fix(deps): update minor dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@dotenvx/dotenvx	1.43.0 → 1.52.0			devDependencies	minor
@types/finalhandler (source)	1.2.3 → 1.2.4			devDependencies	patch
@types/node (source)	20.19.14 → 20.19.32			devDependencies	patch
@types/react (source)	18.3.24 → 18.3.28			devDependencies	patch
esbuild	^0.25.9 → ^0.27.0			devDependencies	minor
eslint-config-next (source)	15.0.2 → 15.5.12			devDependencies	minor
next (source)	15.5.3 → 15.5.12			dependencies	patch
node (source)	20.18.2 → 20.20.0				minor
npm-run-all2	6.2.3 → 6.2.6			devDependencies	patch
pnpm (source)	10.10.0 → 10.28.2			packageManager	minor
prettier (source)	3.5.3 → 3.8.1			devDependencies	minor
puppeteer (source)	23.3.1 → 23.11.1			pnpm.overrides	minor
puppeteer (source)	23.3.1 → 23.11.1			devDependencies	minor
react (source)	19.1.1 → 19.2.4			dependencies	minor
react-dom (source)	19.1.1 → 19.2.4			dependencies	minor
serve-handler	6.1.5 → 6.1.6			dependencies	patch
tailwindcss (source)	3.4.17 → 3.4.19			devDependencies	patch
tsx (source)	4.20.5 → 4.21.0			devDependencies	minor
typescript (source)	5.9.2 → 5.9.3			devDependencies	patch
typescript (source)	5.6.2 → 5.9.3			devDependencies	minor

---

Release Notes

dotenvx/dotenvx (@​dotenvx/dotenvx)

v1.52.0

Compare Source

Added

• Pass log level options to main.set (#​731)

v1.51.4

Compare Source

Changed

• Change description of dotenvx-ops to better reflect its tooling as operational primitives on top of dotenvx for production use cases. (#​721)

v1.51.3

Compare Source

Added

• Add hint on .env.keys for dotenvx ops backup. Dotenvx Ops Backup lets you back up your private keys securely with just a single command. It's a convenient alterantive to manually copy/pasting them in and out of 1Password. (#​718)

v1.51.2

Compare Source

Changed

• Switch npm publish to use Dotenvx Ops' new Rotation Tokens (ROTs) (#​715)

This will allow us to start dogfooding our own solution for third-party API key rotation. Third-party API key rotation would drastically improve security industry wide. Please get in touch if this is interesting to you.

v1.51.1

Compare Source

Added

• Add opsOff type information

v1.51.0

Compare Source

Added

• Add config({opsOff: true}) options and --ops-off flag for turning off Dotenvx Ops features. (#​680)

v1.50.1

Compare Source

Removed

• Remove listed command to radar (now ops) (#​678)

v1.50.0

Compare Source

Added

• Add optional dotenvx ops command (#​677)
• Ops is a coming rename of Radar. Radar will become a feature inside ops.
• With dotenvx ops use dotenvx across your team, infrastructure, agents, and more.

 _______________________________________________________________________
|                                                                       |
|  Dotenvx Ops: Commercial Tooling for Dotenvx                          |
|                                                                       |
|  ░▒▓██████▓▒░░▒▓███████▓▒░ ░▒▓███████▓▒░                              |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░                                     |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░                                     |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓███████▓▒░ ░▒▓██████▓▒░                               |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░             ░▒▓█▓▒░                              |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░             ░▒▓█▓▒░                              |
|  ░▒▓██████▓▒░░▒▓█▓▒░      ░▒▓███████▓▒░                               |
|                                                                       |
|  Use dotenvx across your team, infrastructure, agents, and more.      |
|                                                                       |
|  Learn more at https://dotenvx.com/ops                                |
|_______________________________________________________________________|

v1.49.1

Compare Source

Changed

• 🐞 patch bug with variable expansion of single quoted values (#​675)

v1.49.0

Compare Source

Added

• For precommit and prebuild, ignore .env.x file like we do with .env.vault file. (#​666)

v1.48.4

Compare Source

Removed

• Remove unnecessary use of eval in proKeypair helper (#​654)

v1.48.3

Compare Source

Changed

• Include privateKeyName and privateKey on internal processedEnv object (#​649)

v1.48.2

Compare Source

Changed

• Check radar status before sending (#​646)

v1.48.1

Compare Source

Changed

• Send beforEnv and afterEnv to Radar if user has installed (#​645)

v1.48.0

Compare Source

Added

• Include beforeEnv and afterEnv for user debugging (#​644)

v1.47.7

Compare Source

Changed

• src should be in internal processEnv object (#​643)

v1.47.6

Compare Source

Changed

• Make Radar call non-blocking (#​642)

v1.47.5

Compare Source

Changed

• Add resilient handling of any Radar failures (#​639)

v1.47.4

Compare Source

Changed

• Smarter require of non-installed libs like dotenvx-radar (#​638)

v1.47.3

Compare Source

Added

• Send to radar#observe if Radar installed by user (#​631)

Removed

• Remove cli in package.json (#​632)

v1.47.2

Compare Source

Added

• Export cli in package.json (#​629)

v1.47.1

Compare Source

Added

• Add convenience log that radar active 📡 when dotenvx-radar is installed (#​625)

v1.47.0

Compare Source

Added

• Add optional dotenvx radar command (#​624)
• Radar is an early access commercial extension for dotenvx that will auto backup your .env files.

 _______________________________________________________________________
|                                                                       |
|  Dotenvx Radar: Env Observability                                     |
|                                                                       |
|  ░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓███████▓▒░    |
|  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   |
|  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   |
|  ░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓████████▓▒░▒▓███████▓▒░    |
|  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   |
|  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   |
|  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   |
|                                                                       |
|  Observe, version, and back up your environment variables at runtime. |
|                                                                       |
|  Purchase lifetime access at https://dotenvx.com/radar                |
|                                                                       |
| --------------------------------------------------------------------- |
| - thank you for using dotenvx! - @​motdotla                            |
|_______________________________________________________________________|

v1.46.0

Compare Source

Added

• Add error when hoisting issue experienced around commander.js (#​623)

Removed

• Remove git-dotenvx and git dotenvx shorthand (#​621)

v1.45.2

Compare Source

Changed

• Minor README updates

v1.45.1

Compare Source

Changed

• Include setLogName and setLogVersion in config (#​613)

v1.45.0

Compare Source

Added

• Add logger.setName and logger.setVersion for customization of logger (#​612)

v1.44.2

Compare Source

Changed

• Clarify license is BSD-3.

v1.44.1

Compare Source

Changed

• Patch SetOutput type (#​597)

v1.44.0

Compare Source

Added

• Add armv7 support (#​593)

evanw/esbuild (esbuild)

v0.27.3

Compare Source

• Preserve URL fragments in data URLs (#​4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

• Parse and print CSS @scope rules (#​4322)

  This release includes dedicated support for parsing @scope rules in CSS. These rules include optional "start" and "end" selector lists. One important consequence of this is that the local/global status of names in selector lists is now respected, which improves the correctness of esbuild's support for CSS modules. Minification of selectors inside @scope rules has also improved slightly.

  Here's an example:

  /* Original code */
  @​scope (:global(.foo)) to (:local(.bar)) {
    .bar {
      color: red;
    }
  }
  
  /* Old output (with --loader=local-css --minify) */
  @​scope (:global(.foo)) to (:local(.bar)){.o{color:red}}
  
  /* New output (with --loader=local-css --minify) */
  @​scope(.foo)to (.o){.o{color:red}}

• Fix a minification bug with lowering of for await (#​4378, #​4385)

  This release fixes a bug where the minifier would incorrectly strip the variable in the automatically-generated catch clause of lowered for await loops. The code that generated the loop previously failed to mark the internal variable references as used.

• Update the Go compiler from v1.25.5 to v1.25.7 (#​4383, #​4388)

  This PR was contributed by @​MikeWillCook.

v0.27.2

Compare Source

• Allow import path specifiers starting with #/ (#​4361)

  Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

  This change was contributed by @​hybrist.

• Automatically add the -webkit-mask prefix (#​4357, #​4358)

  This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

  /* Original code */
  main {
    mask: url(x.png) center/5rem no-repeat
  }
  
  /* Old output (with --target=chrome110) */
  main {
    mask: url(x.png) center/5rem no-repeat;
  }
  
  /* New output (with --target=chrome110) */
  main {
    -webkit-mask: url(x.png) center/5rem no-repeat;
    mask: url(x.png) center/5rem no-repeat;
  }

  This change was contributed by @​BPJEnnova.

• Additional minification of switch statements (#​4176, #​4359)

  This release contains additional minification patterns for reducing switch statements. Here is an example:

  // Original code
  switch (x) {
    case 0:
      foo()
      break
    case 1:
    default:
      bar()
  }
  
  // Old output (with --minify)
  switch(x){case 0:foo();break;case 1:default:bar()}
  
  // New output (with --minify)
  x===0?foo():bar();

• Forbid using declarations inside switch clauses (#​4323)

  This is a rare change to remove something that was previously possible. The Explicit Resource Management proposal introduced using declarations. These were previously allowed inside case and default clauses in switch statements. This had well-defined semantics and was already widely implemented (by V8, SpiderMonkey, TypeScript, esbuild, and others). However, it was considered to be too confusing because of how scope works in switch statements, so it has been removed from the specification. This edge case will now be a syntax error. See tc39/proposal-explicit-resource-management#215 and rbuckton/ecma262#14 for details.

  Here is an example of code that is no longer allowed:

  switch (mode) {
    case 'read':
      using readLock = db.read()
      return readAll(readLock)
  
    case 'write':
      using writeLock = db.write()
      return writeAll(writeLock)
  }

  That code will now have to be modified to look like this instead (note the additional { and } block statements around each case body):

  switch (mode) {
    case 'read': {
      using readLock = db.read()
      return readAll(readLock)
    }
    case 'write': {
      using writeLock = db.write()
      return writeAll(writeLock)
    }
  }

  This is not being released in one of esbuild's breaking change releases since this feature hasn't been finalized yet, and esbuild always tracks the current state of the specification (so esbuild's previous behavior was arguably incorrect).

v0.27.1

Compare Source

• Fix bundler bug with var nested inside if (#​4348)

  This release fixes a bug with the bundler that happens when importing an ES module using require (which causes it to be wrapped) and there's a top-level var inside an if statement without being wrapped in a { ... } block (and a few other conditions). The bundling transform needed to hoist these var declarations outside of the lazy ES module wrapper for correctness. See the issue for details.

• Fix minifier bug with for inside try inside label (#​4351)

  This fixes an old regression from version v0.21.4. Some code was introduced to move the label inside the try statement to address a problem with transforming labeled for await loops to avoid the await (the transformation involves converting the for await loop into a for loop and wrapping it in a try statement). However, it introduces problems for cross-compiled JVM code that uses all three of these features heavily. This release restricts this transform to only apply to for loops that esbuild itself generates internally as part of the for await transform. Here is an example of some affected code:

  // Original code
  d: {
    e: {
      try {
        while (1) { break d }
      } catch { break e; }
    }
  }
  
  // Old output (with --minify)
  a:try{e:for(;;)break a}catch{break e}
  
  // New output (with --minify)
  a:e:try{for(;;)break a}catch{break e}

• Inline IIFEs containing a single expression (#​4354)

  Previously inlining of IIFEs (immediately-invoked function expressions) only worked if the body contained a single return statement. Now it should also work if the body contains a single expression statement instead:

  // Original code
  const foo = () => {
    const cb = () => {
      console.log(x())
    }
    return cb()
  }
  
  // Old output (with --minify)
  const foo=()=>(()=>{console.log(x())})();
  
  // New output (with --minify)
  const foo=()=>{console.log(x())};

• The minifier now strips empty finally clauses (#​4353)

  This improvement means that finally clauses containing dead code can potentially cause the associated try statement to be removed from the output entirely in minified builds:

  // Original code
  function foo(callback) {
    if (DEBUG) stack.push(callback.name);
    try {
      callback();
    } finally {
      if (DEBUG) stack.pop();
    }
  }
  
  // Old output (with --minify --define:DEBUG=false)
  function foo(a){try{a()}finally{}}
  
  // New output (with --minify --define:DEBUG=false)
  function foo(a){a()}

• Allow tree-shaking of the Symbol constructor

  With this release, calling Symbol is now considered to be side-effect free when the argument is known to be a primitive value. This means esbuild can now tree-shake module-level symbol variables:

  // Original code
  const a = Symbol('foo')
  const b = Symbol(bar)
  
  // Old output (with --tree-shaking=true)
  const a = Symbol("foo");
  const b = Symbol(bar);
  
  // New output (with --tree-shaking=true)
  const b = Symbol(bar);

v0.27.0

Compare Source

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.26.0 or ~0.26.0. See npm's documentation about semver for more information.

• Use Uint8Array.fromBase64 if available (#​4286)

  With this release, esbuild's binary loader will now use the new Uint8Array.fromBase64 function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify target when using this feature with Node (for example --target=node22) unless you're using Node v25+.

• Update the Go compiler from v1.23.12 to v1.25.4 (#​4208, #​4311)

  This raises the operating system requirements for running esbuild:

  • Linux: now requires a kernel version of 3.2 or later
  • macOS: now requires macOS 12 (Monterey) or later

v0.26.0

Compare Source

• Enable trusted publishing (#​4281)

  GitHub and npm are recommending that maintainers for packages such as esbuild switch to trusted publishing. With this release, a VM on GitHub will now build and publish all of esbuild's packages to npm instead of me. In theory.

  Unfortunately there isn't really a way to test that this works other than to do it live. So this release is that live test. Hopefully this release is uneventful and is exactly the same as the previous one (well, except for the green provenance attestation checkmark on npm that happens with trusted publishing).

v0.25.12

Compare Source

• Fix a minification regression with CSS media queries (#​4315)

  The previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for @media <media-type> and <media-condition-without-or> { ... } was missing an equality check for the <media-condition-without-or> part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.

• Update the list of known JavaScript globals (#​4310)

  This release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global Array property is considered to be side-effect free but accessing the global scrollY property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:

  From ES2017:

  • Atomics
  • SharedArrayBuffer

  From ES2020:

  • BigInt64Array
  • BigUint64Array

  From ES2021:

  • FinalizationRegistry
  • WeakRef

  From ES2025:

  • Float16Array
  • Iterator

  Note that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from Iterator:

  // This can now be tree-shaken by esbuild:
  class ExampleIterator extends Iterator {}

• Add support for the new @view-transition CSS rule (#​4313)

  With this release, esbuild now has improved support for pretty-printing and minifying the new @view-transition rule (which esbuild was previously unaware of):

  /* Original code */
  @​view-transition {
    navigation: auto;
    types: check;
  }
  
  /* Old output */
  @​view-transition { navigation: auto; types: check; }
  
  /* New output */
  @​view-transition {
    navigation: auto;
    types: check;
  }

  The new view transition feature provides a mechanism for creating animated transitions between documents in a multi-page app. You can read more about view transition rules here.

  This change was contributed by @​yisibl.

• Trim CSS rules that will never match

  The CSS minifier will now remove rules whose selectors contain :is() and :where() as those selectors will never match. These selectors can currently be automatically generated by esbuild when you give esbuild nonsensical input such as the following:

  /* Original code */
  div:before {
    color: green;
    &.foo {
      color: red;
    }
  }
  
  /* Old output (with --supported:nesting=false --minify) */
  div:before{color:green}:is().foo{color:red}
  
  /* New output (with --supported:nesting=false --minify) */
  div:before{color:green}

  This input is nonsensical because CSS nesting is (unfortunately) not supported inside of pseudo-elements such as :before. Currently esbuild generates a rule containing :is() in this case when you tell esbuild to transform nested CSS into non-nested CSS. I think it's reasonable to do that as it sort of helps explain what's going on (or at least indicates that something is wrong in the output). It shouldn't be present in minified code, however, so this release now strips it out.

v0.25.11

Compare Source

• Add support for with { type: 'bytes' } imports (#​4292)

  The import bytes proposal has reached stage 2.7 in the TC39 process, which means that although it isn't quite recommended for implementation, it's generally approved and ready for validation. Furthermore it has already been implemented by Deno and Webpack. So with this release, esbuild will also add support for this. It behaves exactly the same as esbuild's existing binary loader. Here's an example:

  import data from './image.png' with { type: 'bytes' }
  const view = new DataView(data.buffer, 0, 24)
  const width = view.getInt32(16)
  const height = view.getInt32(20)
  console.log('size:', width + '\xD7' + height)

• Lower CSS media query range syntax (#​3748, #​4293)

  With this release, esbuild will now transform CSS media query range syntax into equivalent syntax using min-/max- prefixes for older browsers. For example, the following CSS:

  @&#8203;media (640px <= width <= 960px) {
    main {
      display: flex;
    }
  }

  will be transformed like this with a target such as --target=chrome100 (or more specifically with --supported:media-range=false if desired):

  @​media (min-width: 640px) and (max-width: 960px) {
    main {
      display: flex;
    }
  }

v0.25.10

Compare Source

• Fix a panic in a minification edge case (#​4287)

  This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value undefined in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):

  function identity(x) { return x }
  identity({ y: identity(123) })

• Fix @supports nested inside pseudo-element (#​4265)

  When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as ::placeholder for correctness. The CSS nesting specification says the following:

  The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.

  However, it seems like this behavior is different for nested at-rules such as @supports, which do work with pseudo-elements. So this release modifies esbuild's behavior to now take that into account:

  /* Original code */
  ::placeholder {
    color: red;
    body & { color: green }
    @​supports (color: blue) { color: blue }
  }
  
  /* Old output (with --supported:nesting=false) */
  ::placeholder {
    color: red;
  }
  body :is() {
    color: green;
  }
  @​supports (color: blue) {
     {
      color: blue;
    }
  }
  
  /* New output (with --supported:nesting=false) */
  ::placeholder {
    color: red;
  }
  body :is() {
    color: green;
  }
  @​supports (color: blue) {
    ::placeholder {
      color: blue;
    }
  }

vercel/next.js (eslint-config-next)

v15.5.12

Compare Source

v15.5.11

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Tracing: Fix memory leak in span map (#​85529)
• fix: ensure LRU cache items have minimum size of 1 to prevent unbounded growth (#​89134)
• Turbopack: fix NFT tracing of sharp 0.34 (#​82340)
• Turbopack: support pattern into exports field (#​82757)
• NFT tracing fixes (#​84155 and #​85323)
• Turbopack: validate CSS without computing all paths (#​83810)
• feat: implement LRU cache with invocation ID scoping for minimal mode response cache (#​89129)

Credits

Huge thanks to @​timneutkens, @​mischnic, @​ztanner, and @​wyattjoh for helping!

v15.5.10

Compare Source

Please refer the following changelogs for more information about this security release:

• https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472
• https://vercel.com/changelog/summary-of-cve-2026-23864

v15.5.9

Compare Source

v15.5.8

Compare Source

v15.5.7

Compare Source

v15.5.6

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Turbopack: don't define process.cwd() in node_modules #​83452

Credits

Huge thanks to @​mischnic for helping!

v15.5.5

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Split code-frame into separate compiled package (#​84238)
• Add deprecation warning to Runtime config (#​84650)
• fix: unstable_cache should perform blocking revalidation during ISR revalidation (#​84716)
• feat: experimental.middlewareClientMaxBodySize body cloning limit (#​84722)
• fix: missing next/link types with typedRoutes (#​84779)

Misc Changes

• docs: early October improvements and fixes (#​84334)

Credits

Huge thanks to @​devjiwonchoi, @​ztanner, and @​icyJoseph for helping!

v15.5.4

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: ensure onRequestError is invoked when otel enabled (#​83343)
• fix: devtools initial position should be from next config (#​83571)
• [devtool] fix overlay styles are missing (#​83721)
• Turbopack: don't match dynamic pattern for node_modules packages (#​83176)
• Turbopack: don't treat metadata routes as RSC (#​82911)
• [turbopack] Improve handling of symlink resolution errors in track_glob and read_glob (#​83357)
• Turbopack: throw large static metadata error earlier (#​82939)
• fix: error overlay not closing when backdrop clicked (#​83981)
• Turbopack: flush Node.js worker IPC on error (#​84077)

Misc Changes

• [CNA] use linter preference (#​83194)
• CI: use KV for test timing data (#​83745)
• docs: september improvements and fixes (#​83997)

Credits

Huge thanks to @​yiminghe, @​huozhi, @​devjiwonchoi, @​mischnic, @​lukesandberg, @​ztanner, @​icyJoseph, @​leerob, @​fufuShih, @​dwrth, @​aymericzip, @​obendev, @​molebox, @​OoMNoO, @​pontasan, @​styfle, @​HondaYt, @​ryuapp, @​lpalmes, and @​ijjk for helping!

v15.5.3

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: validation return types of pages API routes (#​83069)
• fix: relative paths in dev in validator.ts (#​83073)
• fix: remove satisfies keyword from type validation to preserve old TS compatibility (#​83071)

Credits

Huge thanks to @​bgub for helping!

v15.5.2

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: disable unknownatrules lint rule entirely (#​83059)
• revert: add ?dpl to fonts in /_next/static/media (#​83062)

Credits

Huge thanks to @​bgub and @​ztanner for helping!

v15.5.1

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: aliased navigations should apply scroll handling (#​82900)
• Turbopack: fix invalid NFT entry with file behind symlink (#​82887)
• fix: typesafe linking to route handlers and pages API routes (#​82858)
• fix: change "noUnknownAtRules" to "warn" for Biome (#​82974)
• fix: add path normalization to getRelativePath for Windows (#​82918)
• feat: add typesafety with config.typedRoutes to redirect() and permanentRedirect() (#​82860)
• fix: avoid importing types that will be unused (#​82856)
• fix: update the config.api.responseLimit type (#​82852)
• fix: update validation return types (#​82854)

Credits

Huge thanks to @​bgub, @​mischnic, and @​ztanner for helping!

v15.5.0

Compare Source

Core Changes

• Use and enforce exhaustive switch statements for work unit store: #​81577
• Enable @typescript-eslint/switch-exhaustiveness-check rule: #​81583
• [dynamicIO] use RSC dynamicness to control partial vs complete PPR result: #​81627
• [dynamicIO] Do not use React.unstable_postpone(): #​81652
• feat: new detachable panel UI: #​81483
• Turbopack: content-hash PageLoaderAsset: #​81450
• [segment explorer] fix content overflow styling: #​81649
• Improve reliability of owner stacks for async I/O errors: #​81501
• fix(router): Prevent redirect loop on root data requests with basePath: #​81096
• Ensure custom NextServer config is honored: #​81681
• Fix before interactive incorrectly render css: #​81146
• perf: memorize exclude function in webpack config: #​81525
• Also enforce experimental features when there's no next config file: #​81679
• feat(next/image): warn when images.qualities is undefined: #​81690
• feat(build): optimize filterUniqueParamsCombinations to generate sub-combinations: #​81321
• Update NextAdapter type and re-export: #​81692
• upgrade to path-to-regexp@​6.3.0: #​80123
• [metadata] replace for initial body icon case: #​81688
• [

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.