feat(deps)!: Update dependency next (14.2.35 → 16.2.10)#186
feat(deps)!: Update dependency next (14.2.35 → 16.2.10)#186its-miso[bot] wants to merge 5 commits into
Conversation
There was a problem hiding this comment.
AI Automated Review
Full PR review.
Analysis engine: MiniMax-M2.7@https://litellm.jory.dev/v1 (anthropic) — escalated (fast_request_changes,fast_low_confidence)
PR Review: Update Next.js from 14.2.35 to 16.2.10
Recommendation
Approve — The Next.js major version upgrade (14 → 16) has passed all CI checks including the full test suite and frontend build. The changes are well-contained to kubetix-web/ and introduce no breaking changes to application logic.
Change Summary
| Aspect | Detail |
|---|---|
| Package | next |
| Version | 14.2.35 → 16.2.10 |
| Files | kubetix-web/package.json, kubetix-web/package-lock.json |
| Change type | Major (requires manual review per AGENTS.md dependency policy) |
Required Checks
✅ check for breaking API changes in updated dependencies
Verified via analysis of the diff:
- Node.js requirement change: Next.js 16 requires
>=20.9.0(up from>=18.17.0). This is a runtime requirement the hosting environment must satisfy. No API surface changes. - Removed packages:
@swc/counter,busboy,@next/swc-win32-ia32-msvc(32-bit Windows). These are internal implementation details, not public API. - Added optional dependency:
sharp@0.34.5and related@img/sharp-*native binaries. Marked as optional in the diff and not required to run. - Added optional dependency:
baseline-browser-mapping@2.10.38. Optional for baseline browser features. - Peer dependency drift: React peer deps now include React 19 (
^19.0.0) in addition to React 18. The project pinsreact@18.2.0, so this is backward-compatible. - Internal refactors:
@swc/helpersupgraded,styled-jsxupgraded — these are implementation-level and do not affect the Next.js public API. graceful-fsmoved to dev scope: Previously a direct dependency; nowdev: truein the lock. This is an internal detail of how Next.js bundles its dependencies and does not affect the web application's API contract.
Conclusion: No breaking API changes affecting the KubeTix web application.
✅ run full test suite after upgrade
All 9 CI checks passed on commit 860602c:
| Check | Status |
|---|---|
| e2e-tests | ✅ success |
| build-and-publish | ✅ success |
| frontend-build | ✅ success |
| helm-check | ✅ success |
| test | ✅ success |
| legacy-test | ✅ success |
| lint | ✅ success |
| security | ✅ success |
| review | ✅ success |
The full test suite (unit, integration, e2e) ran successfully against this upgrade.
Standards Compliance
- ✅ Dependencies managed via Renovate (
.renovaterc.json5configuration present) - ✅ Major Python updates require manual review (per AGENTS.md) — Next.js is a JavaScript dependency; the policy applies, and manual review is being performed here
- ✅ Auto-merge not applied (correct behavior for major updates)
- ✅ No credentials or secrets introduced
- ✅ No file-serving or route changes
Linked Issue Fit
No linked issues. The change is a routine major dependency update generated by Renovate.
Evidence Provider Findings
No evidence providers were configured for this review. All analysis derived from the PR diff, CI status, and repository corpus.
Unknowns / Needs Verification
- Node.js version in CI environment: The CI passed with all checks green, which implicitly confirms the CI runner's Node.js version (≥20.9.0) is compatible. If the production deployment uses a different Node version, the operator should verify
node --version >= 20.9.0before deploying this change. - Platform-specific binaries: The
sharp@0.34.5and@img/sharp-*optional dependencies are new. They are marked optional in the diff and won't affect deployment unless explicitly enabled, but teams using Alpine/musl Linux should confirmsharpcompatibility if they opt into it in the future.
Conclusion
This is a clean, well-tested dependency upgrade that passed all validation gates. The major Next.js version jump is significant but does not introduce API regressions for the KubeTix web application. Approve for merge.
This PR contains the following updates:
^14.2.0→^16.0.0Release Notes
vercel/next.js (next)
v16.2.10Compare Source
Contains no changes except publishing
@next/swc-wasm-webwhich was accidentally not published since 16.2.4.v16.2.9Compare Source
Empty release to ensure
next@latestpoints at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.v16.2.8Compare Source
Release with no changes in an attempt to fix
next@latestpointing at a prerelease version.v16.2.7Compare Source
Core Changes
playwright-coreto resolve_finishedPromiseonrequestFailed(#93920)router.querycorruption withbasePath+rewrites(#93917)FormDataentries (#94240)Credits
Huge thanks to @eps1lon, @icyJoseph, @unstubbable, @mischnic, @bgw, @timneutkens, and @lukesandberg for helping!
v16.2.6Compare Source
Security Fixes
The following advisories have been addressed:
High:
Moderate:
Low:
Core Changes
cacheHandlerskeys (#93453)v16.2.5Compare Source
Security Fixes
The following advisories have been addressed:
High:
Moderate:
Low:
Core Changes
cacheHandlerskeys (#93453)v16.2.4Compare Source
Core Changes
Credits
Huge thanks to @Badbird5907, @lukesandberg, @andrewimm, @sokra, and @mischnic for helping!
v16.2.3Compare Source
Core Changes
Credits
Huge thanks to @icyJoseph, @sokra, @wbinnssmith, @eps1lon and @ztanner for helping!
v16.2.2Compare Source
Core Changes
Credits
Huge thanks to @nextjs-bot, @icyJoseph, @ijjk, @gaojude, @wbinnssmith, @lukesandberg, and @bgw for helping!
v16.2.1Compare Source
Core Changes
cacheComponents(#91711){eval:true}in worker_threads constructors (#91666)Credits
Huge thanks to @icyJoseph, @abhishekmardiya, @ijjk, @mischnic, @unstubbable, @sokra, and @lukesandberg for helping!
v16.2.0Compare Source
Core Changes
f93b9fd4-20251217to65eec428-20251218: #87323experimental.strictRouteTypesconfig: #87378satisfieswhen validating page and route modules: #87398numberinconfig.api.bodyParser.sizeLimitwhen validating route: #87633images.maximumResponseBodyconfig: #88183'use cache'wrapper: #88219'use cache'function calls: #86920pending revalidates...debug log if applicable: #88221noUncheckedSideEffectImportsfor CSS imports: #88199/_next/routes: #8835365eec428-20251218to3e1abcc8-20260113: #88530interopDefault: #884863e1abcc8-20260113to4a3d993e-20260114: #885474a3d993e-20260114tobef88f7c-20260116: #88649--debug-build-pathsbracket escaping for glob patterns: #88660--debug-build-paths: #88654next start --inspect: #88744--debug-build-pathssupport to filter routes: #88655bef88f7c-20260116to41b3e9a6-20260119: #8875641b3e9a6-20260119tod2908752-20260119: #88774rewroteURLtorewrittenPathnamein request metadata: #88751getImplicitTagsto accept pathname instead of url object: #88753NEXT_DEPLOYMENT_IDglobal: #86738<html data-dpl-id>and don't inline it into JS anymore: #88761revalidatePathwith params and trailing slash when deployed: #88623d2908752-20260119tob546603b-20260121: #88860deploymentIdfrom App RouterRenderOptsPartial: #88866b546603b-20260121to24d8716e-20260123: #88963?dpl=to all asset urls returned by Turbopack: #88828useEffectEventto disallowed React APIs in Server Components: #88985renderOpts.nextExporttoisBuildTimePrerendering: #88951README.mds: #89022__turbopack_load_by_url__with query: #8889924d8716e-20260123to8c34556c-20260126: #89066baseline-browser-mappingwarnings: #89175.mdlicenses are included in vendored packages: #8920110680271-20260126to230772f9-20260128: #89250tarused to extract SWC binary : #89158browserslistdoesn't issue outdated warnings forbaseline-browser-mapping: #89287230772f9-20260128toda641178-20260129: #89301rules.*.typeconfig to allow changing the type of a module: #88788logging.serverFunctions: #89321'use cache'functions: #89408da641178-20260129toed4bd540-20260202: #89401ed4bd540-20260202tob1533b03-20260203: #89444b1533b03-20260203to3e00319b-20260203: #89449experimental.reportSystemEnvInliningfor Turbopack: #89304instant(): #89469cacheLifeon outer"use cache"when nesting short-lived caches: #894813e00319b-20260203to95ffd6cd-20260205: #89550discoverRoutes()API: #8897195ffd6cd-20260205to2dd9b7cf-20260208: #89681AggregateError.errorsin terminal output: #889992dd9b7cf-20260208to272441a9-20260209: #89722next dev: #89798type: "text"under a new experimental flag, following what webpack did: #89560use: #89793experimental.appNewScrollHandler: #83107272441a9-20260209to6066c782-20260212: #89923--debug-prerenderis set: #89834require.resolve()to get the installednextversion: #89166prefetch={true}on Links to routes withinstant: #900616066c782-20260212to4842fbea-20260217: #90144pnpm build: #89819Configuration
📅 Schedule: (in timezone America/Edmonton)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.