 +1100
Updatedreact-dom@​19.2.6 ⏵ 19.2.71001009298100
Updatedeslint@​10.4.0 ⏵ 10.4.198 +110010096100

View full report

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Jun 2, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm next is 80.0% likely obfuscated

Confidence: 0.80

Location: Package overview

From: package-lock.jsonnpm/next@16.2.7

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/next@16.2.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm next is 85.0% likely obfuscated

Confidence: 0.85

Location: Package overview

From: package-lock.jsonnpm/next@16.2.7

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/next@16.2.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm next is 85.0% likely obfuscated

Confidence: 0.85

Location: Package overview

From: package-lock.jsonnpm/next@16.2.7

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/next@16.2.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants