build(deps): bump next from 15.5.15 to 16.2.4 in the next-react group across 1 directory#7
Open
dependabot[bot] wants to merge 1 commit intomainfrom
Open
Conversation
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
dependabot
Bot
changed the title
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/next-react-5c623bd62f
branch
3 times, most recently
from
76ac79c to
3983449
Compare
dependabot
Bot
changed the title
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/next-react-5c623bd62f
branch
3 times, most recently
from
e6179ae to
1b4bca5
Compare
4 tasks
marmar9615-cloud
added a commit
that referenced
this pull request
Apr 28, 2026
Adds the design-first artifacts for v0.5.0 — Signed Manifests: - docs/designs/signed-manifests.md (full design doc covering threat model, manifest signing model, JCS canonicalization, Ed25519 default, key set publication, rotation/revocation, freshness, verification failure modes, schema/SDK/scanner/MCP/CLI impact, backward compatibility, migration plan, and test plan). - docs/adr/0002-signed-manifests.md (architecture decision record with five rejected and one deferred alternative). - docs/issues/v0.5.0-signed-manifests.md (in-tree mirror of GitHub tracking issue #31). Updates the supporting docs to reflect that v0.4.0 has shipped on npm via Trusted Publishing and that v0.5.0 signed manifests are now in design (not yet runtime): - docs/roadmap.md — v0.4.0 marked shipped; v0.5.0 marked in design. - docs/v1-readiness.md — criterion #7 (signed manifests) flipped to "design in progress"; #1, #2, #3 (Trusted Publishing / provenance) flipped to "yes" since v0.4.0 published. - docs/threat-model.md — T1 expanded into T1.a/b/c/d sub-vectors and pointed at the v0.5.0 design as its mitigation. - docs/security-configuration.md — adds a "Signed manifests (v0.5.0 — design only, not yet runtime)" section listing the proposed env vars without enforcing them. - docs/production-readiness.md — bottom-line note now refers to v0.4.0 and points at the in-progress design. - AGENTS.md / CLAUDE.md / README.md — small status notes; no bloat. No runtime change. No package version bump. No publish. No tag. No release. Unsigned manifests still validate against the v0.1 manifest spec. All safety invariants intact (confirmation gate, origin pinning, target-origin allowlist, audit redaction, stdio stdout hygiene, HTTP transport auth/origin checks). Verified locally with npm run typecheck:clean (clean), npm test (196/196), npm run build (all packages), npm run pack:dry-run (all six packages OK at 0.4.0). Tracking: #31 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/next-react-5c623bd62f
branch
from
1b4bca5 to
0a2f255
Compare
Bumps the next-react group with 1 update in the / directory: [next](https://github.com/vercel/next.js). Updates `next` from 15.5.15 to 16.2.4 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.15...v16.2.4) --- updated-dependencies: - dependency-name: next dependency-version: 16.2.4 dependency-type: direct:production update-type: version-update:semver-major dependency-group: next-react ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/next-react-5c623bd62f
branch
from
0a2f255 to
dfd28c5
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the next-react group with 1 update in the / directory: next.
Updates
nextfrom 15.5.15 to 16.2.4Release notes
Sourced from next's releases.
... (truncated)
Commits
2275bd8v16.2.4e073983Adding more system info to the 'initialize project' trace (#92427)8a540b5Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (#92...2f5343fTurbopack: shorter error for ChunkGroupInfo::get_index_of (#92814)2ad9d3fturbo-tasks: Fix recomputation loop by allowing cell cleanup on error during ...6f3808eCompiler: Support boolean and number primtives in next.config defines (#92731)fbc7684Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (#92580)805d758Turbopack: fix filesystem watcher config not applying follow_symlinks(false) ...1056faechore: Bump reqwest to 0.13.2 (#92713)d5f649bv16.2.3