chore: bump the minor-and-security group across 1 directory with 10 updates

[dependabot]

Bumps the minor-and-security group with 10 updates in the / directory:

Package	From	To
@google/genai	1.33.0	1.40.0
next	16.0.10	16.1.6
next-intl	4.6.0	4.8.2
react	19.2.3	19.2.4
@types/react	19.2.7	19.2.13
react-dom	19.2.3	19.2.4
ws	8.18.3	8.19.0
baseline-browser-mapping	2.9.7	2.9.19
eslint-config-next	16.0.10	16.1.6
prettier	3.7.4	3.8.1

Updates @google/genai from 1.33.0 to 1.40.0

Release notes

Sourced from @​google/genai's releases.

v1.40.0

1.40.0 (2026-02-04)

Features

v1.39.0

1.39.0 (2026-01-30)

Features

• Add include_input query parameter to Get Interaction endpoint. (84bc7f4)
• Add registerFiles for you can use gcs files with mldev. (7acf3e0)
• Support distillation tuning (c9a2e72)
• Support OSS Tuning in GenAI SDK (258f211)

Bug Fixes

• Add metadata in batch inlined response (0e95bb7)

v1.38.0

1.38.0 (2026-01-20)

Features

• Add ModelArmorConfig support for prompt and response sanitization via the Model Armor service (be65c24)
• Allow custom endpoints for authentication with Vertex AI in Typescript (891e32d), closes #1137
• Update data types from discovery doc. (a16a180)
• Update data types from discovery doc. (a4eaa8c)

v1.37.0

1.37.0 (2026-01-15)

Features

• Support 4:5 and 5:4 aspect ratio in Interactions (5294da2)

v1.36.0

1.36.0 (2026-01-14)

Features

• Add FileSearchCallContent to Interactions (ccf11a4)
• Add ImageConfig to GenerationConfig for image generation in Interactions (f34b6fb)
• Support JS local tokenizer (bb429ad)

... (truncated)

Changelog

Sourced from @​google/genai's changelog.

1.40.0 (2026-02-04)

Features

• Update data types from discovery doc. (bad81a7)

1.39.0 (2026-01-30)

Features

• Add include_input query parameter to Get Interaction endpoint. (84bc7f4)
• Add registerFiles for you can use gcs files with mldev. (7acf3e0)
• Support distillation tuning (c9a2e72)
• Support OSS Tuning in GenAI SDK (258f211)

Bug Fixes

• Add metadata in batch inlined response (0e95bb7)

1.38.0 (2026-01-20)

Features

• Add ModelArmorConfig support for prompt and response sanitization via the Model Armor service (be65c24)
• Allow custom endpoints for authentication with Vertex AI in Typescript (891e32d), closes #1137
• Update data types from discovery doc. (a16a180)
• Update data types from discovery doc. (a4eaa8c)

1.37.0 (2026-01-15)

Features

• Support 4:5 and 5:4 aspect ratio in Interactions (5294da2)

1.36.0 (2026-01-14)

Features

• Add FileSearchCallContent to Interactions (ccf11a4)
• Add ImageConfig to GenerationConfig for image generation in Interactions (f34b6fb)
• Support JS local tokenizer (bb429ad)
• voice activity support (3ad1011)

1.35.0 (2026-01-07)

... (truncated)

Commits

• 5e4d3a4 chore(main): release 1.40.0 (#1299)
• 3b4e641 No public description
• bad81a7 feat: Update data types from discovery doc.
• 307a6cc chore: Make the second interaction stateful by linking it to the first.
• 9e4e88f chore: pull in the generator change
• 1b5ec62 chore(main): release 1.39.0 (#1284)
• 22f271f chore: Support root object conversion for Go SDK. Add response-level root obj...
• 0e95bb7 fix: Add metadata in batch inlined response
• 258f211 feat: Support OSS Tuning in GenAI SDK
• d78f185 chore: Update interactions
• Additional commits viewable in compare view

Updates next from 16.0.10 to 16.1.6

Release notes

Sourced from next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @​mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix linked list bug in LRU deleteFromLru (#88652)
• Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @​acdlite and @​ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

... (truncated)

Commits

• adf8c61 v16.1.6
• 098c0c0 [backport][ci] Make gh auth status optional when triggering a release (#89100)
• a43df32 Backport/docs fixes jan 25 16.1.x (#89124)
• d6d5734 tweak LRU sentinel cache key (#89123)
• 4324698 backport: implement LRU cache with invocation ID scoping for minimal mode res...
• 23c4649 [backport] Upgrade to swc 54 (#88207) (#89103)
• acba4a6 v16.1.5
• e1d1fc6 Add maximum size limit for postponed body parsing (#88175)
• 500ec83 fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
• 1caaca3 feat(next/image)!: add images.maximumResponseBody config (#88183)
• Additional commits viewable in compare view

Updates next-intl from 4.6.0 to 4.8.2

Release notes

Sourced from next-intl's releases.

v4.8.2

4.8.2 (2026-02-02)

Bug Fixes

• Avoid throwing config errors for non-Next.js consumers of next.config.ts (#2245) (f57800e) – by @​amannn

v4.8.1

4.8.1 (2026-01-30)

Bug Fixes

• Fix precompile alias on Windows (#2237) (8e7151a) – by @​amannn

v4.8.0

4.8.0 (2026-01-28)

Features

• Ahead-of-time compilation for messages (blog post, #2220) – by @​amannn

Fixes

• Normalization of file references for useExtracted (#2230) – by @​amannn

v4.7.0

4.7.0 (2026-01-01)

Improvements for useExtracted

• Only run extraction for next dev and next build (not e.g. for next typegen)
• Include line numbers for file references in .po files
• Incorporate line numbers into sorting of messages within a single file (if you're using the default .po format)

(#2200) (ebc5e43) – by @​amannn

v4.6.1

4.6.1 (2025-12-16)

Bug Fixes

• Improvements for useExtracted (#2176) (3937e44) – by @​amannn

Changelog

Sourced from next-intl's changelog.

4.8.2 (2026-02-02)

Bug Fixes

• Avoid throwing config errors for non-Next.js consumers of next.config.ts (#2245) (f57800e) – by @​amannn

4.8.1 (2026-01-30)

Bug Fixes

• Fix precompile alias on Windows (#2237) (8e7151a) – by @​amannn

4.8.0 (2026-01-28)

Features

• Ahead-of-time compilation for messages (#2220) (02149c1) – by @​amannn

4.7.0 (2026-01-01)

Features

• Improvements for useExtracted (#2200) (ebc5e43) – by @​amannn

4.6.1 (2025-12-16)

Bug Fixes

• Improvements for useExtracted (#2176) (3937e44) – by @​amannn

Commits

• de4baeb v4.8.2
• f57800e fix: Avoid throwing config errors for non-Next.js consumers of `next.config.t...
• 698f43c docs: Update issue templates
• 5cf7b38 docs: Improve getting started section (#2238)
• dea366a docs: Homepage users (#2239)
• 95238a9 v4.8.1
• 8e7151a fix: Fix precompile alias on Windows (#2237)
• 5baccd8 chore: Add AGENTS.md
• e3315f3 docs: Revise publication date for blog post
• 622a025 chore: Sync canary (#2235)
• Additional commits viewable in compare view

Updates react from 19.2.3 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates @types/react from 19.2.7 to 19.2.13

Commits

• See full diff in compare view

Updates react-dom from 19.2.3 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates ws from 8.18.3 to 8.19.0

Release notes

Sourced from ws's releases.

8.19.0

Features

• Added the closeTimeout option (#2308).

Bug fixes

• Handled a forthcoming breaking change in Node.js core (19984854).

Commits

• 61349ec [dist] 8.19.0
• 3f9ffc6 [feature] Introduce the closeTimeout option (#2308)
• 1998485 [fix] Ensure all remaining data is read as a single chunk
• 726c373 [doc] Sort options alphabetically
• b151f1e [ci] Update actions/checkout action to v6
• dabdd5b [ci] Update actions/setup-node action to v6
• 86eac5b [ci] Test on node 25
• 1891e14 [ci] Update actions/setup-node action to v5
• aa28c77 [ci] Update actions/checkout action to v5
• See full diff in compare view

Updates @types/react from 19.2.7 to 19.2.13

Commits

• See full diff in compare view

Updates baseline-browser-mapping from 2.9.7 to 2.9.19

Release notes

Sourced from baseline-browser-mapping's releases.

v2.9.3 - remove process.loadEnvFile()

What's Changed

• Remove process.loadEnfFile() from main script by @​tonypconway in web-platform-dx/baseline-browser-mapping#112

Full Changelog: web-platform-dx/baseline-browser-mapping@v2.9.2...v2.9.3

Commits

• ec8136a Patch to 2.9.19 because browser or feature data changed
• 160e032 Browser or feature data changed
• 3d0df65 Updating static site
• 945eca4 Patch to 2.9.18 because browser or feature data changed
• ea6e7ca Browser or feature data changed
• 586487b Updating static site
• 802fe15 Patch to 2.9.17 because browser or feature data changed
• fb0d550 Browser or feature data changed
• ebb10d9 Updating static site
• d130866 Patch to 2.9.16 because browser or feature data changed
• Additional commits viewable in compare view

Updates eslint-config-next from 16.0.10 to 16.1.6

Release notes

Sourced from eslint-config-next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @​mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix linked list bug in LRU deleteFromLru (#88652)
• Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @​acdlite and @​ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

... (truncated)

Commits

• adf8c61 v16.1.6
• acba4a6 v16.1.5
• 60de6c2 v16.1.4
• f01cf07 v16.1.3
• cb436b3 v16.1.2
• 3aa5398 v16.1.1
• 3491676 v16.1.0
• 58e8f8c v16.1.0-canary.34
• 3284587 v16.1.0-canary.33
• 04290ab v16.1.0-canary.32
• Additional commits viewable in compare view

Updates prettier from 3.7.4 to 3.8.1

Release notes

Sourced from prettier's releases.

3.8.1

• Include available printers in plugin type declarations (#18706 by @​porada)

🔗 Changelog

3.8.0

• Support Angular v21.1

diff

🔗 Release note "Prettier 3.8: Support for Angular v21.1"

Changelog

Sourced from prettier's changelog.

3.8.1

diff

Include available printers in plugin type declarations (#18706 by @​porada)

// Input
import * as prettierPluginEstree from "prettier/plugins/estree";
// Prettier 3.8.0
// Property 'printers' does not exist on type 'typeof import("prettier/plugins/estree")'. ts(2339)
prettierPluginEstree.printers.estree; //=> any
// Prettier 3.8.1
prettierPluginEstree.printers.estree; //=> Printer
prettierPluginEstree.printers["estree-json"]; //=> Printer

3.8.0

diff

🔗 Release Notes

Commits

• 90983f4 Release 3.8.1
• 57f702f Include available printers in plugin type declarations (#18706)
• bece827 Revert change in release script
• 82a4ab2 Bump Prettier dependency to 3.8.0
• 5213ee4 Clean changelog_unreleased
• f95ad0f Comment out finished steps
• b2034e8 Fix release script
• 5824b15 Release 3.8.0
• 0433601 Add blog post for v3.8.0 (#18639)
• b04d05b Remove lint step from release script (#18415)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.