Skip to content

chore(deps): bump the npm_and_yarn group across 4 directories with 3 updates#138

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/benches/comparison_servers/nextjs_api/npm_and_yarn-f186c89812
Open

chore(deps): bump the npm_and_yarn group across 4 directories with 3 updates#138
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/benches/comparison_servers/nextjs_api/npm_and_yarn-f186c89812

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Feb 19, 2026

Bumps the npm_and_yarn group with 1 update in the /benches/comparison_servers/nextjs_api directory: next.
Bumps the npm_and_yarn group with 2 updates in the /benchmarks/comparison directory: fastify and qs.
Bumps the npm_and_yarn group with 1 update in the /benchmarks/comparison/nestjs_express directory: qs.
Bumps the npm_and_yarn group with 1 update in the /benchmarks/comparison/nestjs_fastify directory: fastify.

Updates next from 14.2.35 to 16.1.6

Release notes

Sourced from next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Upgrade to swc 54 (#88207)
  • implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
  • tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @​mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Fix linked list bug in LRU deleteFromLru (#88652)
  • Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @​acdlite and @​ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

... (truncated)

Commits

Updates fastify from 5.6.2 to 5.7.3

Release notes

Sourced from fastify's releases.

v5.7.3

⚠️ Security Release

What's Changed

Full Changelog: fastify/fastify@v5.7.2...v5.7.3

v5.7.2

⚠️ Notice ⚠️

Parsing of the content-type header has been improved to a strict parser in PR #6414. This means only header values in the form described in RFC 9110 are accepted.

What's Changed

New Contributors

Full Changelog: fastify/fastify@v5.7.1...v5.7.2

v5.7.1

What's Changed

Full Changelog: fastify/fastify@v5.7.0...v5.7.1

v5.7.0

What's Changed

... (truncated)

Commits

Updates qs from 6.14.1 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

  • [New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)
  • [Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

  • [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
  • [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
  • [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
  • [Fix] parse: enforce arrayLimit on comma-parsed values
  • [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
  • [Robustness] avoid .push, use void
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [meta] fix changelog typo (arrayLengtharrayLimit)
  • [actions] fix rebase workflow permissions
Commits
  • d9b4c66 v6.15.0
  • cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
  • 88e1563 [Fix] duplicates option should not apply to bracket notation keys
  • 9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
  • 85cc8ca v6.12.5
  • ffc12aa v6.11.4
  • 0506b11 [actions] update reusable workflows
  • 6a37faf [actions] update reusable workflows
  • 8e8df5a [Fix] fix regressions from robustness refactor
  • d60bab3 v6.10.7
  • Additional commits viewable in compare view

Updates qs from 6.14.1 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

  • [New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)
  • [Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

  • [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
  • [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
  • [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
  • [Fix] parse: enforce arrayLimit on comma-parsed values
  • [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
  • [Robustness] avoid .push, use void
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [meta] fix changelog typo (arrayLengtharrayLimit)
  • [actions] fix rebase workflow permissions
Commits
  • d9b4c66 v6.15.0
  • cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
  • 88e1563 [Fix] duplicates option should not apply to bracket notation keys
  • 9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
  • 85cc8ca v6.12.5
  • ffc12aa v6.11.4
  • 0506b11 [actions] update reusable workflows
  • 6a37faf [actions] update reusable workflows
  • 8e8df5a [Fix] fix regressions from robustness refactor
  • d60bab3 v6.10.7
  • Additional commits viewable in compare view

Updates fastify from 5.6.2 to 5.7.4

Release notes

Sourced from fastify's releases.

v5.7.3

⚠️ Security Release

What's Changed

Full Changelog: fastify/fastify@v5.7.2...v5.7.3

v5.7.2

⚠️ Notice ⚠️

Parsing of the content-type header has been improved to a strict parser in PR #6414. This means only header values in the form described in RFC 9110 are accepted.

What's Changed

New Contributors

Full Changelog: fastify/fastify@v5.7.1...v5.7.2

v5.7.1

What's Changed

Full Changelog: fastify/fastify@v5.7.0...v5.7.1

v5.7.0

What's Changed

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the npm_and_yarn group across 4 directories with 3 …
82c1d03 
…updates

Bumps the npm_and_yarn group with 1 update in the /benches/comparison_servers/nextjs_api directory: [next](https://github.com/vercel/next.js).
Bumps the npm_and_yarn group with 2 updates in the /benchmarks/comparison directory: [fastify](https://github.com/fastify/fastify) and [qs](https://github.com/ljharb/qs).
Bumps the npm_and_yarn group with 1 update in the /benchmarks/comparison/nestjs_express directory: [qs](https://github.com/ljharb/qs).
Bumps the npm_and_yarn group with 1 update in the /benchmarks/comparison/nestjs_fastify directory: [fastify](https://github.com/fastify/fastify).


Updates `next` from 14.2.35 to 16.1.6
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.35...v16.1.6)

Updates `fastify` from 5.6.2 to 5.7.3
- [Release notes](https://github.com/fastify/fastify/releases)
- [Commits](fastify/fastify@v5.6.2...v5.7.3)

Updates `qs` from 6.14.1 to 6.15.0
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.14.1...v6.15.0)

Updates `qs` from 6.14.1 to 6.15.0
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.14.1...v6.15.0)

Updates `fastify` from 5.6.2 to 5.7.4
- [Release notes](https://github.com/fastify/fastify/releases)
- [Commits](fastify/fastify@v5.6.2...v5.7.3)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 16.1.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: fastify
  dependency-version: 5.7.3
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fastify
  dependency-version: 5.7.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies javascript Pull requests that update javascript code labels Feb 19, 2026
@dependabot dependabot bot mentioned this pull request Feb 19, 2026
Closed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 19, 2026

🔥 Flame Graph Report

Generated: 2026-02-19T18:08:21Z
Commit: b525d8b4049920585185ad9d409dcb61430b5458
Branch: 138/merge

Generated Flame Graphs

How to View

  1. Download the SVG artifact below
  2. Open in a browser (they're interactive!)
  3. Click on functions to zoom in
  4. Look for wide bars - those are the hot spots

📥 Download Flame Graphs

Generated for commit b525d8b

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 19, 2026

📊 Benchmark Results

Benchmark Time Throughput

arena

| | 11.086 ns | - |
| | 6.3713 ns | - |
| | 432.44 ns | - |
| | 366.57 ns | - |
| | 649.76 ns | - |
| | 42.727 ns | - |
| | 640.94 ns | - |
| | 72.959 ns | - |
| | | - |
| | | - |
| | 341.54 ns | - |
| | 40.236 ns | - |
| | | - |
| | | - |
| | | - |
| | | - |
| | 50.598 ns | - |
| | 52.598 ns | - |

body

| | 22.224 ns | - |
| | 59.253 ns | - |
| | 21.915 ns | - |
| | 863.54 ps | - |
| | 47.136 ns | - |
| | 21.951 ns | - |
| | 115.92 ns | - |
| | 87.682 ns | - |
| | 48.381 ns | - |
| | 42.083 ns | - |
| | 52.911 ns | - |
| | 29.657 ns | - |
| | 135.33 ns | - |
| | 864.22 ps | - |
| | 67.628 ns | - |
| | 35.432 ns | - |
| | 121.58 ns | - |
| | 91.472 ns | - |
| | 16.138 ns | - |
| | 16.124 ns | - |
| | 16.219 ns | - |

json

| json_info/library_check | 288.18 ps | - |
| json_serialize/small | 58.308 ns | - |
| json_serialize/medium | 328.12 ns | - |
| json_serialize/large | | - |
| json_deserialize/small | 109.19 ns | - |
| json_deserialize/medium | 982.77 ns | - |
| json_deserialize/large | | - |
| json_roundtrip/small | 177.68 ns | - |
| json_roundtrip/medium | | - |
| json_roundtrip/large | | - |
| http_json/request_parse | | - |
| http_json/response_json | 419.66 ns | - |
| http_json/full_cycle | | - |

routing

| | 36.110 ns | - |
| | 93.686 ns | - |
| | 195.71 ns | - |
| | 195.60 ns | - |
| | 111.99 ns | - |
| | 1.3723 ns | - |
| | 288.24 ps | - |
| | 117.45 ns | - |
| | 307.92 ns | - |
| | | - |
| | 163.33 ns | - |
| | 32.388 ns | - |
| | 208.06 ns | - |
| | | - |
| | 59.667 ns | - |
| | 370.02 ns | - |
| | | - |
| routing/match_first/10 | 96.028 ns | - |
| routing/match_middle/10 | 260.45 ns | - |
| routing/match_last/10 | 260.18 ns | - |
| | 179.54 ns | - |
| routing/match_first/50 | 95.975 ns | - |
| routing/match_middle/50 | 812.39 ns | - |
| routing/match_last/50 | 260.19 ns | - |
| | | - |
| routing/match_first/100 | 95.580 ns | - |
| | 697.21 ns | - |
| routing/match_last/100 | 970.74 ns | - |
| | | - |
| routing/match_first/500 | 95.601 ns | - |
| | 652.51 ns | - |
| routing/match_last/500 | 900.48 ns | - |
| | | - |
| | 288.10 ps | - |
| | 32.865 ns | - |
| | 340.89 ns | - |
| | 149.33 ns | - |
| | 218.64 ns | - |
| | 330.53 ns | - |
| | 16.224 ns | - |
| | 85.360 ns | - |
| | 164.32 ns | - |
| | 187.54 ns | - |
| | 330.98 ns | - |
| | 523.29 ns | - |
| | 940.98 ns | - |
| full_cycle/health_check | 657.09 ns | - |
| | | - |
| | | - |
| | 10.354 ns | - |
| | 10.329 ns | - |
| allocations/vec_small | 8.9989 ns | - |
| allocations/vec_large | 21.291 ns | - |
| | 57.547 ns | - |
| | | - |

security

| jwt/sign | 797.18 ns | - |
| jwt/verify | | - |
| jwt/sign_HS256 | 809.62 ns | - |
| jwt/sign_HS384 | | - |
| jwt/sign_HS512 | | - |

simd_parser

| query_string/small/simd | 188.97 ns | - |
| | 184.28 ns | - |
| | 621.99 ns | - |
| | 940.49 ns | - |
| query_string/large/simd | | - |
| | | - |
| url_decode/plain/simd | 24.664 ns | - |
| url_decode/encoded/simd | 64.216 ns | - |
| | 86.011 ns | - |
| | 5.4490 ns | - |
| | 14.428 ns | - |
| | 4.3572 ns | - |
| | 10.671 ns | - |
| | 88.041 ns | - |
| | 88.469 ns | - |
| | 108.05 ns | - |
| path_split/short/simd | 36.220 ns | - |
| path_split/medium/simd | 119.19 ns | - |
| path_split/long/simd | 243.87 ns | - |
| | 137.48 ns | - |
| | 428.46 ns | - |

Summary

  • Commit: b525d8b4049920585185ad9d409dcb61430b5458
  • Branch: 138/merge
  • Runner: Linux

Benchmark run triggered by commit b525d8b

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants