Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth/[email protected] incompatible to v2.7.2 - breaks nextjs apps #12325

Open
jelmd opened this issue Dec 1, 2024 · 2 comments
Open

auth/[email protected] incompatible to v2.7.2 - breaks nextjs apps #12325

jelmd opened this issue Dec 1, 2024 · 2 comments
Labels
adapters Changes related to the core code concerning database adapters bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.

Comments

@jelmd
Copy link

jelmd commented Dec 1, 2024

Adapter type

@auth/prisma-adapter

Environment

  System:
    OS: Linux 5.15 Ubuntu 22.04.5 LTS 22.04.5 LTS (Jammy Jellyfish)
    CPU: (8) x64 Intel(R) Xeon(R) CPU E3-1505M v5 @ 2.80GHz
    Memory: 52.84 GB / 62.37 GB
    Container: Yes
    Shell: 6.21.00 - /usr/bin/tcsh
  Binaries:
    Node: 20.5.1 - /bin/node
    npm: 9.8.0 - /bin/npm
    Watchman: 4.9.0 - /bin/watchman
  Browsers:
    Chrome: 131.0.6778.85
  npmPackages:
    @auth/prisma-adapter: ^2.7.4 => 2.7.4 
    next: ^15.0.3 => 15.0.3 
    next-auth: ^5.0.0-beta.25 => 5.0.0-beta.25 
    react: ^19.0.0-rc.1 => 19.0.0-rc-512b09b2-20240718 
  System:
    OS: Linux 5.15 Ubuntu 22.04.5 LTS 22.04.5 LTS (Jammy Jellyfish)
    CPU: (8) x64 Intel(R) Xeon(R) CPU E3-1505M v5 @ 2.80GHz
    Memory: 52.84 GB / 62.37 GB
    Container: Yes
    Shell: 6.21.00 - /usr/bin/tcsh
  Binaries:
    Node: 20.5.1 - /bin/node
    npm: 9.8.0 - /bin/npm
    Watchman: 4.9.0 - /bin/watchman
  Browsers:
    Chrome: 131.0.6778.85
  npmPackages:
    @auth/prisma-adapter: ^2.7.4 => 2.7.4 
    next: ^15.0.3 => 15.0.3 
    next-auth: ^5.0.0-beta.25 => 5.0.0-beta.25 
    react: ^19.0.0-rc.1 => 19.0.0-rc-512b09b2-20240718

Reproduction URL

https://github.com/jelmd/nextjs-bugs/tree/02_auth/01_auth

Describe the issue

Nextjs apps using @auth/[email protected] cannot be build with the latest version anymore because of incompatible change (in v2.7.4?).

How to reproduce

git clone [email protected]:jelmd/nextjs-bugs.git
cd nextjs-bugs/01_auth
# follow README.md to setup related environment and run
npm run build
# fails. To fix install v2.7.2 and try again:
npm install --legacy-peer-deps @auth/[email protected]
npm run build

Expected behavior

Building the app should succeed.
@jelmd jelmd added adapters Changes related to the core code concerning database adapters bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime. labels Dec 1, 2024
@jelmd
Copy link
Author

jelmd commented Dec 1, 2024

Forgot: before running build just do a git co 02_auth.

@devnoot
Copy link

devnoot commented Dec 9, 2024

Same thing here -- can't fix security issues because of it

$ npm audit fix

added 5 packages, removed 4 packages, changed 37 packages, and audited 921 packages in 28s

210 packages are looking for funding
  run `npm fund` for details

# npm audit report

cookie  <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x
fix available via `npm audit fix --force`
Will install @auth/[email protected], which is a breaking change
node_modules/cookie
  @auth/core  <=0.35.3
  Depends on vulnerable versions of cookie
  node_modules/@auth/core
  node_modules/@auth/prisma-adapter/node_modules/@auth/core
    @auth/prisma-adapter  <=2.5.3
    Depends on vulnerable versions of @auth/core
    node_modules/@auth/prisma-adapter
    next-auth  <=0.0.0-pr.11562.ed0fce23 || 4.24.8 - 5.0.0-beta.22
    Depends on vulnerable versions of @auth/core
    node_modules/next-auth

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
adapters Changes related to the core code concerning database adapters bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jelmd @devnoot