Skip to content

build(deps): bump the next group across 1 directory with 3 updates#1

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/ui/next-1d29fd0df7
Open

build(deps): bump the next group across 1 directory with 3 updates#1
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/ui/next-1d29fd0df7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 26, 2026

Copy link
Copy Markdown

Bumps the next group with 3 updates in the /ui directory: @vercel/blob, next and eslint-config-next.

Updates @vercel/blob from 2.3.3 to 2.5.0

Release notes

Sourced from @​vercel/blob's releases.

@​vercel/blob@​2.5.0

Minor Changes

  • 31a8b8f: Deprecate the useCache option on get(). The backend no longer honors the cache=0 query parameter it produced, so the option is now a no-op — reads always go through the standard caching path. The option is still accepted (and ignored) to avoid breaking existing callers, and will be removed in a future major version.

Patch Changes

  • 9ac2586: Read the Vercel OIDC token via @vercel/oidc's refreshing getVercelOidcToken instead of the non-refreshing getVercelOidcTokenSync. This refreshes an expired token in development environments. In production with a valid token, behavior is unchanged. If a refresh is needed but fails, the token is treated as absent so callers still fall back to BLOB_READ_WRITE_TOKEN.

@​vercel/blob@​2.4.1

Patch Changes

  • b7027de: Read the Vercel OIDC token via the @vercel/oidc package (getVercelOidcTokenSync) instead of an inlined copy. This makes the dependency explicit and discoverable, and matches how other Vercel packages consume OIDC. Behavior is unchanged except for one edge case: a blank x-vercel-oidc-token request-context header now resolves to no token rather than falling back to VERCEL_OIDC_TOKEN.

@​vercel/blob@​2.4.0

Minor Changes

  • 20eeaff: Add Vercel OIDC auth and presigned URLs
Changelog

Sourced from @​vercel/blob's changelog.

2.5.0

Minor Changes

  • 31a8b8f: Deprecate the useCache option on get(). The backend no longer honors the cache=0 query parameter it produced, so the option is now a no-op — reads always go through the standard caching path. The option is still accepted (and ignored) to avoid breaking existing callers, and will be removed in a future major version.

Patch Changes

  • 9ac2586: Read the Vercel OIDC token via @vercel/oidc's refreshing getVercelOidcToken instead of the non-refreshing getVercelOidcTokenSync. This refreshes an expired token in development environments. In production with a valid token, behavior is unchanged. If a refresh is needed but fails, the token is treated as absent so callers still fall back to BLOB_READ_WRITE_TOKEN.

2.4.1

Patch Changes

  • b7027de: Read the Vercel OIDC token via the @vercel/oidc package (getVercelOidcTokenSync) instead of an inlined copy. This makes the dependency explicit and discoverable, and matches how other Vercel packages consume OIDC. Behavior is unchanged except for one edge case: a blank x-vercel-oidc-token request-context header now resolves to no token rather than falling back to VERCEL_OIDC_TOKEN.

2.4.0

Minor Changes

  • 20eeaff: Add Vercel OIDC auth and presigned URLs
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​vercel/blob since your current version.


Updates next from 15.5.18 to 16.2.10

Release notes

Sourced from next's releases.

v16.2.10

Contains no changes except publishing @next/swc-wasm-web which was accidentally not published since 16.2.4.

v16.2.9

Empty release to ensure next@latest points at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.

v16.2.8

Release with no changes in an attempt to fix next@latest pointing at a prerelease version.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Backport documentation fixes for v16.2 (#93804)
  • [backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)
  • [backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)
  • [backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)
  • [backport] Encode non-ASCII characters in cache tags at construction (#93918)
  • [backport] Fix server action forwarding loop with middleware rewrites (#93919)
  • [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
  • [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
  • [backport] Fix "type: module" in project dir when using standalone or adapters (#94050)
  • [backport] Propagate adapter preferred regions (#94200)
  • [16.2.x] Don't drop FormData entries (#94240)
  • [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @​eps1lon, @​icyJoseph, @​unstubbable, @​mischnic, @​bgw, @​timneutkens, and @​lukesandberg for helping!

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

Moderate:

... (truncated)

Commits

Updates eslint-config-next from 15.4.8 to 16.2.10

Release notes

Sourced from eslint-config-next's releases.

v16.2.10

Contains no changes except publishing @next/swc-wasm-web which was accidentally not published since 16.2.4.

v16.2.9

Empty release to ensure next@latest points at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.

v16.2.8

Release with no changes in an attempt to fix next@latest pointing at a prerelease version.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Backport documentation fixes for v16.2 (#93804)
  • [backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)
  • [backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)
  • [backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)
  • [backport] Encode non-ASCII characters in cache tags at construction (#93918)
  • [backport] Fix server action forwarding loop with middleware rewrites (#93919)
  • [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
  • [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
  • [backport] Fix "type: module" in project dir when using standalone or adapters (#94050)
  • [backport] Propagate adapter preferred regions (#94200)
  • [16.2.x] Don't drop FormData entries (#94240)
  • [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @​eps1lon, @​icyJoseph, @​unstubbable, @​mischnic, @​bgw, @​timneutkens, and @​lukesandberg for helping!

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

Moderate:

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for eslint-config-next since your current version.


@dependabot @github

dependabot Bot commented on behalf of github May 26, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies, ui. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@vercel

vercel Bot commented May 26, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
theseus-agent-oracle-poc Ready Ready Preview, Comment Jul 7, 2026 1:16pm

Request Review

@dependabot dependabot Bot changed the title build(deps): bump the next group in /ui with 3 updates build(deps): bump the next group across 1 directory with 3 updates Jun 4, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ui/next-1d29fd0df7 branch from bf7b48e to 707992d Compare June 4, 2026 00:28
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ui/next-1d29fd0df7 branch from 707992d to b3cd1c2 Compare June 14, 2026 01:29
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ui/next-1d29fd0df7 branch from b3cd1c2 to b0b9411 Compare June 16, 2026 13:16
erickkwangg added a commit that referenced this pull request Jun 18, 2026
The index was a bare paragraph plus a dead grey box with a cutesy, inflated headline ('Escrow a sovereign agent settles'). Replace it with a real product surface: a hero card with a plain headline and a live Base Sepolia stats row, a four-step how-it-works, and the actual settled deal #1 surfaced as on-chain proof (1,000 eUSDC released, 99% confidence) so the page shows the product working before a wallet is even connected. Swap the clashing orange RainbowKit button for an indigo one that matches the brand. Plain copy throughout, no 'sovereign' and no inverted syntax.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
erickkwangg added a commit that referenced this pull request Jun 19, 2026
Full visual redesign into a dark, premium app: a sticky nav with a logo mark and the connect button, a hero whose centerpiece is the real settled deal #1 rendered as a live card (lifecycle timeline plus the agent's RELEASE 99% verdict), icon-backed claim cards, a how-it-works flow, and a designed create/deals surface with gradient CTAs. The deal page matches the same dark system. Reads as a product someone would actually use, not a documentation page.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ui/next-1d29fd0df7 branch from b0b9411 to 31f5184 Compare June 23, 2026 13:14
Bumps the next group with 3 updates in the /ui directory: [@vercel/blob](https://github.com/vercel/storage/tree/HEAD/packages/blob), [next](https://github.com/vercel/next.js) and [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next).


Updates `@vercel/blob` from 2.3.3 to 2.5.0
- [Release notes](https://github.com/vercel/storage/releases)
- [Changelog](https://github.com/vercel/storage/blob/main/packages/blob/CHANGELOG.md)
- [Commits](https://github.com/vercel/storage/commits/@vercel/blob@2.5.0/packages/blob)

Updates `next` from 15.5.18 to 16.2.10
- [Release notes](https://github.com/vercel/next.js/releases)
- [Commits](vercel/next.js@v15.5.18...v16.2.10)

Updates `eslint-config-next` from 15.4.8 to 16.2.10
- [Release notes](https://github.com/vercel/next.js/releases)
- [Commits](https://github.com/vercel/next.js/commits/v16.2.10/packages/eslint-config-next)

---
updated-dependencies:
- dependency-name: "@vercel/blob"
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: next
- dependency-name: eslint-config-next
  dependency-version: 16.2.6
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: next
- dependency-name: next
  dependency-version: 16.2.6
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: next
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ui/next-1d29fd0df7 branch from 31f5184 to 3351c4c Compare July 7, 2026 13:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants