chore(deps): bump the npm-dependencies group with 9 updates

[dependabot]

Bumps the npm-dependencies group with 9 updates:

Package	From	To
@vercel/analytics	1.6.0	1.6.1
@vercel/speed-insights	1.3.0	1.3.1
next	16.0.6	16.0.7
react	19.2.0	19.2.1
react-dom	19.2.0	19.2.1
baseline-browser-mapping	2.8.32	2.9.4
lefthook	2.0.4	2.0.8
markdownlint-cli2	0.19.1	0.20.0
vitest	4.0.14	4.0.15

Updates @vercel/analytics from 1.6.0 to 1.6.1

Release notes

Sourced from @​vercel/analytics's releases.

1.6.1

What's Changed

• fix(nuxt): remove the module as breaking change by @​atinux in vercel/analytics#181

Full Changelog: vercel/analytics@1.6.0...1.6.1

Commits

• 0028584 fix(nuxt): remove the module as breaking change (#181)
• See full diff in compare view

Updates @vercel/speed-insights from 1.3.0 to 1.3.1

Release notes

Sourced from @​vercel/speed-insights's releases.

1.3.1

What's Changed

• fix(nuxt): remove the module as breaking change by @​HugoRCD in vercel/speed-insights#107

Full Changelog: vercel/speed-insights@1.3.0...1.3.1

Commits

• 2452c35 fix(nuxt): remove the module as breaking change (#107)
• See full diff in compare view

Updates next from 16.0.6 to 16.0.7

Release notes

Sourced from next's releases.

v16.0.7

Please see CVE-2025-66478 for additional details about this release.

Commits

• 7492122 v16.0.7
• d21259d update version script
• b1a04a8 Update React Version (#11)
• See full diff in compare view

Updates react from 19.2.0 to 19.2.1

Release notes

Sourced from react's releases.

19.2.1 (December 3rd, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

Changelog

Sourced from react's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

Commits

• 053df4e Version 19.2.1
• See full diff in compare view

Updates react-dom from 19.2.0 to 19.2.1

Release notes

Sourced from react-dom's releases.

19.2.1 (December 3rd, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

Changelog

Sourced from react-dom's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

Commits

• 053df4e Version 19.2.1
• See full diff in compare view

Updates baseline-browser-mapping from 2.8.32 to 2.9.4

Release notes

Sourced from baseline-browser-mapping's releases.

v2.9.3 - remove process.loadEnvFile()

What's Changed

• Remove process.loadEnfFile() from main script by @​tonypconway in web-platform-dx/baseline-browser-mapping#112

Full Changelog: web-platform-dx/baseline-browser-mapping@v2.9.2...v2.9.3

v2.9.2 - fix browser support bug

What's Changed

• Fix browser support bug by @​tonypconway in web-platform-dx/baseline-browser-mapping#111 Full Changelog: web-platform-dx/baseline-browser-mapping@v2.9.1...v2.9.2

v2.9.0 - Reduce frequency of data staleness warnings

This version introduces a number of changes to data staleness warnings in response to #105 , #107 and #109

• Data staleness warnings are now only shown if the getCompatibleVersions() or getAllVersions() functions are called - previously they were shown whenever the module was loaded, which meant many browserslist consumers were seeing the warning despite not targeting Baseline, especially those who were consuming browserslist in a pre-compiled format via next.js.
• Adds new conditions for these warnings to be displayed which should only warn users for whom data freshness is critical:
  • The feature cut off data must be within the last two months, i.e. widelyAvailableOnDate: today + >2 years and 4 months or newly available in a browserslist query.
  • The module data must be more than 2 months old.
• Introduces suppression options for these warning via the options objects and environment variables:
  • Adds a new suppressWarnings boolean to the getCompatibleVersions() and getAllVersions()
  • Respects the existing BROWSERSLIST_IGNORE_OLD_DATA environment variable.
  • Respects a new BASELINE_BROWSER_MAPPING_IGNORE_OLD_DATA environment variable.
• Adds explanatory text to the README for how to avoid such warnings when reproducible builds are a requirement.
• Change warning text to be package manager agnostic and mention the possibility of pre-compiled data.

Commits

• 73c8429 Patch to 2.9.4 because browser or feature data changed
• 079e1d9 Browser or feature data changed
• 3553f31 Remove process.loadEnfFile() from main script (#112)
• 5972583 Bump version from 2.9.1 to 2.9.2
• 0ab0d6f Fix browser support bug (#111)
• b326475 Patch to 2.9.1 because browser or feature data changed
• 9ee8cbe Browser or feature data changed
• 226fd01 Reduce frequency of data staleness warnings (#108)
• 6d43e5a Updating static site
• See full diff in compare view

Updates lefthook from 2.0.4 to 2.0.8

Release notes

Sourced from lefthook's releases.

v2.0.8

Changelog

• 0324368284009ac0946a529b021495ad6f7377cc fix: do not escape custom templates in command replacement (#1213)

v2.0.7

Changelog

• 88a192375815e0838850e72dd1ed5c6581792b8a fix: prefer using lefthook from the $PATH (#1211)

v2.0.6

Changelog

• 4bb758673d1f77b399cce2582845752a3c8d2d93 feat: save original executable location in hooks (#1208)

v2.0.5

Changelog

• 11306c9bed69501115a7c763ae4acd713016a36b chore(release): publish artifact attestations (#1189)
• acdabe50afc5c7c3145f1ca642b5533c308df6e2 chore: upgrade golangci-lint to 2.6.1, add modernize (#1190)
• 92033167ac4b3e1a8f0cd66c0075448d863bdf6a deps: November 2025 (#1200)
• 57b10946714197e5116cb5d4492c91b9172ef4b3 feat: add optional args to scripts (#1206)

Changelog

Sourced from lefthook's changelog.

2.0.8 (2025-12-05)

• fix: do not escape custom templates in command replacement (#1213) by @​joevin-sql-docto

2.0.7 (2025-12-04)

• fix: prefer using lefthook from the $PATH (#1211) by @​joevin-sql-docto

2.0.6 (2025-12-03)

• feat: save original executable location in hooks (#1208) by @​mrexox
• docs: encourage python install using pipx (#1207) by @​franzramadhan

2.0.5 (2025-12-02)

• feat: add optional args to scripts (#1206) by @​mrexox
• deps: November 2025 (#1200) by @​mrexox
• chore: upgrade golangci-lint to 2.6.1, add modernize (#1190) by @​scop
• chore: publish artifact attestations (#1189) by @​scop

Commits

• 22171e0 2.0.8: fix templates replacing
• 0324368 fix: do not escape custom templates in command replacement (#1213)
• 0e4eee9 2.0.7: change priorities of lefthook executables in hook script
• 88a1923 fix: prefer using lefthook from the $PATH (#1211)
• 08f5f1e 2.0.6: remember lefthook absolute path when installing Git hooks
• 4bb7586 feat: save original executable location in hooks (#1208)
• 0d18482 docs: encourage python install using pipx (#1207)
• 2ed5cd7 2.0.5: add new option - args
• 57b1094 feat: add optional args to scripts (#1206)
• 9203316 deps: November 2025 (#1200)
• Additional commits viewable in compare view

Updates markdownlint-cli2 from 0.19.1 to 0.20.0

Changelog

Sourced from markdownlint-cli2's changelog.

0.20.0

• Update dependencies

Commits

• 7339935 Update to version 0.20.0.
• b4a4257 Add custom rule markdownlint-rule-numbered-headings-unique to Docker containe...
• dff79cc Update documentation and tests for markdownlint version update in previous co...
• dedb028 Bump markdownlint from 0.39.0 to 0.40.0
• cddf727 Add test to ensure all project version numbers match.
• a1f74ab Bump execa from 9.6.0 to 9.6.1
• d2942ba Update indirect playwright dependencies to 1.57.0.
• 619cca1 Bump @​playwright/test from 1.56.1 to 1.57.0
• 320454a Bump eslint-plugin-jsdoc from 61.4.0 to 61.4.1
• bacb4e3 Exclude more invalid JavaScript test files from CodeQL analysis to avoid "Cou...
• See full diff in compare view

Updates vitest from 4.0.14 to 4.0.15

Release notes

Sourced from vitest's releases.

v4.0.15

   🚀 Experimental Features

• cache: Add opt-out on a plugin level, fix internal root cache  -  by @​sheremet-va in vitest-dev/vitest#9154 (a68f7)
• reporters: Print import duration breakdown  -  by @​sheremet-va in vitest-dev/vitest#9105 (122ff)

   🐞 Bug Fixes

• Keep built-in id as is in bun and deno  -  by @​sheremet-va in vitest-dev/vitest#9117 (075ab)
• Use optimizeDeps.rolldownOptions to fix depreated warning + fix ssr.external: true  -  by @​hi-ogawa in vitest-dev/vitest#9121 (fd8bd)
• Fix external behavior with deps.optimizer  -  by @​hi-ogawa in vitest-dev/vitest#9125 (4c754)
• Very minor typo in "Chrome DevTools Protocol"  -  by @​HowToTestFrontend in vitest-dev/vitest#9146 (20997)
• browser: Run toMatchScreenshot only once when used with expect.element  -  by @​macarie in vitest-dev/vitest#9132 (0d2e7)
• coverage: Istanbul provider to not break source maps  -  by @​AriPerkkio in vitest-dev/vitest#9040 (e4ca9)
• deps: Update dependency tinyexec to v1  -  in vitest-dev/vitest#9122 (fd786)
• docs: Remove --browser.provider from docs  -  by @​sheremet-va in vitest-dev/vitest#9115 (120b3)
• expect: Preserve currentTestName in extended matchers  -  by @​macarie in vitest-dev/vitest#9106 (e4345)
• pool: Terminate workers on CTRL+c forceful exits  -  by @​AriPerkkio in vitest-dev/vitest#9140 (d57d8)
• reporters: Show project in github reporter  -  by @​sheremet-va in vitest-dev/vitest#9138 (bb65e)
• spy: Do not mock overriden method, if parent was automocked  -  by @​sheremet-va in vitest-dev/vitest#9116 (1a246)
• web-worker: MessagePort objects passed to Worker.postMessage work when clone === "native"  -  by @​whitphx in vitest-dev/vitest#9118 (deee8)

    View changes on GitHub

Commits

• eb1abf0 chore: release v4.0.15
• a68f74e feat(cache): add opt-out on a plugin level, fix internal root cache (#9154)
• 122ff32 feat(reporters): print import duration breakdown (#9105)
• 0d2e7e3 fix(browser): run toMatchScreenshot only once when used with `expect.elemen...
• d57d8bf fix(pool): terminate workers on CTRL+c forceful exits (#9140)
• bb65e15 fix(reporters): show project in github reporter (#9138)
• 52b242b chore(deps): update all non-major dependencies (#9133)
• 4c75492 fix: fix external behavior with deps.optimizer (#9125)
• a5d98fd refactor(vitest): get current test name from task property (#9120)
• fd8bd6d fix: use optimizeDeps.rolldownOptions to fix depreated warning + fix `ssr.e...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
nextjs-base	Ready	Preview	Comment	Dec 7, 2025 1:10pm

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[michellepace]

Closing - these updates were applied manually with even newer versions (next 16.0.8, baseline-browser-mapping 2.9.6, lefthook 2.0.9).

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml