Bump the npm_and_yarn group across 2 directories with 2 updates

[dependabot]

Bumps the npm_and_yarn group with 1 update in the /apps/dashboard directory: next.
Bumps the npm_and_yarn group with 1 update in the /apps/backend directory: pm2.

Updates next from 14.2.35 to 16.2.3

Release notes

Sourced from next's releases.

v16.2.3

[!NOTE] This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.

Core Changes

• Ensure app-page reports stale ISR revalidation errors via onRequestError (#92282)
• Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#91981 through #92273)
• Deduplicate output assets and detect content conflicts on emit (#92292)
• Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
• turbo-tasks-backend: stability fixes for task cancellation and error handling (#92254)

Credits

Huge thanks to @​icyJoseph, @​sokra, @​wbinnssmith, @​eps1lon and @​ztanner for helping!

v16.2.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• backport: Move expanded adapters docs to API reference (#92115) (#92129)
• Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
• [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
• next.config.js: Accept an option for serverFastRefresh (#91968)
• Turbopack: enable server HMR for app route handlers (#91466)
• Turbopack: exclude metadata routes from server HMR (#92034)
• Fix CI for glibc linux builds
• Backport: disable bmi2 in qfilter #92177
• [backport] Fix CSS HMR on Safari (#92174)

Credits

Huge thanks to @​nextjs-bot, @​icyJoseph, @​ijjk, @​gaojude, @​wbinnssmith, @​lukesandberg, and @​bgw for helping!

v16.2.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• docs: post release amends (#91715)
• docs: fix broken Activity Patterns demo link in preserving UI state guide (#91698)
• Fix adapter outputs for dynamic metadata routes (#91680)
• Turbopack: fix webpack loader runner layer (#91727)
• Fix server actions in standalone mode with cacheComponents (#91711)
• turbo-persistence: remove Unmergeable mmap advice (#91713)
• Fix layout segment optimization: move app-page imports to server-utility transition (#91701)
• Turbopack: lazy require metadata and handle TLA (#91705)
• [turbopack] Respect {eval:true} in worker_threads constructors (#91666)

... (truncated)

Commits

• d5f649b v16.2.3
• 2873928 [16.x] Avoid consuming cyclic models multiple times (#75)
• d7c7765 [backport]: Ensure app-page reports stale ISR revalidation errors via onReque...
• c573e8c fix(server-hmr): metadata routes overwrite page runtime HMR handler (#92273)
• 57b8f65 next-core: deduplicate output assets and detect content conflicts on emit (#9...
• f158df1 Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
• 356d605 turbo-tasks-backend: stability fixes for task cancellation and error handling...
• 3b77a6e Fix DashMap read-write self-deadlock in task_cache causing hangs (#92210)
• b2f208a Backport: new view-transitions guide, update and fixes (#92264)
• 52faae3 v16.2.2
• Additional commits viewable in compare view

Updates pm2 from 5.4.3 to 6.0.14

Release notes

Sourced from pm2's releases.

v6.0.14

6.0.14

• Fixed version of @​pm2/pm2-version-check #6055
• CVE-2025-64718 Update js-yaml
• replace fs.R_OK with fs.constants.T_OK #6012 #6019

v6.0.13

• fix blessed dep

v6.0.12

• #6037 Drop npm-shrinkwrap in favor of fixed dependencies versions
• #5577 fix pm2 monit crash

v6.0.11

• #6034 replace package-lock.json by npm-shrinkwrap.json
• #5915 fix allowing to update namespaced pm2 NPM module (@​org/module-name)

v6.0.10

• revert #5971 #6031

v6.0.9

6.0.9

• updates all typescript definitions
• upgrade github ci workflows
• upgrade mocha dep and adapt tests
• bump packages
• fix:Potential ReDoS Vulnerability or Inefficient Regular Expression in Project: Need for Assessment and Mitigation #5971

v6.0.8

• fix: package-lock update

v6.0.7

• fix: ansis-node10 Unitech/pm2@99d9224 @
  webdiscus

v6.0.6

• refactor: replace chalk with ansis by @​webdiscus fix #5976 #5247

v6.0.5

6.0.5

• Bun support - Fixes #5893 #5774 #5682 #5675 #5777
• Disable git parsing by default #5909 #2182 #5801 #5051 #5696
• Add WEBP content type for pm2 serve #5900 @​tbo47
• Enable PM2 module update from tarball #5906 @​AYOKINYA
• Fix treekil on FreeBSD #5896 @​skeyby
• fix allowing to update namespaced pm2 NPM module (@​org/module-name) #5915 @​endelendel

Changelog

Sourced from pm2's changelog.

6.0.14

• Fixed version of @​pm2/pm2-version-check #6055
• CVE-2025-64718 Update js-yaml
• replace fs.R_OK with fs.constants.T_OK #6012 #6019

6.0.13

• Fix blessed package import

6.0.12

• #6037 Drop npm-shrinkwrap in favor of fixed dependencies versions
• #5577 fix pm2 monit crash

6.0.11

• #6034 replace package-lock.json by npm-shrinkwrap.json
• #5915 fix allowing to update namespaced pm2 NPM module (@​org/module-name)

6.0.10

• revert #5971 #6031

6.0.9

• updates all typescript definitions
• upgrade github ci workflows
• upgrade mocha dep and adapt tests
• bump packages
• fix:Potential ReDoS Vulnerability or Inefficient Regular Expression in Project: Need for Assessment and Mitigation #5971

6.0.8

• fix: package-lock update

6.0.7

• fix: ansis-node10 Unitech/pm2@99d9224 @​webdiscus

6.0.6

• refactor: replace chalk with smaller alternative by @​webdiscus

6.0.5

• Bun support - Fixes #5893 #5774 #5682 #5675 #5777
• Disable git parsing by default #5909 #2182 #5801 #5051 #5696
• Add WEBP content type for pm2 serve #5900 @​tbo47
• Enable PM2 module update from tarball #5906 @​AYOKINYA

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.