chore(deps): bump the npm_and_yarn group across 14 directories with 2 updates by dependabot[bot] · Pull Request #1237 · danielmiessler/Personal_AI_Infrastructure

dependabot · 2026-05-12T13:45:28Z

Bumps the npm_and_yarn group with 1 update in the /Packs/Telos/src/ReportTemplate directory: next.
Bumps the npm_and_yarn group with 1 update in the /Releases/v2.3/.claude/skills/Telos/ReportTemplate directory: next.
Bumps the npm_and_yarn group with 1 update in the /Releases/v2.4/.claude/skills/Telos/ReportTemplate directory: next.
Bumps the npm_and_yarn group with 1 update in the /Releases/v2.5/.claude/skills/Telos/ReportTemplate directory: next.
Bumps the npm_and_yarn group with 1 update in the /Releases/v3.0/.claude/skills/Telos/ReportTemplate directory: next.
Bumps the npm_and_yarn group with 1 update in the /Releases/v4.0.0/.claude/skills/Telos/ReportTemplate directory: next.
Bumps the npm_and_yarn group with 1 update in the /Releases/v4.0.1/.claude/PAI-Install/electron directory: electron.
Bumps the npm_and_yarn group with 1 update in the /Releases/v4.0.1/.claude/skills/Telos/ReportTemplate directory: next.
Bumps the npm_and_yarn group with 1 update in the /Releases/v4.0.2/.claude/PAI-Install/electron directory: electron.
Bumps the npm_and_yarn group with 1 update in the /Releases/v4.0.2/.claude/skills/Telos/ReportTemplate directory: next.
Bumps the npm_and_yarn group with 1 update in the /Releases/v4.0.3/.claude/PAI-Install/electron directory: electron.
Bumps the npm_and_yarn group with 1 update in the /Releases/v4.0.3/.claude/skills/Telos/ReportTemplate directory: next.
Bumps the npm_and_yarn group with 1 update in the /Releases/v5.0.0/.claude/PAI/PAI-Install/electron directory: electron.
Bumps the npm_and_yarn group with 1 update in the /Releases/v5.0.0/.claude/skills/Telos/ReportTemplate directory: next.

Updates next from 14.2.35 to 16.2.6

Release notes

Sourced from next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces

GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input

GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API

GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting

GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

Core Changes

fix: preserve HTTP access fallbacks during prerender recovery (#92231)

Fix fallback route params case in app-page handler (#91737)

Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)

Patch setHeader for direct route handlers (#93101)

Include deployment id in cacheHandlers keys (#93453)

Fix double-encoding of URL pathname parts in client param parsing (#93491)

v16.2.5

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

... (truncated)

Commits

ee6e79b v16.2.6
afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
97a154e Turbopack: Fix middleware matcher suffix (#93590)
83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
7b222b9 [backport][test] Pin package manager to patch versions (#93595)
a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
766148f v16.2.5
0dd9483 fix: add explicit checks for RSC header (#83) (#98)
d166096 fix proxy matching for segment prefetch URLs (#89) (#96)
9d50c0b Strip next-resume header from incoming requests (#92)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

Updates next from 14.2.35 to 16.2.6

Release notes

Sourced from next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces

GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input

GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API

GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting

GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

Core Changes

fix: preserve HTTP access fallbacks during prerender recovery (#92231)

Fix fallback route params case in app-page handler (#91737)

Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)

Patch setHeader for direct route handlers (#93101)

Include deployment id in cacheHandlers keys (#93453)

Fix double-encoding of URL pathname parts in client param parsing (#93491)

v16.2.5

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

... (truncated)

Commits

ee6e79b v16.2.6
afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
97a154e Turbopack: Fix middleware matcher suffix (#93590)
83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
7b222b9 [backport][test] Pin package manager to patch versions (#93595)
a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
766148f v16.2.5
0dd9483 fix: add explicit checks for RSC header (#83) (#98)
d166096 fix proxy matching for segment prefetch URLs (#89) (#96)
9d50c0b Strip next-resume header from incoming requests (#92)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

Updates next from 14.2.35 to 16.2.6

Release notes

Sourced from next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces

GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input

GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API

GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting

GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

Core Changes

fix: preserve HTTP access fallbacks during prerender recovery (#92231)

Fix fallback route params case in app-page handler (#91737)

Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)

Patch setHeader for direct route handlers (#93101)

Include deployment id in cacheHandlers keys (#93453)

Fix double-encoding of URL pathname parts in client param parsing (#93491)

v16.2.5

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

... (truncated)

Commits

ee6e79b v16.2.6
afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
97a154e Turbopack: Fix middleware matcher suffix (#93590)
83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
7b222b9 [backport][test] Pin package manager to patch versions (#93595)
a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
766148f v16.2.5
0dd9483 fix: add explicit checks for RSC header (#83) (#98)
d166096 fix proxy matching for segment prefetch URLs (#89) (#96)
9d50c0b Strip next-resume header from incoming requests (#92)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

Updates next from 14.2.35 to 16.2.6

Release notes

Sourced from next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces

GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input

GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API

GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting

GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

Core Changes

fix: preserve HTTP access fallbacks during prerender recovery (#92231)

Fix fallback route params case in app-page handler (#91737)

Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)

Patch setHeader for direct route handlers (#93101)

Include deployment id in cacheHandlers keys (#93453)

Fix double-encoding of URL pathname parts in client param parsing (#93491)

v16.2.5

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

... (truncated)

Commits

ee6e79b v16.2.6
afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
97a154e Turbopack: Fix middleware matcher suffix (#93590)
83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
7b222b9 [backport][test] Pin package manager to patch versions (#93595)
a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
766148f v16.2.5
0dd9483 fix: add explicit checks for RSC header (#83) (#98)
d166096 fix proxy matching for segment prefetch URLs (#89) (#96)
9d50c0b Strip next-resume header from incoming requests (#92)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

Updates next from 14.2.35 to 16.2.6

Release notes

Sourced from next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces

GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input

GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API

GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting

GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

Core Changes

fix: preserve HTTP access fallbacks during prerender recovery (#92231)

Fix fallback route params case in app-page handler (#91737)

Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)

Patch setHeader for direct route handlers (#93101)

Include deployment id in cacheHandlers keys (#93453)

Fix double-encoding of URL pathname parts in client param parsing (#93491)

v16.2.5

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

... (truncated)

Commits

ee6e79b v16.2.6
afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
97a154e Turbopack: Fix middleware matcher suffix (#93590)
83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
7b222b9 [backport][test] Pin package manager to patch versions (#93595)
a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
766148f v16.2.5
0dd9483 fix: add explicit checks for RSC header (#83) (#98)
d166096 fix proxy matching for segment prefetch URLs (#89) (#96)
9d50c0b Strip next-resume header from incoming requests (#92)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

Updates next from 14.2.35 to 16.2.6

Release notes

Sourced from next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces

GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input

GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API

GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting

GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

Core Changes

fix: preserve HTTP access fallbacks during prerender recovery (#92231)

Fix fallback route params case in app-page handler (#91737)

Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)

Patch setHeader for direct route handlers (#93101)

Include deployment id in cacheHandlers keys (#93453)

Fix double-encoding of URL pathname parts in client param parsing (#93491)

v16.2.5

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

... (truncated)

Commits

ee6e79b v16.2.6
afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
97a154e Turbopack: Fix middleware matcher suffix (#93590)
83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
7b222b9 [backport][test] Pin package manager to patch versions (#93595)
a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
766148f v16.2.5
0dd9483 fix: add explicit checks for RSC header (#83) (#98)
d166096 fix proxy matching for segment prefetch URLs (#89) (#96)
9d50c0b Strip next-resume header from incoming requests (#92)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

Updates electron from 34.5.8 to 39.8.5

Release notes

Sourced from electron's releases.

electron v39.8.5

Release Notes for v39.8.5

Fixes

Fixed a crash in clipboard.readImage() when the clipboard contains malformed image data. #50493 (Also in 40, 41, 42)

Fixed a crash when calling an offscreen shared texture's release() after the texture object was garbage collected. #50499 (Also in 40, 41, 42)

electron v39.8.4

Release Notes for v39.8.4

Fixes

Fixed an issue where nodeIntegrationInWorker overrides in setWindowOpenHandler were not honored for child windows sharing a renderer process with their opener. #50468 (Also in 38, 40, 41)

Fixed crash when handling JavaScript dialogs from windows opened with invalid or empty URLs. #50400 (Also in 40, 41, 42)

Fixed improper focus tracking in BaseWindow on MacOS. #50338 (Also in 40, 41, 42)

Fixed window freeze when failing to enter/exit fullscreen on macOS. #50341 (Also in 40, 41, 42)

Other Changes

Added support for using a proxy during yarn install. #50349 (Also in 40, 41, 42)

Backported fix for 485935305. #50440

Backported fix for 489381399. #50443

Backported fix for chromium:475877320. #50436

Backported fixes for 484751092, 487117772. #50461

electron v39.8.3

Release Notes for v39.8.3

Fixes

Added additional ASAR support to additional fs copy methods. #50284 (Also in 40, 41, 42)

Fixed user resizing of transparent windows on win32 platform. #50300 (Also in 40, 41, 42)

electron v39.8.2

Release Notes for v39.8.2

Other Changes

Backported fix for b/491421267. #50230

electron v39.8.1

Release Notes for v39.8.1

Fixes

Added validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. #50156 (Also in 38, 40, 41)

Fixed an issue on macOS where calling autoUpdater.quitAndInstall() could fail if checkForUpdates() was called again after an update was already downloaded. #50215 (Also in 40, 41)

Fixed an issue where Chrome Devtools menus may not appear in certain embedded windows. #50136 (Also in 40, 41)

Fixed an issue where additionalData passed to app.requestSingleInstanceLock on Windows could be truncated or fail to deserialize in the primary instance's second-instance event. #50174 (Also in 38, 40, 41)

Fixed an issue where screen.getCursorScreenPoint() crashed on Wayland when it was called before a BrowserWindow had been created. #50106 (Also in 40, 41)

... (truncated)

Commits

9d2f8cb refactor: remove dead named-window lookup from guest-window-manager (#50498)
1173004 fix: crash calling OSR shared texture release() after texture GC'd (#50499)
be37ade fix: crash in clipboard.readImage() on malformed image data (#50493)
7007907 chore: cherry-pick 3 changes from chromium (#50461)
2c8b6ee chore: cherry-pick fbfb27470bf6 from chromium (#50436)
4c64377 chore: cherry-pick 50b057660b4d from chromium (#50440)
0ef0561 fix: read nodeIntegrationInWorker from per-frame WebPreferences (#50122) (#50...
64373df chore: cherry-pick 074d472db745 from chromium (#50443)
13e4407 fix: don't re-parse URL unnecessarily when handling dialogs (#50400)
16a0385 ci: output build cache hit rate as GHA annotation (#50369)
Additional commits viewable in compare view

Updates next from 14.2.35 to 16.2.6

Release notes

Sourced from next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces

GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input

GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API

GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting

GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

Core Changes

fix: preserve HTTP access fallbacks during prerender recovery (#92231)

Fix fallback route params case in app-page handler (#91737)

Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)

Patch setHeader for direct route handlers (#93101)

Include deployment id in cacheHandlers keys (#93453)

Fix double-encoding of URL pathname parts in client param parsing (#93491)

v16.2.5

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Description has been truncated

… updates Bumps the npm_and_yarn group with 1 update in the /Packs/Telos/src/ReportTemplate directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /Releases/v2.3/.claude/skills/Telos/ReportTemplate directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /Releases/v2.4/.claude/skills/Telos/ReportTemplate directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /Releases/v2.5/.claude/skills/Telos/ReportTemplate directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /Releases/v3.0/.claude/skills/Telos/ReportTemplate directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /Releases/v4.0.0/.claude/skills/Telos/ReportTemplate directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /Releases/v4.0.1/.claude/PAI-Install/electron directory: [electron](https://github.com/electron/electron). Bumps the npm_and_yarn group with 1 update in the /Releases/v4.0.1/.claude/skills/Telos/ReportTemplate directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /Releases/v4.0.2/.claude/PAI-Install/electron directory: [electron](https://github.com/electron/electron). Bumps the npm_and_yarn group with 1 update in the /Releases/v4.0.2/.claude/skills/Telos/ReportTemplate directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /Releases/v4.0.3/.claude/PAI-Install/electron directory: [electron](https://github.com/electron/electron). Bumps the npm_and_yarn group with 1 update in the /Releases/v4.0.3/.claude/skills/Telos/ReportTemplate directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /Releases/v5.0.0/.claude/PAI/PAI-Install/electron directory: [electron](https://github.com/electron/electron). Bumps the npm_and_yarn group with 1 update in the /Releases/v5.0.0/.claude/skills/Telos/ReportTemplate directory: [next](https://github.com/vercel/next.js). Updates `next` from 14.2.35 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v16.2.6) Updates `next` from 14.2.35 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v16.2.6) Updates `next` from 14.2.35 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v16.2.6) Updates `next` from 14.2.35 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v16.2.6) Updates `next` from 14.2.35 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v16.2.6) Updates `next` from 14.2.35 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v16.2.6) Updates `electron` from 34.5.8 to 39.8.5 - [Release notes](https://github.com/electron/electron/releases) - [Commits](electron/electron@v34.5.8...v39.8.5) Updates `next` from 14.2.35 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v16.2.6) Updates `electron` from 34.5.8 to 39.8.5 - [Release notes](https://github.com/electron/electron/releases) - [Commits](electron/electron@v34.5.8...v39.8.5) Updates `next` from 14.2.35 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v16.2.6) Updates `electron` from 34.5.8 to 39.8.5 - [Release notes](https://github.com/electron/electron/releases) - [Commits](electron/electron@v34.5.8...v39.8.5) Updates `next` from 14.2.35 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v16.2.6) Updates `electron` from 34.5.8 to 39.8.5 - [Release notes](https://github.com/electron/electron/releases) - [Commits](electron/electron@v34.5.8...v39.8.5) Updates `next` from 14.2.35 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v16.2.6) --- updated-dependencies: - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: electron dependency-version: 39.8.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: electron dependency-version: 39.8.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: electron dependency-version: 39.8.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: electron dependency-version: 39.8.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 12, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the npm_and_yarn group across 14 directories with 2 updates#1237

chore(deps): bump the npm_and_yarn group across 14 directories with 2 updates#1237
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/Packs/Telos/src/ReportTemplate/npm_and_yarn-6cb637473f

dependabot Bot commented on behalf of github May 12, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github May 12, 2026

v16.2.6

Security Fixes

Core Changes

v16.2.5

Security Fixes

v16.2.6

Security Fixes

Core Changes

v16.2.5

Security Fixes

v16.2.6

Security Fixes

Core Changes

v16.2.5

Security Fixes

v16.2.6

Security Fixes

Core Changes

v16.2.5

Security Fixes

v16.2.6

Security Fixes

Core Changes

v16.2.5

Security Fixes

v16.2.6

Security Fixes

Core Changes

v16.2.5

Security Fixes

electron v39.8.5

Release Notes for v39.8.5

Fixes

electron v39.8.4

Release Notes for v39.8.4

Fixes

Other Changes

electron v39.8.3

Release Notes for v39.8.3

Fixes

electron v39.8.2

Release Notes for v39.8.2

Other Changes

electron v39.8.1

Release Notes for v39.8.1

Fixes

v16.2.6

Security Fixes

Core Changes

v16.2.5

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants