Bump the npm_and_yarn group across 1 directory with 4 updates by dependabot[bot] · Pull Request #157 · IamJayPrakash/liveCodeShare

dependabot · 2026-02-21T06:58:00Z

Bumps the npm_and_yarn group with 4 updates in the / directory: next, lodash, preact and qs.

Updates next from 16.1.1 to 16.1.6

Release notes

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade to swc 54 (#88207)

implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)

tweak LRU sentinel key (#89123)

Credits

Huge thanks to @mischnic, @wyattjoh, and @ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Fix linked list bug in LRU deleteFromLru (#88652)

Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @acdlite and @ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

... (truncated)

Commits

adf8c61 v16.1.6
098c0c0 [backport][ci] Make gh auth status optional when triggering a release (#89100)
a43df32 Backport/docs fixes jan 25 16.1.x (#89124)
d6d5734 tweak LRU sentinel cache key (#89123)
4324698 backport: implement LRU cache with invocation ID scoping for minimal mode res...
23c4649 [backport] Upgrade to swc 54 (#88207) (#89103)
acba4a6 v16.1.5
e1d1fc6 Add maximum size limit for postponed body parsing (#88175)
500ec83 fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
1caaca3 feat(next/image)!: add images.maximumResponseBody config (#88183)
Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates preact from 10.26.5 to 10.28.4

Release notes

Sourced from preact's releases.

10.28.4

Fixes

Fix crash where a synchronous effect render unmounts the tree (#5026, thanks @JoviDeCroock)

Performance

Core size optimizations (#5022, thanks @JoviDeCroock)

Hooks size optimizations (#5021, thanks @JoviDeCroock)

Make oldProps diffing more compact (#5004) (#5019, thanks @JoviDeCroock)

Compat size optimizations (#5020, thanks @JoviDeCroock)

Land size optimization separately (#5018, thanks @JoviDeCroock)

10.28.3

Fixes

Avoid scheduling suspense state udpates (#5006, thanks @JoviDeCroock)

Resolve some suspense crashes (#4999, thanks @JoviDeCroock)

Support inheriting namespace through portals (#4993, thanks @JoviDeCroock)

Maintenance

Update test with addition of _original (#4989, thanks @JoviDeCroock)

10.28.2

Fixes

Enforce strict equality for VNode object constructors

10.28.1

Fixes

Fix erroneous diffing w/ growing list (#4975, thanks @JoviDeCroock)

10.28.0

Types

Updates dangerouslySetInnerHTML type so future TS will accept Trusted… (#4931, thanks @lukewarlow)

Adds snap events (#4947, thanks @argyleink)

Remove missed jsx duplicates (#4950, thanks @rschristian)

Fix scroll events (#4949, thanks @rschristian)

Fixes

Fix cascading renders with signals (#4966, thanks @JoviDeCroock)

add commpat/server.browser entry (#4941 & #4940, thanks @marvinhagemeister)

Avoid lazy components without result going in throw loop (#4937, thanks @JoviDeCroock)

Performance

... (truncated)

Commits

b4f9cab 10.28.4 (#5027)
8cbed5f Fix crash where a synchronous effect render unmounts the tree (#5026)
4ac7204 Core size optimizations (#5022)
e02fd69 Make forEach --> some (#5021)
387d8f2 refactor(diff): make oldProps diffing more compact (#5004) (#5019)
084b75f Transform forEach to some and consolidate condition (#5020)
3c8506d Land size optimization separately (#5018)
eb1b8c8 10.28.3 (#5007)
5023ce8 Avoid scheduling suspense state udpates (#5006)
2ac91c4 Resolve some suspense crashes (#4999)
Additional commits viewable in compare view

Updates qs from 6.14.0 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 4 updates in the / directory: [next](https://github.com/vercel/next.js), [lodash](https://github.com/lodash/lodash), [preact](https://github.com/preactjs/preact) and [qs](https://github.com/ljharb/qs). Updates `next` from 16.1.1 to 16.1.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.1.1...v16.1.6) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `preact` from 10.26.5 to 10.28.4 - [Release notes](https://github.com/preactjs/preact/releases) - [Commits](preactjs/preact@10.26.5...10.28.4) Updates `qs` from 6.14.0 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.0) --- updated-dependencies: - dependency-name: next dependency-version: 16.1.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: preact dependency-version: 10.28.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2026-02-21T06:58:02Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
live-code-share	Ready	Preview, Comment	Feb 21, 2026 6:59am

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 21, 2026

dependabot bot requested a review from IamJayPrakash as a code owner February 21, 2026 06:58

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 21, 2026

vercel bot deployed to Preview February 21, 2026 06:59 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 1 directory with 4 updates#157

Bump the npm_and_yarn group across 1 directory with 4 updates#157
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-4e026a7ed9

dependabot bot commented on behalf of github Feb 21, 2026

Uh oh!

vercel bot commented Feb 21, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot bot commented on behalf of github Feb 21, 2026

v16.1.6

Core Changes

Credits

v16.1.5

v16.1.4

Core Changes

Credits

v16.1.3

Core Changes

Credits

v16.1.2

Core Changes

10.28.4

Fixes

Performance

10.28.3

Fixes

Maintenance

10.28.2

Fixes

10.28.1

Fixes

10.28.0

Types

Fixes

Performance

6.15.0

6.14.2

6.14.1

Uh oh!

vercel bot commented Feb 21, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

vercel bot commented Feb 21, 2026 •

edited

Loading