fix(deps): update dependency @auth/core to ^0.39.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@auth/core (source)	^0.18.1 -> ^0.39.0

---

Release Notes

nextauthjs/next-auth (@​auth/core)

v0.39.0

Compare Source

Features

• providers: Add HuggingFace provider (#​12884) (c1f89ea)
• providers: Improve error validation for Microsoft EntraID provider errors before decoding token (#​12876) (a05451d)

Other

• Reapply "docs: exclude inherits, update deps (#​12628)" (#​12645) (#​12690)

v0.38.0

Compare Source

Features

• core: add default cache control headers for GET endpoints (#​11667) (af2ccea)
• provider: add Figma provider (#​12529) (14dfaf3)
• provider: add Logto provider (#​12534) (dcaaf1a)
• provider: add Bitbucket provider (#​12198) (6a72f3d)
• provider: add Frontegg provider (#​11342) (517c877)
• providers: Add Loops Email Provider and Documentation (#​11197) (3ec0684)

Bugfixes

• core: handle an error inside parseProviders() when providerId not found in config (#​12438) (80a2c14)
• pages: recouple button theme to colorScheme and fix appearance for some logos in dark mode (#​12537) (b0f1538)
• ts: make User interface overridable using module augmentation (#​12472) (7772375)
• "state is not specified" error when using LINE provider (#​12703)
• add a missed instance of allowInsecureRequests (#​12276)
• More descriptive error in case that discovery endpoint returns an invalid issuer (#​12611)
• improve client-side submodules (#​12249)

Other

• deps: bump oauth4webapi from 3.1.4 to 3.3.0 (#​12698) (5a2f595)
• deps: bump jose from 5.9.6 to 6.0.6 (#​12699) (6aefefd)
• deps: bump oauth4webapi from 3.1.3 to 3.1.4 (#​12359) (e231168)
• deps: bump oauth4webapi from 3.1.1 to 3.1.3 (#​12261) (9411046)
• docs: fixes appearance for some logos in dark mode (#​12379) (2f86dfd)
• docs: add missing bracket and run format (#​12302) (7c20f02)
• providers: formatting tiktok (507aadd)
• providers: Downgrade requested OAuth scope of TikTok provider (#​12608) (2465101)
• providers: remove console.log in WeChat provider (#​12431) (9dbc9ba)
• Fix incorrect URL in error page documentation comment (#​12502)
• exclude inherits, update deps (#​12628)
• Revert "docs: exclude inherits, update deps (#​12628)" (#​12645)

v0.37.4

Compare Source

Bugfixes

• core: vendor cookie until it has an ESM build (#​12248) (a150f1e)
• core: filter unnecessary param before passing to session callback (c650d0c)

Other

• fix import
• Revert "fix(core): filter unnecessary param before passing to session callback"

v0.37.3

Compare Source

Bugfixes

• core: carry-over request params for custom verifyRequest page (#​12166) (d6d8d4f)
• core: use correct import for the cookie package (#​12177) (39250e3)
• providers: update TikTok provider configuration with custom Fetch (#​12168) (2e78fa2)
• providers: Ease authorization and scope override for Discord provider (#​12173) (39b7d9a)
• providers: dropbox authorization params should contain token_access_type (#​12161) (8034cfe)

Other

• deps: bump dependencies (b3e4369)
• docs: enhance api reference with styles for providers (#​11961) (a88c7a3)
• fix lint
• fix(ts) mark account as optional in callbacks (#​12017)

v0.37.2

Compare Source

Bugfixes

• core: adds 'none' token endpoint auth method for oauth and oidc (#​12066) (be6d169)
• providers: conform Apple (#​12068) (2810f6b)

v0.37.1

Compare Source

Bugfixes

• providers: conform Entra ID when responding with the wrong issuer (#​11980) (e981e4d)

v0.37.0

Compare Source

Features

• providers: re-introduce Atlassian (with OAuth 2) (#​11987) (2d67f11)

v0.36.0

Compare Source

Features

• oauth: expose custom fetch (#​11975) (fedff04)

Bugfixes

• correctly set isNewUser during account linking & user creation

Other

• core: upgrade deps (917cb2c)
• stricter isDate (#​11953)

v0.35.3

Compare Source

Bugfixes

• providers: convert Salesforce to OIDC (#​11918) (f6b7228)
• proxy: improve redirect proxy logic (#​11517) (cce637c)

v0.35.2

Compare Source

Bugfixes

• providers: make identifier param optional (3e8a648)
• providers: optionally check identifier (54ba689)

v0.35.1

Compare Source

Bugfixes

• getToken: make 'secret' optional when raw JWT is requested (#​11894) (3744f56)
• providers: bug when using nodemailer with SES (#​11865) (181c6b8)
• providers: set the issue url to be the correct production one in vipps provider (#​11869) (4b784c5)
• test: improve adapter test suite (#​11904) (96f49e0)
• typo "propery" -> "property" (#​11871)

v0.35.0

Compare Source

Features

• providers: add Forward Email provider (#​11836) (1073030)
• providers: Add Concept2 provider (#​11817) (edfa5e5)
• providers: add Vipps provider (#​11832) (120f550)
• providers: add Mailgun email provider (#​11723) (cfcb221)
• providers: Add Eventbrite provider (#​11645) (e65759b)
• providers: Add Ping Identity provider (#​6614) (ed6b48c)
• providers: Add Roblox provider (#​11515) (208410d)
• providers: add wechat provider (#​10236) (d1dfb52)
• providers: Add Kinde OAuth provider (#​11581) (51c0bbd)

Bugfixes

• core: Improve object merging (#​11685) (b080a49)
• core: invalid url error when using custom error page (#​11381) (4a8ab0f)
• eslint: all outstanding eslint/test issues (re:eslint9/flatconfig upgrade) (#​11750) (abb4dcd)
• next-auth: Avoid excessive basePath redundant warning (#​11636) (69c0b58)
• provider: Fix import path in Eventbrite provider (#​11652) (9b8614f)
• provider: update TikTok provider (#​11308) (a681cba)
• provider: update tiktok token url (#​10728) (0410ae5)
• providers: support different applications in Descope + Widget docs (#​11847) (a5dacb3)
• providers: allow for custom http mail implementations off of nodemailer (#​11686) (bbc6710)
• providers: Azure AD image fetch try catch (#​11821) (270fc6c)
• providers: fix Eventbrite config (5c721d7)
• providers: update Descope docs, tweak default config (#​11377) (0d73205)
• providers: dropbox userinfo request is post (#​11397) (#​11446) (bbd3af6)
• ts: update GetTokenParams type definition to make salt optional (#​11572) (1279593)
• tsconfig: update extends property in packages configuration (#​11666) (e6eaa95)
• Update Apple provider config (#​11453)
• Use sub instead of id in Gitlab (#​11176)
• remove global logger (#​11565)

Other

• next-auth: fix e2e tests (#​11737) (8c52012)
• fix
• fix lint
• Fix formatting (#​11592)
• add link to providers page (#​11178)
• feat(providers): add Nextcloud provider (#​11837)
• Enable prettier plugins (#​11623)

v0.34.2

Compare Source

Bugfixes

• core: revert #​11050 (#​11469) (0f83056)
• providers: add State check to Eveonline (#​11111) (b690dac)
• providers: Apple checks should be ['state', 'nonce'] (#​11239) (8ea51aa)
• providers: make connection optional on WorkOS (#​11270) (14b075d)

Other

• core: remove extra dot in some AuthError messages (#​10964) (aefae63)
• providers: update Foursquare API Docs URL (#​11310) (3cba5e2)
• change MissingCSRF reference path (#​11464)
• fix grammatical error (#​11260)

v0.34.1

Compare Source

Bugfixes

• Add default exports to package.json for better module support (#​11224)

v0.34.0

Compare Source

Features

• providers: add threads (#​11215) (4e9d2a2)

v0.33.0

Compare Source

Features

• core: support private_key_jwt token auth method (#​11132) (d8a9188)
• core: re-introduce idToken: boolean (#​11161) (b56b928)
• providers: Add BankID Norge provider (#​11162) (d38fdef)
• Add form-post specification (#​8428)

Bugfixes

• core/providers/osu: Correct the type of OsuProfile.id (#​10340) (0e0c7b6)
• providers: Correct Coinbase endpoints (#​11153) (28e780f)
• change API domain for twitter provider (#​11047)

Other

• providers: update Netsuite button rendering colors (#​11099) (63fd886)
• pnpm format (#​11078)
• Fix some documentation issues (#​10980)

v0.32.0

Compare Source

Features

• providers: add SimpleLogin oidc (#​10491) (0b321a0)
• use NodeNext module resolution (#​9953)

Bugfixes

• core: Ensure oauth4webapi uses a stable customFetch API (#​10978) (f1bf7ae)
• core: centralize isDate util fn and use in all adapters (#​10872) (e2eacc2)
• errors: do not log authjs message with CredentialsSiginin error (#​11050) (d089923)

Other

• docs: clean up missing npm2yarn and other formatting (#​11041) (77b20d5)
• docs: Microsoft Entra ID typos (#​10834) (d53d47c)
• docs: fix bold style to AuthAction types (#​10893) (4ab5f71)
• fix core prettier

v0.31.0

Compare Source

Features

• providers: add NetSuite OAuth Provider (#​8865) (4c4d036)
• sveltekit: webauthn provider support (#​9924) (e17cc71)

Bugfixes

• core: update WebAuthn authenticator schemas and types (#​10861) (5e55331)
• core: support trailingSlash in providerAndAccountId parsing (#​10752) (46f9582)
• providers: update linkedin oidc issuer (#​10671) (6cb874e)
• correct contributor lists (#​10742)
• strip code_verifier from request body when the provider doesn't support PKCE (#​10765)

Other

• adapters: cleanup extraneous documentation in adapter and fix testing and release GHA (#​10854) (8751fa4)
• docs: specify exact version for simpleweabuthn peer dep installation (e332a41)
• providers: cleanup NetSuite (#​10783) (e6f90b2)
• types: separately export AdapterAccountType (#​10832) (bfa7079)
• fix casings (#​10782)
• fix GitHub typo (#​10781)

v0.30.0

Compare Source

Features

• providers: add Microsoft Entra ID provider (#​10497) (536f208)
• providers: drop Atlassian (OAuth 1.0) (22860bb)

Bugfixes

• pages: cleanup oauth provider branded buttons (#​10542) (710df18)
• providers: update providers config from verification walk-throughs (#​10582) (85ab5fa)
• ts: reduce public type surface (#​10557) (6ddc329)
• don't require secret at build-time (#​10592)

Other

• core: update links in typedocs to new docs URLs (#​10560) (6aa4c44)
• core: rm unnecessary typedoc callout (ff7810f)
• salesforce: fix multiple typos in provider (1de6bc7)

v0.29.0

Compare Source

Features

• providers: Add Postmark email provider (#​10512) (c97431b)
• providers: add Microsoft Entra ID provider (#​10497) (2f64701)
• providers: drop Atlassian (OAuth 1.0) (cb1a260)

Bugfixes

• docs: correct link to list of adapters (#​10451) (bb4dc18)
• env: handle provider id's with - durinv env inference (4dfc8af)
• providers: update Facebook OAuth dialog API (5dec6fd)
• providers: make webex apiBaseUrl optional (#​10354) (edc4fe4)
• infer providers logo filename (#​10496)

Other

• docs: update azure-ad.ts (#​10448) (8120fd4)
• examples: use string as authorization (5ae5009)
• revert
• comment todo

v0.28.2

Compare Source

Bugfixes

• core: createActionURL set detectedProtocol correctly (#​10421) (246a838)

v0.28.1

Compare Source

Bugfixes

• core: ignore basePath if pages configuration (#​10288) (9c56e69)
• core: cannot parse action at /session (#​10094) (4a2d511)
• tests: setEnvDefaults test with AUTH_SECRET/config.secret values (#​10400) (86c8822)
• export CredentialsSignin class to extend in custom authorize errors (#​10200)
• throw MissingSecret when secret missing (#​10305)

Other

• adapters: fix link leading to 404 (#​10217) (52758a9)
• core: fix failed tests for webauthn (#​10281) (9a5416b)
• jsdoc: note different default basePaths (#​10239) (e9a3e8e)
• cleanup nextjs dev/example middleware.ts file (#​10222)
• fix punctuation in error logging wrapper (#​10186)

v0.28.0

Compare Source

Features

• customizable authorize() error (#​9871)

Bugfixes

• docs: webex provider jsdoc (#​10126) (5081a62)

Other

• docs: fix typo in types.ts (#​10053) (e9f387f)
• tests: reenable unit tests in CI and cleanup docker test setups (#​10190) (5136ca4)
• add new example app for nextjs and Docker (#​10118)
• high-level tests (#​10017)

v0.27.0

Compare Source

Features

• providers: add webex oauth (#​9653) (8be77d3)
• support Cloudflare Pages (#​9895)

Bugfixes

• providers: missing profile.id field in OIDC providers (#​10008) (744043b)
• bump @​simplewebauth/server@​9.0.2 (#​9980)
• put email helpers into own files to avoid nodemailer import (#​9964)

Other

• update playwright setup with poms (#​10012)
• fix E2E @playwright/test tests (#​9944)

v0.26.3

Compare Source

Bugfixes

• ts: correctly type Auth overload (8cbf38c)
• remove unnecessary /signout appending to signout form action URL (#​9901)
• mismatched account.providerAccountId (#​9932)

v0.26.2

Compare Source

Bugfixes

• fix .js imports
• use correct script src for @simplewebauthn/browser

v0.26.1

Compare Source

Bugfixes

• don't break on Edge runtime when WebAuthn isn't used (#​9919)

v0.26.0

Compare Source

Features

• Passkey / WebAuthn provider (experimental) (#​8808)

Other

• swap sass css-nesting for css standard nesting postcss plugin (#​9887)

v0.25.1

Compare Source

Bugfixes

• properly extend NodemailerConfig by EmailConfig (#​9890)

Other

• core: export isAuthAction (#​9896) (bb741d9)
• re-introduce E2E, add basic login/logout tests (#​9881)

v0.25.0

Compare Source

Features

• add getEnvDefaults and createActionURL to @auth/core for use in client libs (#​9817)

Bugfixes

• allow Facebook authorization config to be merged (#​9866)
• filter client error response, error on missing host (#​9837)
• allow string return signIn callback (#​9829)

v0.24.0

Compare Source

Features

• support secret rotation (#​9804)

Other

• add badge & tweak config
• add test coverage (#​9805)
• replace jest with vitest (#​9818)
• global vite/vitest, move express (#​9806)

v0.23.0

Compare Source

Features

• @​auth/core: add Ory Hydra provider (#​7755) (1483efb)
• @​auth/core: support new username system in Discord (#​8114) (96908df)
• @​auth/core: nodemailer (prev Email), Resend, SendGrid (#​9753) (8f0226b)
• @​auth/core: expose full session in session callback (#​9712) (ab49b3d)

Bugfixes

• @​auth/core: Add email to VK provider (#​9705) (5214131)
• @​auth/core: include new BattleNet OAuth endpoints (#​6697) (0ff0566)
• @​auth/core: drop confusing links/wording from core (b3c7a6c)
• @​auth/core: always use a generated id for User.id (#​9793) (80c8695)
• @​auth/core: show user and token in session callback (#​9756) (62f24f5)
• @​auth/core: use match instead of split when parsing action (#​9746) (fc358df)
• @​auth/core: correct typo in yandex documentation (#​9734) (b89a0a8)

Other

• ts: fix build (d85269d)
• fix build
• bump vite and clean lock file (#​9720)
• update JWT enc (#​9788)

v0.22.0

Compare Source

Features

• @​auth/core: add basePath option (#​9686) (963086b)

v0.21.0

Compare Source

Features

• @​auth/core: support self-hosted github (#​9271) (05bf014)

Bugfixes

• @​auth/core: bad intersection caused type to be 'never' (#​9477) (bdb4019)
• @​auth/core: add state as default check to Okta (#​9648) (e45492a)
• @​auth/core: Github provider tests (#​9619) (0ddb8cc)

v0.20.0

Compare Source

Features

• @​auth/core: add experimental flag in options (#​9178) (76d8f27)

v0.19.1

Compare Source

Bugfixes

• @​auth/core: typo in errors.ts (#​9523) (2693b74)
• @​auth/core: update kakao.md - clarify callbackUrl format (#​9502) (a14fe18)
• @​auth/core: 42 changed their way to return images (#​9472) (7e17781)
• @​auth/core: typo in well-known url in azure-ad (#​9288) (a7034c5)

Other

• core: add some tests for callback action (#​9353) (0c11823)
• bump Prettier to v3 (#​9464)

v0.19.0

Compare Source

Features

• @​auth/core: deep-merge cookies options (#​9386) (17c4426)
• @​auth/core: add default user id generation (#​9380) (87b037f)

Bugfixes

• @​auth/core: document all Adapter method (5254ff7)
• @​auth/core: correct default cookie name in getToken (#​9382) (362e6ce)

v0.18.6

Compare Source

Bugfixes

• @​auth/core: correct resource links (10f3762)

Other

• bump dependencies
• add utils package (#​9378)

v0.18.5

Compare Source

Bugfixes

• @​auth/core: correctly type CookiesOptions (#​9358) (677ddf8)
• @​auth/core: broken link (#​9318) (a1bd309)
• @​auth/core: Bad intersection caused type to be 'never' (#​9348) (faabc14)

Other

• test: core test setup (#​9238) (5c2b0b6)
• improve tests for session action (#​9336)

v0.18.4

Compare Source

Bugfixes

• @​auth/core: add partitioned cookie option (5d5220e)
• @​auth/core: better logging of errors (d93901c)
• @​auth/core: document all Auth.js errors (83dc317)

v0.18.3

Compare Source

Bugfixes

• @​auth/core: correct actions import (#​9205) (363f2ca)

v0.18.2

Compare Source

Bugfixes

• @​auth/core: imports in actoins/index.ts (1856166)
• @​auth/core: refactor osu! in accordance with branding guidelines (#​9186) (f0c8c6e)

Other

• refactor
• refactor
• refactor
• move files
• move files to utils
• Updates TypeDoc index paths and fix broken links (#​9191)
• throw errors when raw, reorganize (#​9118)
• fix typo in credentials.ts

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
sveltekit-ai-chatbot	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 20, 2025 6:13am