build(deps): bump the npm_and_yarn group across 1 directory with 6 updates

[dependabot]

Bumps the npm_and_yarn group with 6 updates in the /frontend directory:

Package	From	To
next	13.5.11	16.2.0
@babel/runtime	7.26.0	7.29.2
flatted	3.2.9	3.4.2
js-yaml	4.1.0	4.1.1
minimatch	3.1.2	3.1.5
nanoid	3.3.6	3.3.11

Updates next from 13.5.11 to 16.2.0

Release notes

Sourced from next's releases.

v16.2.0

[!TIP]
Check out our Next v16.2 Blog Post to learn more about this release.

Core Changes

• Upgrade React from f93b9fd4-20251217 to 65eec428-20251218: #87323
• Turbopack: Create junction points instead of symlinks on Windows: #87606
• Turbopack: Symlink handling follow-up: #87637
• Add experimental routing package for resolving adapter routes: #86404
• Ensure outputs are correct with cache components in deployment adapters: #87018
• Move off of deprecated url.parse: #87257
• [strict-route-types] Add experimental.strictRouteTypes config: #87378
• misc: fix type check log for CI envs: #87838
• fix: revalidateTag with profile should not trigger client cache invalidation: #88069
• chore: warn when running tests against stale build: #88001
• Redesign default error pages with cleaner, more user-friendly UI: #87988
• dx: avoid next-env.d.ts change in dev: #88103
• prevent browser cache from using stale RSC responses from previous builds: #86554
• [strict-route-types] Typecheck App Router page props: #87386
• [strict-route-types] Enforce common React Component return types in App Router: #87389
• [strict-route-types] Switch to satisfies when validating page and route modules: #87398
• [strict-route-types] Don't reject number in config.api.bodyParser.sizeLimit when validating route: #87633
• Revert "dx: avoid next-env.d.ts change in dev": #88153
• [strict-route-types] Typecheck pages router routes in absence of App Router: #87628
• [strict-route-types] Ensure cache profiles and routes are type-checked even if .next is excluded: #87768
• add compilation error for taint when not enabled: #88173
• feat(next/image)!: add images.maximumResponseBody config: #88183
• Add maximum size limit for postponed body parsing: #88175
• metadata: use fixed segment in dynamic routes with static metadata files: #88113
• feat: add --experimental-cpu-prof flag for dev, build, and start: #87946
• Add experimental option to use no-cache instead of no-store in dev: #88182
• fix overlay frames cannot be opened sometimes: #88210
• Handle pnpm-workspace.yaml while searching for monorepo root: #74818
• Add more debug logs to 'use cache' wrapper: #88219
• Omit unused arguments from 'use cache' function calls: #86920
• Only log pending revalidates... debug log if applicable: #88221
• fix(next/image): bump sharp@0.34.5: #88238
• Disallow javascript urls in router methods and redirects: #88185
• Fix relative same host redirects in node middleware: #88253
• Remove loadConfig from main development process, pass value from child process: #88230
• Update deploy adapters outputs and handler interfaces for node and edge: #88247
• Move Ready in time before handler initialization: #88235
• next/image: support custom cache handlers: #88248
• feat: add Claude Code plugin marketplace with Cache Components skill: #87993
• refactor: consolidate PPR into cacheComponents architecture: #88243
• Turbopack: include fewer traced files for standalone: #88322
• feat(turbopack): add resolve plugin condition variant of Always and Never: #88190
• perf: use length = 0 to clear the logging array: #88244
• Time logs: Show full millisecond instead of 1 decimal: #88313

... (truncated)

Commits

• c5c94df v16.2.0
• 649d302 Unflake router events deploy test (#91589)
• bcd9c19 docs: Clarify ignoreBuildErrors behavior (#91367)
• 3683192 v16.2.0-canary.104
• b61823d SRI turbopack documentation (#90477)
• 0ca967b Add group depth tracking to instant validation boundary discovery (#91208)
• a41bef9 improve allowedDevOrigins error (#91521)
• 75c51c6 Turbopack: Use debug = "line-tables-only" for dev builds (#91539)
• 39e705c Turbopack: Merge release-with-assertions-no-lto profile into release-with-ass...
• 4de2201 [turbopack] Share scratch buffer across shards using thread local (#90167)
• Additional commits viewable in compare view

Updates @babel/runtime from 7.26.0 to 7.29.2

Release notes

Sourced from @​babel/runtime's releases.

v7.29.2 (2026-03-16)

👓 Spec Compliance

• babel-parser
  • #17840 [7.x backport] async x => {} must be in leading pos (@​JLHwung)

🐛 Bug Fix

• babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3
  • #17805 [7.x backport] fix: Properly handle await in finally (@​liuxingbaoyu)
• babel-preset-env
  • #17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@​JLHwung)

🏠 Internal

• #17813 chore: update eslint peer deps (@​JLHwung)

Committers: 2

• Huáng Jùnliàng (@​JLHwung)
• @​liuxingbaoyu

v7.29.1 (2026-02-04)

🐛 Bug Fix

• babel-standalone
  • #17771 [7.x backport] fix: ensure targets.esmodules is validated (@​JLHwung)
• babel-generator
  • #17776 [7.x backport] Fix undefined when 64 indents (@​liuxingbaoyu)

Committers: 2

• Huáng Jùnliàng (@​JLHwung)
• @​liuxingbaoyu

v7.29.0 (2026-01-31)

Thanks @​simbahax for your first PR!

🚀 New Feature

• babel-types
  • #17750 [7.x backport] Add attributes import declaration builder (@​JLHwung)
• babel-standalone
  • #17663 [7.x backport] feat(standalone): export async transform (@​JLHwung)
  • #17725 [7.x backport] feat: read standalone targets from data-targets (@​JLHwung)

🐛 Bug Fix

• babel-parser
  • #17765 fix(parser): correctly parse type assertions in extends clause (@​nicolo-ribaudo)
  • #17723 [7.x backport] fix(parser): improve super type argument parsing (@​JLHwung)
• babel-traverse
  • #17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@​simbahax)
• babel-plugin-transform-block-scoping, babel-traverse
  • #17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@​magic-akari)

... (truncated)

Commits

• 37d5595 v7.29.2
• d7f4008 v7.28.6
• 35055e3 v7.28.4
• ef155f5 v7.28.3
• cac0ff4 v7.28.2
• f68ac51 chore: Avoid CITGM errors (#17382)
• baa4cb8 v7.27.6
• 7d06930 v7.27.4
• 5b9468d Reduce regenerator size more (#17287)
• cb78b5b [babel 8] Do not replace global regeneratorRuntime references in regenerato...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​babel/runtime since your current version.

Updates flatted from 3.2.9 to 3.4.2

Commits

• 3bf0909 3.4.2
• 885ddcc fix CWE-1321
• 0bdba70 added flatted-view to the benchmark
• 2a02dce 3.4.1
• fba4e8f Merge pull request #89 from WebReflection/python-fix
• 5fe8648 added "when in Rome" also a test for PHP
• 53517ad some minor improvement
• b3e2a0c Fixing recursion issue in Python too
• c4b46db Add SECURITY.md for security policy and reporting
• f86d071 Create dependabot.yml for version updates
• Additional commits viewable in compare view

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

Commits

• cc482e7 4.1.1 released
• 50968b8 dist rebuild
• d092d86 lint fix
• 383665f fix prototype pollution in merge (<<)
• 0d3ca7a README.md: HTTP => HTTPS (#678)
• 49baadd doc: 'empty' style option for !!null
• ba3460e Fix demo link (#618)
• See full diff in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

• 7bba978 3.1.5
• bd25942 docs: add warning about ReDoS
• 1a9c27c fix partial matching of globstar patterns
• 1a2e084 3.1.4
• ae24656 update lockfile
• b100374 limit recursion for **, improve perf considerably
• 26ffeaa lockfile update
• 9eca892 lock node version to 14
• 00c323b 3.1.3
• 30486b2 update CI matrix and actions
• Additional commits viewable in compare view

Updates nanoid from 3.3.6 to 3.3.11

Release notes

Sourced from nanoid's releases.

3.3.11

• Fixed React Native support.

3.3.10

• Fixed React Native support (by @​steida).

3.3.9

• Reduced npm package size.

Changelog

Sourced from nanoid's changelog.

3.3.11

• Fixed React Native support.

3.3.10

• Fixed React Native support (by @​steida).

3.3.9

• Reduced npm package size.

3.3.8

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

3.3.7

• Fixed node16 TypeScript support (by Saadi Myftija).

Commits

• 37289ce Release 3.3.11 version
• 23690b7 Fix CI
• c147962 Fix RN support
• a83734e Move to manually ESM/CJS dual package
• bb12e8a Release 3.3.10 version
• 8f44264 Fix Expo support
• adf9b0c Release 3.3.9 version
• 1c6f088 Remove dev file from npm package
• 3044cd5 Release 3.3.8 version
• 4fe3495 Update size limit
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
plex-utils	Error		Mar 20, 2026 8:00am