Bump the npm_and_yarn group across 5 directories with 3 updates by dependabot[bot] · Pull Request #1299 · vercel/next-learn

dependabot · 2026-02-19T20:36:01Z

Bumps the npm_and_yarn group with 2 updates in the / directory: next and lodash.
Bumps the npm_and_yarn group with 1 update in the /basics/learn-starter directory: next.
Bumps the npm_and_yarn group with 2 updates in the /dashboard/final-example directory: next and next-auth.
Bumps the npm_and_yarn group with 2 updates in the /dashboard/starter-example directory: next and next-auth.
Bumps the npm_and_yarn group with 1 update in the /seo directory: next.

Updates next from 14.2.33 to 15.5.10

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

v15.3.9

Please see this changelog for more information about this security patch.

v15.2.9

Please see this changelog for more information about this security patch.

v15.1.12

Please see this changelog for more information about this security patch.

v15.0.8

Please see this changelog for more information about this security patch.

Commits

60a2aa9 v15.5.10
e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
bf9f084 Sync DoS mitigations for React Flight
c5de33e v15.5.9
dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
7526cd6 v15.5.8
1e9ec41 Update React Version (#41)
16141e5 Update React Version (#30)
e01e589 Backport Next.js changes to v15.5.8 (#23)
Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates next from 16.0.10 to 16.1.6

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

v15.3.9

Please see this changelog for more information about this security patch.

v15.2.9

Please see this changelog for more information about this security patch.

v15.1.12

Please see this changelog for more information about this security patch.

v15.0.8

Please see this changelog for more information about this security patch.

Commits

60a2aa9 v15.5.10
e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
bf9f084 Sync DoS mitigations for React Flight
c5de33e v15.5.9
dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
7526cd6 v15.5.8
1e9ec41 Update React Version (#41)
16141e5 Update React Version (#30)
e01e589 Backport Next.js changes to v15.5.8 (#23)
Additional commits viewable in compare view

Updates next from 16.0.10 to 16.1.6

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

v15.3.9

Please see this changelog for more information about this security patch.

v15.2.9

Please see this changelog for more information about this security patch.

v15.1.12

Please see this changelog for more information about this security patch.

v15.0.8

Please see this changelog for more information about this security patch.

Commits

60a2aa9 v15.5.10
e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
bf9f084 Sync DoS mitigations for React Flight
c5de33e v15.5.9
dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
7526cd6 v15.5.8
1e9ec41 Update React Version (#41)
16141e5 Update React Version (#30)
e01e589 Backport Next.js changes to v15.5.8 (#23)
Additional commits viewable in compare view

Updates next-auth from 5.0.0-beta.25 to 5.0.0-beta.30

Release notes

Sourced from next-auth's releases.

next-auth@5.0.0-beta.29

What's Changed

fix: always check typeof BroadcastChannel by @maiconcarraro in nextauthjs/next-auth#12937

fix(providers): enable OIDC capabilities for Keycloak by @jvllmr in nextauthjs/next-auth#12964

Fix typo: succesful -> successful by @changeworld in nextauthjs/next-auth#12973

Fix undefined providerId by @Regloom in nextauthjs/next-auth#12947

docs: fix typo profie -> profile by @changeworld in nextauthjs/next-auth#12987

docs: Fix typo initalization -> initialization by @changeworld in nextauthjs/next-auth#12989

docs: Fix typo depencies -> dependencies by @changeworld in nextauthjs/next-auth#12983

docs: add missing "key" prop for form element in providerMap iterator by @frshaad in nextauthjs/next-auth#13023

chore(docs): fix typo Minmum -> Minimum by @changeworld in nextauthjs/next-auth#13007

chore(docs): fix typo Avaliable Scopes -> Available Scopes by @changeworld in nextauthjs/next-auth#13009

fix(adapter): transistion to surrealdb@^1.0.0 by @dvanmali in nextauthjs/next-auth#11911

Fix(provider): Mailgun region selection by @benhovinga in nextauthjs/next-auth#13027

fix(next-auth): add missing middleware wrapper type to auth function by @k-taro56 in nextauthjs/next-auth#13026

Update extending-the-session.mdx by @adriancuadrado in nextauthjs/next-auth#13064

fix(adapters): handle P2025 errors without importing Prisma namespace by @karl-barbour in nextauthjs/next-auth#13061

chore(docs): Fix syntax error in RBAC guide by @benhovinga in nextauthjs/next-auth#12733

fix(provider): Microsoft Entra ID by @benhovinga in nextauthjs/next-auth#12616

Update index.ts by @adriancuadrado in nextauthjs/next-auth#13066

New Contributors

@maiconcarraro made their first contribution in nextauthjs/next-auth#12937

@jvllmr made their first contribution in nextauthjs/next-auth#12964

@Regloom made their first contribution in nextauthjs/next-auth#12947

@frshaad made their first contribution in nextauthjs/next-auth#13023

@dvanmali made their first contribution in nextauthjs/next-auth#11911

@adriancuadrado made their first contribution in nextauthjs/next-auth#13064

@karl-barbour made their first contribution in nextauthjs/next-auth#13061

Full Changelog: https://github.com/nextauthjs/next-auth/compare/next-auth@5.0.0-beta.28...next-auth@5.0.0-beta.29

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by himself_65, a new releaser for next-auth since your current version.

Updates next from 16.0.10 to 16.1.6

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

v15.3.9

Please see this changelog for more information about this security patch.

v15.2.9

Please see this changelog for more information about this security patch.

v15.1.12

Please see this changelog for more information about this security patch.

v15.0.8

Please see this changelog for more information about this security patch.

Commits

60a2aa9 v15.5.10
e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
bf9f084 Sync DoS mitigations for React Flight
c5de33e v15.5.9
dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
7526cd6 v15.5.8
1e9ec41 Update React Version (#41)
16141e5 Update React Version (#30)
e01e589 Backport Next.js changes to v15.5.8 (#23)
Additional commits viewable in compare view

Updates next-auth from 5.0.0-beta.25 to 5.0.0-beta.30

Release notes

Sourced from next-auth's releases.

next-auth@5.0.0-beta.29

What's Changed

fix: always check typeof BroadcastChannel by @maiconcarraro in nextauthjs/next-auth#12937

fix(providers): enable OIDC capabilities for Keycloak by @jvllmr in nextauthjs/next-auth#12964

Fix typo: succesful -> successful by @changeworld in nextauthjs/next-auth#12973

Fix undefined providerId by @Regloom in nextauthjs/next-auth#12947

docs: fix typo profie -> profile by @changeworld in nextauthjs/next-auth#12987

docs: Fix typo initalization -> initialization by @changeworld in nextauthjs/next-auth#12989

docs: Fix typo depencies -> dependencies by @changeworld in nextauthjs/next-auth#12983

docs: add missing "key" prop for form element in providerMap iterator by @frshaad in nextauthjs/next-auth#13023

chore(docs): fix typo Minmum -> Minimum by @changeworld in nextauthjs/next-auth#13007

chore(docs): fix typo Avaliable Scopes -> Available Scopes by @changeworld in nextauthjs/next-auth#13009

fix(adapter): transistion to surrealdb@^1.0.0 by @dvanmali in nextauthjs/next-auth#11911

Fix(provider): Mailgun region selection by @benhovinga in nextauthjs/next-auth#13027

fix(next-auth): add missing middleware wrapper type to auth function by @k-taro56 in nextauthjs/next-auth#13026

Update extending-the-session.mdx by @adriancuadrado in nextauthjs/next-auth#13064

fix(adapters): handle P2025 errors without importing Prisma namespace by @karl-barbour in nextauthjs/next-auth#13061

chore(docs): Fix syntax error in RBAC guide by @benhovinga in nextauthjs/next-auth#12733

fix(provider): Microsoft Entra ID by @benhovinga in nextauthjs/next-auth#12616

Update index.ts by @adriancuadrado in nextauthjs/next-auth#13066

New Contributors

@maiconcarraro made their first contribution in nextauthjs/next-auth#12937

@jvllmr made their first contribution in nextauthjs/next-auth#12964

@Regloom made their first contribution in nextauthjs/next-auth#12947

@frshaad made their first contribution in nextauthjs/next-auth#13023

@dvanmali made their first contribution in nextauthjs/next-auth#11911

@adriancuadrado made their first contribution in nextauthjs/next-auth#13064

@karl-barbour made their first contribution in nextauthjs/next-auth#13061

Full Changelog: https://github.com/nextauthjs/next-auth/compare/next-auth@5.0.0-beta.28...next-auth@5.0.0-beta.29

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by himself_65, a new releaser for next-auth since your current version.

Updates next from 16.0.10 to 16.1.6

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

v15.3.9

Please see this changelog for more information about this security patch.

v15.2.9

Please see this changelog for more information about this security patch.

v15.1.12

Please see this changelog for more information about this security patch.

v15.0.8

Please see this changelog for more information about this security patch.

Commits

60a2aa9 v15.5.10
e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
bf9f084 Sync DoS mitigations for React Flight
c5de33e v15.5.9
dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
7526cd6 v15.5.8
1e9ec41 Update React Version (#41)
16141e5 Update React Version (#30)
e01e589 Backport Next.js changes to v15.5.8 (#23)
Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 2 updates in the / directory: [next](https://github.com/vercel/next.js) and [lodash](https://github.com/lodash/lodash). Bumps the npm_and_yarn group with 1 update in the /basics/learn-starter directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 2 updates in the /dashboard/final-example directory: [next](https://github.com/vercel/next.js) and [next-auth](https://github.com/nextauthjs/next-auth). Bumps the npm_and_yarn group with 2 updates in the /dashboard/starter-example directory: [next](https://github.com/vercel/next.js) and [next-auth](https://github.com/nextauthjs/next-auth). Bumps the npm_and_yarn group with 1 update in the /seo directory: [next](https://github.com/vercel/next.js). Updates `next` from 14.2.33 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.33...v15.5.10) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `next` from 16.0.10 to 16.1.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.33...v15.5.10) Updates `next` from 16.0.10 to 16.1.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.33...v15.5.10) Updates `next-auth` from 5.0.0-beta.25 to 5.0.0-beta.30 - [Release notes](https://github.com/nextauthjs/next-auth/releases) - [Commits](https://github.com/nextauthjs/next-auth/commits/next-auth@5.0.0-beta.30) Updates `next` from 16.0.10 to 16.1.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.33...v15.5.10) Updates `next-auth` from 5.0.0-beta.25 to 5.0.0-beta.30 - [Release notes](https://github.com/nextauthjs/next-auth/releases) - [Commits](https://github.com/nextauthjs/next-auth/commits/next-auth@5.0.0-beta.30) Updates `next` from 16.0.10 to 16.1.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.33...v15.5.10) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next-auth dependency-version: 5.0.0-beta.30 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next-auth dependency-version: 5.0.0-beta.30 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2026-02-19T20:36:07Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
next-learn-dashboard	Ready	Preview, Comment, Open in v0	Feb 19, 2026 8:36pm
next-learn-starter	Ready	Preview, Comment, Open in v0	Feb 19, 2026 8:36pm
next-seo-starter	Ready	Preview, Comment, Open in v0	Feb 19, 2026 8:36pm

socket-security · 2026-02-19T20:36:40Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Vulnerability	Quality	Maintenance
next@14.2.33 ⏵ 15.5.10	⁺⁶	⁺²⁹	^-3	⁺⁴⁷
lodash@4.17.21 ⏵ 4.17.23	^-5	⁺²	⁺¹
next-auth@5.0.0-beta.25 ⏵ 5.0.0-beta.30	⁺¹	⁺²	⁺¹
postgres@3.4.7 ⏵ 3.4.8	⁺¹
use-debounce@10.0.6 ⏵ 10.1.0			⁺¹	^-2
@tailwindcss/forms@0.5.11

View full report

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 19, 2026

dependabot bot mentioned this pull request Feb 19, 2026

Bump next from 15.3.2 to 15.5.2 in /dashboard/final-example #1093

Closed

dependabot bot mentioned this pull request Feb 19, 2026

Bump the npm_and_yarn group across 2 directories with 1 update #1148

Closed

vercel bot deployed to Preview – next-seo-starter February 19, 2026 20:36 View deployment

vercel bot deployed to Preview – next-learn-starter February 19, 2026 20:36 View deployment

vercel bot deployed to Preview – next-learn-dashboard February 19, 2026 20:36 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 5 directories with 3 updates#1299

Bump the npm_and_yarn group across 5 directories with 3 updates#1299
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-46f0a11a7b

dependabot bot commented on behalf of github Feb 19, 2026

Uh oh!

vercel bot commented Feb 19, 2026 •

edited

Loading

Uh oh!

socket-security bot commented Feb 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 19, 2026

v15.5.10

v15.4.11

v15.3.9

v15.2.9

v15.1.12

v15.0.8

v15.5.10

v15.4.11

v15.3.9

v15.2.9

v15.1.12

v15.0.8

v15.5.10

v15.4.11

v15.3.9

v15.2.9

v15.1.12

v15.0.8

next-auth@5.0.0-beta.29

What's Changed

New Contributors

v15.5.10

v15.4.11

v15.3.9

v15.2.9

v15.1.12

v15.0.8

next-auth@5.0.0-beta.29

What's Changed

New Contributors

v15.5.10

v15.4.11

v15.3.9

v15.2.9

v15.1.12

v15.0.8

Uh oh!

vercel bot commented Feb 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security bot commented Feb 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

vercel bot commented Feb 19, 2026 •

edited

Loading