deps(npm): bump the npm group across 1 directory with 6 updates

[dependabot]

Bumps the npm group with 6 updates in the /dependencies directory:

Package	From	To
next	16.2.2	16.2.3
react	19.2.4	19.2.5
react-dom	19.2.4	19.2.5
renovate	43.110.3	43.110.10
stylelint-config-recommended-scss	17.0.0	17.0.1
textlint	15.5.2	15.5.4

Updates next from 16.2.2 to 16.2.3

Release notes

Sourced from next's releases.

v16.2.3

[!NOTE] This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.

Core Changes

• Ensure app-page reports stale ISR revalidation errors via onRequestError (#92282)
• Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#91981 through #92273)
• Deduplicate output assets and detect content conflicts on emit (#92292)
• Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
• turbo-tasks-backend: stability fixes for task cancellation and error handling (#92254)

Credits

Huge thanks to @​icyJoseph, @​sokra, @​wbinnssmith, @​eps1lon and @​ztanner for helping!

Commits

• d5f649b v16.2.3
• 2873928 [16.x] Avoid consuming cyclic models multiple times (#75)
• d7c7765 [backport]: Ensure app-page reports stale ISR revalidation errors via onReque...
• c573e8c fix(server-hmr): metadata routes overwrite page runtime HMR handler (#92273)
• 57b8f65 next-core: deduplicate output assets and detect content conflicts on emit (#9...
• f158df1 Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
• 356d605 turbo-tasks-backend: stability fixes for task cancellation and error handling...
• 3b77a6e Fix DashMap read-write self-deadlock in task_cache causing hangs (#92210)
• b2f208a Backport: new view-transitions guide, update and fixes (#92264)
• See full diff in compare view

Updates react from 19.2.4 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates renovate from 43.110.3 to 43.110.10

Release notes

Sourced from renovate's releases.

43.110.10

43.110.10 (2026-04-09)

Bug Fixes

• config/validation: validate preset syntax (#42502) (70f2a3f)

Miscellaneous Chores

• types: add a skipReason: malicious (#42500) (6146355)

Code Refactoring

• github/vulnerability: use Zod-inferred types as single source of truth (#42494) (3a05ade)

43.110.9

43.110.9 (2026-04-09)

Bug Fixes

• deps: update ghcr.io/renovatebot/base-image docker tag to v13.33.19 (main) (#42498) (9eed9d3)

43.110.8

43.110.8 (2026-04-09)

Bug Fixes

• bitrise: make steps optional in workflow schema (#42362) (ecdc476)

43.110.7

43.110.7 (2026-04-09)

Bug Fixes

• deps: update ghcr.io/renovatebot/base-image docker tag to v13.33.18 (main) (#42496) (96be9f9)

Miscellaneous Chores

• deps: update dependency esbuild to v0.27.5 (main) (#42497) (a3655ed)

43.110.6

43.110.6 (2026-04-08)

Build System

• deps: update dependency slugify to v1.6.9 (main) (#42495) (8777206)

43.110.5

43.110.5 (2026-04-08)

... (truncated)

Commits

• 6146355 chore(types): add a skipReason: malicious (#42500)
• 70f2a3f fix(config/validation): validate preset syntax (#42502)
• 3a05ade refactor(github/vulnerability): use Zod-inferred types as single source of tr...
• 9eed9d3 fix(deps): update ghcr.io/renovatebot/base-image docker tag to v13.33.19 (mai...
• ecdc476 fix(bitrise): make steps optional in workflow schema (#42362)
• a3655ed chore(deps): update dependency esbuild to v0.27.5 (main) (#42497)
• 96be9f9 fix(deps): update ghcr.io/renovatebot/base-image docker tag to v13.33.18 (mai...
• 8777206 build(deps): update dependency slugify to v1.6.9 (main) (#42495)
• e131b87 fix(deps): update ghcr.io/renovatebot/base-image docker tag to v13.33.17 (mai...
• 0cc1026 chore(deps): update python docker tag to v3.14.4 (main) (#42490)
• Additional commits viewable in compare view

Updates stylelint-config-recommended-scss from 17.0.0 to 17.0.1

Release notes

Sourced from stylelint-config-recommended-scss's releases.

17.0.1

• Fixed: false positive for no-invalid-position-declaration inside a mixin (#373).

Changelog

Sourced from stylelint-config-recommended-scss's changelog.

17.0.1

• Fixed: false positive for no-invalid-position-declaration inside a mixin (#373).

Commits

• f71bf57 17.0.1
• fb68cf8 Prepare 17.0.1 (#400)
• d75a1c9 Bump np from 11.0.2 to 11.0.3 (#399)
• 420ded6 Bump eslint from 10.0.3 to 10.1.0 (#397)
• 0b2aeba Bump lodash from 4.17.23 to 4.18.1 (#398)
• 5929d12 Bump stylelint from 17.4.0 to 17.6.0 (#396)
• d6d6920 Bump picomatch (#395)
• 7ee5843 Bump flatted from 3.3.3 to 3.4.2 (#394)
• 02aab0e Fix false positive for no-invalid-position-declaration inside a mixin (#369...
• 2b66d93 Bump np from 10.2.0 to 11.0.2 (#392)
• Additional commits viewable in compare view

Updates textlint from 15.5.2 to 15.5.4

Commits

• 728f427 v15.5.4 (#1997)
• 212b941 fix: add packages config to lerna.json (#1996)
• a3f50fa refactor: drop unused/replaceable deps (clone, mkdirp, shelljs) (#1994)
• bd5236d v15.5.3 (#1993)
• ecb09ed chore(deps): update node.js to v22.22.2 (#1898)
• 08a9cdc chore: migrate from eslint to oxlint (#1992)
• a8d178a chore: migrate to pnpm catalog for external dependencies (#1991)
• 34148ec chore(deps): update benchmark-action/github-action-benchmark action to v1.22....
• d2adcf5 fix(ci): remove leftover lerna --scope flag from website build (#1989)
• 5c0b9bd chore: migrate from lerna to lerna-lite and remove nx (#1988)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Super-linter summary

Language	Validation result
BIOME_FORMAT	Pass ✅
BIOME_LINT	Pass ✅
CHECKOV	Pass ✅
EDITORCONFIG	Pass ✅
GITLEAKS	Pass ✅
GIT_COMMITLINT	Pass ✅
GIT_MERGE_CONFLICT_MARKERS	Pass ✅
JSCPD	Pass ✅
JSON	Pass ✅
JSON_PRETTIER	Pass ✅
PRE_COMMIT	Pass ✅
SPELL_CODESPELL	Pass ✅
TRIVY	Pass ✅

All files and directories linted successfully

For more information, see the
GitHub Actions workflow run

Powered by Super-linter

[github-actions]

Super-linter summary

Language	Validation result
BIOME_FORMAT	Pass ✅
BIOME_LINT	Pass ✅
CHECKOV	Pass ✅
EDITORCONFIG	Pass ✅
GITLEAKS	Pass ✅
GIT_COMMITLINT	Pass ✅
GIT_MERGE_CONFLICT_MARKERS	Pass ✅
JSCPD	Pass ✅
JSON	Pass ✅
JSON_PRETTIER	Pass ✅
PRE_COMMIT	Pass ✅
SPELL_CODESPELL	Pass ✅
TRIVY	Pass ✅

All files and directories linted successfully

For more information, see the
GitHub Actions workflow run

Powered by Super-linter

[github-actions]

Super-linter summary

Language	Validation result
BIOME_FORMAT	Pass ✅
BIOME_LINT	Pass ✅
CHECKOV	Pass ✅
EDITORCONFIG	Pass ✅
GITLEAKS	Pass ✅
GIT_COMMITLINT	Pass ✅
GIT_MERGE_CONFLICT_MARKERS	Pass ✅
JSCPD	Pass ✅
JSON	Pass ✅
JSON_PRETTIER	Pass ✅
PRE_COMMIT	Pass ✅
SPELL_CODESPELL	Pass ✅
TRIVY	Pass ✅

All files and directories linted successfully

For more information, see the
GitHub Actions workflow run

Powered by Super-linter

[github-actions]

Super-linter summary

Language	Validation result
BIOME_FORMAT	Pass ✅
BIOME_LINT	Pass ✅
CHECKOV	Pass ✅
EDITORCONFIG	Pass ✅
GITLEAKS	Pass ✅
GIT_COMMITLINT	Pass ✅
GIT_MERGE_CONFLICT_MARKERS	Pass ✅
JSCPD	Pass ✅
JSON	Pass ✅
JSON_PRETTIER	Pass ✅
PRE_COMMIT	Pass ✅
SPELL_CODESPELL	Pass ✅
TRIVY	Pass ✅

All files and directories linted successfully

For more information, see the
GitHub Actions workflow run

Powered by Super-linter

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.