Commit be18dbc
chore(deps): bump the npm_and_yarn group across 5 directories with 6 updates (#781)
* chore(deps): bump the npm_and_yarn group across 5 directories with 6 updates
Bumps the npm_and_yarn group with 3 updates in the /admin directory: [next](https://github.com/vercel/next.js), [protobufjs](https://github.com/protobufjs/protobuf.js) and [protobufjs-cli](https://github.com/protobufjs/protobuf.js).
Bumps the npm_and_yarn group with 1 update in the /lsps1-server/lsps1-http directory: [protobufjs](https://github.com/protobufjs/protobuf.js).
Bumps the npm_and_yarn group with 2 updates in the /mdk-checkout directory: [next](https://github.com/vercel/next.js) and [ws](https://github.com/websockets/ws).
Bumps the npm_and_yarn group with 1 update in the /mdk-checkout/examples/mdk-nextjs-demo directory: [next](https://github.com/vercel/next.js).
Bumps the npm_and_yarn group with 1 update in the /moneydevkit.com directory: [protobufjs](https://github.com/protobufjs/protobuf.js).
Updates `next` from 15.5.15 to 15.5.18
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.5.15...v15.5.18)
Updates `protobufjs` from 7.5.5 to 7.5.8
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.8/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-v7.5.5...protobufjs-v7.5.8)
Updates `protobufjs-cli` from 1.1.3 to 1.2.1
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-cli-v1.1.3...protobufjs-cli-v1.2.1)
Updates `protobufjs` from 7.5.4 to 8.4.0
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.8/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-v7.5.5...protobufjs-v7.5.8)
Updates `next` from 16.2.3 to 16.2.6
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.5.15...v15.5.18)
Updates `ws` from 8.19.0 to 8.20.1
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.19.0...8.20.1)
Updates `kysely` from 0.28.16 to 0.28.17
- [Release notes](https://github.com/kysely-org/kysely/releases)
- [Commits](kysely-org/kysely@v0.28.16...v0.28.17)
Updates `next` from 16.2.3 to 16.2.6
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.5.15...v15.5.18)
Updates `protobufjs` from 7.5.4 to 8.4.0
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.8/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-v7.5.5...protobufjs-v7.5.8)
Updates `better-auth` from 1.4.9 to 1.6.11
- [Release notes](https://github.com/better-auth/better-auth/releases)
- [Changelog](https://github.com/better-auth/better-auth/blob/main/packages/better-auth/CHANGELOG.md)
- [Commits](https://github.com/better-auth/better-auth/commits/better-auth@1.6.11/packages/better-auth)
Updates `ws` from 8.19.0 to 8.20.1
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.19.0...8.20.1)
Updates `kysely` from 0.28.16 to 0.28.17
- [Release notes](https://github.com/kysely-org/kysely/releases)
- [Commits](kysely-org/kysely@v0.28.16...v0.28.17)
---
updated-dependencies:
- dependency-name: next
dependency-version: 15.5.18
dependency-type: direct:production
dependency-group: npm_and_yarn
- dependency-name: protobufjs
dependency-version: 7.5.8
dependency-type: direct:production
dependency-group: npm_and_yarn
- dependency-name: protobufjs-cli
dependency-version: 1.2.1
dependency-type: direct:development
dependency-group: npm_and_yarn
- dependency-name: protobufjs
dependency-version: 8.4.0
dependency-type: indirect
dependency-group: npm_and_yarn
- dependency-name: next
dependency-version: 16.2.6
dependency-type: direct:production
dependency-group: npm_and_yarn
- dependency-name: ws
dependency-version: 8.20.1
dependency-type: direct:production
dependency-group: npm_and_yarn
- dependency-name: kysely
dependency-version: 0.28.17
dependency-type: indirect
dependency-group: npm_and_yarn
- dependency-name: next
dependency-version: 16.2.6
dependency-type: direct:production
dependency-group: npm_and_yarn
- dependency-name: protobufjs
dependency-version: 8.4.0
dependency-type: indirect
dependency-group: npm_and_yarn
- dependency-name: better-auth
dependency-version: 1.6.11
dependency-type: direct:production
dependency-group: npm_and_yarn
- dependency-name: ws
dependency-version: 8.20.1
dependency-type: direct:production
dependency-group: npm_and_yarn
- dependency-name: kysely
dependency-version: 0.28.17
dependency-type: indirect
dependency-group: npm_and_yarn
...
Signed-off-by: dependabot[bot] <support@github.com>
* Sync pnpm.overrides with Dependabot lockfile bumps
The latest Dependabot security-group bump wrote `overrides:` blocks into
moneydevkit.com/pnpm-lock.yaml and lsps1-server/lsps1-http/pnpm-lock.yaml
without adding the matching `pnpm.overrides` to either package.json.
`pnpm install --frozen-lockfile` then aborts with
ERR_PNPM_LOCKFILE_CONFIG_MISMATCH, which broke the `mdk` Docker target
in CI.
Each affected package gets a `pnpm.overrides` block with keys copied
from the lockfile verbatim, because pnpm compares them as opaque
strings. Regenerating the lockfile with --no-frozen-lockfile would
quietly drop the transitive CVE pins Dependabot is trying to apply, so
that option is off the table.
* Move apiKey plugin to @better-auth/api-key
The Dependabot security-group bump pulled better-auth from 1.4.9 to
1.6.11 via the pnpm.overrides pin. better-auth 1.5 removed the apiKey
export from better-auth/plugins and split it into the separate
@better-auth/api-key package, so the build broke with "The export
apiKey was not found in better-auth/dist/plugins".
Importing apiKey from the new package fixes the build. Dropping the
better-auth override would have rolled back the CVE pin Dependabot
added, so migrating is the safer option.
The plugins array is also inlined back into the betterAuth({ ... })
call. Assigning it to a const widens the tuple and loses the session
type augmentation from organization(), which then breaks the typecheck
on session.session.activeOrganizationId at the route layer.
apiKey is registered but no apiKey API is called anywhere in the app
yet, so no schema or runtime migration is needed.
* Sync mdk-nextjs-demo lockfile with next 16.2.6 bump
Dependabot bumped next from 16.2.3 to 16.2.6 in this example's
package.json but did not regenerate the lockfile, so vercel-deploy
hit ERR_PNPM_OUTDATED_LOCKFILE on its frozen install.
* fix(moneydevkit.com): restore missing native binary entries in lockfile
The staging merge (131c36f5) corrupted moneydevkit.com/pnpm-lock.yaml
by dropping 7 platform-specific binary entries from the `packages:`
section while leaving them in `snapshots:`. The dependabot CI build
then crashed in pnpm's lockfileToDepGraph with:
Cannot use 'in' operator to search for 'directory' in undefined
Each snapshot needs its resolution metadata in `packages:`, and got
`undefined` instead. This is not the usual
ERR_PNPM_LOCKFILE_CONFIG_MISMATCH overrides case, so the standard
"sync pnpm.overrides" fix does not apply.
Restored entries, taken verbatim from pre-merge commit 7ca78cc7:
@rolldown/binding-linux-arm-gnueabihf@1.0.1
@rolldown/binding-linux-ppc64-gnu@1.0.1
@rolldown/binding-linux-s390x-gnu@1.0.1
lightningcss-linux-{arm64-gnu,arm64-musl,x64-gnu,x64-musl}@1.32.0
Tried `pnpm install --lockfile-only` first and it made things worse:
without the native binaries in the local store it writes empty `{}`
stubs (same bug) and also drops valid `@rollup/rollup-*` metadata.
Hand-patching the missing entries was the only safe option.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: amackillop <austin@moneydevkit.com>1 parent 1d7d894 commit be18dbc
5 files changed
Lines changed: 391 additions & 375 deletions
File tree
- examples/mdk-nextjs-demo
- packages
- better-auth
- core
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
14 | 14 | | |
15 | 15 | | |
16 | 16 | | |
17 | | - | |
| 17 | + | |
18 | 18 | | |
19 | 19 | | |
20 | 20 | | |
| |||
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
44 | 44 | | |
45 | 45 | | |
46 | 46 | | |
47 | | - | |
| 47 | + | |
48 | 48 | | |
49 | 49 | | |
50 | 50 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
70 | 70 | | |
71 | 71 | | |
72 | 72 | | |
73 | | - | |
| 73 | + | |
74 | 74 | | |
75 | 75 | | |
76 | 76 | | |
| |||
0 commit comments