Bumps [next](https://github.com/vercel/next.js) from 16.1.7 to 16.2.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v16.2.3</h2>
<blockquote>
<p>[!NOTE]
This release is backporting security and bug fixes. For more information
about the fixed security vulnerability, please see <a
href="https://vercel.com/changelog/summary-of-cve-2026-23869">https://vercel.com/changelog/summary-of-cve-2026-23869</a>.
The release does <strong>not</strong> include all pending
features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Ensure app-page reports stale ISR revalidation errors via
onRequestError (<a
href="https://redirect.github.com/vercel/next.js/issues/92282">#92282</a>)</li>
<li>Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (<a
href="https://redirect.github.com/vercel/next.js/issues/91981">#91981</a>
through <a
href="https://redirect.github.com/vercel/next.js/issues/92273">#92273</a>)</li>
<li>Deduplicate output assets and detect content conflicts on emit (<a
href="https://redirect.github.com/vercel/next.js/issues/92292">#92292</a>)</li>
<li>Fix styled-jsx race condition: styles lost due to concurrent
rendering (<a
href="https://redirect.github.com/vercel/next.js/issues/92459">#92459</a>)</li>
<li>turbo-tasks-backend: stability fixes for task cancellation and error
handling (<a
href="https://redirect.github.com/vercel/next.js/issues/92254">#92254</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/icyJoseph"><code>@​icyJoseph</code></a>, <a
href="https://github.com/sokra"><code>@​sokra</code></a>, <a
href="https://github.com/wbinnssmith"><code>@​wbinnssmith</code></a>, <a
href="https://github.com/eps1lon"><code>@​eps1lon</code></a> and <a
href="https://github.com/ztanner"><code>@​ztanner</code></a> for
helping!</p>
<h2>v16.2.2</h2>
<blockquote>
<p>[!NOTE]
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>backport: Move expanded adapters docs to API reference (<a
href="https://redirect.github.com/vercel/next.js/issues/92115">#92115</a>)
(<a
href="https://redirect.github.com/vercel/next.js/issues/92129">#92129</a>)</li>
<li>Backport: TypeScript v6 deprecations for baseUrl and
moduleResolution (<a
href="https://redirect.github.com/vercel/next.js/issues/92130">#92130</a>)</li>
<li>[create-next-app] Skip interactive prompts when CLI flags are
provided (<a
href="https://redirect.github.com/vercel/next.js/issues/91840">#91840</a>)</li>
<li>next.config.js: Accept an option for serverFastRefresh (<a
href="https://redirect.github.com/vercel/next.js/issues/91968">#91968</a>)</li>
<li>Turbopack: enable server HMR for app route handlers (<a
href="https://redirect.github.com/vercel/next.js/issues/91466">#91466</a>)</li>
<li>Turbopack: exclude metadata routes from server HMR (<a
href="https://redirect.github.com/vercel/next.js/issues/92034">#92034</a>)</li>
<li>Fix CI for glibc linux builds</li>
<li>Backport: disable bmi2 in qfilter <a
href="https://redirect.github.com/vercel/next.js/issues/92177">#92177</a></li>
<li>[backport] Fix CSS HMR on Safari (<a
href="https://redirect.github.com/vercel/next.js/issues/92174">#92174</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/nextjs-bot"><code>@​nextjs-bot</code></a>, <a
href="https://github.com/icyJoseph"><code>@​icyJoseph</code></a>, <a
href="https://github.com/ijjk"><code>@​ijjk</code></a>, <a
href="https://github.com/gaojude"><code>@​gaojude</code></a>, <a
href="https://github.com/wbinnssmith"><code>@​wbinnssmith</code></a>, <a
href="https://github.com/lukesandberg"><code>@​lukesandberg</code></a>,
and <a href="https://github.com/bgw"><code>@​bgw</code></a> for
helping!</p>
<h2>v16.2.1</h2>
<blockquote>
<p>[!NOTE]
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>docs: post release amends (<a
href="https://redirect.github.com/vercel/next.js/issues/91715">#91715</a>)</li>
<li>docs: fix broken Activity Patterns demo link in preserving UI state
guide (<a
href="https://redirect.github.com/vercel/next.js/issues/91698">#91698</a>)</li>
<li>Fix adapter outputs for dynamic metadata routes (<a
href="https://redirect.github.com/vercel/next.js/issues/91680">#91680</a>)</li>
<li>Turbopack: fix webpack loader runner layer (<a
href="https://redirect.github.com/vercel/next.js/issues/91727">#91727</a>)</li>
<li>Fix server actions in standalone mode with
<code>cacheComponents</code> (<a
href="https://redirect.github.com/vercel/next.js/issues/91711">#91711</a>)</li>
<li>turbo-persistence: remove Unmergeable mmap advice (<a
href="https://redirect.github.com/vercel/next.js/issues/91713">#91713</a>)</li>
<li>Fix layout segment optimization: move app-page imports to
server-utility transition (<a
href="https://redirect.github.com/vercel/next.js/issues/91701">#91701</a>)</li>
<li>Turbopack: lazy require metadata and handle TLA (<a
href="https://redirect.github.com/vercel/next.js/issues/91705">#91705</a>)</li>
<li>[turbopack] Respect <code>{eval:true}</code> in worker_threads
constructors (<a
href="https://redirect.github.com/vercel/next.js/issues/91666">#91666</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vercel/next.js/commit/d5f649b2f4affdad1009cb178c1e3b37f4f1ad3f"><code>d5f649b</code></a>
v16.2.3</li>
<li><a
href="https://github.com/vercel/next.js/commit/28739286a88a83ab2d4e1899bdb4eb4ee7bee9a9"><code>2873928</code></a>
[16.x] Avoid consuming cyclic models multiple times (<a
href="https://redirect.github.com/vercel/next.js/issues/75">#75</a>)</li>
<li><a
href="https://github.com/vercel/next.js/commit/d7c77653602ae2009595cc71eb10f1b8828cc789"><code>d7c7765</code></a>
[backport]: Ensure app-page reports stale ISR revalidation errors via
onReque...</li>
<li><a
href="https://github.com/vercel/next.js/commit/c573e8c4f3208711f52bf3b64f5db238c9164762"><code>c573e8c</code></a>
fix(server-hmr): metadata routes overwrite page runtime HMR handler (<a
href="https://redirect.github.com/vercel/next.js/issues/92273">#92273</a>)</li>
<li><a
href="https://github.com/vercel/next.js/commit/57b8f659060e1d0f202273a9ed9e56d40f1d1a9c"><code>57b8f65</code></a>
next-core: deduplicate output assets and detect content conflicts on
emit (<a
href="https://redirect.github.com/vercel/next.js/issues/9">#9</a>...</li>
<li><a
href="https://github.com/vercel/next.js/commit/f158df18bd926d0c2165ad309bbb561d7e73e74a"><code>f158df1</code></a>
Fix styled-jsx race condition: styles lost due to concurrent rendering
(<a
href="https://redirect.github.com/vercel/next.js/issues/92459">#92459</a>)</li>
<li><a
href="https://github.com/vercel/next.js/commit/356d605b5831ffbe12ce9c9641e5e2e55d203523"><code>356d605</code></a>
turbo-tasks-backend: stability fixes for task cancellation and error
handling...</li>
<li><a
href="https://github.com/vercel/next.js/commit/3b77a6e2670ce81d686111b8e466eec612fa1867"><code>3b77a6e</code></a>
Fix DashMap read-write self-deadlock in task_cache causing hangs (<a
href="https://redirect.github.com/vercel/next.js/issues/92210">#92210</a>)</li>
<li><a
href="https://github.com/vercel/next.js/commit/b2f208ae98645d119a7e3388ab8a407005619dd8"><code>b2f208a</code></a>
Backport: new view-transitions guide, update and fixes (<a
href="https://redirect.github.com/vercel/next.js/issues/92264">#92264</a>)</li>
<li><a
href="https://github.com/vercel/next.js/commit/52faae3d94641584e13691238df5be158d0f00fb"><code>52faae3</code></a>
v16.2.2</li>
<li>Additional commits viewable in <a
href="https://github.com/vercel/next.js/compare/v16.1.7...v16.2.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=16.1.7&new-version=16.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/middleapi/orpc/network/alerts).

</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
  * Updated documentation comments for improved clarity.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

…eturn value (#1535)

## Summary

Adds **partial** support for returning a `ReadableStream<Uint8Array>`
directly from an oRPC handler (OpenAPIHandler only), bypassing JSON
serialization. This enables streaming binary responses (ZIP archives,
large file downloads, chunked transfer) without buffering the full
response in memory.

> **Note:** Full ecosystem support (RPCHandler/Link, OpenAPILink,
WebSocket adapters, etc.) is planned for v2 — see
[#1058](#1058 (comment)).
This PR intentionally does **not** close #1058.

### Stream passthrough

- **`@orpc/standard-server`** — adds `ReadableStream<Uint8Array>` to the
`StandardBody` union type
- **`@orpc/server`** — `StandardRPCCodec.encode()` detects
`ReadableStream` and passes it through without serializing
- **`@orpc/openapi`** — `StandardOpenAPICodec.encode()` detects
`ReadableStream` (both as direct return and inside `{ body: stream,
headers }` detailed output), respects the contract's `successStatus`,
and bypasses serialization
- **`@orpc/standard-server-fetch`** — `toFetchBody()` returns the stream
directly; the `ReadableStream` branch runs before header cleanup so
caller-set `content-type`/`content-disposition` are preserved
- **`@orpc/standard-server-node`** — `toNodeHttpBody()` converts via
`Readable.fromWeb()`; same header-preservation fix
- **`@orpc/standard-server`** — `generateContentDisposition()` gets an
optional `disposition` parameter (defaults to `'inline'`, fully
backward-compatible)

### OpenAPI spec cleanup (fixes #1536)

- **`@orpc/openapi`** — `separateObjectSchema` no longer leaves empty
`properties: {}` / `required: []` on extracted schemas (replaces them
with `undefined`)
- **`@orpc/openapi`** — new `isNeverSchema()` helper identifies `false`
/ `{ not: true }` / `{ not: {} }` schemas; `toOpenAPIContent()` now
skips the spurious `application/json: { schema: { not: {} } }` entry
that used to appear alongside binary content (e.g. when using
`oz.openapi(z.instanceof(ReadableStream), { contentMediaType:
'application/zip' })`)
- **`@orpc/openapi`** — generator skips emitting an empty `requestBody`
for POST routes whose input consists only of path parameters

Tests added for all new paths including header preservation,
detailed-output streaming, never-schema detection, and the
empty-requestBody case.

## Backward compatibility

This is a non-breaking change.

- Previously, returning a `ReadableStream` from a handler would result
in it being serialized as `{}` (or a runtime error), which is not useful
behaviour anyone would rely on.
- `generateContentDisposition()`'s new `disposition` parameter defaults
to `'inline'`, preserving existing output.
- The OpenAPI spec cleanups only suppress output that was previously
noise (empty bodies, `not: {}` alongside real content).

Existing handlers and generated specs are unaffected.

## Motivation

We are migrating a service from Hapi.js to Hono + oRPC. One endpoint
streams a ZIP archive on-the-fly using `archiver` — the archive must be
piped directly to the response. All existing workarounds (returning `new
Response(stream)`, `oz.blob()`, casting) either fail at runtime or
require bypassing oRPC entirely, losing auth middleware and
client-library support.

Relates to #1058 (partial — OpenAPIHandler only)
Closes #1536

## Test plan

- [ ] `pnpm --filter @orpc/standard-server test`
- [ ] `pnpm --filter @orpc/server test`
- [ ] `pnpm --filter @orpc/openapi test`
- [ ] `pnpm --filter @orpc/standard-server-fetch test`
- [ ] `pnpm --filter @orpc/standard-server-node test`

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Sonnet 4.6 <[email protected]>
Co-authored-by: Dinh Le <[email protected]>