fix(deps): update dependency next-auth to v4.24.11

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
next-auth (source)	4.3.1 -> 4.24.11

---

Release Notes

nextauthjs/next-auth (next-auth)

v4.24.11

Compare Source

v4.24.10

Compare Source

What's Changed

• fix: functions that return promises must be async by @​thomaslindstrom in #​12105
• fix: support AUTH_SECRET for compat with npx auth secret by @​balazsorban44 in 490a033

Full Changelog: https://github.com/nextauthjs/next-auth/compare/next-auth@4.24.9...next-auth@4.24.10

v4.24.9

Compare Source

What's Changed

• chore(docs): fix typo in WorkOS documentation by @​outofgamut in #​11959
• chore(v4): add neon sponsor by @​ndom91 in #​12008
• cookie package upgraded by @​talyuk in #​12046
• Allow Next.js v15 peer dependency by @​thomaslindstrom in #​12098
• await dynamic APIs as per Next.js 15 changes by @​balazsorban44 in 4d143c5

New Contributors

• @​outofgamut made their first contribution in #​11959
• @​talyuk made their first contribution in #​12046
• @​thomaslindstrom made their first contribution in #​12098

Full Changelog: https://github.com/nextauthjs/next-auth/compare/next-auth@4.24.8...next-auth@4.24.9

v4.24.8

Compare Source

What's Changed

• allow optional identifier param
• optionally check identifier
• tweak email flow, change homepage
• fix: typo in Naver Provider options url by @​no-pla in #​10483
• fix(providers): Update Foursquare profile callback + API version by @​MatyiFKBT in #​11348
• fix(ts): add compat types for @auth/*-adapters for v4 by @​balazsorban44 in #​11562
• fix:Matcher wildcard docs-Update securing-pages-and-api-routes.md by @​yaodada123 in #​11599
• Update linkedin.ts to support new scopes by @​PragyanSubedi in #​11805
• fix: updated email for auth user in github endpoint by @​A91y in #​11896

New Contributors

• @​martinkariuki7 made their first contribution in #​10329
• @​no-pla made their first contribution in #​10483
• @​azadious made their first contribution in #​10603
• @​mbrookson made their first contribution in #​10916
• @​craftycodie made their first contribution in #​10921
• @​erik-gullberg-devoteam made their first contribution in #​11323
• @​yaodada123 made their first contribution in #​11599
• @​PragyanSubedi made their first contribution in #​11805
• @​leorente made their first contribution in #​11855
• @​A91y made their first contribution in #​11896

Full Changelog: https://github.com/nextauthjs/next-auth/compare/next-auth@4.24.7...next-auth@4.24.8

v4.24.7

Compare Source

Others

• chore(deps): bump jose (#​10240). See: https://github.com/panva/jose/releases/tag/v4.15.5

v4.24.6

Compare Source

Bugfixes

• providers: correct nodemailer imports (#​9261) (fa287be)

v4.24.5

Compare Source

Bugfixes

• differentiate between issued JWTs

v4.24.4

Compare Source

Bugfixes

• allow Next.js 14 as peer dependency

v4.24.3

Compare Source

Bugfixes

• css build error

v4.24.2

Compare Source

Bugfixes

• css build error

v4.24.1

Compare Source

Bugfixes

• css build error

v4.24.0

Compare Source

Features

• tweak default sign-in page (#​8888)

v4.23.2

Compare Source

Bugfixes

• next: returns correct status for signing in with redirect: false for route handler (#​8775) (27b2519)
• ts: fix typo (d813c00)
• remove trailing ? from signIn URL (#​8466)

Other

• update security policy link

v4.23.1

Compare Source

Bugfixes

• ts: correctly expose next-auth/adapters (20c3fe3)
• use default submodules export in package.json (#​8330)

v4.23.0

Compare Source

Features

• providers: add Passage by 1Password (5a8aa2e)

Bugfixes

• ts: correctly export submodule types (05ff6ae)
• sort cookie chunks correctly (#​8284)

v4.22.5

Compare Source

Bugfixes

• ts: match next-auth/adapter & @auth/core/adapters (3b0128c)

Other

• docs: amplify note

v4.22.4

Compare Source

Bugfixes

• ts: SignInResponse.error type (#​8109) (465644f)
• Remove RSC warning in getServerSession (#​8108)
• Don't return res.end() in api handler (#​8244)

Other

• docs: fixing broken link in documentation (#​8208)
• docs: clarify getServerSession
• docs: move unstable_getServerSession
• docs: Typo fixed (#​8206)
• docs(providers): mention HTTP-based Email guide (#​8214)
• docs: Update object key "email" to "username" (#​8113)
• doc: Add a guide on sending magic links to existing users only (#​7663)
• docs: Update refresh-token-rotation.md - fix example client code filename (#​8088)
• docs(providers): updated docs with missing account attribute (#​8084)

v4.22.3

Compare Source

Full Changelog: https://github.com/nextauthjs/next-auth/compare/next-auth@4.22.2...next-auth@4.22.3

v4.22.2

Compare Source

Bugfixes

• providers: fix nodemailer/required types (#​7950) (f48eb04)
• ts: adapter interface (#​8054) (bd37c55)
• ts: add overloads to withAuth middleware (#​7999) (169a523)
• respect protocol too, when host is trusted (#​7214)

Other

• remove unused TS types
• merge changes back to v4 (#​7430)
• rephrase

v4.22.1

Bugfixes

• detect origin when instanceof Request check fails (#​7303)

Other

• provider: added svg for Reddit (#​7050) (b481048)
• repo: add FusionAuth to README supporters (#​6883) (a220245)
• fix "Contributing guide" link (#​7279)
• move next-auth from v4 to main (#​7265)
• Add Permit.io Bronze Sponsor (#​7008)
• update README sponsors - fusionauth level (#​6892)
• Remove --save from install command (#​7277)

v4.21.1

Compare Source

Bugfixes

• ts: revert session callback type changes (#​7136) (ec8a343)

v4.21.0

Compare Source

Features

• make it possible to update the session (#​7056)

Bugfixes

• oauth: allow jwks_uri to be set for non-wellKnown (#​7014) (8aa1789)
• providers: add types for yandex provider (#​7073) (86d031f)
• ts: mark id in updateUser as always defined (319f2ce)
• revert #​6814 (#​7125)

Other

• release with declaration maps
• fix tests
• correct ts import

v4.20.1

Compare Source

Full Changelog: https://github.com/nextauthjs/next-auth/compare/next-auth@4.20.0...next-auth@4.20.1

v4.20.0

Compare Source

What's Changed

• Add success handler to getServerSideProps by @​ChinonsoIg in #​6589
• docs: update pages configuration example to typescript by @​rawbinary in #​6596
• fix(next-auth): remove engines requirement on openid-client by @​balazsorban44 in #​6654
• docs: fix wording for deployment on Vercel preview by @​jirihofman in #​6705
• Update custom # getProvider example by @​wsfuller in #​6706
• fix: Add missing logo to Default Signin Page by @​raulmarindev in #​6728
• fix broken sudo pipe in hostname example by @​tomryanx in #​6769
• docs: fix typo on 'nextjs#getserversession' page by @​babblebey in #​6790
• feat: priortize NEXTAUTH_URL_INTERNAL by @​ThangHuuVu in #​6814
• docs: typo in faq.md by @​antjocks in #​6826

New Contributors

• @​ChinonsoIg made their first contribution in #​6589
• @​wsfuller made their first contribution in #​6706
• @​tomryanx made their first contribution in #​6769
• @​babblebey made their first contribution in #​6790
• @​antjocks made their first contribution in #​6826

Full Changelog: https://github.com/nextauthjs/next-auth/compare/next-auth@4.19.2...next-auth@4.20.0

v4.19.2

Compare Source

What's Changed

• fix(ts): stop using typeof + generic together by @​balazsorban44 in #​6595

Full Changelog: https://github.com/nextauthjs/next-auth/compare/next-auth@4.19.1...next-auth@4.19.2

v4.19.1

Compare Source

What's Changed

• Remove the unstable note. by @​OrJDev in #​6537
• fix(ts): correctly type unstable_getServerSession by @​joulev in #​6560
• feat: redesign all default pages by @​ThangHuuVu and @​Gawdfrey

New Contributors

• @​joulev made their first contribution in #​6560

Full Changelog: https://github.com/nextauthjs/next-auth/compare/next-auth@4.19.0...next-auth@4.19.1

v4.19.0

Compare Source

What's Changed

• fix(oauth1): pass oauth_token_secret in #​6534
• feat: remove unstable_ prefix getServerSession in #​6535
• feat: make generateSessionToken awaitable in #​6536

Full Changelog: https://github.com/nextauthjs/next-auth/compare/next-auth@4.18.10...next-auth@4.19.0

v4.18.10

Compare Source

Full Changelog: https://github.com/nextauthjs/next-auth/compare/next-auth@4.18.9...next-auth@4.18.10

v4.18.9

Compare Source

Bugfixes

• next-auth: remove engines (f54424c)
• providers: default image to null for Azure AD (09bcc1d)
• Allow adding own logo to provider (#​6465)

v4.18.8

Compare Source

What's Changed

• chore(docs): fix aloglia docusaurus.config.js settings (v4) #​6160
• fix broken links related to issue #​6157 #​6183
• Replaced the word peer dependency #​6197
• fix(docs): import NextAuth correctly #​6206
• chore(docs): fix middleware verbiage #​5981
• fix: remove outdated nested middleware info #​5180 #​5181

Full Changelog: https://github.com/nextauthjs/next-auth/compare/next-auth@v4.18.7...next-auth@4.18.8

v4.18.7

Compare Source

Bugfixes

• next-auth: revert to 4.17 and replay other fixes (#​6132)

v4.18.6

Compare Source

Bugfixes

• core: preserve incoming set cookies (#​6029) (2875b49)
• next: correctly bundle next-auth/middleware fixes #​6025 (5259d24)

v4.18.5

Compare Source

Bugfixes

• core: host detection/NEXTAUTH_URL (#​6007) (62f672a)
• core: correct status code when returning redirects (#​6004) (2c669b3)

v4.18.4

Compare Source

Bugfixes

• core: handle Request -> Response regressions (#​5991) (5c4a9a6)
  • next: don't override Content-Type by unstable_getServerSession https://github.com/nextauthjs/next-auth/pull/5991/commits/7c24c5613f470f4b33f0486201821c6d40bedca8
  • core: handle , while setting set-cookie https://github.com/nextauthjs/next-auth/pull/5991/commits/7a390844c8db3c548ca0155f16d6a033693a3fbf

v4.18.3

Compare Source

Bugfixes

• core: throw error if no action can be determined (157269e)
• core: add protocol if missing (221bc8e)

Other

• core: fix test (0a140cd)

v4.18.2

Compare Source

Bugfixes

• core: properly construct url (#​5984) (f329102)

v4.18.1

Compare Source

Bugfixes

• core: don't mutate authOptions in unstable_getServerSession (#​5973) (b19b2bc)

Other

• core: use standard Request and Response (#​4769) (7e91d7d)
• dev: upgrade dev app and deps (c4352a7)

v4.18.0

Compare Source

Features

• core: make pkce and state maxAge configurable on the cookies (#​4719) (f277989)

Bugfixes

• next: improve dev environment variable handling (#​5763) (0d17578)
• provider: modify response.name to response.nickname (Naver) (#​5915) (6e408e2)
• ts: improve unstable_getServerSession return type (#​5792) (a307079)

Other

• types: fix typo in comment (#​5815) (2301c1b)

v4.17.0

Compare Source

Features

• add signin button styles (#​5802)

Bugfixes

• core: update JSDoc for jwt in NextAuthOptions (#​5804) (8387c78)

Other

• fix signin btns svg URLs to 'main' (#​5826)

v4.16.4

Compare Source

Bugfixes

• next: correctly parse headers with RSC (#​5753) (782812a)

v4.16.3

Compare Source

Bugfixes

• next: conditional RSC support (#​5745) (3343ef1)

v4.16.2

Compare Source

Bugfixes

• next: build RSC+unstable_getServerSession (180c625)

v4.16.1

Compare Source

v4.16.0

Features

• next: allow unstable_getServerSession in Server Components (#​5741) (e90925b)

v4.15.1

Compare Source

Bugfixes

• Add support for Node 18 (#​5656)
• support Next.js 13 (#​5710)
• add next 13 as peer dependencies (#​5657)

Other

• update example to Next.js 13

v4.15.0

Compare Source

Features

• client: add refetchWhenOffline option (#​4940) (d9df582)
• providers: Add Todoist provider (#​5253) (af840b2)
• Add allowDangerousEmailAccountLinking option for OAuth providers (#​5513)

Other

• core: allow trusting the forwarded host header (#​5561) (6758e1c)
• Fixed typo (#​5609)

v4.14.0

Compare Source

Features

• providers: Add Pinterest Provider (#​5485) (38a03ed)

Bugfixes

• providers: change EVE Online to OAuth2 (#​5459) (e1eb684)
• ts: TS Module Augmentation (#​5556) (fe7aaed)

Other

• dev: improve DX (f38ee19)
• fix TS lint

v4.13.0

Compare Source

Features

• providers: ZITADEL provider (#​5479) (d13997e)

Bugfixes

• middleware: improve handling of custom Next.js basePath (#​5109) (490d59d)
• ts: match TS types better with implementation (#​4953) (6132c3f)
• types: export SessionContext #​5437 (#​5438) (97feae7)

Other

• docs: update middleware documentation link (#​5492) (0a4b99d)
• release: bump package version(s) [skip ci] (d6efda0)

v4.12.3

Compare Source

Bugfixes

• types: export SessionContext #​5437 (#​5438) (97feae7)

Other

• docs: update middleware documentation link (#​5492) (0a4b99d)

v4.12.2

Compare Source

Bugfixes

• core: return JSON for non-HTML server route errors (#​5442) (6deccf6)
• react: safe use of localStorage API (#​5444) (f770b90)

v4.12.1

Compare Source

Bugfixes

• core: don't lock next in peerDependencies #​5427 (#​5430) (54b1845)

v4.12.0

Compare Source

Features

• core: make session token with DB session strategy customizable (#​5328) (965c626)

Others

• Upgrade jose (#​5372)

v4.11.0

Compare Source

Features

• providers: Add HubSpot Provider (#​4633) (a0beb02)

Bugfixes

• middleware: use includes() for NextAuth pages (#​5104) (44f2a47)
• providers: use client_secret_post token auth for LinkedIn (#​5236) (ba20974)
• providers: convert Strava Provider to TS (#​5241) (f1d3bc2)
• providers: Add appid param to Azure AD wellKnown URL (#​5138) (a03657e)
• Change getToken parameter type to required (#​5245)
• return null in unstable_getServerSession if there's an error (#​5218)
• Use consistent error type between doc, logger and error class (#​5046)

Other

• deps: bump cookie to 0.5.0 (#​5339) (ba55f06)
• release: bump version [skip ci] (26a03da)
• types: fix typo in comment (#​5207) (d980fa9)
• Add Next to peerDeps & bump to 12.2.5 in devDeps (#​5384)
• tweak tsconfig files
• fix builds/tests/eslint (#​4780)
• turbo cleanup (#​4951)

v4.10.3

Compare Source

Bugfixes

• providers: add normalizeIdentifier to EmailProvider (afb1fcd)
• ts: fix jsdoc link to documentation (#​5039) (a21db89)
• avoid redirect on always public paths (#​5000)

v4.10.2

Compare Source

Bugfixes

• improve logger (#​4970)

v4.10.1

Compare Source

Bugfixes

• providers: migrate GitLab provider to TS (#​4929) (2725d07)
• providers: allow issuer in Azure AD B2C (042955e)
• providers: typo in GitHub provider scope (#​4938) (bb664a2)
• ts: remove TS workaround for withAuth (#​4926) (46eedee)
• ts: handleMiddleware return type can be NextMiddlewareResult (#​4818) (8853000)

Other

• ts: explicitly set next path in next-auth (fb60554)
• revert type assertion
• add Thang to contributor (#​4944)
• add TODO comment for next major version

v4.10.0

Compare Source

Features

• providers: Add Wikimedia Oauth Provider (#​4813) (c22d613)
• providers: add Duende IdentityServer 6 (#​4850) (3c210d9)

Bugfixes

• middleware: allow secret as option in Middleware (#​4846) (c59a4e0)
• providers: fix VK provider and convert to TS (#​3709) (cdf467e)
• ts: use correct type for nodemailer config in the EmailProvider (#​4097) (1b91282)
• ts: typo in Azure Active Directory Provider (#​4895) (af3c2dd)
• ts: make colorScheme optional (#​4868) (c1f7ce3)

Other

• providers: convert GitHub provider to TypeScript (#​4908) (3666e43)
• update Next.js example, bump dependencies

v4.9.0

Compare Source

Features

• providers: allow styling e-mail through theme option (#​4841) (ae834f1)

Bugfixes

• show experimental api warning only in dev and only once (#​4816)

v4.8.0

Compare Source

Bugfixes

• core: handle invalid email (cd6ccfd)

v4.7.0

Compare Source

Features

• core: pass profile to linkAccount event (#​4242) (d8d9ab9)
• update Middleware (#​4757)

Bugfixes

• core: respect NEXTAUTH_SECRET in unstable_getServerSession (#​4774) (c194261)

Other

• deps: upgrade dependencies (a911b4a)

v4.6.1

Compare Source

Bugfixes

• build - include utils in package (#​4760)

v4.6.0

Compare Source

Features

• allow standard Request in NextAuthHandler (#​4704)
• introduce experimental unstable_getServerSession API (#​4116)

Bugfixes

• edge: support request.cookies as a map (#​4745) (73d489b)
• providers: use client_secret_post auth method for Instagram (#​4705) (92dfc3c)
• ts: infer provider type in signIn (#​4679) (e03e234)

Other

• adapters: fix references to deprecated adapters repo (#​4737) (172813f)
• add test for invalid callbackUrl handling

v4.5.0

Compare Source

Bugfixes

• don't show error on relative callbackUrl

v4.4.0

Compare Source

Features

• callback: return always status code 401 on error (#​4601) (4daa63d)
• middleware: support custom cookieName (#​4385) (7d8cc70)
• middleware: support custom jwt.decode (#​4210) (16622f6)
• provider: Add United Effects provider (#​4546) (81afeef)
• providers: make issuer configurable on Salesforce (#​4658) (358b80d)

Bugfixes

• middleware: use relative URL for sign-in page callbackUrl (#​4534) (75602a3)
• ts: allow getToken in getServerSideProps (#​4659) (e4ee520)
• ts: remove unused type (#​4657) (0a7a916)
• ts: signIn infer provider type (#​4623) (46089eb)
• handle invalid callbackUrl

Other

• signout: fix skipped test (#​4484) (0b953bd)

v4.3.4

Compare Source

Bugfixes

• client: add additional type (#​4402) (9f40cd1)
• providers: profile types (#​4202) (8288ae5)
• ts: handle NextRequest type (#​4472) (fb4bbc3)
• allow react@18 as peer dependency
• loosen env variable URL fallback (#​4443)

Other

• remove redundant and deprecated doc (#​4475)

v4.3.3

Compare Source

Bugfixes

• providers: add optional chaining to avoid nullish reference errors (#​4365) (59daa0e)
• signin: set email sign-in input to "email" & "required"(#​4352) (fd755bc)
• more strict default callback url handling
• Cleanup global __NEXTAUTH state after unmount (#​4383)
• update default callbacks.redirect

Other

• adapters: Add next-autth as devDependencies for adapters (#​4226) (6e28ccf)
• bump versions
• manually upgrade dep version
• Update JWT docs to reflect JWE changes in v4 (#​4313)

v4.3.2

Compare Source

Bugfixes

• update default callbacks.redirect

Other

• adapters: Add next-autth as devDependencies for adapters (#​4226) (6e28ccf)
• manually upgrade dep version
• Update JWT docs to reflect JWE changes in v4 (#​4313)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: hello-next@1.0.0
npm ERR! Found: next@12.1.4
npm ERR! node_modules/next
npm ERR!   next@"12.1.4" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer next@"^12.2.5 || ^13 || ^14" from next-auth@4.24.7
npm ERR! node_modules/next-auth
npm ERR!   next-auth@"4.24.7" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-05-08T16_58_03_662Z-debug-0.log

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: hello-next@1.0.0
npm ERR! Found: next@12.1.4
npm ERR! node_modules/next
npm ERR!   next@"12.1.4" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer next@"^12.2.5 || ^13 || ^14 || ^15" from next-auth@4.24.11
npm ERR! node_modules/next-auth
npm ERR!   next-auth@"4.24.11" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /runner/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /runner/cache/others/npm/_logs/2025-08-23T12_04_56_385Z-debug-0.log