npm - @skspwork/config-doc - Versions diffs - 2.3.0 → 2.3.2 - Mend

@skspwork/config-doc 2.3.0 → 2.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (123) hide show

package/packages/web/.next/standalone/node_modules/next/dist/server/app-render/app-render.js CHANGED Viewed

@@ -1393,7 +1393,7 @@ const renderToHTMLOrFlight = (req, res, pagePath, query, fallbackRouteParams, re
             });
         }
         interpolatedParams = (0, _getdynamicparam.interpolateParallelRouteParams)(renderOpts.ComponentMod.routeModule.userland.loaderTree, renderOpts.params ?? {}, pagePath, fallbackRouteParams);
-        postponedState = (0, _postponedstate.parsePostponedState)(renderOpts.postponed, interpolatedParams);
+        postponedState = (0, _postponedstate.parsePostponedState)(renderOpts.postponed, interpolatedParams, renderOpts.experimental.maxPostponedStateSizeBytes);
     } else {
         interpolatedParams = (0, _getdynamicparam.interpolateParallelRouteParams)(renderOpts.ComponentMod.routeModule.userland.loaderTree, renderOpts.params ?? {}, pagePath, fallbackRouteParams);
     }

package/packages/web/.next/standalone/node_modules/next/dist/server/app-render/postponed-state.js CHANGED Viewed

@@ -74,7 +74,7 @@ async function getDynamicHTMLPostponedState(postponed, preludeState, fallbackRou
 async function getDynamicDataPostponedState(resumeDataCache, isCacheComponentsEnabled) {
     return `4:null${await (0, _resumedatacache.stringifyResumeDataCache)((0, _resumedatacache.createRenderResumeDataCache)(resumeDataCache), isCacheComponentsEnabled)}`;
 }
-function parsePostponedState(state, interpolatedParams) {
+function parsePostponedState(state, interpolatedParams, maxPostponedStateSizeBytes) {
     try {
         var _state_match;
         const postponedStringLengthMatch = (_state_match = state.match(/^([0-9]*):/)) == null ? void 0 : _state_match[1];
@@ -89,7 +89,7 @@ function parsePostponedState(state, interpolatedParams) {
         // We add a `:` to the end of the length as the first character of the
         // postponed string is the length of the replacement entries.
         const postponedString = state.slice(postponedStringLengthMatch.length + 1, postponedStringLengthMatch.length + postponedStringLength + 1);
-        const renderResumeDataCache = (0, _resumedatacache.createRenderResumeDataCache)(state.slice(postponedStringLengthMatch.length + postponedStringLength + 1));
+        const renderResumeDataCache = (0, _resumedatacache.createRenderResumeDataCache)(state.slice(postponedStringLengthMatch.length + postponedStringLength + 1), maxPostponedStateSizeBytes);
         try {
             if (postponedString === 'null') {
                 return {

package/packages/web/.next/standalone/node_modules/next/dist/server/base-server.js CHANGED Viewed

@@ -20,6 +20,7 @@ _export(exports, {
         return Server;
     }
 });
+const _configshared = require("./config-shared");
 const _utils = require("../shared/lib/utils");
 const _path = /*#__PURE__*/ _interop_require_wildcard(require("path"));
 const _url = require("url");
@@ -387,7 +388,8 @@ class Server {
                 clientParamParsingOrigins: this.nextConfig.experimental.clientParamParsingOrigins,
                 dynamicOnHover: this.nextConfig.experimental.dynamicOnHover ?? false,
                 inlineCss: this.nextConfig.experimental.inlineCss ?? false,
-                authInterrupts: !!this.nextConfig.experimental.authInterrupts
+                authInterrupts: !!this.nextConfig.experimental.authInterrupts,
+                maxPostponedStateSizeBytes: (0, _configshared.parseMaxPostponedStateSize)(this.nextConfig.experimental.maxPostponedStateSize)
             },
             onInstrumentationRequestError: this.instrumentationOnRequestError.bind(this),
             reactMaxHeadersLength: this.nextConfig.reactMaxHeadersLength
@@ -595,11 +597,29 @@ class Server {
                     // It's important to execute the following block even it the request
                     // matches a pages data route from above.
                     if (this.isAppPPREnabled && this.minimalMode && req.headers[_constants2.NEXT_RESUME_HEADER] === '1' && req.method === 'POST') {
+                        // Get the configured max postponed state size.
+                        const maxPostponedStateSize = this.nextConfig.experimental.maxPostponedStateSize ?? _configshared.DEFAULT_MAX_POSTPONED_STATE_SIZE;
+                        const maxPostponedStateSizeBytes = (0, _configshared.parseMaxPostponedStateSize)(this.nextConfig.experimental.maxPostponedStateSize);
+                        if (maxPostponedStateSizeBytes === undefined) {
+                            throw Object.defineProperty(new Error('maxPostponedStateSize must be a valid number (bytes) or filesize format string (e.g., "5mb")'), "__NEXT_ERROR_CODE", {
+                                value: "E977",
+                                enumerable: false,
+                                configurable: true
+                            });
+                        }
                         // Decode the postponed state from the request body, it will come as
                         // an array of buffers, so collect them and then concat them to form
                         // the string.
                         const body = [];
+                        let size = 0;
                         for await (const chunk of req.body){
+                            size += Buffer.byteLength(chunk);
+                            if (size > maxPostponedStateSizeBytes) {
+                                res.statusCode = 413;
+                                const errorMessage = `Postponed state exceeded ${maxPostponedStateSize} limit. ` + `To configure the limit, see: https://nextjs.org/docs/app/api-reference/config/next-config-js/max-postponed-state-size`;
+                                res.body(errorMessage).send();
+                                return;
+                            }
                             body.push(chunk);
                         }
                         const postponed = Buffer.concat(body).toString('utf8');

package/packages/web/.next/standalone/node_modules/next/dist/server/config-schema.js CHANGED Viewed

@@ -194,6 +194,7 @@ const experimentalSchema = {
         bodySizeLimit: zSizeLimit.optional(),
         allowedOrigins: _zod.z.array(_zod.z.string()).optional()
     }).optional(),
+    maxPostponedStateSize: zSizeLimit.optional(),
     // The original type was Record<string, any>
     extensionAlias: _zod.z.record(_zod.z.string(), _zod.z.any()).optional(),
     externalDir: _zod.z.boolean().optional(),
@@ -532,6 +533,7 @@ const configSchema = _zod.z.lazy(()=>_zod.z.strictObject({
             loader: _zod.z.enum(_imageconfig.VALID_LOADERS).optional(),
             loaderFile: _zod.z.string().optional(),
             maximumRedirects: _zod.z.number().int().min(0).max(20).optional(),
+            maximumResponseBody: _zod.z.number().int().min(1).max(Number.MAX_SAFE_INTEGER).optional(),
             minimumCacheTTL: _zod.z.number().int().gte(0).optional(),
             path: _zod.z.string().optional(),
             qualities: _zod.z.array(_zod.z.number().int().gte(1).lte(100)).min(1).max(20).optional()

package/packages/web/.next/standalone/node_modules/next/dist/server/config-shared.js CHANGED Viewed

@@ -3,9 +3,11 @@ Object.defineProperty(exports, "__esModule", {
     value: true
 });
 0 && (module.exports = {
+    DEFAULT_MAX_POSTPONED_STATE_SIZE: null,
     defaultConfig: null,
     getNextConfigRuntime: null,
-    normalizeConfig: null
+    normalizeConfig: null,
+    parseMaxPostponedStateSize: null
 });
 function _export(target, all) {
     for(var name in all)Object.defineProperty(target, name, {
@@ -14,6 +16,9 @@ function _export(target, all) {
     });
 }
 _export(exports, {
+    DEFAULT_MAX_POSTPONED_STATE_SIZE: function() {
+        return _sizelimit.DEFAULT_MAX_POSTPONED_STATE_SIZE;
+    },
     defaultConfig: function() {
         return defaultConfig;
     },
@@ -22,12 +27,16 @@ _export(exports, {
     },
     normalizeConfig: function() {
         return normalizeConfig;
+    },
+    parseMaxPostponedStateSize: function() {
+        return _sizelimit.parseMaxPostponedStateSize;
     }
 });
 const _os = /*#__PURE__*/ _interop_require_default(require("os"));
 const _imageconfig = require("../shared/lib/image-config");
 const _constants = require("../lib/constants");
 const _canaryonlyconfigerror = require("../shared/lib/errors/canary-only-config-error");
+const _sizelimit = require("../shared/lib/size-limit");
 function _interop_require_default(obj) {
     return obj && obj.__esModule ? obj : {
         default: obj
@@ -228,6 +237,10 @@ async function normalizeConfig(phase, config) {
     return await config;
 }
 function getNextConfigRuntime(config) {
+    // This config filter is a breaking change, so only do it if experimental.runtimeServerDeploymentId is enabled
+    if (!config.experimental.runtimeServerDeploymentId) {
+        return config;
+    }
     let ex = config.experimental;
     let experimental = ex ? {
         ppr: ex.ppr,
@@ -264,6 +277,7 @@ function getNextConfigRuntime(config) {
         proxyTimeout: ex.proxyTimeout,
         testProxy: ex.testProxy,
         runtimeServerDeploymentId: ex.runtimeServerDeploymentId,
+        maxPostponedStateSize: ex.maxPostponedStateSize,
         trustHostHeader: ex.trustHostHeader,
         isExperimentalCompile: ex.isExperimentalCompile
     } : {};

package/packages/web/.next/standalone/node_modules/next/dist/server/config.js CHANGED Viewed

@@ -554,9 +554,15 @@ function warnCustomizedOption(config, key, defaultValue, customMessage, configFi
         result.output = 'standalone';
     }
     if (typeof ((_result_experimental1 = result.experimental) == null ? void 0 : (_result_experimental_serverActions = _result_experimental1.serverActions) == null ? void 0 : _result_experimental_serverActions.bodySizeLimit) !== 'undefined') {
-        var _result_experimental_serverActions1;
-        const value = parseInt((_result_experimental_serverActions1 = result.experimental.serverActions) == null ? void 0 : _result_experimental_serverActions1.bodySizeLimit.toString());
-        if (isNaN(value) || value < 1) {
+        const bytes = require('next/dist/compiled/bytes');
+        const bodySizeLimit = result.experimental.serverActions.bodySizeLimit;
+        let value;
+        if (typeof bodySizeLimit === 'number') {
+            value = bodySizeLimit;
+        } else {
+            value = bytes.parse(bodySizeLimit);
+        }
+        if (value === null || isNaN(value) || value < 1) {
             throw Object.defineProperty(new Error('Server Actions Size Limit must be a valid number or filesize format larger than 1MB: https://nextjs.org/docs/app/api-reference/next-config-js/serverActions#bodysizelimit'), "__NEXT_ERROR_CODE", {
                 value: "E100",
                 enumerable: false,

package/packages/web/.next/standalone/node_modules/next/dist/server/dev/hot-reloader-turbopack.js CHANGED Viewed

@@ -153,7 +153,7 @@ async function createHotReloaderTurbopack(opts, serverFields, distDir, resetFetc
     }
     const hasRewrites = opts.fsChecker.rewrites.afterFiles.length > 0 || opts.fsChecker.rewrites.beforeFiles.length > 0 || opts.fsChecker.rewrites.fallback.length > 0;
     const hotReloaderSpan = (0, _trace.trace)('hot-reloader', undefined, {
-        version: "16.1.1"
+        version: "16.1.6"
     });
     // Ensure the hotReloaderSpan is flushed immediately as it's the parentSpan for all processing
     // of the current `next dev` invocation.

package/packages/web/.next/standalone/node_modules/next/dist/server/dev/hot-reloader-webpack.js CHANGED Viewed

@@ -233,7 +233,7 @@ class HotReloaderWebpack {
         this.previewProps = previewProps;
         this.rewrites = rewrites;
         this.hotReloaderSpan = (0, _trace.trace)('hot-reloader', undefined, {
-            version: "16.1.1"
+            version: "16.1.6"
         });
         // Ensure the hotReloaderSpan is flushed immediately as it's the parentSpan for all processing
         // of the current `next dev` invocation.

package/packages/web/.next/standalone/node_modules/next/dist/server/image-optimizer.js CHANGED Viewed

@@ -788,7 +788,7 @@ function isRedirect(statusCode) {
         308
     ].includes(statusCode);
 }
-async function fetchExternalImage(href, dangerouslyAllowLocalIP, count = 3) {
+async function fetchExternalImage(href, dangerouslyAllowLocalIP, maximumResponseBody, count = 3) {
     if (!dangerouslyAllowLocalIP) {
         const { hostname } = new URL(href);
         let ips = [
@@ -843,7 +843,7 @@ async function fetchExternalImage(href, dangerouslyAllowLocalIP, count = 3) {
             });
         }
         const redirect = new URL(locationHeader, href).href;
-        return fetchExternalImage(redirect, dangerouslyAllowLocalIP, count - 1);
+        return fetchExternalImage(redirect, dangerouslyAllowLocalIP, maximumResponseBody, count - 1);
     }
     if (!res.ok) {
         _log.error('upstream image response failed for', href, res.status);
@@ -853,7 +853,30 @@ async function fetchExternalImage(href, dangerouslyAllowLocalIP, count = 3) {
             configurable: true
         });
     }
-    const buffer = Buffer.from(await res.arrayBuffer());
+    if (!res.body) {
+        _log.error('upstream image response is empty for', href);
+        throw Object.defineProperty(new ImageError(400, '"url" parameter is valid but upstream response is invalid'), "__NEXT_ERROR_CODE", {
+            value: "E394",
+            enumerable: false,
+            configurable: true
+        });
+    }
+    const chunks = [];
+    let totalSize = 0;
+    for await (const c of res.body){
+        const chunk = Buffer.from(c);
+        totalSize += chunk.byteLength;
+        if (totalSize > maximumResponseBody) {
+            _log.error('upstream image response exceeded maximum size for', href, totalSize);
+            throw Object.defineProperty(new ImageError(413, '"url" parameter is valid but upstream response is invalid'), "__NEXT_ERROR_CODE", {
+                value: "E394",
+                enumerable: false,
+                configurable: true
+            });
+        }
+        chunks.push(chunk);
+    }
+    const buffer = Buffer.concat(chunks);
     const contentType = res.headers.get('Content-Type');
     const cacheControl = res.headers.get('Cache-Control');
     const etag = extractEtag(res.headers.get('ETag'), buffer);

package/packages/web/.next/standalone/node_modules/next/dist/server/lib/app-info-log.js CHANGED Viewed

@@ -91,7 +91,7 @@ function logStartInfo({ networkUrl, appUrl, envInfo, experimentalFeatures, logBu
     if (parts.length > 0) {
         versionSuffix = ` (${parts.join(', ')})`;
     }
-    _log.bootstrap(`${(0, _picocolors.bold)((0, _picocolors.purple)(`${_log.prefixes.ready} Next.js ${"16.1.1"}`))}${versionSuffix}`);
+    _log.bootstrap(`${(0, _picocolors.bold)((0, _picocolors.purple)(`${_log.prefixes.ready} Next.js ${"16.1.6"}`))}${versionSuffix}`);
     if (appUrl) {
         _log.bootstrap(`- Local:         ${appUrl}`);
     }

package/packages/web/.next/standalone/node_modules/next/dist/server/lib/lru-cache.js CHANGED Viewed

@@ -30,11 +30,12 @@ class LRUNode {
     }
 }
 class LRUCache {
-    constructor(maxSize, calculateSize){
+    constructor(maxSize, calculateSize, onEvict){
         this.cache = new Map();
         this.totalSize = 0;
         this.maxSize = maxSize;
         this.calculateSize = calculateSize;
+        this.onEvict = onEvict;
         // Create sentinel nodes to simplify doubly-linked list operations
         // HEAD <-> TAIL (empty list)
         this.head = new SentinelNode();
@@ -112,6 +113,7 @@ class LRUCache {
             const tail = this.removeTail();
             this.cache.delete(tail.key);
             this.totalSize -= tail.size;
+            this.onEvict == null ? void 0 : this.onEvict.call(this, tail.key, tail.data);
         }
     }
     /**
@@ -153,6 +155,10 @@ class LRUCache {
    * Removes a specific key from the cache.
    * Updates both the hash map and doubly-linked list.
    *
+   * Note: This is an explicit removal and does NOT trigger the `onEvict`
+   * callback. Use this for intentional deletions where eviction tracking
+   * is not needed.
+   *
    * Time Complexity: O(1)
    */ remove(key) {
         const node = this.cache.get(key);

package/packages/web/.next/standalone/node_modules/next/dist/server/lib/start-server.js CHANGED Viewed

@@ -179,7 +179,7 @@ async function getRequestHandlers({ dir, port, isDev, onDevServerCleanup, server
 async function startServer(serverOptions) {
     const { dir, isDev, hostname, minimalMode, allowRetry, keepAliveTimeout, selfSignedCertificate } = serverOptions;
     let { port } = serverOptions;
-    process.title = `next-server (v${"16.1.1"})`;
+    process.title = `next-server (v${"16.1.6"})`;
     let handlersReady = ()=>{};
     let handlersError = ()=>{};
     let handlersPromise = new Promise((resolve, reject)=>{

package/packages/web/.next/standalone/node_modules/next/dist/server/next-server.js CHANGED Viewed

@@ -814,7 +814,7 @@ class NextNodeServer extends _baseserver.default {
                 return;
             };
             const { isAbsolute, href } = paramsResult;
-            const imageUpstream = isAbsolute ? await fetchExternalImage(href, this.nextConfig.images.dangerouslyAllowLocalIP, this.nextConfig.images.maximumRedirects) : await fetchInternalImage(href, req.originalRequest, res.originalResponse, handleInternalReq);
+            const imageUpstream = isAbsolute ? await fetchExternalImage(href, this.nextConfig.images.dangerouslyAllowLocalIP, this.nextConfig.images.maximumResponseBody, this.nextConfig.images.maximumRedirects) : await fetchInternalImage(href, req.originalRequest, res.originalResponse, handleInternalReq);
             return imageOptimizer(imageUpstream, paramsResult, this.nextConfig, {
                 isDev: this.renderOpts.dev,
                 previousCacheEntry

package/packages/web/.next/standalone/node_modules/next/dist/server/response-cache/index.js CHANGED Viewed

@@ -10,6 +10,8 @@ Object.defineProperty(exports, "default", {
 });
 0 && __export(require("./types"));
 const _batcher = require("../../lib/batcher");
+const _lrucache = require("../lib/lru-cache");
+const _log = require("../../build/output/log");
 const _scheduler = require("../../lib/scheduler");
 const _utils = require("./utils");
 _export_star(require("./types"), exports);
@@ -26,8 +28,53 @@ function _export_star(from, to) {
     });
     return from;
 }
+/**
+ * Parses an environment variable as a positive integer, returning the fallback
+ * if the value is missing, not a number, or not positive.
+ */ function parsePositiveInt(envValue, fallback) {
+    if (!envValue) return fallback;
+    const parsed = parseInt(envValue, 10);
+    return Number.isFinite(parsed) && parsed > 0 ? parsed : fallback;
+}
+/**
+ * Default TTL (in milliseconds) for minimal mode response cache entries.
+ * Used for cache hit validation as a fallback for providers that don't
+ * send the x-invocation-id header yet.
+ *
+ * 10 seconds chosen because:
+ * - Long enough to dedupe rapid successive requests (e.g., page + data)
+ * - Short enough to not serve stale data across unrelated requests
+ *
+ * Can be configured via `NEXT_PRIVATE_RESPONSE_CACHE_TTL` environment variable.
+ */ const DEFAULT_TTL_MS = parsePositiveInt(process.env.NEXT_PRIVATE_RESPONSE_CACHE_TTL, 10000);
+/**
+ * Default maximum number of entries in the response cache.
+ * Can be configured via `NEXT_PRIVATE_RESPONSE_CACHE_MAX_SIZE` environment variable.
+ */ const DEFAULT_MAX_SIZE = parsePositiveInt(process.env.NEXT_PRIVATE_RESPONSE_CACHE_MAX_SIZE, 150);
+/**
+ * Separator used in compound cache keys to join pathname and invocationID.
+ * Using null byte (\0) since it cannot appear in valid URL paths or UUIDs.
+ */ const KEY_SEPARATOR = '\0';
+/**
+ * Sentinel value used for TTL-based cache entries (when invocationID is undefined).
+ * Chosen to be a clearly reserved marker for internal cache keys.
+ */ const TTL_SENTINEL = '__ttl_sentinel__';
+/**
+ * Creates a compound cache key from pathname and invocationID.
+ */ function createCacheKey(pathname, invocationID) {
+    return `${pathname}${KEY_SEPARATOR}${invocationID ?? TTL_SENTINEL}`;
+}
+/**
+ * Extracts the invocationID from a compound cache key.
+ * Returns undefined if the key used TTL_SENTINEL.
+ */ function extractInvocationID(compoundKey) {
+    const separatorIndex = compoundKey.lastIndexOf(KEY_SEPARATOR);
+    if (separatorIndex === -1) return undefined;
+    const invocationID = compoundKey.slice(separatorIndex + 1);
+    return invocationID === TTL_SENTINEL ? undefined : invocationID;
+}
 class ResponseCache {
-    constructor(minimal_mode){
+    constructor(minimal_mode, maxSize = DEFAULT_MAX_SIZE, ttl = DEFAULT_TTL_MS){
         this.getBatcher = _batcher.Batcher.create({
             // Ensure on-demand revalidate doesn't block normal requests, it should be
             // safe to run an on-demand revalidate for the same key as a normal request.
@@ -43,7 +90,33 @@ class ResponseCache {
             // same promise until we've fully finished our work.
             schedulerFn: _scheduler.scheduleOnNextTick
         });
+        /**
+   * Set of invocation IDs that have had cache entries evicted.
+   * Used to detect when the cache size may be too small.
+   * Bounded to prevent memory growth.
+   */ this.evictedInvocationIDs = new Set();
         this.minimal_mode = minimal_mode;
+        this.maxSize = maxSize;
+        this.ttl = ttl;
+        // Create the LRU cache with eviction tracking
+        this.cache = new _lrucache.LRUCache(maxSize, undefined, (compoundKey)=>{
+            const invocationID = extractInvocationID(compoundKey);
+            if (invocationID) {
+                // Bound to 100 entries to prevent unbounded memory growth.
+                // FIFO eviction is acceptable here because:
+                // 1. Invocations are short-lived (single request lifecycle), so older
+                //    invocations are unlikely to still be active after 100 newer ones
+                // 2. This warning mechanism is best-effort for developer guidance—
+                //    missing occasional eviction warnings doesn't affect correctness
+                // 3. If a long-running invocation is somehow evicted and then has
+                //    another cache entry evicted, it will simply be re-added
+                if (this.evictedInvocationIDs.size >= 100) {
+                    const first = this.evictedInvocationIDs.values().next().value;
+                    if (first) this.evictedInvocationIDs.delete(first);
+                }
+                this.evictedInvocationIDs.add(invocationID);
+            }
+        });
     }
     /**
    * Gets the response cache entry for the given key.
@@ -53,7 +126,6 @@ class ResponseCache {
    * @param context - The context for the get request.
    * @returns The response cache entry.
    */ async get(key, responseGenerator, context) {
-        var _this_previousCacheItem;
         // If there is no key for the cache, we can't possibly look this up in the
         // cache so just return the result of the response generator.
         if (!key) {
@@ -62,11 +134,30 @@ class ResponseCache {
                 previousCacheEntry: null
             });
         }
-        // Check minimal mode cache before doing any other work
-        if (this.minimal_mode && ((_this_previousCacheItem = this.previousCacheItem) == null ? void 0 : _this_previousCacheItem.key) === key && this.previousCacheItem.expiresAt > Date.now()) {
-            return (0, _utils.toResponseCacheEntry)(this.previousCacheItem.entry);
+        // Check minimal mode cache before doing any other work.
+        if (this.minimal_mode) {
+            const cacheKey = createCacheKey(key, context.invocationID);
+            const cachedItem = this.cache.get(cacheKey);
+            if (cachedItem) {
+                // With invocationID: exact match found - always a hit
+                // With TTL mode: must check expiration
+                if (context.invocationID !== undefined) {
+                    return (0, _utils.toResponseCacheEntry)(cachedItem.entry);
+                }
+                // TTL mode: check expiration
+                const now = Date.now();
+                if (cachedItem.expiresAt > now) {
+                    return (0, _utils.toResponseCacheEntry)(cachedItem.entry);
+                }
+                // TTL expired - clean up
+                this.cache.remove(cacheKey);
+            }
+            // Warn if this invocation had entries evicted - indicates cache may be too small.
+            if (context.invocationID && this.evictedInvocationIDs.has(context.invocationID)) {
+                (0, _log.warnOnce)(`Response cache entry was evicted for invocation ${context.invocationID}. ` + `Consider increasing NEXT_PRIVATE_RESPONSE_CACHE_MAX_SIZE (current: ${this.maxSize}).`);
+            }
         }
-        const { incrementalCache, isOnDemandRevalidate = false, isFallback = false, isRoutePPREnabled = false, isPrefetch = false, waitUntil, routeKind } = context;
+        const { incrementalCache, isOnDemandRevalidate = false, isFallback = false, isRoutePPREnabled = false, isPrefetch = false, waitUntil, routeKind, invocationID } = context;
         const response = await this.getBatcher.batch({
             key,
             isOnDemandRevalidate
@@ -77,7 +168,8 @@ class ResponseCache {
                 isFallback,
                 isRoutePPREnabled,
                 isPrefetch,
-                routeKind
+                routeKind,
+                invocationID
             }, resolve);
             // We need to ensure background revalidates are passed to waitUntil.
             if (waitUntil) waitUntil(promise);
@@ -112,11 +204,14 @@ class ResponseCache {
                 }
             }
             // Revalidate the cache entry
-            const incrementalResponseCacheEntry = await this.revalidate(key, context.incrementalCache, context.isRoutePPREnabled, context.isFallback, responseGenerator, previousIncrementalCacheEntry, previousIncrementalCacheEntry !== null && !context.isOnDemandRevalidate);
+            const incrementalResponseCacheEntry = await this.revalidate(key, context.incrementalCache, context.isRoutePPREnabled, context.isFallback, responseGenerator, previousIncrementalCacheEntry, previousIncrementalCacheEntry !== null && !context.isOnDemandRevalidate, undefined, context.invocationID);
             // Handle null response
             if (!incrementalResponseCacheEntry) {
-                // Unset the previous cache item if it was set so we don't use it again.
-                if (this.minimal_mode) this.previousCacheItem = undefined;
+                // Remove the cache item if it was set so we don't use it again.
+                if (this.minimal_mode) {
+                    const cacheKey = createCacheKey(key, context.invocationID);
+                    this.cache.remove(cacheKey);
+                }
                 return null;
             }
             // Resolve for on-demand revalidation or if not already resolved
@@ -144,16 +239,18 @@ class ResponseCache {
    * @param responseGenerator - The response generator to use to generate the response cache entry.
    * @param previousIncrementalCacheEntry - The previous cache entry to use to revalidate the cache entry.
    * @param hasResolved - Whether the response has been resolved.
+   * @param waitUntil - Optional function to register background work.
+   * @param invocationID - The invocation ID for cache key scoping.
    * @returns The revalidated cache entry.
-   */ async revalidate(key, incrementalCache, isRoutePPREnabled, isFallback, responseGenerator, previousIncrementalCacheEntry, hasResolved, waitUntil) {
+   */ async revalidate(key, incrementalCache, isRoutePPREnabled, isFallback, responseGenerator, previousIncrementalCacheEntry, hasResolved, waitUntil, invocationID) {
         return this.revalidateBatcher.batch(key, ()=>{
-            const promise = this.handleRevalidate(key, incrementalCache, isRoutePPREnabled, isFallback, responseGenerator, previousIncrementalCacheEntry, hasResolved);
+            const promise = this.handleRevalidate(key, incrementalCache, isRoutePPREnabled, isFallback, responseGenerator, previousIncrementalCacheEntry, hasResolved, invocationID);
             // We need to ensure background revalidates are passed to waitUntil.
             if (waitUntil) waitUntil(promise);
             return promise;
         });
     }
-    async handleRevalidate(key, incrementalCache, isRoutePPREnabled, isFallback, responseGenerator, previousIncrementalCacheEntry, hasResolved) {
+    async handleRevalidate(key, incrementalCache, isRoutePPREnabled, isFallback, responseGenerator, previousIncrementalCacheEntry, hasResolved, invocationID) {
         try {
             // Generate the response cache entry using the response generator.
             const responseCacheEntry = await responseGenerator({
@@ -173,11 +270,14 @@ class ResponseCache {
             // defined.
             if (incrementalResponseCacheEntry.cacheControl) {
                 if (this.minimal_mode) {
-                    this.previousCacheItem = {
-                        key,
+                    // Set TTL expiration for cache hit validation. Entries are validated
+                    // by invocationID when available, with TTL as a fallback for providers
+                    // that don't send x-invocation-id. Memory is managed by LRU eviction.
+                    const cacheKey = createCacheKey(key, invocationID);
+                    this.cache.set(cacheKey, {
                         entry: incrementalResponseCacheEntry,
-                        expiresAt: Date.now() + 1000
-                    };
+                        expiresAt: Date.now() + this.ttl
+                    });
                 } else {
                     await incrementalCache.set(key, incrementalResponseCacheEntry.value, {
                         cacheControl: incrementalResponseCacheEntry.cacheControl,

package/packages/web/.next/standalone/node_modules/next/dist/server/resume-data-cache/resume-data-cache.js CHANGED Viewed

@@ -58,7 +58,7 @@ function createPrerenderResumeDataCache() {
         decryptedBoundArgs: new Map()
     };
 }
-function createRenderResumeDataCache(resumeDataCacheOrPersistedCache) {
+function createRenderResumeDataCache(resumeDataCacheOrPersistedCache, maxPostponedStateSizeBytes) {
     if (process.env.NEXT_RUNTIME === 'edge') {
         throw Object.defineProperty(new _invarianterror.InvariantError('`createRenderResumeDataCache` should not be called in edge runtime.'), "__NEXT_ERROR_CODE", {
             value: "E556",
@@ -83,7 +83,26 @@ function createRenderResumeDataCache(resumeDataCacheOrPersistedCache) {
         // As the data we already want to decompress is in memory, we use the
         // synchronous inflateSync function.
         const { inflateSync } = require('node:zlib');
-        const json = JSON.parse(inflateSync(Buffer.from(resumeDataCacheOrPersistedCache, 'base64')).toString('utf-8'));
+        // Limit decompressed size to prevent zipbomb attacks. This is 5x the
+        // configured maxPostponedStateSize, allowing reasonable compression
+        // ratios while preventing extreme decompression bombs.
+        // Default is 500MB (5x the default 100MB compressed limit).
+        const maxDecompressedSize = maxPostponedStateSizeBytes ? maxPostponedStateSizeBytes * 5 : 500 * 1024 * 1024;
+        let json;
+        try {
+            json = JSON.parse(inflateSync(Buffer.from(resumeDataCacheOrPersistedCache, 'base64'), {
+                maxOutputLength: maxDecompressedSize
+            }).toString('utf-8'));
+        } catch (err) {
+            if (err instanceof RangeError && err.code === 'ERR_BUFFER_TOO_LARGE') {
+                throw Object.defineProperty(new Error(`Decompressed resume data cache exceeded ${maxDecompressedSize} byte limit`), "__NEXT_ERROR_CODE", {
+                    value: "E976",
+                    enumerable: false,
+                    configurable: true
+                });
+            }
+            throw err;
+        }
         return {
             cache: (0, _cachestore.parseUseCacheCacheStore)(Object.entries(json.store.cache)),
             fetch: new Map(Object.entries(json.store.fetch)),

package/packages/web/.next/standalone/node_modules/next/dist/server/route-modules/route-module.js CHANGED Viewed

@@ -569,6 +569,9 @@ class RouteModule {
             isRoutePPREnabled,
             isOnDemandRevalidate,
             isPrefetch: req.headers.purpose === 'prefetch',
+            // Use x-invocation-id header to scope the in-memory cache to a single
+            // revalidation request in minimal mode.
+            invocationID: req.headers['x-invocation-id'],
             incrementalCache: await this.getIncrementalCache(req, nextConfig, prerenderManifest, isMinimalMode),
             waitUntil
         });

package/packages/web/.next/standalone/node_modules/next/dist/server/web/adapter.js CHANGED Viewed

@@ -353,7 +353,7 @@ async function adapter(params) {
         if (!process.env.__NEXT_NO_MIDDLEWARE_URL_NORMALIZE) {
             if (redirectURL.host === requestURL.host) {
                 redirectURL.buildId = buildId || redirectURL.buildId;
-                response.headers.set('Location', redirectURL.toString());
+                response.headers.set('Location', (0, _relativizeurl.getRelativeURL)(redirectURL, requestURL));
             }
         }
         /**

package/packages/web/.next/standalone/node_modules/next/dist/shared/lib/errors/canary-only-config-error.js CHANGED Viewed

@@ -21,7 +21,7 @@ _export(exports, {
     }
 });
 function isStableBuild() {
-    return !"16.1.1"?.includes('canary') && !process.env.__NEXT_TEST_MODE && !process.env.NEXT_PRIVATE_LOCAL_DEV;
+    return !"16.1.6"?.includes('canary') && !process.env.__NEXT_TEST_MODE && !process.env.NEXT_PRIVATE_LOCAL_DEV;
 }
 class CanaryOnlyConfigError extends Error {
     constructor(arg){

package/packages/web/.next/standalone/node_modules/next/dist/shared/lib/image-config.js CHANGED Viewed

@@ -59,6 +59,7 @@ const imageConfigDefault = {
         'image/webp'
     ],
     maximumRedirects: 3,
+    maximumResponseBody: 50000000,
     dangerouslyAllowLocalIP: false,
     dangerouslyAllowSVG: false,
     contentSecurityPolicy: `script-src 'none'; frame-src 'none'; sandbox;`,

package/packages/web/.next/standalone/node_modules/next/dist/shared/lib/size-limit.js ADDED Viewed

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+0 && (module.exports = {
+    DEFAULT_MAX_POSTPONED_STATE_SIZE: null,
+    parseMaxPostponedStateSize: null
+});
+function _export(target, all) {
+    for(var name in all)Object.defineProperty(target, name, {
+        enumerable: true,
+        get: all[name]
+    });
+}
+_export(exports, {
+    DEFAULT_MAX_POSTPONED_STATE_SIZE: function() {
+        return DEFAULT_MAX_POSTPONED_STATE_SIZE;
+    },
+    parseMaxPostponedStateSize: function() {
+        return parseMaxPostponedStateSize;
+    }
+});
+const DEFAULT_MAX_POSTPONED_STATE_SIZE = '100 MB';
+function parseSizeLimit(size) {
+    const bytes = require('next/dist/compiled/bytes').parse(size);
+    if (bytes === null || isNaN(bytes) || bytes < 1) {
+        return undefined;
+    }
+    return bytes;
+}
+function parseMaxPostponedStateSize(size) {
+    return parseSizeLimit(size ?? DEFAULT_MAX_POSTPONED_STATE_SIZE);
+}
+//# sourceMappingURL=size-limit.js.map

package/packages/web/.next/standalone/node_modules/next/dist/telemetry/anonymous-meta.js CHANGED Viewed

@@ -81,7 +81,7 @@ function getAnonymousMeta() {
         isWsl: _iswsl.default,
         isCI: _ciinfo.isCI,
         ciName: _ciinfo.isCI && _ciinfo.name || null,
-        nextVersion: "16.1.1"
+        nextVersion: "16.1.6"
     };
     return traits;
 }