Update dependency next to v16.2.3 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
next (source)	16.2.1 → 16.2.3

GitHub Vulnerability Alerts

GHSA-q4gf-8mx6-v5v3

A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23869. You can read more about this advisory our this changelog.

A specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage. This can result in denial of service in unpatched environments.

---

Release Notes

vercel/next.js (next)

v16.2.3

Compare Source

v16.2.2

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 2 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 35, reused 0, downloaded 0, added 0
Progress: resolved 40, reused 0, downloaded 0, added 0
Progress: resolved 41, reused 0, downloaded 0, added 0
Progress: resolved 82, reused 0, downloaded 0, added 0
/tmp/renovate/repos/github/interactivethings/swiss-maps/website:
 ERR_PNPM_NO_MATURE_MATCHING_VERSION  Version 16.2.3 (released 4 days ago) of @next/swc-win32-arm64-msvc does not meet the minimumReleaseAge constraint

This error happened while installing the dependencies of next@16.2.3

The latest release of @next/swc-win32-arm64-msvc is "16.2.3". Published at 4/8/2026

Other releases are:
  * next-12-2-6: 12.2.6 published at 9/29/2022
  * next-14-1: 14.1.1 published at 2/29/2024
  * next-13: 13.5.10 published at 3/24/2025
  * next-12-3-2: 12.3.6 published at 3/24/2025
  * next-14: 14.2.33 published at 9/23/2025
  * next-15-4: 15.4.8 published at 12/3/2025
  * next-15-0: 15.1.9 published at 12/3/2025
  * next-15-0-0: 15.0.5 published at 12/3/2025
  * next-15-5: 15.5.15 published at 4/8/2026
  * canary: 16.2.1-canary.34 published at 4/12/2026 11:41:56 PM

If you need the full list of all 2391 published versions run "pnpm view @next/swc-win32-arm64-msvc versions".

If you want to install the matched version ignoring the time it was published, you can add the package name to the minimumReleaseAgeExclude setting. Read more about it: https://pnpm.io/settings#minimumreleaseageexclude

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
swiss-maps	Ready	Preview, Comment	Apr 13, 2026 6:23am

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (^16.2.1). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.