[Snyk] Upgrade next from 16.1.0 to 16.1.1

[SMSDAO]

Snyk has created this PR to upgrade next from 16.1.0 to 16.1.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 26 versions ahead of your current version.

• The recommended version was released 22 days ago.

Release notes

Package name: next

• 16.1.1 - 2025-12-22
• 16.1.1-canary.24 - 2026-01-13
• 16.1.1-canary.23 - 2026-01-12
• 16.1.1-canary.22 - 2026-01-12
• 16.1.1-canary.21 - 2026-01-11
• 16.1.1-canary.20 - 2026-01-09
• 16.1.1-canary.19 - 2026-01-08
• 16.1.1-canary.18 - 2026-01-08
• 16.1.1-canary.17 - 2026-01-07
• 16.1.1-canary.16 - 2026-01-07
• 16.1.1-canary.15 - 2026-01-06
• 16.1.1-canary.14 - 2026-01-06
• 16.1.1-canary.13 - 2026-01-05
• 16.1.1-canary.12 - 2026-01-04
• 16.1.1-canary.11 - 2026-01-03
• 16.1.1-canary.10 - 2025-12-30
• 16.1.1-canary.9 - 2025-12-29
• 16.1.1-canary.8 - 2025-12-28
• 16.1.1-canary.7 - 2025-12-28
• 16.1.1-canary.6 - 2025-12-26
• 16.1.1-canary.5 - 2025-12-23
• 16.1.1-canary.4 - 2025-12-22
• 16.1.1-canary.3 - 2025-12-22
  

  Core Changes

  • Turbopack: Create junction points instead of symlinks on Windows: #87606

  Misc Changes

  • Turbopack: In CI only persist at the end: #87316
  • fix: correct quotes in dev script filter in package.json: #87638

  Credits

  Huge thanks to @ bgw, @ sokra, and @ naveenkarmegam for helping!

• 16.1.1-canary.2 - 2025-12-20
  

  Misc Changes

  • ci: track runner name on datadog test reports: #87440
  • docs: tweaks/fixes to papercuts: #87445
  • docs: fix typos and clarify examples in Cache Components guide: #87530

  Credits

  Huge thanks to @ ztanner and @ icyJoseph for helping!

• 16.1.1-canary.1 - 2025-12-19
  

  Misc Changes

  • Turbopack: refactor graph traveral and fix module graph determinism: #87312
  • docs: fix highlight in 05-server-and-client-components.mdx: #87347
  • Guide: Update Optimizing Package Bundling to include new Bundle Analyzer: #87246
  • docs: generateMetadata and generateViewport w/ CC: #87218
  • bundle analyzer: remove uncompressed toggle, stabilize top bar ui: #87325
  • test: de-flake client-cache deployment tests: #87412
  • Revert "Revert "[turbopack] Set liveness of exports based on assignment analysis (#82802)"": #87214

  Credits

  Huge thanks to @ sokra, @ Juneezee, @ delbaoliveira, @ icyJoseph, @ wbinnssmith, @ ztanner, and @ lukesandberg for helping!

• 16.1.1-canary.0 - 2025-12-18
  

  Core Changes

  • Upgrade React from f93b9fd4-20251217 to 65eec428-20251218: #87323

  Misc Changes

  • docs: next experimental-analyze: #87272
  • docs: use cache private redo: #87111

  Credits

  Huge thanks to @ icyJoseph for helping!

• 16.1.0 - 2025-12-18
  

  Tip

  Check out our Next v16.1 Blog Post to learn more about this release.

  Core Changes

  • fix: Rspack throw error when using ForceCompleteRuntimePlugin: #85221
  • fix: build CLI output not displaying Proxy (Middleware) when nodejs runtime: #85403
  • fix: staleTimes.static should consistently enforce a 30s minimum: #85479
  • [turbopack] fix build of empty entries of pages: #84873
  • Cache the head separately from the route tree: #84724
  • Allow inspecting dev server on default port with next dev --inspect: #85037
  • Avoid proxying React modules through workUnitStore: #85486
  • fix: redirect should always return updated router state: #85533
  • Upgrade React from b4455a6e-20251027 to 4f931700-20251029: #85518
  • [turbopack] Move generation of cacheLife types out of the webpack plugin and into the dev bundler directly: #85539
  • Ensure user-space stack frame for 'use cache' in page/layout component: #85519
  • Update parallel routes in build-complete: #85546
  • fully remove clientSegmentCache flag: #85541
  • [turbopack] Support relative paths in turbopack source maps.: #85146
  • Release unnecessary memory on hydration finish: #84967
  • Preserve interception markers in parameter types: #85526
  • move segment cache entries to top level segment-cache dir: #85542
  • Upgrade React from 4f931700-20251029 to 561ee24d-20251101: #85670
  • [devtools] Remove title from preferences: #85698
  • Update font data: #85708
  • Don't invalidate hot reloader excessively during dev server boot: #85732
  • [codemod] fix: next-lint-to-eslint-cli did not handle 'next' plugin: #85749
  • Upgrade React from 561ee24d-20251101 to 67f7d47a-20251103: #85762
  • Tracing: Fix memory leak in span map: #85529
  • Fix documentation typo in refresh function: #85696
  • fix: eslint-config-next types was exporting to dist/src: #85768
  • Upgrade React from 67f7d47a-20251103 to f646e8ff-20251104: #85772
  • remove unused RSC payload property: #85746
  • [runtime prefetching]: fix runtime prefetching when deployed: #85595
  • Turbopack: next build --analyze: #85197
  • Build: Log amount of workers during static generation: #85706
  • Upgrade React from f646e8ff-20251104 to dd048c3b-20251105: #85819
  • Sync devFallbackParams when generateStaticParams change: #85741
  • chore: upgrade rspack 1.6.0: #84210
  • [mcp] get_routes mcp tool: #85773
  • Split each path param into a separate cache key : #85758
  • [turbopack] change server source maps in production to use relative paths: #85576
  • fix: skip collecting metadata for app-error in webpack: #85892
  • fix: support root span attributes with a custom server: #85521
  • fix isDynamicRSC condition when deployed: #85919
  • [turbopack] Make it possible to synchronously access native bindings: #85787
  • Upgrade React from dd048c3b-20251105 to fa50caf5-20251107: #85906
  • Fix telemetry event loss on build failures and server shutdown: #85867
  • Remove one stack frame from 'use cache' call stacks: #85966
  • Upgrade React from fa50caf5-20251107 to 52684925-20251110: #85980
  • Deployment adapter: fix metadata for "/" route: #85820
  • Enable React's default Transition indicator behind a flag: #86000
  • update routes-manifest to include whether app has pages routes: #86051
  • Fix 404 responses for interception routes with missing children slots: #85779
  • Build: Share StaticWorker between static check and static generation: #85860
  • [devtool] highlight all link in error message: #86084
  • fix(nodejs-middleware): await for body cloning to be properly finalized: #85418
  • Add build-time validation to detect ambiguous app routes: #85834
  • Don't use inspector frontend URLs from other processes: #86082
  • Upgrade React from 52684925-20251110 to 93fc5740-20251113: #86103
  • [next-upgrade] Force install of dev dependencies: #86119
  • Fix telemetry event race condition in webpack worker for @ vercel/og detection: #86145
  • Turbopack: Add bundle analyzer UI to next build --experimental-analyze: #85788
  • Upgrade React from 93fc5740-20251113 to fb2177c1-20251114: #86155
  • fix: cacheMaxMemorySize should not disable dev HMR cache: #86164
  • Fix streaming server actions: #86148
  • Allow attaching a debugger when next dev is already running: #86083
  • Introduce next analyze: a built-in bundle analyzer for Turbopack: #85915
  • Turbopack: add experimental.turbopackClient/ServerSideNestedAsyncChunking: #85827
  • next analyze: annotate polyfill modules in UI: #86062
  • Stop adding additional padding to Next.js logs: #86139
  • [next-upgrade] Add next upgrade: #86120
  • Fix prerendering of interception routes with generateStaticParams: #85835
  • [Segment Cache] Re-implement refresh reducer: #84426
  • Upgrade React from fb2177c1-20251114 to 0972e239-20251118: #86263
  • next analyze: Make ipv6 server links valid and normalize localhost: #86219
  • fix: prevent fetch abort errors propagating to user error boundaries: #86277
  • chore(turbopack-node): remove some outdated codes: #86111
  • [devtools] Ensure Chrome DevTools workspace can connect with proxy rewrites: #86289
  • Fix log log alignment in spinners: #86298
  • fix: Rename proxy.js to middleware.js in NFT file: #86214
  • Turbopack: allow trace level tracing: #86255
  • Allow SSR to finish microtasky work before flushing: #86311
  • Turbopack: fix passing project options from napi: #86256
  • [Cache Components] Atomic setTimeouts: #86093
  • Turbopack: add experimental.turbopackInputSourceMaps and respect serverSourceMaps: #86340
  • [Cache Components] Discriminate static shell validation errors by type: #85747
  • Turbopack: add NEXT_TURBOPACK_WRITE_ROUTES_HASHES_MANIFEST to write hashes into manifest: #86257
  • Add reasons for some server-external-packages: #86254
  • Send dynamic validation errors to browser via WebSocket: #85818
  • Delete un-used prefetch outputs with PPR: #86100
  • Revert "Turbopack: add bundle-analyzer to versioning and add dependen…: #86394
  • Turbopack: add bundle-analyzer to versioning and add dependency: #86355
  • fix issue - #86365: #86366
  • Turbopack: fix import chain by determining depth locally per route: #86350
  • Use JSONC for default server-external-packages: #86252
  • add debug logs to onSegmentPrerenderError: #86358
  • Skip request if "full" prefetch is already pending: #86405
  • fix: Rename proxy.js to middleware.js in NFT file (#86214)
  • fix: prevent fetch abort errors propagating to user error boundaries (#86277)
  • Turbopack: fix passing project options from napi (#86256)
  • Eslint: Improve Google Tag manager third parties message: #51903
  • [ts-plugin] keep showing the types in the function body: #86273
  • [turbopack] Enable the filesystem cache for dev in canary builds: #85940
  • docs: fix typos in packages: #82508
  • Turbopack: Expose an environment variable for exposing the detail field of issues: #86518
  • Turbopack: inner graph tree shaking: #85973
  • [next-upgrade] Fall back to npx if yarn dlx is not available: #86384
  • Update font data: #86521
  • Convert any export from a 'use cache' module to a cache function: #86014
  • fix(nodejs-middleware): await for body cloning to be properly finalized (#85418)
  • Fix stale dev types causing build failure after route deletion: #86489
  • bump the browserslist version to silence a warning in CI (#86625)
  • add bundle analyzer as dev dependency to next: #86497
  • Remove obsolete setReferenceManifestsSingleton call: #86574
  • Add flag to show ignore listed frames: #86285
  • Add alinea to server-external-packages.json: #55006
  • Fix error logging for 'use cache' runtime errors in production: #86500
  • Upgrade React from 8ac5f4eb-20251119 to fd524fe0-20251121: #86473
  • Add "@ zenstackhq/runtime" to server-external-packages.json: #54829
  • [Cache Components] Ensure cache misses always cause a restart in dev: #86583
  • bump the browserslist version to silence a warning in CI: #86625
  • Turbopack: import to char not replaced:

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
gxq	Error		Jan 13, 2026 11:53pm
reimagined-jupiter	Error		Jan 13, 2026 11:53pm
tradeos	Error		Jan 13, 2026 11:53pm

[railway-app]

🚅 Deployed to the reimagined-jupiter-pr-143 environment in gxq

Service	Status	Web	Updated (UTC)
reimagined-jupiter	❌ Build Failed (View Logs)		Jan 14, 2026 at 12:13 am

[github-actions]

⚠️ Railway Preview Deployment Skipped

Preview deployment was skipped because required secrets are not configured.

Required Secrets

Repository maintainers need to configure these secrets in repository settings:

• RAILWAY_TOKEN - Railway API authentication token
• RAILWAY_PROJECT_ID - Railway project ID (should be 2077acd9-f81f-47ba-b8c7-8bf6905f45fc)
• SOLANA_RPC_URL - Solana RPC endpoint URL
• WALLET_PRIVATE_KEY - Wallet private key (base58 format)
• ADMIN_USERNAME - Admin panel username
• ADMIN_PASSWORD - Admin panel password
• JWT_SECRET - JWT secret for authentication

How to Configure

1. Go to repository Settings → Secrets and variables → Actions
2. Add the required secrets
3. Re-run this workflow or push a new commit

For more information, see the Railway deployment documentation.

[Copilot]

Pull request overview

This PR upgrades the Next.js framework from version 16.1.0 to 16.1.1 in the webapp directory. The upgrade is proposed by Snyk as a security/maintenance update.

Changes:

• Updates Next.js package from 16.1.0 to 16.1.1 in package.json
• Updates all Next.js related dependencies and SWC binaries in package-lock.json to version 16.1.1

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
webapp/package.json	Updates Next.js dependency version to 16.1.1
webapp/package-lock.json	Updates resolved URLs, integrity hashes, and versions for Next.js and all related @next/* packages

Files not reviewed (1)

• webapp/package-lock.json: Language not supported

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	eslint@​9.39.2 ⏵ 8.57.1	+3			-45
	@​typescript-eslint/​parser@​8.50.0 ⏵ 6.21.0
	@​types/​express@​5.0.6
	@​types/​bcrypt@​6.0.0
	@​types/​jsonwebtoken@​9.0.10
	@​types/​pg@​8.16.0
	@​types/​bn.js@​5.2.0
	@​types/​jest@​29.5.14
	@​vercel/​node@​3.2.29
	@​typescript-eslint/​eslint-plugin@​8.50.0 ⏵ 6.21.0
	@​types/​node@​25.0.3 ⏵ 20.19.27
	@​octokit/​rest@​20.1.2
	@​solana/​spl-token@​0.3.11
	commander@​14.0.1 ⏵ 11.1.0	+1
	@​pythnetwork/​client@​2.22.1
	@​pythnetwork/​hermes-client@​2.1.0 ⏵ 2.0.0	-2
	bcrypt@​5.1.1
	dotenv@​16.6.1
	express@​4.22.1
	inquirer@​9.3.8

View full report