Bump next, next-auth and @storybook/nextjs in /website

[dependabot]

Bumps next, next-auth and @storybook/nextjs. These dependencies needed to be updated together.
Updates next from 13.4.12 to 15.5.4

Release notes

Sourced from next's releases.

v15.5.4

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: ensure onRequestError is invoked when otel enabled (#83343)
• fix: devtools initial position should be from next config (#83571)
• [devtool] fix overlay styles are missing (#83721)
• Turbopack: don't match dynamic pattern for node_modules packages (#83176)
• Turbopack: don't treat metadata routes as RSC (#82911)
• [turbopack] Improve handling of symlink resolution errors in track_glob and read_glob (#83357)
• Turbopack: throw large static metadata error earlier (#82939)
• fix: error overlay not closing when backdrop clicked (#83981)
• Turbopack: flush Node.js worker IPC on error (#84077)

Misc Changes

• [CNA] use linter preference (#83194)
• CI: use KV for test timing data (#83745)
• docs: september improvements and fixes (#83997)

Credits

Huge thanks to @​yiminghe, @​huozhi, @​devjiwonchoi, @​mischnic, @​lukesandberg, @​ztanner, @​icyJoseph, @​leerob, @​fufuShih, @​dwrth, @​aymericzip, @​obendev, @​molebox, @​OoMNoO, @​pontasan, @​styfle, @​HondaYt, @​ryuapp, @​lpalmes, and @​ijjk for helping!

v15.5.3

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: validation return types of pages API routes (#83069)
• fix: relative paths in dev in validator.ts (#83073)
• fix: remove satisfies keyword from type validation to preserve old TS compatibility (#83071)

Credits

Huge thanks to @​bgub for helping!

v15.5.2

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: disable unknownatrules lint rule entirely (#83059)
• revert: add ?dpl to fonts in /_next/static/media (#83062)

Credits

... (truncated)

Commits

• 40f1d78 v15.5.4
• cb30f0a [backport] docs: september improvements and fixes (#83997)
• b6a32bb [backport] [CNA] use linter preference (#83194) (#84087)
• 26d61f1 [backport] Turbopack: flush Node.js worker IPC on error (#84079)
• e11e87a [backport] fix: error overlay not closing when backdrop clicked (#83981) (#83...
• 0a29888 [backport] fix: devtools initial position should be from next config (#83571)...
• 7a53950 [backport] Turbopack: don't treat metadata routes as RSC (#83804)
• 050bdf1 [backport] Turbopack: throw large static metadata error earlier (#83816)
• 1f6ea09 [backport] Turbopack: Improve handling of symlink resolution errors (#83805)
• c7d1855 [backport] CI: use KV for test timing data (#83860)
• Additional commits viewable in compare view

Updates next-auth from 4.22.1 to 4.24.11

Commits

• 6bca388 chore(release): bump version [skip ci]
• c46fd4f chore(deps): allow react v19 as peer deps (#12352)
• 3dfe5d5 chore: Update docusaurus.config.js
• 0447db0 chore(v4): add sent.dm sponsor (#12172)
• 5a5859a docs: Update options.md
• 5ad7fb4 docs: Update options.md
• c7ea50d chore(release): bump version [skip ci]
• 490a033 fix: support AUTH_SECRET for compat with npx auth secret
• 1e6be72 fix: functions that return promises must be async (#12105)
• ddab3cc chore(release): bump version [skip ci]
• Additional commits viewable in compare view

Updates @storybook/nextjs from 7.0.22 to 7.6.20

Changelog

Sourced from @​storybook/nextjs's changelog.

7.6.20

• Core: Replace ip function to address security concerns #27529, thanks @​tony19
• Telemetry: Detect Node version #28299, thanks @​yannbf
• Angular: Support v18 #27237, thanks @​valentinpalkovic

7.6.19

• Fix bad release in 7.6.18 thanks @​jreinhold!

7.6.18

• Core: Fix addon bundling script #26145, thanks @​ndelangen!

7.6.17

• Addon-docs: Fix Table of Contents heading leak - #23677, thanks @​vmizg!
• Core: Update ip version to fix CVE-2023-42282 - #26086, thanks @​drik98!

7.6.16

• Addon Themes: Make type generic less strict - #26042, thanks @​yannbf!
• Interaction: Make sure that adding spies doesn't cause infinite loops with self referencing args #26019, thanks @​kasperpeulen!

7.6.15

This release accidentally didn't contain anything.

7.6.14

• Core: Fix boolean true args in URL getting ignored - #25950, thanks @​JReinhold!

7.6.13

• Next.js: Fix frameworkOptions resolution - #25907, thanks @​valentinpalkovic!
• React Native: Fix init fails when package is already installed - #25908, thanks @​dannyhw!
• React Native: Remove watcher from init - #25895, thanks @​dannyhw!
• Webpack: Update StorybookConfig import in core-webpack types.ts - #25740, thanks @​valentinpalkovic!

7.6.12

• CLI: Fix upgrade detecting the wrong version of existing Storybooks - #25752, thanks @​JReinhold!

7.6.11

• CLI: Update init for react native v7 - #25780, thanks @​dannyhw!
• Codemods: Add support for multiple file extensions in runCodemod function - #25708, thanks @​valentinpalkovic!

7.6.10

... (truncated)

Commits

• 1fe1c39 Bump version from 7.6.19 to 7.6.20 [skip ci]
• 0264a14 Bump version from 7.6.18 to 7.6.19 (manual) [skip ci]
• 5622242 Bump version from 7.6.17 to 7.6.18 MANUALLY (again)
• 6e6cbcf temporarily decrease version number for CI
• 2f3744f Bump version from 7.6.17 to 7.6.18 MANUALLY
• 60bf2b5 Bump version from "7.6.16" to "7.6.17" [skip ci]
• 287300b Bump version from "7.6.15" to "7.6.16" [skip ci]
• 8bcc3b4 Bump version from "7.6.14" to "7.6.15" [skip ci]
• 8d42c55 Bump version from "7.6.13" to "7.6.14" [skip ci]
• 95ed703 Bump version from "7.6.12" to "7.6.13" [skip ci]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by valentinpalkovic, a new releaser for @​storybook/nextjs since your current version.

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[github-actions]

❌ pre-commit failed.
Please run pre-commit run --all-files locally and commit the changes.
Find more information in the repository's CONTRIBUTING.md

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	crypto-js@​4.1.1
	form-data@​3.0.1 ⏵ 4.0.0	+1		+1
	number-is-nan@​1.0.1
	has@​1.0.3
	node-releases@​2.0.10
	has-property-descriptors@​1.0.0
	isarray@​0.0.1
	define-properties@​1.2.0
	path-parse@​1.0.7
	array-flatten@​2.1.2
	indent-string@​4.0.0
	object-keys@​1.1.1
	has-symbols@​1.0.3
	object.assign@​4.1.4
	is-core-module@​2.11.0
	function-bind@​1.1.1
	minimalistic-assert@​1.0.1
	object-assign@​4.1.1
	boolbase@​1.0.0
	path-is-inside@​1.0.2
	is-arrayish@​0.2.1
	get-own-enumerable-property-symbols@​3.0.2
	@​docsearch/​css@​3.3.3
	at-least-node@​1.0.0
	@​babel/​plugin-transform-react-jsx-development@​7.22.5 ⏵ 7.18.6
	is-regexp@​1.0.0
	@​algolia/​logger-console@​4.17.0
	detect-node@​2.1.0
	@​algolia/​logger-common@​4.17.0
	@​algolia/​cache-in-memory@​4.17.0
	@​algolia/​requester-common@​4.17.0
	@​webassemblyjs/​helper-api-error@​1.11.5 ⏵ 1.11.1			+2
See 604 more rows in the dashboard

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		crypto-js@4.1.1 has a Critical CVE. CVE: GHSA-xwcq-pm8m-c4vf crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard (CRITICAL) Affected versions: < 4.2.0 Patched version: 4.2.0 From: docs/yarn.lock → npm/crypto-js@4.1.1 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/crypto-js@4.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report