Skip to content

chore(deps): bump the next-react group across 1 directory with 4 updates#13

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/next-react-ce8e126776
Open

chore(deps): bump the next-react group across 1 directory with 4 updates#13
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/next-react-ce8e126776

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026

Copy link
Copy Markdown

Bumps the next-react group with 4 updates in the / directory: next, react, react-dom and eslint-config-next.

Updates next from 16.2.6 to 16.2.9

Release notes

Sourced from next's releases.

v16.2.9

Empty release to ensure next@latest points at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.

v16.2.8

Release with no changes in an attempt to fix next@latest pointing at a prerelease version.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Backport documentation fixes for v16.2 (#93804)
  • [backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)
  • [backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)
  • [backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)
  • [backport] Encode non-ASCII characters in cache tags at construction (#93918)
  • [backport] Fix server action forwarding loop with middleware rewrites (#93919)
  • [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
  • [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
  • [backport] Fix "type: module" in project dir when using standalone or adapters (#94050)
  • [backport] Propagate adapter preferred regions (#94200)
  • [16.2.x] Don't drop FormData entries (#94240)
  • [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @​eps1lon, @​icyJoseph, @​unstubbable, @​mischnic, @​bgw, @​timneutkens, and @​lukesandberg for helping!

Commits
  • f37fad9 v16.2.9
  • d9aaaed [cd] Allow tagging semver-lower releases as @latest if @latest po… (#94627)
  • 6f16804 v16.2.8
  • 0dbc1d5 [16.2.x][cd] Ensure release can be triggered on old branches (#94598)
  • 90e3c81 [16.2.x] Align Actions dependencies with Canary (#94339)
  • 83f402c [16.2.x][cd] Stop fetching all tags when searching parent tag (#94334)
  • 411c455 v16.2.7
  • c63224f [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolut...
  • 63115c7 [16.2.x] Don't drop FormData entries (#94240)
  • aef22fd [backport] Propagate adapter preferred regions (#94200)
  • Additional commits viewable in compare view

Updates react from 19.2.4 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.


Updates react-dom from 19.2.4 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.


Updates eslint-config-next from 16.2.2 to 16.2.9

Release notes

Sourced from eslint-config-next's releases.

v16.2.9

Empty release to ensure next@latest points at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.

v16.2.8

Release with no changes in an attempt to fix next@latest pointing at a prerelease version.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Backport documentation fixes for v16.2 (#93804)
  • [backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)
  • [backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)
  • [backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)
  • [backport] Encode non-ASCII characters in cache tags at construction (#93918)
  • [backport] Fix server action forwarding loop with middleware rewrites (#93919)
  • [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
  • [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
  • [backport] Fix "type: module" in project dir when using standalone or adapters (#94050)
  • [backport] Propagate adapter preferred regions (#94200)
  • [16.2.x] Don't drop FormData entries (#94240)
  • [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @​eps1lon, @​icyJoseph, @​unstubbable, @​mischnic, @​bgw, @​timneutkens, and @​lukesandberg for helping!

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

Moderate:

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for eslint-config-next since your current version.


@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 1, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 1, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@vercel

vercel Bot commented Jun 1, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
civia Ready Ready Preview, Comment Jun 29, 2026 6:22am

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 1, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
❌ Deployment failed
View logs
civia-inbox-handler d0ae715 Jun 29 2026, 06:22 AM

andrei1000z added a commit that referenced this pull request Jun 6, 2026
…ransparență)

Audit P0 #5 (gap #1 de transparență). Petițiile ascundeau numărul de semnături →
cetățeanul nu vedea momentum. Migrarea adaugă petitii.external_signature_count +
last_external_sync_at ca să stocăm numărul real din sursă (Declic/Avaaz),
sincronizat periodic + afișat pe card/detaliu.

DOAR migrarea (fișier) — o aplici în Supabase (harness-ul blochează DDL pe prod).
Codul scraper + UI vine DUPĂ aplicare (altfel select pe coloană inexistentă =
400 pe prod). Detaliul petiției folosește deja select(*) → va prelua coloana.

NB audit: #62 (CASCADE delete petitie→semnături) DEJA există (migrarea 020 are
`on delete cascade`); #13 (materializare nr_cosigners) prematur la 62 rânduri.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-react-ce8e126776 branch from 2ecd931 to db19cb7 Compare June 7, 2026 21:27
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-react-ce8e126776 branch from db19cb7 to d3101d5 Compare June 8, 2026 06:24
@dependabot dependabot Bot changed the title chore(deps): bump the next-react group across 1 directory with 4 updates chore(deps): Bump the next-react group across 1 directory with 4 updates Jun 14, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-react-ce8e126776 branch from d3101d5 to e4479ee Compare June 14, 2026 18:51
@dependabot dependabot Bot changed the title chore(deps): Bump the next-react group across 1 directory with 4 updates chore(deps): bump the next-react group across 1 directory with 4 updates Jun 15, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-react-ce8e126776 branch from e4479ee to 03355fb Compare June 15, 2026 06:26
@dependabot dependabot Bot changed the title chore(deps): bump the next-react group across 1 directory with 4 updates chore(deps): Bump the next-react group across 1 directory with 4 updates Jun 19, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-react-ce8e126776 branch from 03355fb to 3703133 Compare June 19, 2026 19:26
@dependabot dependabot Bot changed the title chore(deps): Bump the next-react group across 1 directory with 4 updates chore(deps): bump the next-react group across 1 directory with 4 updates Jun 22, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-react-ce8e126776 branch from 3703133 to cf59188 Compare June 22, 2026 06:21
Bumps the next-react group with 4 updates in the / directory: [next](https://github.com/vercel/next.js), [react](https://github.com/facebook/react/tree/HEAD/packages/react), [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) and [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next).


Updates `next` from 16.2.6 to 16.2.9
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.2.6...v16.2.9)

Updates `react` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-dom` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `eslint-config-next` from 16.2.2 to 16.2.9
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v16.2.9/packages/eslint-config-next)

---
updated-dependencies:
- dependency-name: eslint-config-next
  dependency-version: 16.2.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: next-react
- dependency-name: next
  dependency-version: 16.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: next-react
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: next-react
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: next-react
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/next-react-ce8e126776 branch from cf59188 to d0ae715 Compare June 29, 2026 06:18
andrei1000z added a commit that referenced this pull request Jul 2, 2026
… + matching + stări + reziliență AI)

SECURITATE
- BLOCKER #1: auto-apply cerea încredere din From-ul spoofabil + poarta DKIM/
  DMARC era opțională → oricine putea falsifica office@primarie.ro + cod PUBLIC
  și marca sesizarea altui cetățean. Acum auto-apply cere DOVADĂ: match token/
  threading (secret) SAU DKIM/DMARC aliniat (authenticity.auth_aligned)
- #20/#22 worker: păstrăm PRIMA apariție Authentication-Results (cea a Cloudflare),
  nu ultima → atacatorul nu mai injectează un A-R fals mai jos în mesaj
- #19: scoreAiAuthenticity folosește cascada groqText (nu Groq brut) → 429 nu mai
  colapsează la 50 (care bloca auto-apply pt. senderi gov reali)

MATCHING
- #6 gardă N3: cod din sursă slabă fără coroborare (domeniu/sursă robustă) → medium
  nu high; cod care leagă o sesizare netrimisă/creată-după-reply → nu se leagă
- #8 N4: fereastră 180z + order + limit server-side (nu mai lovea plafonul 1000)
- #25/#32 extract-code: scos regex-ul care prindea primul token al oricărui
  Message-ID terț; nr. de înregistrare 12345/2026 nu mai e confundat cu cod
- #26: content_score medium doar pe câștigător strict (fără tie arbitrar)

STĂRI
- #11/#13: ignorat (marcaj administrativ) nu mai înghite răspunsuri reale — orice
  status de răspuns îl supersedează
- #12: mișcări laterale în tier activ (in-lucru->interventie) = progres, nu drop
- #29: redirectionata poate supersedea inregistrata (redirect după înregistrare)
- #30 auto-status: nu mai marchează ignorat sesizări niciodată-trimise (scos nou);
  cronometrează de la sent_at, nu created_at

NOTIFICĂRI
- #5: push-ul reflectă statusul CHIAR aplicat, nu clasificarea (gata Rezolvată fals)
- #7: push doar pe match high-confidence (medium putea notifica alt cetățean = PII)
- #15: auto_applied=true doar când un status se aplică efectiv (nu scapă din digest)

REZILIENȚĂ AI
- #27: cascada nu mai moare dacă lipsește GROQ_API_KEY (sare la Gemini/CF)
- #10: timeout intern pe callGemini (18s) + pe SDK-ul PDF (25s)
- #9: PDF scanat cu Gemini gol cade la Groq/CF vision (nu renunță)

WORKER
- #3/#17/#18: filtre soft (noreply@/Auto-Submitted/Precedence/List-Id) nu mai
  dropează confirmările de înregistrare — bypass când par răspuns de autoritate
- #33: Message-ID sintetic determinist pt. emailuri fără unul → dedup la retry
- #24: eroare tranzitorie de insert → retry (dedup-safe), nu pierdere tăcută
- #28/#31: received_at/official_response_at = ora emailului, nu ora procesării

+14 teste noi (computeStatusUpdate ignorat/lateral/redirect, extract-code guards,
matchReply N3). worker v4.3.0. 1161 teste, tsc 0, eslint 0.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants