build(deps): bump next from 14.2.30 to 16.2.3 in /docs

[dependabot]

Bumps next from 14.2.30 to 16.2.3.

Release notes

Sourced from next's releases.

v16.2.3

[!NOTE] This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.

Core Changes

• Ensure app-page reports stale ISR revalidation errors via onRequestError (#92282)
• Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#91981 through #92273)
• Deduplicate output assets and detect content conflicts on emit (#92292)
• Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
• turbo-tasks-backend: stability fixes for task cancellation and error handling (#92254)

Credits

Huge thanks to @​icyJoseph, @​sokra, @​wbinnssmith, @​eps1lon and @​ztanner for helping!

v16.2.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• backport: Move expanded adapters docs to API reference (#92115) (#92129)
• Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
• [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
• next.config.js: Accept an option for serverFastRefresh (#91968)
• Turbopack: enable server HMR for app route handlers (#91466)
• Turbopack: exclude metadata routes from server HMR (#92034)
• Fix CI for glibc linux builds
• Backport: disable bmi2 in qfilter #92177
• [backport] Fix CSS HMR on Safari (#92174)

Credits

Huge thanks to @​nextjs-bot, @​icyJoseph, @​ijjk, @​gaojude, @​wbinnssmith, @​lukesandberg, and @​bgw for helping!

v16.2.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• docs: post release amends (#91715)
• docs: fix broken Activity Patterns demo link in preserving UI state guide (#91698)
• Fix adapter outputs for dynamic metadata routes (#91680)
• Turbopack: fix webpack loader runner layer (#91727)
• Fix server actions in standalone mode with cacheComponents (#91711)
• turbo-persistence: remove Unmergeable mmap advice (#91713)
• Fix layout segment optimization: move app-page imports to server-utility transition (#91701)
• Turbopack: lazy require metadata and handle TLA (#91705)
• [turbopack] Respect {eval:true} in worker_threads constructors (#91666)

... (truncated)

Commits

• d5f649b v16.2.3
• 2873928 [16.x] Avoid consuming cyclic models multiple times (#75)
• d7c7765 [backport]: Ensure app-page reports stale ISR revalidation errors via onReque...
• c573e8c fix(server-hmr): metadata routes overwrite page runtime HMR handler (#92273)
• 57b8f65 next-core: deduplicate output assets and detect content conflicts on emit (#9...
• f158df1 Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
• 356d605 turbo-tasks-backend: stability fixes for task cancellation and error handling...
• 3b77a6e Fix DashMap read-write self-deadlock in task_cache causing hangs (#92210)
• b2f208a Backport: new view-transitions guide, update and fixes (#92264)
• 52faae3 v16.2.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[sauravpanda]

Smoke-tested locally by installing the new lockfile + next build in /docs. This breaks the docs site — it's not just a version bump, it's a Nextra major migration:

```

• error [nextra] Error validating nextraConfig
  ⨯ Failed to load next.config.mjs
  ✖ Unrecognized key: "theme"
  ```

The current `docs/next.config.mjs` passes `theme: 'nextra-theme-docs'` to `nextra()`, which is the Nextra 2 API. Next.js 16 pulls in Nextra 4, which moved theme configuration out of next.config.mjs entirely and into an app-router layout with a theme provider component.

Fixing this properly requires:

1. Following Nextra 2 → 4 migration guide (https://nextra.site/docs/guide/migration)
2. Restructuring docs/pages/* into an app-router layout
3. Wrapping content with the new <Layout> component instead of passing theme to nextra()
4. Re-verifying all the mdx pages still render correctly

That's a dedicated upgrade task, not a dependabot auto-merge. Holding this PR open until someone plans the migration — please don't auto-merge it.

Alternatives: (a) close this and wait for Nextra 5 / a different upgrade path, (b) configure dependabot to ignore Next.js major versions via .github/dependabot.yml until we're ready, (c) schedule the upgrade as its own ticket.

[sauravpanda]

Additional context after trying an audit pass on `docs/` in the current main: the docs site is already broken on main, not just on this PR branch. Running `npm run build` in /docs right now (with next@14.2.30, nextra@4.6.0 from the committed lockfile) produces the same error:

```
⨯ [nextra] Error validating nextraConfig
Failed to load next.config.mjs
Unrecognized key: "theme"
```

Commit `12f7652 build(deps): bump js-yaml, nextra and nextra-theme-docs in /docs` (already merged) bumped `nextra` to 4.6.0, but `docs/next.config.mjs` still uses the nextra 2 API (`theme: 'nextra-theme-docs'`). The docs site has been unbuildable since that commit landed; no one's noticed because there's no docs build in CI.

This means the Nextra 4 migration isn't optional anymore — it's already needed even without the next.js 16 upgrade. Suggested path:

1. Fix the Nextra 4 config first (unblocks local docs builds on the current main)
2. After that's shipped and verified, re-run this PR or open a fresh one for next 14→16

`npm audit` against docs/ also surfaced 5 remaining high-severity advisories that are unfixable in the next 14.x line — they require 15+. So fixing these security findings is gated on the same Nextra 4 migration.

Holding this PR open still. Closing it would also be fine since the work needs to happen as its own ticket/PR regardless.