chore(deps): bump the production-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the production-dependencies group with 5 updates in the / directory:

Package	From	To
canvas	3.2.1	3.2.2
diff	8.0.3	8.0.4
jose	6.2.1	6.2.2
next	16.1.6	16.2.1
yaml	2.8.2	2.8.3

Updates canvas from 3.2.1 to 3.2.2

Release notes

Sourced from canvas's releases.

v3.2.2

Fixed

• Fix dangling env pointer in image MIME data cleanup (#2550)
• Fix ctx.direction not affected by ctx.save and ctx.restore
• Preserve rest of PDF pages when changing width and height (#2538)
• Several security fixes for untrusted inputs to getImageData and putImageData. Thanks to Ethan Kim for the report.

Changelog

Sourced from canvas's changelog.

3.2.2

Fixed

• Fix dangling env pointer in image MIME data cleanup (#2550)
• Fix ctx.direction not affected by ctx.save and ctx.restore
• Preserve rest of PDF pages when changing width and height (#2538)
• Several security fixes for untrusted inputs to getImageData and putImageData. Thanks to Ethan Kim for the report.

Commits

• ac82fa7 v3.2.2
• 103a620 add the last flurry of commits to CHANGELOG
• 7304c7a avoid integer overflow in getImageData
• f9fcc5f avoid integer overflow in putImageData
• 802a8ca avoid integer overflow in new ImageData
• 9d1b478 wrap negative values passed to createImageData
• 779483c bail early when setting zero-length image source
• 22ed2b7 make canvas types unsigned
• 2faab61 keep canvas width and height valid
• 351aacf avoid integer overflow in ensureSurface
• Additional commits viewable in compare view

Updates diff from 8.0.3 to 8.0.4

Changelog

Sourced from diff's changelog.

8.0.4

• #667 - fix another bug in diffWords when used with an Intl.Segmenter. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), diffWords would previously crash. Now this case is handled correctly.

Commits

• dd2f994 8.0.4 release (#678)
• 3cc4384 Update docs on releasing to reflect migration to yarn berry (#677)
• 6fc2aa6 yarn up '*' && yarn up -R '**' (#676)
• af7393a yarn up '*' && yarn up -R '**' (#670)
• 4b5d180 Fix another bug in diffWords's "intlSegmenter" mode (#667)
• 10da50c yarn up '*' && yarn up -R '**' (#666)
• 8dc164b Migrate from Yarn Classic to Yarn Berry (#662)
• 750fbd6 yarn upgrade --latest (#661)
• abe2bde Add release notes for undocumented releases (#658)
• See full diff in compare view

Updates jose from 6.2.1 to 6.2.2

Release notes

Sourced from jose's releases.

v6.2.2

Fixes

• reject failed decompression with JWEInvalid error (043b181)

Changelog

Sourced from jose's changelog.

6.2.2 (2026-03-18)

Fixes

• reject failed decompression with JWEInvalid error (043b181)

Commits

• 9c86586 chore(release): 6.2.2
• 4984b5c chore(deps): bump the actions group with 4 updates
• 043b181 fix: reject failed decompression with JWEInvalid error
• 867cc2c chore(deps-dev): bump undici
• f4e20e7 chore(deps-dev): bump tar in the npm_and_yarn group across 1 directory
• d0505bf chore: cleanup after release
• See full diff in compare view

Updates next from 16.1.6 to 16.2.1

Release notes

Sourced from next's releases.

v16.2.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• docs: post release amends (#91715)
• docs: fix broken Activity Patterns demo link in preserving UI state guide (#91698)
• Fix adapter outputs for dynamic metadata routes (#91680)
• Turbopack: fix webpack loader runner layer (#91727)
• Fix server actions in standalone mode with cacheComponents (#91711)
• turbo-persistence: remove Unmergeable mmap advice (#91713)
• Fix layout segment optimization: move app-page imports to server-utility transition (#91701)
• Turbopack: lazy require metadata and handle TLA (#91705)
• [turbopack] Respect {eval:true} in worker_threads constructors (#91666)

Credits

Huge thanks to @​icyJoseph, @​abhishekmardiya, @​ijjk, @​mischnic, @​unstubbable, @​sokra, and @​lukesandberg for helping!

v16.2.1-canary.7

Core Changes

• Avoid deprecated TS node10 moduleResolution defaults: #91847
• [turbopack] Rebuild the docker build scripts: #91799
• Fix TS6 baseUrl deprecation for extended tsconfig: #91855
• Add next internal post-build CLI command for Turbopack database compaction: #91336

Example Changes

• chore(examples): remove with-styletron example: #81842

Misc Changes

• ci: upload adapter deploy test results: #91846
• Turbopack: Define Effect as a trait instead of a closure: #89080
• test: scope css data-url typing to fixture: #91877
• Turbopack: Implement TraceRawVcs and NonLocalValue correctly for Effects: #89133

Credits

Huge thanks to @​JamBalaya56562, @​ijjk, @​mmastrac, @​sokra, and @​bgw for helping!

v16.2.1-canary.6

Core Changes

• [Segment Bundling] [Scaffolding] Ensure inlining hint correctness: #91320
• Upgrade React from 3f0b9e61-20260317 to 8b2e903a-20260320: #91731
• [Segment Bundling] [Scaffolding] Track which segments can be omitted from prefetch: #91438

Misc Changes

... (truncated)

Commits

• ed7d2ce v16.2.1
• 3e37bb4 docs: post release amends (#91715)
• a15ec6e docs: fix broken Activity Patterns demo link in preserving UI state guide (#9...
• 600cd2f Fix adapter outputs for dynamic metadata routes (#91680)
• 27886d3 Turbopack: fix webpack loader runner layer (#91727)
• 88fc430 Fix server actions in standalone mode with cacheComponents (#91711)
• 37aed86 turbo-persistence: remove Unmergeable mmap advice (#91713)
• d6195ec Fix layout segment optimization: move app-page imports to server-utility tran...
• 6cb97d6 Turbopack: lazy require metadata and handle TLA (#91705)
• e6b101a [turbopack] Respect {eval:true} in worker_threads constructors (#91666)
• Additional commits viewable in compare view

Updates yaml from 2.8.2 to 2.8.3

Release notes

Sourced from yaml's releases.

v2.8.3

• Add trailingComma ToString option for multiline flow formatting (#670)
• Catch stack overflow during node composition (1e84ebb)

Commits

• ce14587 2.8.3
• 1e84ebb fix: Catch stack overflow during node composition
• 6b24090 ci: Include Prettier check in lint action
• 9424dee chore: Refresh lockfile
• d1aca82 Add trailingComma ToString option for multiline flow formatting (#670)
• 4321509 ci: Drop the branch filter from GitHub PR actions
• 47207d0 chore: Update docs-slate
• 5212fae chore: Update docs-slate
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.