From c99a24e61855e032d6af1fcff3f033ea38a5a26f Mon Sep 17 00:00:00 2001 From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com> Date: Wed, 29 Oct 2025 14:04:54 +0000 Subject: [PATCH] fix: next/package.json & next/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXTAUTH-13744118 --- next/package-lock.json | 61 +++++++++++++++++++++++------------------- next/package.json | 2 +- 2 files changed, 35 insertions(+), 28 deletions(-) diff --git a/next/package-lock.json b/next/package-lock.json index 0dbee71f56..2777c6385d 100644 --- a/next/package-lock.json +++ b/next/package-lock.json @@ -39,7 +39,7 @@ "i18next": "^22.4.15", "lodash": "^4.17.21", "next": "^13.5.6", - "next-auth": "4.20.1", + "next-auth": "^4.24.12", "next-i18next": "^13.2.2", "nextjs-google-analytics": "^2.3.3", "openai": "^4.14.2", @@ -6153,9 +6153,10 @@ "dev": true }, "node_modules/cookie": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz", - "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==", + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", + "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", + "license": "MIT", "engines": { "node": ">= 0.6" } @@ -10096,9 +10097,10 @@ } }, "node_modules/jose": { - "version": "4.14.1", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.14.1.tgz", - "integrity": "sha512-SgjXLpP7jhQkUNKL6RpowoR/IF4QKE+WjLDMpNnh2vmhiFs67NftrNpvFtgbwpvRdtueFliahYYWz9E+XZZQlg==", + "version": "4.15.9", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.9.tgz", + "integrity": "sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==", + "license": "MIT", "funding": { "url": "https://github.com/sponsors/panva" } @@ -11715,14 +11717,15 @@ } }, "node_modules/next-auth": { - "version": "4.20.1", - "resolved": "https://registry.npmjs.org/next-auth/-/next-auth-4.20.1.tgz", - "integrity": "sha512-ZcTUN4qzzZ/zJYgOW0hMXccpheWtAol8QOMdMts+LYRcsPGsqf2hEityyaKyECQVw1cWInb9dF3wYwI5GZdEmQ==", + "version": "4.24.12", + "resolved": "https://registry.npmjs.org/next-auth/-/next-auth-4.24.12.tgz", + "integrity": "sha512-wooJAL5Md9Fn2UwUI2qN9TY/+k8HJGRyi3TdSt/xHfDTtdpPxDqmo4v8hUrKGb+d66FB/rYy9RutA/9EeJrK0Q==", + "license": "ISC", "dependencies": { "@babel/runtime": "^7.20.13", "@panva/hkdf": "^1.0.2", - "cookie": "^0.5.0", - "jose": "^4.11.4", + "cookie": "^0.7.0", + "jose": "^4.15.5", "oauth": "^0.9.15", "openid-client": "^5.4.0", "preact": "^10.6.3", @@ -11730,12 +11733,16 @@ "uuid": "^8.3.2" }, "peerDependencies": { - "next": "^12.2.5 || ^13", - "nodemailer": "^6.6.5", - "react": "^17.0.2 || ^18", - "react-dom": "^17.0.2 || ^18" + "@auth/core": "0.34.2", + "next": "^12.2.5 || ^13 || ^14 || ^15 || ^16", + "nodemailer": "^7.0.7", + "react": "^17.0.2 || ^18 || ^19", + "react-dom": "^17.0.2 || ^18 || ^19" }, "peerDependenciesMeta": { + "@auth/core": { + "optional": true + }, "nodemailer": { "optional": true } @@ -19350,9 +19357,9 @@ "dev": true }, "cookie": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz", - "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==" + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", + "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==" }, "cookies-next": { "version": "2.1.2", @@ -22257,9 +22264,9 @@ "integrity": "sha512-QAdOptna2NYiSSpv0O/BwoHBSmz4YhpzJHyi+fnMRTXFjp7B8i/YG5Z8IfusxB1ufjcD2Sre1F3R+nX3fvy7gg==" }, "jose": { - "version": "4.14.1", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.14.1.tgz", - "integrity": "sha512-SgjXLpP7jhQkUNKL6RpowoR/IF4QKE+WjLDMpNnh2vmhiFs67NftrNpvFtgbwpvRdtueFliahYYWz9E+XZZQlg==" + "version": "4.15.9", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.9.tgz", + "integrity": "sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==" }, "js-tokens": { "version": "4.0.0", @@ -23351,14 +23358,14 @@ } }, "next-auth": { - "version": "4.20.1", - "resolved": "https://registry.npmjs.org/next-auth/-/next-auth-4.20.1.tgz", - "integrity": "sha512-ZcTUN4qzzZ/zJYgOW0hMXccpheWtAol8QOMdMts+LYRcsPGsqf2hEityyaKyECQVw1cWInb9dF3wYwI5GZdEmQ==", + "version": "4.24.12", + "resolved": "https://registry.npmjs.org/next-auth/-/next-auth-4.24.12.tgz", + "integrity": "sha512-wooJAL5Md9Fn2UwUI2qN9TY/+k8HJGRyi3TdSt/xHfDTtdpPxDqmo4v8hUrKGb+d66FB/rYy9RutA/9EeJrK0Q==", "requires": { "@babel/runtime": "^7.20.13", "@panva/hkdf": "^1.0.2", - "cookie": "^0.5.0", - "jose": "^4.11.4", + "cookie": "^0.7.0", + "jose": "^4.15.5", "oauth": "^0.9.15", "openid-client": "^5.4.0", "preact": "^10.6.3", diff --git a/next/package.json b/next/package.json index 09e38d5eec..65888d4eef 100644 --- a/next/package.json +++ b/next/package.json @@ -45,7 +45,7 @@ "i18next": "^22.4.15", "lodash": "^4.17.21", "next": "^13.5.6", - "next-auth": "4.20.1", + "next-auth": "4.24.12", "next-i18next": "^13.2.2", "nextjs-google-analytics": "^2.3.3", "openai": "^4.14.2",