Release Notes Released on 2026-05-10. Bug fixes Include data files in editable builds (#19312) Respect --require-hashes when installing from pylock.toml files (#19334) Python Add CPython 3.14.5 Install uv 0.11.13 Install prebuilt binaries via shell script sh curl --proto '=https' --tlsv1.2 -LsSf https://releases.ast...
Misc Changes Proof of concept: task eviction after snapshot for turbo-tasks-backend: #91790 Credits Huge thanks to @lukesandberg for helping!
Core Changes Remove redundant instant navigation prefetch header: #93713 Instant Insights: Favor reporting errors from all potential navigations over reporting a failed attempt to validate when a slot is missing: #93714 Misc Changes CI speed improvements: #93411 Credits Huge thanks to @acdlite, @gnoff, and @timneutk...
Core Changes Stabilize unstableio: #93621 Use Next.js version as Turbopack persistent cache versioning key: #93605 feat(turbopack): add chunkLoadingGlobal config option: #93488 fix(devtools): render nested error messages with HotlinkedText: #93620 Fix: Improved rewrite detection during optimistic routing: #93619 Fix...
Release Notes Released on 2026-05-08. Python Add CPython 3.15.0b1 Enhancements Add --no-editable support to uv pip install (#19306) Require git refs in URLs to be percent-encoded (#19320) Bug fixes Respect --no-dev over UVDEV=1 (#19313) Don't suggest non-existent --no-frozen flag (#19290) (#19294) Documentation Fix...
Core Changes Hold cacheSignal across unstablecache foreground revalidation: #93617 Encode non-ASCII characters in cache tags at construction: #93601 Credits Huge thanks to @unstubbable for helping!
Core Changes [devtools] Force ANSI colors on overlay code frames regardless of TTY: #93550 Turbopack: Match proxy matchers with webpack implementation: #93594 Track searchParams access through a Proxy to catch missing-key reads: #93549 Cherry-pick ghsa commits to canary: #93614 Misc Changes docs: escape literal trip...
This release contains security fixes for the following advisories: High: GHSA-8h8q-6873-q5fj: Denial of Service with Server Components GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via se...
[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary. Security Fixes The following advisories have been addressed: High: GHSA-8h8q-6873-q5fj: Denial of Service with Server Components GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Rou...
Notable Changes Experimental node:ffi module Node.js now includes an experimental node:ffi module for loading dynamic libraries and calling native symbols from JavaScript. The API is gated behind the --experimental-ffi flag and, when the Permission Model is enabled, requires --allow-ffi. This API is inherently unsaf...
Misc Changes perf(ecmascript): shrink JsValue 64→32 bytes: #93106 Order loader tree imports by tree depth: #93537 Turbopack: more strict vergen setup: #93541 Credits Huge thanks to @mmastrac, @sokra, and @mischnic for helping!
Core Changes Disable instant validations in draft mode: #93472 Misc Changes Drop ReferencedAsset::fromresolveresult as a turbotask: #93297 Turbopack: Cache effect errors, replace the writelock Mutex with a lazily created Notify instance: #93476 Credits Huge thanks to @samselikoff, @lukesandberg, and @bgw for helping!
Release Notes Released on 2026-05-06. Bug fixes Accept legacy ID format from pre-0.11.9 cache entries (#19301) Install uv 0.11.11 Install prebuilt binaries via shell script sh curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.11/uv-installer.sh | sh Install prebuilt bi...
Core Changes Refactor: Decouple request store creation from req / res: #93499 Detect 'use cache' module-scope deadlocks early in dev: #93500 Bundle the 'use cache' deadlock probe worker: #93538 Support configuring a default instant validation level : #93301 Upgrade React from f4e0d4ed-20260429 to dd453071-20260506:...
[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary. Security Fixes The following advisories have been addressed: High: GHSA-8h8q-6873-q5fj: Denial of Service with Server Components GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Rou...
This release contains security fixes for the following advisories: High: GHSA-8h8q-6873-q5fj: Denial of Service with Server Components GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications...
Core Changes Fix dev mode reload and error on back navigation between Next.js pages: #93486 Fix double-encoding of URL pathname parts in client param parsing: #93491 Don't suppress usage of deprecated TypeScript compilerOptions: #93377 Misc Changes [ci] Move Turbopack, Rspack and font data workflows off of RELEASEBO...
Release Notes Released on 2026-05-05. Bug fixes Allow pre-release Python requests with non-zero patch versions (#19286) Install uv 0.11.10 Install prebuilt binaries via shell script sh curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.10/uv-installer.sh | sh Install pr...
We're excited to announce the release of Node.js 26! Highlights include the Temporal API enabled by default, updates to the V8 JavaScript engine to 14.6, Undici to 8.0, and several important deprecations and removals as we continue to modernize the platform. As a reminder, Node.js 26 will enter long-term support (LT...
Release Notes Released on 2026-05-04. Note due to a timeout publishing to crates.io, the GitHub portion of this release was published manually by a maintainer using the artifacts built in CI. Consequently, GitHub attestations will not be available. Additionally, this release will not be fully published to crates.io....
Core Changes Upgrade React from da9325b5-20260417 to f4e0d4ed-20260429: #93457 Bump @vercel/ncc: #93459 Include deployment id in cacheHandlers keys: #93453 fix(next/image): Improve error message for private IP (SSRF) rejections: #91686 Misc Changes Upgrade to swc 65: #93325 [test] Ensure target page is compiled befo...
Misc Changes Drop oncecell from all direct crate deps: #93095 Replace Lazy static lookups with phf::Map: #93096 Credits Huge thanks to @mmastrac for helping!
Core Changes Revert "Revert "Node.js streams: Add forkpoint for prerenderToStream"": #93376 Fix streaming in draft mode for cache components: #93417 Misc Changes trace-server: shrinktofit LazySortedVec after sorting: #93361 feat(metadata): support non-standard directives in robots.ts via other: #93206 [turbo-trace-s...
Misc Changes [test] Preserve Playwright traces on every failure: #93366 [ci] Add support for private preview builds: #93375 Fix deploy tests crashing under AI coding assistants: #93394 Remove leftover Turbopack manifests: #93398 [ci]: remove PR creation from deploy test workflow: #93400 Credits Huge thanks to @eps1l...
Core Changes Honor the route-level expire value with blocking revalidation: #93211 Turbopack: add experimental.turbopackWorkerAssetPrefix to keep Workers same-origin when assetPrefix is a CDN: #93271 chore: bump postcss to 8.5.10: #93288 Enable server HMR for metadata routes (manifest.ts, robots.ts, etc.): #93110 [n...