chore(deps): bump next from 16.2.6 to 16.2.7

[dependabot]

Bumps next from 16.2.6 to 16.2.7.

Release notes

Sourced from next's releases.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Backport documentation fixes for v16.2 (#93804)
• [backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)
• [backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)
• [backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)
• [backport] Encode non-ASCII characters in cache tags at construction (#93918)
• [backport] Fix server action forwarding loop with middleware rewrites (#93919)
• [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
• [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
• [backport] Fix "type: module" in project dir when using standalone or adapters (#94050)
• [backport] Propagate adapter preferred regions (#94200)
• [16.2.x] Don't drop FormData entries (#94240)
• [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @​eps1lon, @​icyJoseph, @​unstubbable, @​mischnic, @​bgw, @​timneutkens, and @​lukesandberg for helping!

Commits

• 9bd3c26 v16.2.7
• c63224f [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolut...
• 63115c7 [16.2.x] Don't drop FormData entries (#94240)
• aef22fd [backport] Propagate adapter preferred regions (#94200)
• f126e72 [backport] Fix "type: module" in project dir when using standalone or adapter...
• bda3e2a [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
• 7e16e07 [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
• 6139f4b [backport] Fix server action forwarding loop with middleware rewrites (#93919)
• c021d10 [backport] Encode non-ASCII characters in cache tags at construction (#93918)
• 9184ddb [backport] Fix catch-all router.query corruption with basePath + `rewrite...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

• Chores
  • Updated web framework to the latest patch version for improved stability and maintenance.

[coderabbitai]

📝 Walkthrough

Walkthrough

The next dependency in apps/web/package.json is updated from version 16.2.6 to 16.2.7, applying a patch release update to the web application's Next.js framework.

Changes

Next.js Dependency Patch Update

Layer / File(s)	Summary
Next.js dependency version bump apps/web/package.json	The next package version in dependencies is updated from 16.2.6 to 16.2.7.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Suggested reviewers

• hiranyasemindi
• iamvirul

Poem

A rabbit hops through version lands,
Where patches dance from eager hands,
Next.js springs to sixteen-two-point-seven,
A minor bump, smooth as heaven,
Tiny tweak, no breaking sight! 🐰✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: bumping the Next.js dependency from version 16.2.6 to 16.2.7 in the package.json file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/npm_and_yarn/next-16.2.7

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

apps/web/package.json (1)

27-27: ⚡ Quick win

Consider updating eslint-config-next to match the next version.

The next dependency is being updated to 16.2.7, but eslint-config-next remains at 16.2.6. These packages are typically versioned together, and keeping them aligned ensures that ESLint rules match the framework features.

📦 Suggested alignment

   "eslint": "^9",
-  "eslint-config-next": "16.2.6",
+  "eslint-config-next": "16.2.7",
   "tailwindcss": "^4",

Also applies to: 48-48

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@apps/web/package.json` at line 27, Update the eslint-config-next dependency
to match the Next.js version by changing "eslint-config-next" from 16.2.6 to
16.2.7 in package.json (also update the second occurrence noted in the file),
then run package manager install to lock the aligned versions; verify no ESLint
rule regressions after updating.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@apps/web/package.json`:
- Line 27: package.json declares "next": "16.2.7" (and React 19.x compatibility)
but apps/web/pnpm-lock.yaml still pins next@16.2.6 and react@19.2.4; regenerate
the lockfile so installs match package.json: update the dependency entries to
next@16.2.7 and react@19.2.6 and align eslint-config-next to 16.2.7, then run
pnpm install (or pnpm install --lockfile-only) in apps/web to update
apps/web/pnpm-lock.yaml so it contains the new resolved versions.

---

Nitpick comments:
In `@apps/web/package.json`:
- Line 27: Update the eslint-config-next dependency to match the Next.js version
by changing "eslint-config-next" from 16.2.6 to 16.2.7 in package.json (also
update the second occurrence noted in the file), then run package manager
install to lock the aligned versions; verify no ESLint rule regressions after
updating.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 3c288193-d384-461f-97da-d8962762b468

📥 Commits

Reviewing files that changed from the base of the PR and between 1fee58b and a0cc383.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• apps/web/package.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

Is Next.js version 16.2.7 a valid release and what are its requirements for React compatibility?

💡 Result:

Yes. Next.js v16.2.7 is a real, published release. 1) Is 16.2.7 a valid release? Next.js v16.2.7 exists as an official GitHub release tag in the vercel/next.js repository [1] and is also available on npm as version 16.2.7 [2]. The GitHub release notes label it as a “backporting bug fixes” patch release [1]. 2) React compatibility requirements for Next.js 16.2.7 - Next.js 16’s App Router uses the React canary channel internally; the Next.js v16 upgrade documentation states that the App Router in Next.js 16 uses the “latest React Canary release” [3]. - Next.js expects the installed react and react-dom packages to match exactly (version strings must be the exact same). The Next.js repo contains logic that throws an “Incompatible React versions” error when the react and react-dom versions differ [4]. Practical requirement for React versions: - Install react and react-dom at the exact same version (and align with the React canary expectations described for Next.js 16’s App Router) [3][4]. Notes: - This does not mean you must use React stable; it indicates Next.js 16’s App Router targets the canary stream and Next.js will error on mismatched react vs react-dom versions [3][4].

Citations:

• 1: https://github.com/vercel/next.js/releases/tag/v16.2.7
• 2: https://www.npmjs.com/package/next
• 3: https://github.com/vercel/next.js/blob/v16.2.1/docs/01-app/02-guides/upgrading/version-16.mdx
• 4: vercel/next.js@bd04a07

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Show package.json dependency versions around the Next.js entry
sed -n '1,120p' apps/web/package.json | nl -ba | sed -n '1,120p'

# Extract specific dependency lines for clarity
rg -n '"next"|eslint-config-next|react-dom|react' apps/web/package.json || true

# Check pnpm-lock.yaml for next@16.2.7 and eslint-config-next entries
if [ -f apps/web/pnpm-lock.yaml ]; then
  rg -n 'next@16\.2\.7|next@16\.2\.6|eslint-config-next' apps/web/pnpm-lock.yaml | head -n 80
else
  echo "Missing apps/web/pnpm-lock.yaml"
fi

Repository: OpenDevFlow/md-latex

Length of output: 107

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Confirm files exist
ls -la apps/web/package.json apps/web/pnpm-lock.yaml >/dev/null 2>&1 || {
  echo "Missing apps/web/package.json and/or apps/web/pnpm-lock.yaml"
  ls -la apps/web || true
  exit 1
}

echo "=== apps/web/package.json (first 120 lines) ==="
sed -n '1,120p' apps/web/package.json

echo
echo "=== Version lines for next/react/eslint-config-next ==="
rg -n '"(next|react-dom|react|eslint-config-next)"\s*:' apps/web/package.json || true

echo
echo "=== pnpm-lock.yaml entries for next@16.2.6/16.2.7 and eslint-config-next ==="
rg -n 'next@16\.2\.(6|7)\b|eslint-config-next@16\.2\.6\b' apps/web/pnpm-lock.yaml | head -n 200 || true

echo
echo "=== pnpm-lock.yaml peer dependency hints (search nearby for eslint-config-next) ==="
rg -n 'eslint-config-next@16\.2\.6' apps/web/pnpm-lock.yaml | head -n 20 || true

Repository: OpenDevFlow/md-latex

Length of output: 2395

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Print the eslint-config-next@16.2.6 block from pnpm-lock.yaml (peer deps section)
# Use sed to keep output bounded.
echo "=== pnpm-lock.yaml: eslint-config-next@16.2.6 block (around line 1151) ==="
sed -n '1120,1205p' apps/web/pnpm-lock.yaml

echo
echo "=== pnpm-lock.yaml: eslint-config-next@16.2.6(<peer deps>) block (around line 3422) ==="
sed -n '3390,3485p' apps/web/pnpm-lock.yaml

echo
echo "=== pnpm-lock.yaml: next@16.2.6 block (around line 1795) ==="
sed -n '1765,1845p' apps/web/pnpm-lock.yaml

echo
echo "=== pnpm-lock.yaml: next@16.2.6 react peer resolution (around line 4166) ==="
sed -n '4130,4195p' apps/web/pnpm-lock.yaml

# Also locate next@16.2.7 and print its block
echo
echo "=== pnpm-lock.yaml: locating next@16.2.7 ==="
rg -n 'next@16\.2\.7\b' apps/web/pnpm-lock.yaml || true

Repository: OpenDevFlow/md-latex

Length of output: 12432

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== next@16.2.7 occurrences in pnpm-lock.yaml ==="
rg -n 'next@16\.2\.7\b' apps/web/pnpm-lock.yaml || true

echo
echo "=== next@16.2.7 block context (if present) ==="
line="$(rg -n 'next@16\.2\.7\b' apps/web/pnpm-lock.yaml | head -n 1 | cut -d: -f1 || true)"
if [ -n "${line:-}" ]; then
  start=$((line-40))
  end=$((line+80))
  sed -n "${start},${end}p" apps/web/pnpm-lock.yaml
else
  echo "No next@16.2.7 entry found in pnpm-lock.yaml."
fi

Repository: OpenDevFlow/md-latex

Length of output: 208

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== occurrences of 16.2.7 in pnpm-lock.yaml ==="
rg -n '\b16\.2\.7\b' apps/web/pnpm-lock.yaml | head -n 50 || true

echo
echo "=== occurrences of next@16.*.7 in pnpm-lock.yaml ==="
rg -n 'next@16\.[0-9]+\.[0-9]+(\(|:)' apps/web/pnpm-lock.yaml | head -n 50 || true

echo
echo "=== occurrences of next@16.2.7 with peer-suffix patterns (extra search) ==="
rg -n 'next@16\.2\.7\(' apps/web/pnpm-lock.yaml || true

echo
echo "=== package.json declared next version ==="
rg -n '"next"\s*:' apps/web/package.json

Repository: OpenDevFlow/md-latex

Length of output: 610

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== occurrences of react@19.2.6 and react-dom@19.2.6 in pnpm-lock.yaml ==="
rg -n '\breact@19\.2\.6\b|\breact-dom@19\.2\.6\b' apps/web/pnpm-lock.yaml | head -n 50 || true

echo
echo "=== occurrences of react@19.2.4 and react-dom@19.2.4 in pnpm-lock.yaml ==="
rg -n '\breact@19\.2\.4\b|\breact-dom@19\.2\.4\b' apps/web/pnpm-lock.yaml | head -n 50 || true

Repository: OpenDevFlow/md-latex

Length of output: 831

---

Fix pnpm-lock mismatch for Next.js 16.2.7

• next@16.2.7 is a real release and its React peer range includes React 19.x (so react@19.2.6 is acceptable).
• apps/web/pnpm-lock.yaml does not include next@16.2.7 (it only has next@16.2.6), and it does not include react@19.2.6 (it only has react@19.2.4), so installs will likely resolve older versions than apps/web/package.json declares (see apps/web/package.json:27 vs apps/web/pnpm-lock.yaml).
• eslint-config-next@16.2.6 only peers eslint/typescript (no React compatibility constraint), but aligning it with next@16.2.7 is still preferable.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@apps/web/package.json` at line 27, package.json declares "next": "16.2.7"
(and React 19.x compatibility) but apps/web/pnpm-lock.yaml still pins
next@16.2.6 and react@19.2.4; regenerate the lockfile so installs match
package.json: update the dependency entries to next@16.2.7 and react@19.2.6 and
align eslint-config-next to 16.2.7, then run pnpm install (or pnpm install
--lockfile-only) in apps/web to update apps/web/pnpm-lock.yaml so it contains
the new resolved versions.