The audit breaks in other projects I work on, however can be illustrated here when run in the project as well.

There is more stuff, but that is only developer dependencies. It would be good to clean that up though just to make the audit report everything is clean. Can populate that in a different PR.

$ npm audit
<outputs of dev deps truncated>
cookie  <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/cookie

thanks @klobucar. Could we get this reviewed?

Would it be possible to release this in version 3.5.1, as it addresses a security-related issue?

https://security.snyk.io/vuln/SNYK-JS-COOKIE-8163060
https://www.cve.org/CVERecord?id=CVE-2024-47764

Also, there are new versions of cookie, 0.7.2, 1.0.0 and 1.0.1 happy to help by creating a PR with any of those versions.
https://github.com/jshttp/cookie/releases

LGTM
@nicoalonsop sure, please go ahead and create a PR for later versions of cookie.
@klobucar thanks, a PR would be helpful 👍
Meanwhile, we will see if we can make a minor release of NextJS SDK for these.

Some of these checks are failing in really interesting ways.

Test Suites: 61 passed, 61 total
Tests:       704 passed, 704 total
Snapshots:   0 total
Time:        57.367 s
Ran all test suites matching /tests/i in 2 projects.
Error: Process completed with exit code 1.

@tusharpandey13 some of these tests seem to be failing due to missing api keys or other infrastructural issues, can we get these looked at?

yeah, that would be great. I also updated the branch from latest main.

Thanks!

please re-approve @tusharpandey13

Hi @klobucar, I have approved the file changes as they look fine.

can we get this merged and released? doesn't feel safe to ignore npm audit neither using overrides in package.json, is the API the same?

Hi @klobucar, I see one of your commits are still not signed, can you fix that so we can go ahead? Thanks

Regarding the failing snyk and browserstack checks, they are not required for now and are under maintainence. We can go ahead with merging the PR once the commits have been signed.

All signed. Please approve and merge @tusharpandey13

This has been merged, we will make a minor release of nextjs-auth0 v3 shortly.
Thank you @klobucar

This has been merged, we will make a minor release of nextjs-auth0 v3 shortly. Thank you @klobucar

Hi, any word on when this release will be created? Thanks