[Snyk] Security upgrade next-auth from 3.14.8 to 3.29.5

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-NEXTAUTH-2933545	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: next-auth

The new version differs by 185 commits.

• e16bf93 chore: bump version
• 9b078c9 fix: don't show error on relative `callbackUrl`
• 87f6f57 fix: handle invalid `callbackUrl`
• 50584bd chore: bump version
• b442923 fix: more strict default callback url handling
• e1b297d fix: update default `callbacks.redirect`
• ab764e3 chore: bump release
• c8941e4 fix: remove `action` from bad request response
• ead7152 fix(deps): update built-in adapter dependencies (#2589)
• 8faa755 docs: add suggestions for secret and encryption key generation (#2578)
• 90a6a00 feat(provider): return image for Yandex by default (#2563)
• cb844a2 docs(provider): remove en-us from Azure urls (#2554)
• 74558d6 docs(email): remove duplicate CSS property from html (#2546)
• d03125a docs(ts): mention module augmentation on callbacks (#2541)
• 66d16f8 fix(ts): allow `scope` as string array type (#2511)
• be74dd0 docs(security): email contact update (#2467)
• 9bf867d docs: Update faq.md (#2458)
• 0f460c2 docs(client): add text regarding 'logout' (#2432)
• 887cb00 docs(adapter): Typo in filepath for firebase auth in docs. (#2436)
• 75ca097 docs: Fix link to code (#2405)
• bcb9383 docs: fix typos in options.md (#2393)
• b953963 chore(core): fix typo in csrf-token-handler.js where 'strategy' is misspelled (#2391)
• 4649f19 docs(readme): add opencollective details to readme (#2388)
• 45f4a69 docs(configuration): remove comments in JWT example (#2378)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated
recruiter	✅ Ready (Inspect)	Visit Preview	Jun 23, 2022 at 10:32AM (UTC)

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication