deps(deps): bump the minor-and-patch group with 11 updates

[dependabot]

Bumps the minor-and-patch group with 11 updates:

Package	From	To
next	16.1.4	16.1.6
react	19.2.3	19.2.4
@types/react	19.2.9	19.2.10
react-dom	19.2.3	19.2.4
react-resizable-panels	4.5.2	4.5.8
zustand	5.0.10	5.0.11
@eslint/compat	2.0.1	2.0.2
@next/bundle-analyzer	16.1.4	16.1.6
@playwright/test	1.58.0	1.58.1
autoprefixer	10.4.23	10.4.24
eslint-config-next	16.1.4	16.1.6

Updates next from 16.1.4 to 16.1.6

Release notes

Sourced from next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

Commits

• adf8c61 v16.1.6
• 098c0c0 [backport][ci] Make gh auth status optional when triggering a release (#89100)
• a43df32 Backport/docs fixes jan 25 16.1.x (#89124)
• d6d5734 tweak LRU sentinel cache key (#89123)
• 4324698 backport: implement LRU cache with invocation ID scoping for minimal mode res...
• 23c4649 [backport] Upgrade to swc 54 (#88207) (#89103)
• acba4a6 v16.1.5
• e1d1fc6 Add maximum size limit for postponed body parsing (#88175)
• 500ec83 fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
• 1caaca3 feat(next/image)!: add images.maximumResponseBody config (#88183)
• Additional commits viewable in compare view

Updates react from 19.2.3 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates @types/react from 19.2.9 to 19.2.10

Commits

• See full diff in compare view

Updates react-dom from 19.2.3 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates react-resizable-panels from 4.5.2 to 4.5.8

Release notes

Sourced from react-resizable-panels's releases.

4.5.6

• 644: Disabled the change to collapsible panel behavior that was originally made in 635.

4.5.5

• 641: Removed aria-orientation role from root Group element as this was invalid according to the ARIA spec; (for more information see the discussion on issue #640)
• 642: Bugfix: Fix collapsible Panel regression introduced in 4.5.3

4.5.4

• 638: Panel avoids unnecessary re-renders in response to mouse-hover state.

4.5.3

• 635: Expand pre-collapsed panels if drug past the halfway point for more consistent collapse/expand behavior.
• 631: Bugfix: Panels set max-width and max-height to 100% to fix potential CSS overflow bug.

Changelog

Sourced from react-resizable-panels's changelog.

4.5.8

• 651: Disabled the change to collapsible panel behavior that was originally made in 635 due to another reported regression

4.5.7

• 646: Re-enable the collapsible Panel from 4.5.3 that was disabled in 4.5.6
• 648: Bugfix: Reset Separator hover-state on Document "pointerout"

4.5.6

• 644: Disabled the change to collapsible panel behavior that was originally made in 635

4.5.5

• 641: Removed aria-orientation role from root Group element as this was invalid according to the ARIA spec; (for more information see the discussion on issue #640)
• 642: Bugfix: Fix collapsible Panel regression introduced in 4.5.3

4.5.4

• 638: Panel avoids unnecessary re-renders in response to mouse-hover state.

4.5.3

• 635: Expand pre-collapsed panels if drug past the halfway point for more consistent collapse/expand behavior.
• 631: Bugfix: Panels set max-width and max-height to 100% to fix potential CSS overflow bug.

Commits

• 119437b 4.5.7 -> 4.5.8
• 566de30 Revert collapse behavioral change again (#651)
• 87e361a Simplify e2e test main window vs popup window logic
• db20c9b 4.5.6 -> 4.5.7
• 5948c2b Update CHANGELOG with pending release changes
• 7f58523 Reset seperator hover-state on Document "pointerout" (#648)
• 21f3e9d Update CHANGELOG with pending release notes
• 7382e94 Re-enable the collapsible Panel from 4.5.3 that was disabled in 4.5.6 (#646)
• 1cb436e Unwind some of the test abstraction
• 46889ae 4.5.5 -> 4.5.6
• Additional commits viewable in compare view

Updates zustand from 5.0.10 to 5.0.11

Release notes

Sourced from zustand's releases.

v5.0.11

This release includes small improvements in middleware thanks to contributors.

What's Changed

• chore: improve typing in devtools middleware by @​grigoriy-reshetniak in pmndrs/zustand#3362
• fix(persist): avoid relying on global localStorage by @​honuuk in pmndrs/zustand#3367
• fix(immer): Proper typing for immer middleware in combination with slices by @​wheerd in pmndrs/zustand#3371

New Contributors

• @​SeongYongLee made their first contribution in pmndrs/zustand#3355
• @​grigoriy-reshetniak made their first contribution in pmndrs/zustand#3351
• @​DormancyWang made their first contribution in pmndrs/zustand#3363
• @​Ea-st-ring made their first contribution in pmndrs/zustand#3369
• @​winner07 made their first contribution in pmndrs/zustand#3373
• @​honuuk made their first contribution in pmndrs/zustand#3367
• @​wheerd made their first contribution in pmndrs/zustand#3371

Full Changelog: pmndrs/zustand@v5.0.10...v5.0.11

Commits

• 99379a6 5.0.11
• c81b4eb chore(deps): update dev dependencies (#3375)
• 3871d53 fix(immer): Proper typing for immer middleware in combination with slices (#...
• 9b505ac fix(persist): use window.localStorage as default storage reference (#3367)
• 267a57c Update code block in tutorial-tic-tac-toe.md (#3373)
• 6813f7b docs: remove stray Russian comment in beginner-typescript guide (#3369)
• d9ea330 docs(testing): fix undefined counterStoreRef variable (#3368)
• 6e026d7 chore: improve typing in devtools middleware (#3362)
• e7d4593 Revert "chore(deps): bump pmndrs/docs/.github/workflows/build.yml from 2 to 3...
• 0f49ad8 chore(deps): bump pmndrs/docs/.github/workflows/build.yml from 2 to 3 (#3364)
• Additional commits viewable in compare view

Updates @eslint/compat from 2.0.1 to 2.0.2

Release notes

Sourced from @​eslint/compat's releases.

compat: v2.0.2

2.0.2 (2026-01-29)

Bug Fixes

• add eslint 10 as peer dependency (#361) (ecb37dc)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.0.1 to ^1.1.0

migrate-config: v2.0.2

2.0.2 (2026-01-29)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/compat bumped from ^2.0.1 to ^2.0.2
  • devDependencies
    • @​eslint/core bumped from ^1.0.1 to ^1.1.0

Changelog

Sourced from @​eslint/compat's changelog.

2.0.2 (2026-01-29)

Bug Fixes

• add eslint 10 as peer dependency (#361) (ecb37dc)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.0.1 to ^1.1.0

Commits

• 7960653 chore: release main (#356)
• ecb37dc fix: add eslint 10 as peer dependency (#361)
• 074cac2 docs: Update README sponsors
• a3b0fd5 docs: Update README sponsors
• See full diff in compare view

Updates @next/bundle-analyzer from 16.1.4 to 16.1.6

Release notes

Sourced from @​next/bundle-analyzer's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

Commits

• adf8c61 v16.1.6
• acba4a6 v16.1.5
• See full diff in compare view

Updates @playwright/test from 1.58.0 to 1.58.1

Release notes

Sourced from @​playwright/test's releases.

v1.58.1

Highlights

#39036 fix(msedge): fix local network permissions #39037 chore: update cft download location #38995 chore(webkit): disable frame sessions on fronzen builds

Browser Versions

• Chromium 145.0.7632.6
• Mozilla Firefox 146.0.1
• WebKit 26.0

Commits

• 97bc385 cherry-pick(#38995): chore(webkit): disable frame sessions on fronzen builds
• ad625fe chore: mark v1.58.1 (#39055)
• f07234d cherry-pick(#39036): fix(msedge): fix local network permissions (#39053)
• ab8136c cherry-pick(#39037): chore: update cft download location (#39052)
• aa6ffeb cherry-pick(#39014): docs: add 1.58 release notes for Java, Python, and C#
• See full diff in compare view

Updates @types/react from 19.2.9 to 19.2.10

Commits

• See full diff in compare view

Updates autoprefixer from 10.4.23 to 10.4.24

Release notes

Sourced from autoprefixer's releases.

10.4.24

• Made Autoprefixer a little faster (by @​Cherry).

Changelog

Sourced from autoprefixer's changelog.

10.4.24

• Made Autoprefixer a little faster (by @​Cherry).

Commits

• 36692c2 Release 10.4.24 version
• 67df014 Update dependencies
• 032440e perf: reduce array allocations (#1542)
• See full diff in compare view

Updates eslint-config-next from 16.1.4 to 16.1.6

Release notes

Sourced from eslint-config-next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

Commits

• adf8c61 v16.1.6
• acba4a6 v16.1.5
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.