vercel[bot]
commented
1 month ago @realmikesolo is attempting to deploy a commit to the Vercel Labs Team on Vercel.
A member of the Team first needs to authorize it.
Closed realmikesolo closed 3 weeks ago
vercel[bot]
commented
1 month ago @realmikesolo is attempting to deploy a commit to the Vercel Labs Team on Vercel.
A member of the Team first needs to authorize it.
m-torin
commented
1 month ago It's an interesting choice to move away from a project that enterprises and governments support to one that's unknown and may require security reviews. What benefits make this worth it?
leerob
commented
1 month ago @m-torin if you would like to use Prisma, that's great. Please do! I don't have anything against Prisma. In fact, we just worked with them on this https://db-latency.vercel.app/.
realmikesolo
commented
1 month ago I made some edits based on the review, updated the Drizzle schema, upgraded drizzle-kit to version 0.21.1, and created a new Prisma compatible schema with an initial migration. These can be used if switching from Prisma to Drizzle ORM. The migration was created after pulling the DDL from an existing database, which was initially used with Prisma. The only thing that needs to be done is to set the email field in the User table to 'not null' for type compatibility with the Drizzle adapter for next-auth.
Currently, there are two bugs related to drizzle-kit removing foreign key constraints and recreating them, and drizzle-kit detecting changes in timestamp precision even when there are none. These should be fixed soon. Once they are resolved, the Prisma compatible schema can be used. If it's a new project, it's recommended to use the standard Drizzle schema.
Please let me know if anything needs updating.
realmikesolo
commented
1 month ago Bugs with Drizzle-kit were fixed
vercel[bot]
commented
4 weeks ago The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| platforms | ❌ Failed (Inspect) | Jun 4, 2024 2:10pm |
socket-security[bot]
commented
3 weeks ago New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/clsx@2.1.1 | None | 0 |
8.55 kB | lukeed |
| npm/drizzle-kit@0.22.5 | None | 0 |
0 B | |
| npm/pg@8.12.0 | environment, network | 0 |
77.6 kB | brianc |
| npm/postcss@8.4.38 | environment, filesystem | +2 |
343 kB | ai |
| npm/prettier@3.3.1 | environment, filesystem, unsafe | 0 |
8.25 MB | prettier-bot |
| npm/tailwind-merge@2.3.0 | None | +1 |
727 kB | dcas |
| npm/tailwindcss@3.4.4 | environment, filesystem Transitive: network, shell, unsafe | +87 |
14.2 MB | adamwathan |
| npm/typescript@5.4.5 | None | 0 |
32.4 MB | typescript-bot |
🚮 Removed packages: npm/clsx@2.0.0, npm/next-auth@4.24.5, npm/prettier@3.1.0, npm/prisma@5.5.2, npm/react@18.2.0, npm/tailwind-merge@2.0.0, npm/tailwindcss@3.3.5, npm/typescript@5.2.2
socket-security[bot]
commented
3 weeks ago 🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎
To accept the risk, merge this PR and you will not be notified again.
| Alert | Package | Note | Source |
|---|---|---|---|
| Nonpermissive License | npm/@vercel/analytics@1.3.1 |
|
|
| Copyleft License | npm/@vercel/analytics@1.3.1 |
|
|
| Nonpermissive License | npm/@vercel/analytics@1.1.1 |
| |
| Copyleft License | npm/@vercel/analytics@1.1.1 |
|
(Experimental) A license not known to be considered permissive was found
Determine whether use of material not offered under a known permissive license works for you
(Experimental) Copyleft license information was found
Determine whether use of copyleft material works for you
Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore npm/@vercel/analytics@1.3.1@SocketSecurity ignore npm/@vercel/analytics@1.1.1
mdichtler
commented
2 weeks ago @leerob @realmikesolo - this seems to break Github auth as it might happen that Github login that's in the example returns null for the email, due to the schema email field being set to notNull in users table. This happens when the person trying to login in Github email preferences has Keep my email addresses private checked.
mdichtler
commented
2 weeks ago Submitted issue for tracking: https://github.com/vercel/platforms/issues/412
AlexBlokh
commented
2 weeks ago @mdichtler we're a bit confused with @realmikesolo as of now, since originally Prisma's adapter did have this field as just unique, then the Next Auth author mentioned that field(we might've got it wrong) can be .notNull and even for github they will still get the email if it's null. If the field can be null or empty string - it can't be unique either
mdichtler
commented
2 weeks ago @AlexBlokh - I'm free for the next hour if you want to troubleshoot this a bit - add my discord: @martindichtler also attaching screenshot of my github profile where email is set to null. This is logged from auth.ts line 14 (profile callback)
AlexBlokh
commented
2 weeks ago @mdichtler here's a conversation with the NextAuth team in Discord
They advise us to do a migration of id -> email where email is null before declaring a schema and seems like they consider this a bug, but we tend to just make this field nullable since it doesn't make sense to have it not null
This PR was made to migrate from Prisma to Drizzle ORM. It involves rewriting the database interactions using
Drizzle ORM.Instructions
If you directly start the project with Drizzle ORM
lib/legacy-schema.tsfile as it is only used when migrating from Prisma.lib/schema.tswill be used for database queries.drizzle-kit pushcommand to apply your changes to the database. Learn more about the push command here.If you migrating from Prisma
lib/schema.tsfile and renamelib/legacy-schema.tstolib/schema.ts.emailcolumn inuserstable is set tonot nullto ensure compatibility with drizzle next-auth adapter. Apply this change by running thedrizzle-kit pushcommand. Learn more aboutpushcommand here.