From cc11ee58bd0be75468f6012cef81563db557cd8c Mon Sep 17 00:00:00 2001 From: Bereket Engida Date: Thu, 11 Jun 2026 10:44:22 -0700 Subject: [PATCH 1/2] chore: format callback.test.ts with prettier --- packages/core/test/actions/callback.test.ts | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/packages/core/test/actions/callback.test.ts b/packages/core/test/actions/callback.test.ts index 180bcb0dad..42909a6791 100644 --- a/packages/core/test/actions/callback.test.ts +++ b/packages/core/test/actions/callback.test.ts @@ -154,7 +154,11 @@ describe("assert GET callback action", () => { }) describe("OAuth check cookies are bound to their provider", () => { - const cookieOptions = { secure: true, sameSite: "lax" as const, httpOnly: true } + const cookieOptions = { + secure: true, + sameSite: "lax" as const, + httpOnly: true, + } const cookies = { state: { name: "authjs.state", options: cookieOptions }, nonce: { name: "authjs.nonce", options: cookieOptions }, From 50be090904baa56ec304c61981944f0c86a80afc Mon Sep 17 00:00:00 2001 From: Bereket Engida Date: Thu, 11 Jun 2026 10:44:22 -0700 Subject: [PATCH 2/2] fix(proxy): pin @auth/core instead of tracking the latest dist-tag The npm latest dist-tag for @auth/core currently points to 0.34.3, a backport patch published after 0.41.x. That version predates the Vipps provider, so every fresh Vercel deploy of the proxy fails to resolve @auth/core/providers/vipps. Pinning a caret range keeps deploys reproducible and immune to dist-tag movement. --- apps/proxy/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/proxy/package.json b/apps/proxy/package.json index e956b0fdba..e6471612b1 100644 --- a/apps/proxy/package.json +++ b/apps/proxy/package.json @@ -5,6 +5,6 @@ "type": "module", "packageManager": "pnpm@9.10.0", "dependencies": { - "@auth/core": "latest" + "@auth/core": "^0.41.2" } }