fix(deps): update dependency next-auth to v4.20.1 [security] - autoclosed

[renovate[bot]]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
next-auth (source)	4.17.0 -> 4.20.1

GitHub Vulnerability Alerts

CVE-2023-27490

Impact

next-auth applications using OAuth provider versions before v4.20.1 are affected.

A bad actor who can spy on the victim's network or able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to log in as the victim, bypassing the CSRF protection.

As an example, an attack can happen in the following scenario.

TL;DR: The attacker steals the victim's authenticated callback by intercepting and tampering with the authorization URL created by next-auth.

1. The victim attempts to log in to the next-auth site. For example https://next-auth-example.vercel.app/

2. next-auth sets the checks cookies according to how the OAuth provider is configured. In this case, state and pkce are set by default for the Google Provider.

   

3. The attacker intercepts the returned authorization URL, strips away the OAuth check (nonce, state, pkce), and returns the URL without the check to the victim's browser. For example: From https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?client_id=client_id&scope=openid%20email%20profile&response_type=code&redirect_uri=https%3A%2F%2Fnext-auth-example.vercel.app%2Fapi%2Fauth%2Fcallback%2Fgoogle&state=state&code_challenge=code_challenge&code_challenge_method=S256&service=lso&o2v=2&flowName=GeneralOAuthFlow to https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?client_id=client_id&scope=openid%20email%20profile&response_type=code&redirect_uri=https%3A%2F%2Fnext-auth-example.vercel.app%2Fapi%2Fauth%2Fcallback%2Fgoogle&service=lso&o2v=2&flowName=GeneralOAuthFlow. Notice the parameters state, code_challenge and code_verifier are removed from the victim's address bar.

4. The victim attempts to log in using their OAuth account.

5. The Authorization Server logs the victim in and calls back to the next-auth api/auth/callback/:providerIdendpoint. 5.1. The attacker intercepts and logs this callback URL for later use. 5.2. next-auth checks the callback call from OAuth Authorization Server (doesn't have checks) and compares the checks with the cookies set (has checks) at step 2. This check will fail, resulting in the victim isn't logged in. However, at this step, the Authorization Server has already accepted the victim's request to log in and generated/sent a code in the URL.

6. The attacker now has an authorization URL with the code that the AS will exchange for valid access_token/id_token and can log in as the victim automatically. They can open a new browser window and paste in the URL logged at step 5.1 and log in as the victim.

Patches

We patched the vulnerability in next-auth v4.20.1 To upgrade, run one of the following:

npm i next-auth@latest

yarn add next-auth@latest

pnpm add next-auth@latest

Workarounds

Upgrading to latest is the recommended way to fix this issue. However, using Advanced Initialization, developers can manually check the callback request for state, pkce, and nonce against the provider configuration, and abort the sign-in process if there is a mismatch. Check out the source code for help.

References

• CSRF
• PKCE vs nonce
• OAuth provider options
• checks provider config

---

Release Notes

nextauthjs/next-auth

### [`v4.20.1`](https://togithub.com/nextauthjs/next-auth/releases/tag/next-auth%404.20.1) [Compare Source](https://togithub.com/nextauthjs/next-auth/compare/next-auth@4.20.0...next-auth@4.20.1) **Full Changelog**: https://github.com/nextauthjs/next-auth/compare/next-auth@4.20.0...next-auth@4.20.1 ### [`v4.20.0`](https://togithub.com/nextauthjs/next-auth/releases/tag/next-auth%404.20.0) [Compare Source](https://togithub.com/nextauthjs/next-auth/compare/next-auth@4.19.2...next-auth@4.20.0) #### What's Changed - Add success handler to `getServerSideProps` by [@​ChinonsoIg](https://togithub.com/ChinonsoIg) in [https://github.com/nextauthjs/next-auth/pull/6589](https://togithub.com/nextauthjs/next-auth/pull/6589) - docs: update pages configuration example to typescript by [@​rawbinary](https://togithub.com/rawbinary) in [https://github.com/nextauthjs/next-auth/pull/6596](https://togithub.com/nextauthjs/next-auth/pull/6596) - fix(next-auth): remove `engines` requirement on `openid-client` by [@​balazsorban44](https://togithub.com/balazsorban44) in [https://github.com/nextauthjs/next-auth/pull/6654](https://togithub.com/nextauthjs/next-auth/pull/6654) - docs: fix wording for deployment on Vercel preview by [@​jirihofman](https://togithub.com/jirihofman) in [https://github.com/nextauthjs/next-auth/pull/6705](https://togithub.com/nextauthjs/next-auth/pull/6705) - Update custom sign in getProvider example by [@​wsfuller](https://togithub.com/wsfuller) in [https://github.com/nextauthjs/next-auth/pull/6706](https://togithub.com/nextauthjs/next-auth/pull/6706) - fix: Add missing logo to Default Signin Page by [@​raulmarindev](https://togithub.com/raulmarindev) in [https://github.com/nextauthjs/next-auth/pull/6728](https://togithub.com/nextauthjs/next-auth/pull/6728) - fix broken sudo pipe in hostname example by [@​tomryanx](https://togithub.com/tomryanx) in [https://github.com/nextauthjs/next-auth/pull/6769](https://togithub.com/nextauthjs/next-auth/pull/6769) - docs: fix typo on 'nextjs#getserversession' page by [@​babblebey](https://togithub.com/babblebey) in [https://github.com/nextauthjs/next-auth/pull/6790](https://togithub.com/nextauthjs/next-auth/pull/6790) - feat: priortize `NEXTAUTH_URL_INTERNAL` by [@​ThangHuuVu](https://togithub.com/ThangHuuVu) in [https://github.com/nextauthjs/next-auth/pull/6814](https://togithub.com/nextauthjs/next-auth/pull/6814) - docs: typo in faq.md by [@​antjocks](https://togithub.com/antjocks) in [https://github.com/nextauthjs/next-auth/pull/6826](https://togithub.com/nextauthjs/next-auth/pull/6826) #### New Contributors - [@​ChinonsoIg](https://togithub.com/ChinonsoIg) made their first contribution in [https://github.com/nextauthjs/next-auth/pull/6589](https://togithub.com/nextauthjs/next-auth/pull/6589) - [@​wsfuller](https://togithub.com/wsfuller) made their first contribution in [https://github.com/nextauthjs/next-auth/pull/6706](https://togithub.com/nextauthjs/next-auth/pull/6706) - [@​tomryanx](https://togithub.com/tomryanx) made their first contribution in [https://github.com/nextauthjs/next-auth/pull/6769](https://togithub.com/nextauthjs/next-auth/pull/6769) - [@​babblebey](https://togithub.com/babblebey) made their first contribution in [https://github.com/nextauthjs/next-auth/pull/6790](https://togithub.com/nextauthjs/next-auth/pull/6790) - [@​antjocks](https://togithub.com/antjocks) made their first contribution in [https://github.com/nextauthjs/next-auth/pull/6826](https://togithub.com/nextauthjs/next-auth/pull/6826) **Full Changelog**: https://github.com/nextauthjs/next-auth/compare/next-auth@4.19.2...next-auth@4.20.0 ### [`v4.19.2`](https://togithub.com/nextauthjs/next-auth/releases/tag/next-auth%404.19.2) [Compare Source](https://togithub.com/nextauthjs/next-auth/compare/next-auth@4.19.1...next-auth@4.19.2) #### What's Changed - fix(ts): stop using typeof + generic together by [@​balazsorban44](https://togithub.com/balazsorban44) in [https://github.com/nextauthjs/next-auth/pull/6595](https://togithub.com/nextauthjs/next-auth/pull/6595) **Full Changelog**: https://github.com/nextauthjs/next-auth/compare/next-auth@4.19.1...next-auth@4.19.2 ### [`v4.19.1`](https://togithub.com/nextauthjs/next-auth/releases/tag/next-auth%404.19.1) [Compare Source](https://togithub.com/nextauthjs/next-auth/compare/next-auth@4.19.0...next-auth@4.19.1) #### What's Changed - Remove the `unstable` note. by [@​OrJDev](https://togithub.com/OrJDev) in [https://github.com/nextauthjs/next-auth/pull/6537](https://togithub.com/nextauthjs/next-auth/pull/6537) - fix(ts): correctly type `unstable_getServerSession` by [@​joulev](https://togithub.com/joulev) in [https://github.com/nextauthjs/next-auth/pull/6560](https://togithub.com/nextauthjs/next-auth/pull/6560) - feat: redesign all default pages by [@​ThangHuuVu](https://togithub.com/ThangHuuVu) and [@​Gawdfrey](https://togithub.com/Gawdfrey) #### New Contributors - [@​joulev](https://togithub.com/joulev) made their first contribution in [https://github.com/nextauthjs/next-auth/pull/6560](https://togithub.com/nextauthjs/next-auth/pull/6560) **Full Changelog**: https://github.com/nextauthjs/next-auth/compare/next-auth@4.19.0...next-auth@4.19.1 ### [`v4.19.0`](https://togithub.com/nextauthjs/next-auth/releases/tag/next-auth%404.19.0) [Compare Source](https://togithub.com/nextauthjs/next-auth/compare/next-auth@4.18.10...next-auth@4.19.0) #### What's Changed - fix(oauth1): pass `oauth_token_secret` in [https://github.com/nextauthjs/next-auth/pull/6534](https://togithub.com/nextauthjs/next-auth/pull/6534) - feat: remove `unstable_` prefix `getServerSession` in [https://github.com/nextauthjs/next-auth/pull/6535](https://togithub.com/nextauthjs/next-auth/pull/6535) - feat: make `generateSessionToken` awaitable in [https://github.com/nextauthjs/next-auth/pull/6536](https://togithub.com/nextauthjs/next-auth/pull/6536) **Full Changelog**: https://github.com/nextauthjs/next-auth/compare/next-auth@4.18.10...next-auth@4.19.0 ### [`v4.18.10`](https://togithub.com/nextauthjs/next-auth/releases/tag/next-auth%404.18.10) [Compare Source](https://togithub.com/nextauthjs/next-auth/compare/next-auth@4.18.9...next-auth@4.18.10) **Full Changelog**: https://github.com/nextauthjs/next-auth/compare/next-auth@4.18.9...next-auth@4.18.10 ### [`v4.18.9`](https://togithub.com/nextauthjs/next-auth/releases/tag/next-auth%404.18.9) [Compare Source](https://togithub.com/nextauthjs/next-auth/compare/next-auth@4.18.8...next-auth@4.18.9) #### Bugfixes - **next-auth**: remove engines ([`f54424c`](https://togithub.com/nextauthjs/next-auth/commit/f54424c2)) - **providers**: default image to `null` for Azure AD ([`09bcc1d`](https://togithub.com/nextauthjs/next-auth/commit/09bcc1d5)) - Allow adding own logo to provider ([#​6465](https://togithub.com/nextauthjs/next-auth/issues/6465)) ### [`v4.18.8`](https://togithub.com/nextauthjs/next-auth/releases/tag/next-auth%404.18.8) [Compare Source](https://togithub.com/nextauthjs/next-auth/compare/next-auth@v4.18.7...next-auth@4.18.8) #### What's Changed - chore(docs): fix aloglia `docusaurus.config.js` settings (`v4`) [https://github.com/nextauthjs/next-auth/pull/6160](https://togithub.com/nextauthjs/next-auth/pull/6160) - fix broken links related to issue [#​6157](https://togithub.com/nextauthjs/next-auth/issues/6157) [https://github.com/nextauthjs/next-auth/pull/6183](https://togithub.com/nextauthjs/next-auth/pull/6183) - Replaced the word peer dependency [https://github.com/nextauthjs/next-auth/pull/6197](https://togithub.com/nextauthjs/next-auth/pull/6197) - fix(docs): import `NextAuth` correctly [https://github.com/nextauthjs/next-auth/pull/6206](https://togithub.com/nextauthjs/next-auth/pull/6206) - chore(docs): fix middleware verbiage [https://github.com/nextauthjs/next-auth/pull/5981](https://togithub.com/nextauthjs/next-auth/pull/5981) - fix: remove outdated nested middleware info [#​5180](https://togithub.com/nextauthjs/next-auth/issues/5180) [https://github.com/nextauthjs/next-auth/pull/5181](https://togithub.com/nextauthjs/next-auth/pull/5181) **Full Changelog**: https://github.com/nextauthjs/next-auth/compare/next-auth@v4.18.7...next-auth@4.18.8 ### [`v4.18.7`](https://togithub.com/nextauthjs/next-auth/releases/tag/next-auth%40v4.18.7) [Compare Source](https://togithub.com/nextauthjs/next-auth/compare/next-auth@v4.18.6...next-auth@v4.18.7) #### Bugfixes - **next-auth**: revert to 4.17 and replay other fixes ([https://github.com/nextauthjs/next-auth/pull/6132](https://togithub.com/nextauthjs/next-auth/pull/6132)) ### [`v4.18.6`](https://togithub.com/nextauthjs/next-auth/releases/tag/next-auth%40v4.18.6) [Compare Source](https://togithub.com/nextauthjs/next-auth/compare/next-auth@v4.18.5...next-auth@v4.18.6) #### Bugfixes - **core**: preserve incoming set cookies ([#​6029](https://togithub.com/nextauthjs/next-auth/issues/6029)) ([`2875b49`](https://togithub.com/nextauthjs/next-auth/commit/2875b49f)) - **next**: correctly bundle next-auth/middleware fixes [#​6025](https://togithub.com/nextauthjs/next-auth/issues/6025) ([`5259d24`](https://togithub.com/nextauthjs/next-auth/commit/5259d247)) ### [`v4.18.5`](https://togithub.com/nextauthjs/next-auth/releases/tag/next-auth%40v4.18.5) [Compare Source](https://togithub.com/nextauthjs/next-auth/compare/next-auth@v4.18.4...next-auth@v4.18.5) #### Bugfixes - **core**: host detection/NEXTAUTH_URL ([#​6007](https://togithub.com/nextauthjs/next-auth/issues/6007)) ([`62f672a`](https://togithub.com/nextauthjs/next-auth/commit/62f672ae)) - **core**: correct status code when returning redirects ([#​6004](https://togithub.com/nextauthjs/next-auth/issues/6004)) ([`2c669b3`](https://togithub.com/nextauthjs/next-auth/commit/2c669b32)) ### [`v4.18.4`](https://togithub.com/nextauthjs/next-auth/releases/tag/next-auth%40v4.18.4) [Compare Source](https://togithub.com/nextauthjs/next-auth/compare/next-auth@v4.18.3...next-auth@v4.18.4) ##### Bugfixes - **core**: handle `Request` -> `Response` regressions ([#​5991](https://togithub.com/nextauthjs/next-auth/issues/5991)) ([`5c4a9a6`](https://togithub.com/nextauthjs/next-auth/commit/5c4a9a69)) - **next**: don't override `Content-Type` by `unstable_getServerSession` [https://github.com/nextauthjs/next-auth/pull/5991](https://togithub.com/nextauthjs/next-auth/pull/5991)/commits/7c24c5613f470f4b33f0486201821c6d40bedca8 - **core**: handle `,` while setting `set-cookie` [https://github.com/nextauthjs/next-auth/pull/5991](https://togithub.com/nextauthjs/next-auth/pull/5991)/commits/7a390844c8db3c548ca0155f16d6a033693a3fbf ### [`v4.18.3`](https://togithub.com/nextauthjs/next-auth/releases/tag/next-auth%40v4.18.3) [Compare Source](https://togithub.com/nextauthjs/next-auth/compare/next-auth@v4.18.2...next-auth@v4.18.3) ##### Bugfixes - **core**: throw error if no action can be determined ([`157269e`](https://togithub.com/nextauthjs/next-auth/commit/157269e0)) - **core**: add protocol if missing ([`221bc8e`](https://togithub.com/nextauthjs/next-auth/commit/221bc8e9)) ##### Other - **core**: fix test ([`0a140cd`](https://togithub.com/nextauthjs/next-auth/commit/0a140cdf)) ### [`v4.18.2`](https://togithub.com/nextauthjs/next-auth/releases/tag/next-auth%40v4.18.2) [Compare Source](https://togithub.com/nextauthjs/next-auth/compare/next-auth@v4.18.1...next-auth@v4.18.2) #### Bugfixes - **core**: properly construct url ([#​5984](https://togithub.com/nextauthjs/next-auth/issues/5984)) ([`f329102`](https://togithub.com/nextauthjs/next-auth/commit/f3291025)) ### [`v4.18.1`](https://togithub.com/nextauthjs/next-auth/releases/tag/next-auth%40v4.18.1) [Compare Source](https://togithub.com/nextauthjs/next-auth/compare/next-auth@v4.18.0...next-auth@v4.18.1) #### Bugfixes - **core**: don't mutate `authOptions` in `unstable_getServerSession` ([#​5973](https://togithub.com/nextauthjs/next-auth/issues/5973)) ([`b19b2bc`](https://togithub.com/nextauthjs/next-auth/commit/b19b2bcb)) #### Other - **core**: use standard `Request` and `Response` ([#​4769](https://togithub.com/nextauthjs/next-auth/issues/4769)) ([`7e91d7d`](https://togithub.com/nextauthjs/next-auth/commit/7e91d7df)) - **dev**: upgrade dev app and deps ([`c4352a7`](https://togithub.com/nextauthjs/next-auth/commit/c4352a7d)) ### [`v4.18.0`](https://togithub.com/nextauthjs/next-auth/releases/tag/next-auth%40v4.18.0) [Compare Source](https://togithub.com/nextauthjs/next-auth/compare/next-auth@v4.17.0...next-auth@v4.18.0) #### Features - **core**: make pkce and state maxAge configurable on the cookies ([#​4719](https://togithub.com/nextauthjs/next-auth/issues/4719)) ([`f277989`](https://togithub.com/nextauthjs/next-auth/commit/f277989c)) #### Bugfixes - **next**: improve dev environment variable handling ([#​5763](https://togithub.com/nextauthjs/next-auth/issues/5763)) ([`0d17578`](https://togithub.com/nextauthjs/next-auth/commit/0d175781)) - **provider**: modify `response.name` to `response.nickname` (Naver) ([#​5915](https://togithub.com/nextauthjs/next-auth/issues/5915)) ([`6e408e2`](https://togithub.com/nextauthjs/next-auth/commit/6e408e24)) - **ts**: improve `unstable_getServerSession` return type ([#​5792](https://togithub.com/nextauthjs/next-auth/issues/5792)) ([`a307079`](https://togithub.com/nextauthjs/next-auth/commit/a307079e)) #### Other - **types**: fix typo in comment ([#​5815](https://togithub.com/nextauthjs/next-auth/issues/5815)) ([`2301c1b`](https://togithub.com/nextauthjs/next-auth/commit/2301c1be))

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[changeset-bot[bot]]

⚠️ No Changeset found

Latest commit: 86d4832ee533485201b6ca36b3b0c4197a0d6b12

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
chirpy	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 2, 2023 6:46am

[relativeci[bot]]

Job #1350: Bundle Size — 2.11MiB (+0.05%).

626f0e8(current) vs 5ece64a main#1349(baseline)

:bangbang: Bundle introduced 1 duplicate package

Metrics (5 changes)

	Current Job #1350	Baseline Job #1349
Initial JS	1.46MiB(+0.07%)	1.46MiB
Initial CSS	99.56KiB	99.56KiB
Cache Invalidation	22.19%	15.09%
Chunks	51	51
Assets	63	63
Modules	1133(+0.35%)	1129
Duplicate Modules	199	199
Duplicate Code	4.9%	4.9%
Packages	124(+0.81%)	123
Duplicate Packages	2(+100%)	1

Total size by type (1 change)

|            |       Current
[Job #1350](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1350-Qe5ITo2oNIHMa0kKJUco?utm_source=github&utm_medium=pr-report "View job report") |      Baseline
[Job #1349](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1349-PYdyMpnebJ8RcYe6pROw?utm_source=github&utm_medium=pr-report "View baseline job report") | |:--|--:|--:| | [CSS](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1350-Qe5ITo2oNIHMa0kKJUco/assets?ba=%7B%22filters%22%3A%7B%22ft.CSS%22%3Atrue%2C%22ft.JS%22%3Afalse%2C%22ft.IMG%22%3Afalse%2C%22ft.MEDIA%22%3Afalse%2C%22ft.FONT%22%3Afalse%2C%22ft.HTML%22%3Afalse%2C%22ft.OTHER%22%3Afalse%7D%7D "View all CSS assets") | `99.56KiB` | `99.56KiB` | | [Fonts](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1350-Qe5ITo2oNIHMa0kKJUco/assets?ba=%7B%22filters%22%3A%7B%22ft.CSS%22%3Afalse%2C%22ft.JS%22%3Afalse%2C%22ft.IMG%22%3Afalse%2C%22ft.MEDIA%22%3Afalse%2C%22ft.FONT%22%3Atrue%2C%22ft.HTML%22%3Afalse%2C%22ft.OTHER%22%3Afalse%7D%7D "View all Fonts assets") | `0B` | `0B` | | [HTML](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1350-Qe5ITo2oNIHMa0kKJUco/assets?ba=%7B%22filters%22%3A%7B%22ft.CSS%22%3Afalse%2C%22ft.JS%22%3Afalse%2C%22ft.IMG%22%3Afalse%2C%22ft.MEDIA%22%3Afalse%2C%22ft.FONT%22%3Afalse%2C%22ft.HTML%22%3Atrue%2C%22ft.OTHER%22%3Afalse%7D%7D "View all HTML assets") | `0B` | `0B` | | [IMG](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1350-Qe5ITo2oNIHMa0kKJUco/assets?ba=%7B%22filters%22%3A%7B%22ft.CSS%22%3Afalse%2C%22ft.JS%22%3Afalse%2C%22ft.IMG%22%3Atrue%2C%22ft.MEDIA%22%3Afalse%2C%22ft.FONT%22%3Afalse%2C%22ft.HTML%22%3Afalse%2C%22ft.OTHER%22%3Afalse%7D%7D "View all IMG assets") | `1.45KiB` | `1.45KiB` | | [JS](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1350-Qe5ITo2oNIHMa0kKJUco/assets?ba=%7B%22filters%22%3A%7B%22ft.CSS%22%3Afalse%2C%22ft.JS%22%3Atrue%2C%22ft.IMG%22%3Afalse%2C%22ft.MEDIA%22%3Afalse%2C%22ft.FONT%22%3Afalse%2C%22ft.HTML%22%3Afalse%2C%22ft.OTHER%22%3Afalse%7D%7D "View all JS assets") | `1.99MiB` (`+0.05%`) | `1.99MiB` | | [Media](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1350-Qe5ITo2oNIHMa0kKJUco/assets?ba=%7B%22filters%22%3A%7B%22ft.CSS%22%3Afalse%2C%22ft.JS%22%3Afalse%2C%22ft.IMG%22%3Afalse%2C%22ft.MEDIA%22%3Atrue%2C%22ft.FONT%22%3Afalse%2C%22ft.HTML%22%3Afalse%2C%22ft.OTHER%22%3Afalse%7D%7D "View all Media assets") | `0B` | `0B` | | [Other](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1350-Qe5ITo2oNIHMa0kKJUco/assets?ba=%7B%22filters%22%3A%7B%22ft.CSS%22%3Afalse%2C%22ft.JS%22%3Afalse%2C%22ft.IMG%22%3Afalse%2C%22ft.MEDIA%22%3Afalse%2C%22ft.FONT%22%3Afalse%2C%22ft.HTML%22%3Afalse%2C%22ft.OTHER%22%3Atrue%7D%7D "View all Other assets") | `11.87KiB` | `11.87KiB` |

---

View job #1350 report View refs/pull/568/merge branch activity

[cypress[bot]]

2 failed tests on run #1884 ↗︎

2

4

0

1

0

Details:

fix(deps): update dependency next-auth to v4.20.1 [security]
Project: chirpy	Commit: 86d4832ee5
Status: Failed	Duration: 02:26 💡
Started: May 2, 2023 6:48 AM	Ended: May 2, 2023 6:50 AM

  home/header.spec.ts • 1 failed test • Cypress Actions

View Output Video

Test		Artifacts
Header > should show user menu		Output Screenshots Video

  dashboard/project.spec.ts • 1 failed test • Cypress Actions

View Output Video

Test		Artifacts
Project > should show integration doc		Output Screenshots Video

_{This comment has been generated by cypress-bot as a result of this project's GitHub integration settings.}

[github-actions[bot]]

Coverage report for ./apps/main

St.:grey_question:	Category	Percentage	Covered / Total
🔴	Statements	8.73%	40/458
🔴	Branches	10.23%	9/88
🔴	Functions	4.35%	3/69
🔴	Lines	9.25%	38/411

Test suite run success

2 tests passing in 2 suites.

Report generated by 🧪jest coverage report action from 86d4832ee533485201b6ca36b3b0c4197a0d6b12