Skip to content

test(deps): update next to 16.1.7#1689

Merged
jennifer-shehane merged 1 commit intocypress-io:masterfrom
MikeMcC399:update/next
Mar 18, 2026
Merged

test(deps): update next to 16.1.7#1689
jennifer-shehane merged 1 commit intocypress-io:masterfrom
MikeMcC399:update/next

Conversation

@MikeMcC399
Copy link
Copy Markdown
Collaborator

@MikeMcC399 MikeMcC399 commented Mar 18, 2026
edited by cursor bot
Loading

Situation

npm audit shows multiple moderate severity vulnerabilities in examples/nextjs

$ npm audit
# npm audit report

next  10.0.0 - 16.1.6
Severity: moderate
Next.js: null origin can bypass Server Actions CSRF checks - https://github.com/advisories/GHSA-mq59-m269-xvcx
Next.js: null origin can bypass dev HMR websocket CSRF checks - https://github.com/advisories/GHSA-jcc7-9wpm-mj36
Next.js: HTTP request smuggling in rewrites - https://github.com/advisories/GHSA-ggv3-7p47-pfv8
Next.js: Unbounded next/image disk cache growth can exhaust storage - https://github.com/advisories/GHSA-3x4c-7xq6-9pq8
Next.js: Unbounded postponed resume buffering can lead to DoS - https://github.com/advisories/GHSA-h27x-g6w4-24gq
fix available via `npm audit fix`
node_modules/next

1 moderate severity vulnerability

To address all issues, run:
  npm audit fix

Change

Update next to 16.1.7 which is a backport of bug fixes

Note

Medium Risk
Dependency-only changes, but it upgrades next/Tailwind tooling and updates the lockfile, including new/changed transitive packages and a higher Node engine requirement in @tailwindcss/oxide that could affect CI/runtime compatibility for the example.

Overview
Updates the examples/nextjs app to next@^16.1.7 (to pick up the latest patch fixes/security advisories) and bumps @tailwindcss/postcss to ^4.2.1.

Regenerates package-lock.json accordingly, pulling in updated transitive versions (e.g., Tailwind oxide/node, lightningcss, postcss, @types/node) and reflecting the @tailwindcss/oxide Node engine change to >=20.

Written by Cursor Bugbot for commit 19703b2. This will update automatically on new commits. Configure here.

@cypress-app-bot
Copy link
Copy Markdown

cypress-app-bot commented Mar 18, 2026

@MikeMcC399 MikeMcC399 added bug Something isn't working type: dependencies tests labels Mar 18, 2026
@MikeMcC399 MikeMcC399 self-assigned this Mar 18, 2026
@MikeMcC399 MikeMcC399 marked this pull request as ready for review March 18, 2026 05:54
@jennifer-shehane jennifer-shehane merged commit 38c6a67 into cypress-io:master Mar 18, 2026
89 checks passed
@MikeMcC399 MikeMcC399 deleted the update/next branch March 18, 2026 13:52
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 20, 2026

🎉 This PR is included in version 7.1.8 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jennifer-shehane jennifer-shehane jennifer-shehane approved these changes

@mschile mschile Awaiting requested review from mschile

Assignees

@MikeMcC399 MikeMcC399

Labels

bug Something isn't working released tests type: dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MikeMcC399 @cypress-app-bot @jennifer-shehane