failproofai 0.0.10 → 0.0.11-beta.1

package/.next/standalone/node_modules/next/dist/lib/patch-incorrect-lockfile.js

@@ -72,7 +72,7 @@ async function fetchPkgInfo(pkg) {
         });
     }
     const data = await res.json();
-    const versionData = data.versions["16.2.4"];
+    const versionData = data.versions["16.2.6"];
     return {
         os: versionData.os,
         cpu: versionData.cpu,
@@ -100,7 +100,7 @@ async function patchIncorrectLockfile(dir) {
     const expectedSwcPkgs = Object.keys(_packagejson.optionalDependencies || {}).filter((pkg)=>pkg.startsWith('@next/swc-'));
     const patchDependency = (pkg, pkgData)=>{
         lockfileParsed.dependencies[pkg] = {
-            version: "16.2.4",
+            version: "16.2.6",
             resolved: pkgData.tarball,
             integrity: pkgData.integrity,
             optional: true
@@ -108,7 +108,7 @@ async function patchIncorrectLockfile(dir) {
     };
     const patchPackage = (pkg, pkgData)=>{
         lockfileParsed.packages[pkg] = {
-            version: "16.2.4",
+            version: "16.2.6",
             resolved: pkgData.tarball,
             integrity: pkgData.integrity,
             cpu: pkgData.cpu,

package/.next/standalone/node_modules/next/dist/server/app-render/action-handler.js

@@ -47,6 +47,7 @@ const _revalidationutils = require("../revalidation-utils");
 const _requestmeta = require("../request-meta");
 const _setcachebustingsearchparam = require("../../client/components/router-reducer/set-cache-busting-search-param");
 const _actionrevalidationkind = require("../../shared/lib/action-revalidation-kind");
+const _cachebustingsearchparam = require("../../shared/lib/router/utils/cache-busting-search-param");
 function _interop_require_default(obj) {
     return obj && obj.__esModule ? obj : {
         default: obj
@@ -265,12 +266,8 @@ async function createRedirectRenderResult(req, res, originalHost, redirectUrl, r
         forwardedHeaders.delete(_approuterheaders.ACTION_HEADER);
         try {
             var _response_headers_get;
-            (0, _setcachebustingsearchparam.setCacheBustingSearchParam)(fetchUrl, {
-                [_approuterheaders.NEXT_ROUTER_PREFETCH_HEADER]: forwardedHeaders.get(_approuterheaders.NEXT_ROUTER_PREFETCH_HEADER) ? '1' : undefined,
-                [_approuterheaders.NEXT_ROUTER_SEGMENT_PREFETCH_HEADER]: forwardedHeaders.get(_approuterheaders.NEXT_ROUTER_SEGMENT_PREFETCH_HEADER) ?? undefined,
-                [_approuterheaders.NEXT_ROUTER_STATE_TREE_HEADER]: forwardedHeaders.get(_approuterheaders.NEXT_ROUTER_STATE_TREE_HEADER) ?? undefined,
-                [_approuterheaders.NEXT_URL]: forwardedHeaders.get(_approuterheaders.NEXT_URL) ?? undefined
-            });
+            const cacheBustingSearchParam = await (0, _cachebustingsearchparam.computeCacheBustingSearchParam)(forwardedHeaders.get(_approuterheaders.NEXT_ROUTER_PREFETCH_HEADER) ? '1' : undefined, forwardedHeaders.get(_approuterheaders.NEXT_ROUTER_SEGMENT_PREFETCH_HEADER) ?? undefined, forwardedHeaders.get(_approuterheaders.NEXT_ROUTER_STATE_TREE_HEADER) ?? undefined, forwardedHeaders.get(_approuterheaders.NEXT_URL) ?? undefined);
+            (0, _setcachebustingsearchparam.setCacheBustingSearchParamWithHash)(fetchUrl, cacheBustingSearchParam);
             const response = await fetch(fetchUrl, {
                 method: 'GET',
                 headers: forwardedHeaders,

package/.next/standalone/node_modules/next/dist/server/app-render/app-render.js

@@ -17,6 +17,7 @@ const _internalutils = require("../internal-utils");
 const _approuterheaders = require("../../client/components/app-router-headers");
 const _metadatacontext = require("../../lib/metadata/metadata-context");
 const _requeststore = require("../async-storage/request-store");
+const _isrscrequest = require("../lib/is-rsc-request");
 const _workstore = require("../async-storage/work-store");
 const _httpaccessfallback = require("../../client/components/http-access-fallback/http-access-fallback");
 const _redirect = require("../../client/components/redirect");
@@ -158,7 +159,7 @@ function parseRequestHeaders(headers, options) {
     const isPrefetchRequest = headers[_approuterheaders.NEXT_ROUTER_PREFETCH_HEADER] === '1';
     const isRuntimePrefetchRequest = headers[_approuterheaders.NEXT_ROUTER_PREFETCH_HEADER] === '2';
     const isHmrRefresh = headers[_approuterheaders.NEXT_HMR_REFRESH_HEADER] !== undefined;
-    const isRSCRequest = headers[_approuterheaders.RSC_HEADER] !== undefined;
+    const isRSCRequest = (0, _isrscrequest.isRSCRequestHeader)(headers[_approuterheaders.RSC_HEADER]);
     const shouldProvideFlightRouterState = isRSCRequest && (!isPrefetchRequest || !options.isRoutePPREnabled);
     const flightRouterState = shouldProvideFlightRouterState ? (0, _parseandvalidateflightrouterstate.parseAndValidateFlightRouterState)(headers[_approuterheaders.NEXT_ROUTER_STATE_TREE_HEADER]) : undefined;
     // Checks if this is a prefetch of the Route Tree by the Segment Cache
@@ -252,6 +253,29 @@ function createNotFoundLoaderTree(loaderTree) {
         null
     ];
 }
+function hasPrerenderHTTPErrorBoundary(loaderTree, triggeredStatus, authInterrupts) {
+    switch(triggeredStatus){
+        case 404:
+            return !!loaderTree[2]['not-found'];
+        case 403:
+            return authInterrupts && !!loaderTree[2].forbidden;
+        case 401:
+            return authInterrupts && !!loaderTree[2].unauthorized;
+        default:
+            return false;
+    }
+}
+function findPrerenderHTTPErrorBoundaryTree(loaderTree, triggeredStatus, authInterrupts) {
+    let boundaryTree = hasPrerenderHTTPErrorBoundary(loaderTree, triggeredStatus, authInterrupts) ? loaderTree : null;
+    const childrenTree = loaderTree[1].children;
+    if (childrenTree) {
+        const deeperBoundaryTree = findPrerenderHTTPErrorBoundaryTree(childrenTree, triggeredStatus, authInterrupts);
+        if (deeperBoundaryTree) {
+            boundaryTree = deeperBoundaryTree;
+        }
+    }
+    return boundaryTree;
+}
 /**
  * Returns a function that parses the dynamic segment and return the associated value.
  */ function makeGetDynamicParamFromSegment(interpolatedParams, fallbackRouteParams, optimisticRouting) {
@@ -940,7 +964,7 @@ function getRenderedSearch(query) {
 // This is the data necessary to render <AppRouter /> when no SSR errors are encountered
 async function getRSCPayload(tree, ctx, options) {
     var _ctx_renderOpts_prefetchHints;
-    const { is404, staleTimeIterable, staticStageByteLengthPromise, runtimePrefetchStream } = options;
+    const { is404, prerenderHTTPError, staleTimeIterable, staticStageByteLengthPromise, runtimePrefetchStream } = options;
     const injectedCSS = new Set();
     const injectedJS = new Set();
     const injectedFontPreloadTags = new Set();
@@ -984,7 +1008,8 @@ async function getRSCPayload(tree, ctx, options) {
         missingSlots,
         preloadCallbacks,
         authInterrupts: ctx.renderOpts.experimental.authInterrupts,
-        MetadataOutlet
+        MetadataOutlet,
+        prerenderHTTPError
     });
     // When the `vary` response header is present with `Next-URL`, that means there's a chance
     // it could respond differently if there's an interception route. We provide this information
@@ -1589,6 +1614,7 @@ const renderToHTMLOrFlight = (req, res, pagePath, query, fallbackRouteParams, re
         // @TODO move to workUnitStore of type Request
         isPrefetchRequest,
         buildId: sharedContext.buildId,
+        deploymentId: sharedContext.deploymentId,
         previouslyRevalidatedTags,
         nonce
     });
@@ -3199,6 +3225,7 @@ async function validateInstantConfigInBuildWithSample(outerCtx, sample, allPossi
         isDraftMode: false,
         isPrefetchRequest: false,
         buildId: outerWorkStore.buildId,
+        deploymentId: outerWorkStore.deploymentId,
         reactLoadableManifest: outerWorkStore.reactLoadableManifest,
         assetPrefix: outerWorkStore.assetPrefix,
         nonce: outerWorkStore.nonce,
@@ -4285,11 +4312,35 @@ async function prerenderToStream(req, res, ctx, metadata, tree, fallbackRoutePar
                 ...(prerenderStore == null ? void 0 : prerenderStore.tags) || implicitTags.tags
             ]
         };
-        const errorRSCPayload = await _workunitasyncstorageexternal.workUnitAsyncStorage.run(prerenderLegacyStore, getErrorRSCPayload, tree, ctx, reactServerErrorsByDigest.has(err.digest) ? undefined : err, errorType);
-        const errorServerStream = _workunitasyncstorageexternal.workUnitAsyncStorage.run(prerenderLegacyStore, _streamops.renderToFlightStream, ComponentMod, errorRSCPayload, clientModules, {
+        let prerenderHTTPError;
+        if (cacheComponents && (0, _httpaccessfallback.isHTTPAccessFallbackError)(err)) {
+            const triggeredStatus = (0, _httpaccessfallback.getAccessFallbackHTTPStatus)(err);
+            const boundaryTree = findPrerenderHTTPErrorBoundaryTree(tree, triggeredStatus, ctx.renderOpts.experimental.authInterrupts);
+            if (boundaryTree) {
+                prerenderHTTPError = {
+                    boundaryTree,
+                    triggeredStatus
+                };
+            }
+        }
+        const errorRSCPayload = prerenderHTTPError ? await _workunitasyncstorageexternal.workUnitAsyncStorage.run(prerenderLegacyStore, getRSCPayload, tree, ctx, {
+            is404: errorType === 'not-found',
+            prerenderHTTPError
+        }) : await _workunitasyncstorageexternal.workUnitAsyncStorage.run(prerenderLegacyStore, getErrorRSCPayload, tree, ctx, reactServerErrorsByDigest.has(err.digest) ? undefined : err, errorType);
+        const errorServerStreamRaw = _workunitasyncstorageexternal.workUnitAsyncStorage.run(prerenderLegacyStore, _streamops.renderToFlightStream, ComponentMod, errorRSCPayload, clientModules, {
             filterStackFrame,
             onError: serverComponentsErrorHandler
         });
+        let errorServerStream = errorServerStreamRaw;
+        const errorFlightResultPromise = prerenderHTTPError ? (()=>{
+            // Fizz still needs to read the Flight stream to render ErrorApp, but
+            // the prerender path also needs a buffered Flight result for the HTML
+            // prelude and segment data collectors. Tee the stream so each consumer
+            // gets its own copy.
+            const [appStream, flightStream] = errorServerStreamRaw.tee();
+            errorServerStream = appStream;
+            return (0, _apprenderprerenderutils.createReactServerPrerenderResultFromRender)(flightStream);
+        })() : null;
         try {
             const { stream: errorHtmlStream } = await _workunitasyncstorageexternal.workUnitAsyncStorage.run(prerenderLegacyStore, _streamops.renderToFizzStream, // eslint-disable-next-line @next/internal/no-ambiguous-jsx
             /*#__PURE__*/ (0, _jsxruntime.jsx)(ErrorApp, {
@@ -4305,14 +4356,16 @@ async function prerenderToStream(req, res, ctx, metadata, tree, fallbackRoutePar
                 ],
                 formState
             });
+            const resolvedFlightResult = errorFlightResultPromise ? await errorFlightResultPromise : reactServerPrerenderResult;
+            if (errorFlightResultPromise) {
+                reactServerPrerenderResult.consume();
+            }
             if (shouldGenerateStaticFlightData(workStore)) {
-                const flightData = await (0, _streamops.streamToBuffer)(reactServerPrerenderResult.asStream());
+                const flightData = await (0, _streamops.streamToBuffer)(resolvedFlightResult.asStream());
                 metadata.flightData = flightData;
                 await collectSegmentData(flightData, prerenderLegacyStore, ComponentMod, renderOpts, ctx.pagePath, metadata);
             }
-            // This is intentionally using the readable datastream from the main
-            // render rather than the flight data from the error page render
-            const flightStream = reactServerPrerenderResult.consumeAsStream();
+            const flightStream = resolvedFlightResult.consumeAsStream();
             return {
                 digestErrorsMap: reactServerErrorsByDigest,
                 ssrErrors: allCapturedErrors,

package/.next/standalone/node_modules/next/dist/server/app-render/collect-segment-data.js

@@ -121,8 +121,24 @@ async function collectSegmentData(isCacheComponentsEnabled, fullPageDataBuffer,
     // Now that we've finished rendering the route tree, all the segment tasks
     // should have been spawned. Await them in parallel and write the segment
     // prefetches to the result map.
+    let hasPageSegment = false;
     for (const [segmentPath, buffer] of (await Promise.all(segmentTasks))){
         resultMap.set(segmentPath, buffer);
+        if (segmentPath.endsWith('__PAGE__')) {
+            hasPageSegment = true;
+        }
+    }
+    if (!hasPageSegment) {
+        // The build requires at least one segment path ending with __PAGE__ to
+        // register the catch-all segment data route. When all page segments are
+        // disabled (e.g. every leaf has runtime prefetching), no __PAGE__ entry
+        // is emitted. Write a dummy entry with a path that doesn't match any
+        // real route segment so the client will never request it.
+        //
+        // TODO: Remove the __PAGE__ requirement from the build instead of
+        // working around it here. The invariant is outdated now that segments
+        // can be disabled.
+        resultMap.set('/todo-remove-fake-segment/__PAGE__', Buffer.alloc(0));
     }
     return resultMap;
 }

package/.next/standalone/node_modules/next/dist/server/app-render/create-component-tree.js

@@ -51,7 +51,7 @@ function errorMissingDefaultExport(pagePath, convention) {
     });
 }
 const cacheNodeKey = 'c';
-async function createComponentTreeInternal({ loaderTree: tree, parentParams, parentOptionalCatchAllParamName, parentRuntimePrefetchable, rootLayoutIncluded, injectedCSS, injectedJS, injectedFontPreloadTags, ctx, missingSlots, preloadCallbacks, authInterrupts, MetadataOutlet }, isRoot) {
+async function createComponentTreeInternal({ loaderTree: tree, parentParams, parentOptionalCatchAllParamName, parentRuntimePrefetchable, rootLayoutIncluded, injectedCSS, injectedJS, injectedFontPreloadTags, ctx, missingSlots, preloadCallbacks, authInterrupts, MetadataOutlet, prerenderHTTPError }, isRoot) {
     const { renderOpts: { nextConfigOutput, experimental, cacheComponents }, workStore, componentMod: { createElement, Fragment, SegmentViewNode, HTTPAccessFallbackBoundary, LayoutRouter, RenderFromTemplateContext, ClientPageRoot, ClientSegmentRoot, createServerSearchParamsForServerPage, createPrerenderSearchParamsForClientPage, createServerParamsForServerSegment, createPrerenderParamsForClientSegment, serverHooks: { DynamicServerError }, Postpone }, pagePath, getDynamicParamFromSegment, isPrefetch, query } = ctx;
     const { page, conventionPath, segment, modules, parallelRoutes } = (0, _parseloadertree.parseLoaderTree)(tree);
     const { layout, template, error, loading, 'not-found': notFound, forbidden, unauthorized } = modules;
@@ -382,24 +382,54 @@ async function createComponentTreeInternal({ loaderTree: tree, parentParams, par
                     missingSlots.add(parallelRouteKey);
                 }
             }
-            const seedData = await createComponentTreeInternal({
-                loaderTree: parallelRoute,
-                parentParams: currentParams,
-                parentOptionalCatchAllParamName: optionalCatchAllParamName,
-                parentRuntimePrefetchable: isRuntimePrefetchable,
-                rootLayoutIncluded: rootLayoutIncludedAtThisLevelOrAbove,
-                injectedCSS: injectedCSSWithCurrentLayout,
-                injectedJS: injectedJSWithCurrentLayout,
-                injectedFontPreloadTags: injectedFontPreloadTagsWithCurrentLayout,
-                ctx,
-                missingSlots,
-                preloadCallbacks,
-                authInterrupts,
-                // `StreamingMetadataOutlet` is used to conditionally throw. In the case of parallel routes we will have more than one page
-                // but we only want to throw on the first one.
-                MetadataOutlet: isChildrenRouteKey ? MetadataOutlet : null
-            }, false);
-            childCacheNodeSeedData = seedData;
+            // The outer prerender catch already found the deepest segment whose
+            // HTTP fallback should replace the throwing page. When we reach that
+            // segment's `children` slot, render the fallback directly instead of
+            // descending back into the subtree that threw during deserialization.
+            // Like the other segment-level boundary props below, HTTP access
+            // fallbacks are attached to the default `children` slot, not to named
+            // parallel routes.
+            const shouldRenderPrerenderHTTPFallback = (prerenderHTTPError == null ? void 0 : prerenderHTTPError.boundaryTree) === tree && isChildrenRouteKey;
+            if (shouldRenderPrerenderHTTPFallback) {
+                let fallbackElement;
+                switch(prerenderHTTPError.triggeredStatus){
+                    case 404:
+                        fallbackElement = notFoundElement;
+                        break;
+                    case 403:
+                        fallbackElement = forbiddenElement;
+                        break;
+                    case 401:
+                        fallbackElement = unauthorizedElement;
+                        break;
+                    default:
+                        break;
+                }
+                if (fallbackElement) {
+                    childCacheNodeSeedData = createSeedData(ctx, fallbackElement, {}, null, isPossiblyPartialResponse, false, _varyparams.emptyVaryParamsAccumulator);
+                }
+            }
+            if (childCacheNodeSeedData === null) {
+                const seedData = await createComponentTreeInternal({
+                    loaderTree: parallelRoute,
+                    parentParams: currentParams,
+                    parentOptionalCatchAllParamName: optionalCatchAllParamName,
+                    parentRuntimePrefetchable: isRuntimePrefetchable,
+                    rootLayoutIncluded: rootLayoutIncludedAtThisLevelOrAbove,
+                    injectedCSS: injectedCSSWithCurrentLayout,
+                    injectedJS: injectedJSWithCurrentLayout,
+                    injectedFontPreloadTags: injectedFontPreloadTagsWithCurrentLayout,
+                    ctx,
+                    missingSlots,
+                    preloadCallbacks,
+                    authInterrupts,
+                    // `StreamingMetadataOutlet` is used to conditionally throw. In the case of parallel routes we will have more than one page
+                    // but we only want to throw on the first one.
+                    MetadataOutlet: isChildrenRouteKey ? MetadataOutlet : null,
+                    prerenderHTTPError
+                }, false);
+                childCacheNodeSeedData = seedData;
+            }
         }
         const templateNode = createElement(Template, null, createElement(RenderFromTemplateContext, null));
         const templateFilePath = (0, _segmentexplorerpath.getConventionPathByType)(tree, dir, 'template');

package/.next/standalone/node_modules/next/dist/server/app-render/get-script-nonce-from-header.js

@@ -8,9 +8,8 @@ Object.defineProperty(exports, "getScriptNonceFromHeader", {
         return getScriptNonceFromHeader;
     }
 });
-const _htmlescape = require("../htmlescape");
+const CSP_NONCE_SOURCE_REGEX = /^'nonce-([A-Za-z0-9+/_-]+={0,2})'$/;
 function getScriptNonceFromHeader(cspHeaderValue) {
-    var _directive_split_slice_map_find;
     const directives = cspHeaderValue// Directives are split by ';'.
     .split(';').map((directive)=>directive.trim());
     // First try to find the directive for the 'script-src', otherwise try to
@@ -20,25 +19,14 @@ function getScriptNonceFromHeader(cspHeaderValue) {
     if (!directive) {
         return;
     }
-    // Extract the nonce from the directive
-    const nonce = (_directive_split_slice_map_find = directive.split(' ')// Remove the 'strict-src'/'default-src' string, this can't be the nonce.
-    .slice(1).map((source)=>source.trim())// Find the first source with the 'nonce-' prefix.
-    .find((source)=>source.startsWith("'nonce-") && source.length > 8 && source.endsWith("'"))) == null ? void 0 : _directive_split_slice_map_find.slice(7, -1);
-    // If we could't find the nonce, then we're done.
-    if (!nonce) {
-        return;
-    }
-    // Don't accept the nonce value if it contains HTML escape characters.
-    // Technically, the spec requires a base64'd value, but this is just an
-    // extra layer.
-    if (_htmlescape.ESCAPE_REGEX.test(nonce)) {
-        throw Object.defineProperty(new Error('Nonce value from Content-Security-Policy contained HTML escape characters.\nLearn more: https://nextjs.org/docs/messages/nonce-contained-invalid-characters'), "__NEXT_ERROR_CODE", {
-            value: "E440",
-            enumerable: false,
-            configurable: true
-        });
+    // Extract the first valid nonce from the directive. Malformed nonces are
+    // ignored so the request can continue without a nonce instead of failing.
+    for (const source of directive.split(/\s+/).slice(1)){
+        const match = source.trim().match(CSP_NONCE_SOURCE_REGEX);
+        if (match) {
+            return match[1];
+        }
     }
-    return nonce;
 }
 
 //# sourceMappingURL=get-script-nonce-from-header.js.map

package/.next/standalone/node_modules/next/dist/server/app-render/metadata-insertion/create-server-inserted-metadata.js

@@ -1,8 +1,4 @@
-/**
- * For chromium based browsers (Chrome, Edge, etc.) and Safari,
- * icons need to stay under <head> to be picked up by the browser.
- *
- */ "use strict";
+"use strict";
 Object.defineProperty(exports, "__esModule", {
     value: true
 });
@@ -12,7 +8,12 @@ Object.defineProperty(exports, "createServerInsertedMetadata", {
         return createServerInsertedMetadata;
     }
 });
-const REINSERT_ICON_SCRIPT = `\
+const _htmlescape = require("../../../shared/lib/htmlescape");
+/**
+ * For chromium based browsers (Chrome, Edge, etc.) and Safari,
+ * icons need to stay under <head> to be picked up by the browser.
+ *
+ */ const REINSERT_ICON_SCRIPT = `\
 document.querySelectorAll('body link[rel="icon"], body link[rel="apple-touch-icon"]').forEach(el => document.head.appendChild(el))`;
 function createServerInsertedMetadata(nonce) {
     let inserted = false;
@@ -21,7 +22,7 @@ function createServerInsertedMetadata(nonce) {
             return '';
         }
         inserted = true;
-        return `<script ${nonce ? `nonce="${nonce}"` : ''}>${REINSERT_ICON_SCRIPT}</script>`;
+        return `<script${nonce ? ` nonce="${(0, _htmlescape.htmlEscapeAttributeString)(nonce)}"` : ''}>${REINSERT_ICON_SCRIPT}</script>`;
     };
 }
 

package/.next/standalone/node_modules/next/dist/server/app-render/use-flight-response.js

@@ -20,7 +20,7 @@ _export(exports, {
         return getFlightStream;
     }
 });
-const _htmlescape = require("../htmlescape");
+const _htmlescape = require("../../shared/lib/htmlescape");
 const _workunitasyncstorageexternal = require("./work-unit-async-storage.external");
 const _invarianterror = require("../../shared/lib/invariant-error");
 const _manifestssingleton = require("./manifests-singleton");
@@ -135,7 +135,7 @@ function getFlightStream(flightStream, debugStream, debugEndTime, nonce) {
     return newResponse;
 }
 function createInlinedDataReadableStream(flightStream, nonce, formState) {
-    const startScriptTag = nonce ? `<script nonce=${JSON.stringify(nonce)}>` : '<script>';
+    const startScriptTag = nonce ? `<script nonce="${(0, _htmlescape.htmlEscapeAttributeString)(nonce)}">` : '<script>';
     const flightReader = flightStream.getReader();
     const decoder = new TextDecoder('utf-8', {
         fatal: true

package/.next/standalone/node_modules/next/dist/server/async-storage/work-store.js

@@ -13,7 +13,7 @@ const _apppaths = require("../../shared/lib/router/utils/app-paths");
 const _lazyresult = require("../lib/lazy-result");
 const _handlers = require("../use-cache/handlers");
 const _asynclocalstorage = require("../app-render/async-local-storage");
-function createWorkStore({ page, renderOpts, isPrefetchRequest, buildId, previouslyRevalidatedTags, nonce }) {
+function createWorkStore({ page, renderOpts, isPrefetchRequest, buildId, deploymentId, previouslyRevalidatedTags, nonce }) {
     /**
    * Rules of Static & Dynamic HTML:
    *
@@ -49,6 +49,7 @@ function createWorkStore({ page, renderOpts, isPrefetchRequest, buildId, previou
         isDraftMode: renderOpts.isDraftMode,
         isPrefetchRequest,
         buildId,
+        deploymentId,
         reactLoadableManifest: (renderOpts == null ? void 0 : renderOpts.reactLoadableManifest) || {},
         assetPrefix: (renderOpts == null ? void 0 : renderOpts.assetPrefix) || '',
         nonce,

package/.next/standalone/node_modules/next/dist/server/base-server.js

@@ -25,6 +25,7 @@ const _utils = require("../shared/lib/utils");
 const _path = /*#__PURE__*/ _interop_require_wildcard(require("path"));
 const _url = require("url");
 const _formathostname = require("./lib/format-hostname");
+const _isrscrequest = require("./lib/is-rsc-request");
 const _constants = require("../shared/lib/constants");
 const _utils1 = require("../shared/lib/router/utils");
 const _utils2 = require("./utils");
@@ -76,11 +77,11 @@ const _streamingmetadata = require("./lib/streaming-metadata");
 const _decodequerypathparameter = require("./lib/decode-query-path-parameter");
 const _nofallbackerrorexternal = require("../shared/lib/no-fallback-error.external");
 const _fixmojibake = require("./lib/fix-mojibake");
-const _cachebustingsearchparam = require("../shared/lib/router/utils/cache-busting-search-param");
 const _setcachebustingsearchparam = require("../client/components/router-reducer/set-cache-busting-search-param");
 const _fallbackparams = require("./request/fallback-params");
 const _routekind = require("./route-kind");
 const _postponedrequestbody = require("./lib/postponed-request-body");
+const _cachebustingsearchparam = require("../shared/lib/router/utils/cache-busting-search-param");
 function _interop_require_default(obj) {
     return obj && obj.__esModule ? obj : {
         default: obj
@@ -171,7 +172,7 @@ class Server {
                 // request path for flight information.
                 (0, _stripflightheaders.stripFlightHeaders)(req.headers);
                 return false;
-            } else if (req.headers[_approuterheaders.RSC_HEADER] === '1') {
+            } else if ((0, _isrscrequest.isRSCRequestHeader)(req.headers[_approuterheaders.RSC_HEADER])) {
                 (0, _requestmeta.addRequestMeta)(req, 'isRSCRequest', true);
                 if (req.headers[_approuterheaders.NEXT_ROUTER_PREFETCH_HEADER] === '1') {
                     (0, _requestmeta.addRequestMeta)(req, 'isPrefetchRSCRequest', true);
@@ -1208,12 +1209,19 @@ class Server {
             // This should only happen for static prefetches, so we only handle those here.
             (0, _requestmeta.getRequestMeta)(req, 'isPrefetchRSCRequest') ? '1' : undefined;
             const segmentPrefetchRSCRequest = headers[_approuterheaders.NEXT_ROUTER_SEGMENT_PREFETCH_HEADER] || (0, _requestmeta.getRequestMeta)(req, 'segmentPrefetchRSCRequest');
-            const expectedHash = (0, _cachebustingsearchparam.computeCacheBustingSearchParam)(routerPrefetch, segmentPrefetchRSCRequest, headers[_approuterheaders.NEXT_ROUTER_STATE_TREE_HEADER], headers[_approuterheaders.NEXT_URL]);
+            const expectedHash = await (0, _cachebustingsearchparam.computeCacheBustingSearchParam)(routerPrefetch, segmentPrefetchRSCRequest, headers[_approuterheaders.NEXT_ROUTER_STATE_TREE_HEADER], headers[_approuterheaders.NEXT_URL]);
             const actualHash = (0, _requestmeta.getRequestMeta)(req, 'cacheBustingSearchParam') ?? new URL(req.url || '', 'http://localhost').searchParams.get(_approuterheaders.NEXT_RSC_UNION_QUERY);
-            if (expectedHash !== actualHash) {
+            let matchesHash = expectedHash === actualHash;
+            if (!matchesHash && actualHash !== null) {
+                // We'll fallback to checking the legacy hash format to support clients that do not have a secure context
+                matchesHash = (0, _cachebustingsearchparam.computeLegacyCacheBustingSearchParam)(routerPrefetch, segmentPrefetchRSCRequest, headers[_approuterheaders.NEXT_ROUTER_STATE_TREE_HEADER], headers[_approuterheaders.NEXT_URL]) === actualHash;
+            }
+            if (!matchesHash) {
                 // The hash sent by the client does not match the expected value.
                 // Redirect to the URL with the correct cache-busting search param.
                 // This prevents cache poisoning attacks on CDNs that don't respect Vary headers.
+                // We continue to accept the legacy short hash for clients that still
+                // generate the 5-character `_rsc` form.
                 // Note: When no headers are present, expectedHash is empty string and client
                 // must send `_rsc` param, otherwise actualHash is null and hash check fails.
                 const url = new URL(req.url || '', 'http://localhost');
@@ -1278,7 +1286,7 @@ class Server {
         // page load) in the Instant Navigation Testing API. Only applies to
         // document requests (no RSC header) - RSC requests should proceed normally
         // even during a locked scope, with blocking happening on the client side.
-        const hasInstantTestCookie = exposeTestingApi && req.headers[_approuterheaders.RSC_HEADER] === undefined && typeof req.headers.cookie === 'string' && req.headers.cookie.includes(_approuterheaders.NEXT_INSTANT_TEST_COOKIE + '=') && couldSupportPPR;
+        const hasInstantTestCookie = exposeTestingApi && !(0, _isrscrequest.isRSCRequestHeader)(req.headers[_approuterheaders.RSC_HEADER]) && typeof req.headers.cookie === 'string' && req.headers.cookie.includes(_approuterheaders.NEXT_INSTANT_TEST_COOKIE + '=') && couldSupportPPR;
         // This page supports PPR if it is marked as being `PARTIALLY_STATIC` in the
         // prerender manifest and this is an app page.
         const isRoutePPREnabled = couldSupportPPR && (((_this = prerenderManifest.routes[pathname] ?? prerenderManifest.dynamicRoutes[pathname]) == null ? void 0 : _this.renderingMode) === 'PARTIALLY_STATIC' || // Ideally we'd want to check the appConfig to see if this page has PPR

package/.next/standalone/node_modules/next/dist/server/config.js

@@ -1106,7 +1106,7 @@ async function applyModifyConfig(config, phase, silent) {
             }
             config = await adapterMod.modifyConfig(config, {
                 phase,
-                nextVersion: "16.2.4"
+                nextVersion: "16.2.6"
             });
         }
     }

package/.next/standalone/node_modules/next/dist/server/dev/hot-reloader-turbopack.js

@@ -240,7 +240,7 @@ async function createHotReloaderTurbopack(opts, serverFields, distDir, resetFetc
     }
     const hasRewrites = opts.fsChecker.rewrites.afterFiles.length > 0 || opts.fsChecker.rewrites.beforeFiles.length > 0 || opts.fsChecker.rewrites.fallback.length > 0;
     const hotReloaderSpan = (0, _trace.trace)('hot-reloader', undefined, {
-        version: "16.2.4"
+        version: "16.2.6"
     });
     // Ensure the hotReloaderSpan is flushed immediately as it's the parentSpan for all processing
     // of the current `next dev` invocation.
@@ -294,7 +294,7 @@ async function createHotReloaderTurbopack(opts, serverFields, distDir, resetFetc
         writeRoutesHashesManifest: false,
         currentNodeJsVersion,
         isPersistentCachingEnabled: (0, _utils2.isFileSystemCacheEnabledForDev)(opts.nextConfig),
-        nextVersion: "16.2.4",
+        nextVersion: "16.2.6",
         serverHmr: serverFastRefresh
     }, {
         memoryLimit: (_opts_nextConfig_experimental = opts.nextConfig.experimental) == null ? void 0 : _opts_nextConfig_experimental.turbopackMemoryLimit,

package/.next/standalone/node_modules/next/dist/server/dev/hot-reloader-webpack.js

@@ -234,7 +234,7 @@ class HotReloaderWebpack {
         this.previewProps = previewProps;
         this.rewrites = rewrites;
         this.hotReloaderSpan = (0, _trace.trace)('hot-reloader', undefined, {
-            version: "16.2.4"
+            version: "16.2.6"
         });
         // Ensure the hotReloaderSpan is flushed immediately as it's the parentSpan for all processing
         // of the current `next dev` invocation.

package/.next/standalone/node_modules/next/dist/server/dev/static-paths-worker.js

@@ -21,7 +21,7 @@ const _app = require("../../build/static-paths/app");
 const _pages = require("../../build/static-paths/pages");
 const _createincrementalcache = require("../../export/helpers/create-incremental-cache");
 const _app1 = require("../../shared/lib/router/routes/app");
-async function loadStaticPaths({ dir, distDir, pathname, config, httpAgentOptions, locales, defaultLocale, isAppPath, page, isrFlushToDisk, fetchCacheKeyPrefix, cacheMaxMemorySize, requestHeaders, cacheHandler, cacheHandlers, cacheLifeProfiles, nextConfigOutput, buildId, authInterrupts, sriEnabled }) {
+async function loadStaticPaths({ dir, distDir, pathname, config, httpAgentOptions, locales, defaultLocale, isAppPath, page, isrFlushToDisk, fetchCacheKeyPrefix, cacheMaxMemorySize, requestHeaders, cacheHandler, cacheHandlers, cacheLifeProfiles, nextConfigOutput, buildId, deploymentId, authInterrupts, sriEnabled }) {
     // this needs to be initialized before loadComponents otherwise
     // "use cache" could be missing it's cache handlers
     await (0, _createincrementalcache.createIncrementalCache)({
@@ -80,6 +80,7 @@ async function loadStaticPaths({ dir, distDir, pathname, config, httpAgentOption
             isRoutePPREnabled,
             partialFallbacksEnabled: config.partialFallbacks,
             buildId,
+            deploymentId,
             authInterrupts,
             rootParamKeys
         });

package/.next/standalone/node_modules/next/dist/server/image-optimizer.js

@@ -1010,14 +1010,15 @@ async function fetchExternalImage(href, dangerouslyAllowLocalIP, maximumResponse
         etag
     };
 }
-async function fetchInternalImage(href, _req, _res, handleRequest) {
+async function fetchInternalImage(href, _req, _res, maximumResponseBody, handleRequest) {
     try {
         // Coerce HEAD to GET to avoid issues with the image optimizer
         const method = !_req.method || _req.method === 'HEAD' ? 'GET' : _req.method;
         const mocked = (0, _mockrequest.createRequestResponseMocks)({
             url: href,
             method,
-            socket: _req.socket
+            socket: _req.socket,
+            maximumResponseBody
         });
         await handleRequest(mocked.req, mocked.res, _url.default.parse(href, true));
         await mocked.res.hasStreamed;
@@ -1029,6 +1030,14 @@ async function fetchInternalImage(href, _req, _res, handleRequest) {
                 configurable: true
             });
         }
+        if (mocked.res.buffers.length === 0) {
+            _log.error('internal image response is empty for', href);
+            throw Object.defineProperty(new ImageError(400, '"url" parameter is valid but internal response is invalid'), "__NEXT_ERROR_CODE", {
+                value: "E394",
+                enumerable: false,
+                configurable: true
+            });
+        }
         const buffer = Buffer.concat(mocked.res.buffers);
         const contentType = mocked.res.getHeader('Content-Type');
         const cacheControl = mocked.res.getHeader('Cache-Control');
@@ -1040,6 +1049,17 @@ async function fetchInternalImage(href, _req, _res, handleRequest) {
             etag
         };
     } catch (err) {
+        if (err instanceof ImageError) {
+            throw err;
+        }
+        if (err && typeof err === 'object' && 'code' in err && err.code === 'ERR_MAX_BODY_SIZE_EXCEEDED') {
+            _log.error('internal image response exceeded maximum size for', href);
+            throw Object.defineProperty(new ImageError(413, '"url" parameter is valid but internal response is invalid'), "__NEXT_ERROR_CODE", {
+                value: "E394",
+                enumerable: false,
+                configurable: true
+            });
+        }
         _log.error('upstream image response failed for', href, err);
         throw Object.defineProperty(new ImageError(500, '"url" parameter is valid but upstream response is invalid'), "__NEXT_ERROR_CODE", {
             value: "E394",

package/.next/standalone/node_modules/next/dist/server/lib/app-info-log.js

@@ -85,7 +85,7 @@ function logStartInfo({ networkUrl, appUrl, envInfo, logBundler }) {
     if (parts.length > 0) {
         versionSuffix = ` (${parts.join(', ')})`;
     }
-    _log.bootstrap(`${(0, _picocolors.bold)((0, _picocolors.purple)(`${_log.prefixes.ready} Next.js ${"16.2.4"}`))}${versionSuffix}`);
+    _log.bootstrap(`${(0, _picocolors.bold)((0, _picocolors.purple)(`${_log.prefixes.ready} Next.js ${"16.2.6"}`))}${versionSuffix}`);
     if (appUrl) {
         _log.bootstrap(`- Local:         ${appUrl}`);
     }

package/.next/standalone/node_modules/next/dist/server/lib/is-rsc-request.js

@@ -0,0 +1,18 @@
+/**
+ * Normalizes the raw RSC header value. Only the literal string "1" is treated
+ * as a valid RSC request marker; malformed or repeated values are ignored.
+ */ "use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "isRSCRequestHeader", {
+    enumerable: true,
+    get: function() {
+        return isRSCRequestHeader;
+    }
+});
+function isRSCRequestHeader(value) {
+    return value === '1';
+}
+
+//# sourceMappingURL=is-rsc-request.js.map