Bump the next group across 1 directory with 2 updates by dependabot[bot] · Pull Request #682 · NHSDigital/vaccinations-app

dependabot · 2026-04-21T23:14:37Z

Bumps the next group with 2 updates in the / directory: @opennextjs/aws and next-auth.

Updates @opennextjs/aws from 3.10.0 to 3.10.1

Release notes

Sourced from @opennextjs/aws's releases.

v3.10.1

Changes

#1137 4db87785105bf1fe4fbb344ca76dd9ea83b084cd Thanks @vicb! - fix for Next.js CVE-2026-23869

Changelog

Sourced from @opennextjs/aws's changelog.

3.10.1

Patch Changes

#1137 4db87785105bf1fe4fbb344ca76dd9ea83b084cd Thanks @vicb! - fix for Next.js CVE-2026-23869

See the CVE-2026-23869 summary for details.

This CVE is fixed by bumping the minium Next.js release version to 15.5.15/16.2.3

Commits

bbb4e8c Version Packages (#1138)
4db8778 fix for Next.js CVE-2026-23869 (#1137)
See full diff in compare view

Updates next-auth from 5.0.0-beta.30 to 5.0.0-beta.31

Release notes

Sourced from next-auth's releases.

next-auth@5.0.0-beta.31

Bugfixes (via @auth/core@0.41.2)

providers: add issuer to GitHub provider for RFC 9207 compliance (#13410).

Supports both github.com and GitHub Enterprise Server (dynamic ${baseUrl}/login/oauth).

signin/send-token: stricter email address validation (rejects quoted, multi-@, and empty-domain inputs).

Dependency bump

@auth/core: 0.41.0 → 0.41.2. Resolves a peer-dep inconsistency in 5.0.0-beta.30 where next-auth declared nodemailer: ^7.0.7 while pinning @auth/core@0.41.0 (which wanted ^6.8.0). Both now align at ^7.0.7.

No changes to next-auth's own source.

Commits

dab3cfb chore(release): bump version [skip ci]
af9daa8 chore(release): bump package version(s) [skip ci]
d4dab3d chore: sync package versions with npm registry (#13414)
8a23c5b chore: fix lockfile (#13411)
2018202 docs: fix TypeScript type mismatch in refresh token rotation example (#13396)
0eba7e4 adapter-kysely: Update kysely for CVE-2026-33468 (#13407)
67f2b16 fix(providers): add issuer to GitHub provider for RFC 9207 compliance (#13410)
f457068 docs: update middleware.ts references to proxy.ts for Next.js 16 (#13373)
c7c2cfa docs: update Better Auth migration guide (#13334)
See full diff in compare view

Maintainer changes

This version was pushed to npm by better-gustavo, a new releaser for next-auth since your current version.

Bumps the next group with 2 updates in the / directory: [@opennextjs/aws](https://github.com/opennextjs/opennextjs-aws/tree/HEAD/packages/open-next) and [next-auth](https://github.com/nextauthjs/next-auth). Updates `@opennextjs/aws` from 3.10.0 to 3.10.1 - [Release notes](https://github.com/opennextjs/opennextjs-aws/releases) - [Changelog](https://github.com/opennextjs/opennextjs-aws/blob/main/packages/open-next/CHANGELOG.md) - [Commits](https://github.com/opennextjs/opennextjs-aws/commits/@opennextjs/aws@3.10.1/packages/open-next) Updates `next-auth` from 5.0.0-beta.30 to 5.0.0-beta.31 - [Release notes](https://github.com/nextauthjs/next-auth/releases) - [Commits](https://github.com/nextauthjs/next-auth/compare/next-auth@5.0.0-beta.30...next-auth@5.0.0-beta.31) --- updated-dependencies: - dependency-name: "@opennextjs/aws" dependency-version: 3.10.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: next - dependency-name: next-auth dependency-version: 5.0.0-beta.31 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: next ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 21, 2026

dependabot Bot requested a review from a team as a code owner April 21, 2026 23:14

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 21, 2026

dependabot Bot temporarily deployed to dev April 21, 2026 23:17 Inactive

dependabot Bot force-pushed the dependabot/npm_and_yarn/next-b2ae1ffa6f branch from 713b23c to c0ac6cd Compare April 22, 2026 13:28

dependabot Bot temporarily deployed to dev April 22, 2026 13:32 Inactive

terence-sheppard-nhs approved these changes Apr 22, 2026

View reviewed changes

terence-sheppard-nhs merged commit 303478d into main Apr 22, 2026
15 checks passed

terence-sheppard-nhs deleted the dependabot/npm_and_yarn/next-b2ae1ffa6f branch April 22, 2026 14:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the next group across 1 directory with 2 updates#682

Bump the next group across 1 directory with 2 updates#682
terence-sheppard-nhs merged 1 commit intomainfrom
dependabot/npm_and_yarn/next-b2ae1ffa6f

dependabot Bot commented on behalf of github Apr 21, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Apr 21, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v3.10.1

Changes

3.10.1

Patch Changes

next-auth@5.0.0-beta.31

Bugfixes (via @​auth/core@​0.41.2)

Dependency bump

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Apr 21, 2026 •

edited

Loading

Bugfixes (via `@auth/core@0`.41.2)