Skip to content

Commit be18dbc

Browse files
dependabot[bot]amackillop
authored andcommitted
chore(deps): bump the npm_and_yarn group across 5 directories with 6 updates (#781)
* chore(deps): bump the npm_and_yarn group across 5 directories with 6 updates Bumps the npm_and_yarn group with 3 updates in the /admin directory: [next](https://github.com/vercel/next.js), [protobufjs](https://github.com/protobufjs/protobuf.js) and [protobufjs-cli](https://github.com/protobufjs/protobuf.js). Bumps the npm_and_yarn group with 1 update in the /lsps1-server/lsps1-http directory: [protobufjs](https://github.com/protobufjs/protobuf.js). Bumps the npm_and_yarn group with 2 updates in the /mdk-checkout directory: [next](https://github.com/vercel/next.js) and [ws](https://github.com/websockets/ws). Bumps the npm_and_yarn group with 1 update in the /mdk-checkout/examples/mdk-nextjs-demo directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /moneydevkit.com directory: [protobufjs](https://github.com/protobufjs/protobuf.js). Updates `next` from 15.5.15 to 15.5.18 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.15...v15.5.18) Updates `protobufjs` from 7.5.5 to 7.5.8 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.8/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.5.5...protobufjs-v7.5.8) Updates `protobufjs-cli` from 1.1.3 to 1.2.1 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-cli-v1.1.3...protobufjs-cli-v1.2.1) Updates `protobufjs` from 7.5.4 to 8.4.0 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.8/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.5.5...protobufjs-v7.5.8) Updates `next` from 16.2.3 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.15...v15.5.18) Updates `ws` from 8.19.0 to 8.20.1 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.19.0...8.20.1) Updates `kysely` from 0.28.16 to 0.28.17 - [Release notes](https://github.com/kysely-org/kysely/releases) - [Commits](kysely-org/kysely@v0.28.16...v0.28.17) Updates `next` from 16.2.3 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.15...v15.5.18) Updates `protobufjs` from 7.5.4 to 8.4.0 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.8/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.5.5...protobufjs-v7.5.8) Updates `better-auth` from 1.4.9 to 1.6.11 - [Release notes](https://github.com/better-auth/better-auth/releases) - [Changelog](https://github.com/better-auth/better-auth/blob/main/packages/better-auth/CHANGELOG.md) - [Commits](https://github.com/better-auth/better-auth/commits/better-auth@1.6.11/packages/better-auth) Updates `ws` from 8.19.0 to 8.20.1 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.19.0...8.20.1) Updates `kysely` from 0.28.16 to 0.28.17 - [Release notes](https://github.com/kysely-org/kysely/releases) - [Commits](kysely-org/kysely@v0.28.16...v0.28.17) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.18 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: protobufjs dependency-version: 7.5.8 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: protobufjs-cli dependency-version: 1.2.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: protobufjs dependency-version: 8.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.20.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: kysely dependency-version: 0.28.17 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: protobufjs dependency-version: 8.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: better-auth dependency-version: 1.6.11 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.20.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: kysely dependency-version: 0.28.17 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * Sync pnpm.overrides with Dependabot lockfile bumps The latest Dependabot security-group bump wrote `overrides:` blocks into moneydevkit.com/pnpm-lock.yaml and lsps1-server/lsps1-http/pnpm-lock.yaml without adding the matching `pnpm.overrides` to either package.json. `pnpm install --frozen-lockfile` then aborts with ERR_PNPM_LOCKFILE_CONFIG_MISMATCH, which broke the `mdk` Docker target in CI. Each affected package gets a `pnpm.overrides` block with keys copied from the lockfile verbatim, because pnpm compares them as opaque strings. Regenerating the lockfile with --no-frozen-lockfile would quietly drop the transitive CVE pins Dependabot is trying to apply, so that option is off the table. * Move apiKey plugin to @better-auth/api-key The Dependabot security-group bump pulled better-auth from 1.4.9 to 1.6.11 via the pnpm.overrides pin. better-auth 1.5 removed the apiKey export from better-auth/plugins and split it into the separate @better-auth/api-key package, so the build broke with "The export apiKey was not found in better-auth/dist/plugins". Importing apiKey from the new package fixes the build. Dropping the better-auth override would have rolled back the CVE pin Dependabot added, so migrating is the safer option. The plugins array is also inlined back into the betterAuth({ ... }) call. Assigning it to a const widens the tuple and loses the session type augmentation from organization(), which then breaks the typecheck on session.session.activeOrganizationId at the route layer. apiKey is registered but no apiKey API is called anywhere in the app yet, so no schema or runtime migration is needed. * Sync mdk-nextjs-demo lockfile with next 16.2.6 bump Dependabot bumped next from 16.2.3 to 16.2.6 in this example's package.json but did not regenerate the lockfile, so vercel-deploy hit ERR_PNPM_OUTDATED_LOCKFILE on its frozen install. * fix(moneydevkit.com): restore missing native binary entries in lockfile The staging merge (131c36f5) corrupted moneydevkit.com/pnpm-lock.yaml by dropping 7 platform-specific binary entries from the `packages:` section while leaving them in `snapshots:`. The dependabot CI build then crashed in pnpm's lockfileToDepGraph with: Cannot use 'in' operator to search for 'directory' in undefined Each snapshot needs its resolution metadata in `packages:`, and got `undefined` instead. This is not the usual ERR_PNPM_LOCKFILE_CONFIG_MISMATCH overrides case, so the standard "sync pnpm.overrides" fix does not apply. Restored entries, taken verbatim from pre-merge commit 7ca78cc7: @rolldown/binding-linux-arm-gnueabihf@1.0.1 @rolldown/binding-linux-ppc64-gnu@1.0.1 @rolldown/binding-linux-s390x-gnu@1.0.1 lightningcss-linux-{arm64-gnu,arm64-musl,x64-gnu,x64-musl}@1.32.0 Tried `pnpm install --lockfile-only` first and it made things worse: without the native binaries in the local store it writes empty `{}` stubs (same bug) and also drops valid `@rollup/rollup-*` metadata. Hand-patching the missing entries was the only safe option. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: amackillop <austin@moneydevkit.com>
1 parent 1d7d894 commit be18dbc

5 files changed

Lines changed: 391 additions & 375 deletions

File tree

examples/mdk-nextjs-demo/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
"@radix-ui/react-slot": "^1.2.2",
1515
"class-variance-authority": "^0.7.1",
1616
"clsx": "^2.1.1",
17-
"next": "16.2.3",
17+
"next": "16.2.6",
1818
"react": "19.2.3",
1919
"react-dom": "19.2.3",
2020
"tailwind-merge": "^3.2.0"

examples/mdk-nextjs-demo/pnpm-lock.yaml

Lines changed: 44 additions & 44 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/better-auth/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@
4444
},
4545
"devDependencies": {
4646
"@types/node": "^20.10.5",
47-
"better-auth": "^1.6.7",
47+
"better-auth": "^1.6.11",
4848
"typescript": "^5.6.3"
4949
}
5050
}

packages/core/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@
7070
"react-hook-form": "^7.56.4",
7171
"tailwind-merge": "^3.3.0",
7272
"vaul": "^1.1.2",
73-
"ws": "^8.19.0",
73+
"ws": "^8.20.1",
7474
"zod": "^3.25.42"
7575
},
7676
"devDependencies": {

0 commit comments

Comments
 (0)