Bump the npm_and_yarn group across 4 directories with 4 updates

[dependabot]

Bumps the npm_and_yarn group with 1 update in the / directory: next.
Bumps the npm_and_yarn group with 1 update in the /basics/typescript-final directory: next.
Bumps the npm_and_yarn group with 1 update in the /dashboard/final-example directory: next-auth.
Bumps the npm_and_yarn group with 2 updates in the /dashboard/starter-example directory: next and next-auth.

Updates next from 14.2.23 to 14.2.32

Commits

• 89ee561 v14.2.32
• 6a974ad [backport v14]: fix router handling when setting a location response header (...
• 55f7662 v14.2.31
• 5dd68a5 [backport v14]: fix(next/image): improve and simplify detect-content-type (#8...
• bcc7c65 [backport v14]: fix(next/image): fix image-optimizer.ts headers (#82114) (#82...
• 243072b v14.2.30
• f523d4a [backport]: config.allowedDevOrigins (#80410)
• ca92115 v14.2.29
• ec9ee87 Only share incremental cache for edge in next start (#79389)
• e65628a v14.2.28
• Additional commits viewable in compare view

Updates @babel/helpers from 7.26.7 to 7.28.4

Release notes

Sourced from @​babel/helpers's releases.

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)
• babel-core
  • #17474 Switch to @​jridgewell/remapping (@​mrginglymus)

Committers: 5

• Babel Bot (@​babel-bot)
• Bill Collins (@​mrginglymus)
• Glenn Willen (@​gwillen)
• Huáng Jùnliàng (@​JLHwung)
• @​liuxingbaoyu

v7.28.3 (2025-08-14)

👓 Spec Compliance

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env
  • #17443 [static blocks] Do not inject new static fields after static code (@​nicolo-ribaudo)

🐛 Bug Fix

• babel-parser
  • #17465 fix(parser/typescript): parse import("./a", {with:{},}) (@​easrng)
  • #17478 fix(parser): stop subscript parsing on async arrow (@​JLHwung)

💅 Polish

• babel-plugin-transform-regenerator, babel-plugin-transform-runtime
  • #17363 Do not save last yield in call in temp var (@​nicolo-ribaudo)

📝 Documentation

• #17448 move eslint-{parser,plugin} docs to the website (@​JLHwung)

🏠 Internal

• #17454 Enable type checking for scripts and babel-worker.cjs (@​JLHwung)

🔬 Output optimization

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions
  • #17444 Optimize do expression output (@​JLHwung)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Jam Balaya (@​JamBalaya56562)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• easrng (@​easrng)

... (truncated)

Changelog

Sourced from @​babel/helpers's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)
• babel-core
  • #17474 Switch to @​jridgewell/remapping (@​mrginglymus)

v7.28.3 (2025-08-14)

👓 Spec Compliance

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env
  • #17443 [static blocks] Do not inject new static fields after static code (@​nicolo-ribaudo)

🐛 Bug Fix

• babel-parser
  • #17465 fix(parser/typescript): parse import("./a", {with:{},}) (@​easrng)
  • #17478 fix(parser): stop subscript parsing on async arrow (@​JLHwung)

💅 Polish

• babel-plugin-transform-regenerator, babel-plugin-transform-runtime
  • #17363 Do not save last yield in call in temp var (@​nicolo-ribaudo)

📝 Documentation

• #17448 move eslint-{parser,plugin} docs to the website (@​JLHwung)

🏠 Internal

• #17454 Enable type checking for scripts and babel-worker.cjs (@​JLHwung)

🔬 Output optimization

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions
  • #17444 Optimize do expression output (@​JLHwung)

v7.28.2 (2025-07-24)

🐛 Bug Fix

• babel-types
  • #17445 [babel 7] Make operator param in t.tsTypeOperator optional (@​nicolo-ribaudo)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #17441 fix: regeneratorDefine compatibility with es5 strict mode (@​liuxingbaoyu)

v7.28.1 (2025-07-12)

🐛 Bug Fix

• babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator
  • #17426 fix: regenerator correctly handles throw outside of try (@​liuxingbaoyu)

📝 Documentation

• babel-types
  • #17422 Add missing FunctionParameter docs (@​JLHwung)

... (truncated)

Commits

• 35055e3 v7.28.4
• 18d88b8 Improve @​babel/core typings (#17471)
• ef155f5 v7.28.3
• 741cbd2 chore: fix various typos across codebase (#17476)
• cac0ff4 v7.28.2
• f743094 fix: regeneratorDefine compatibility with es5 strict mode (#17441)
• baa4cb8 v7.27.6
• fdbf1b3 fix: finally causes unexpected return value (#17366)
• 7d06930 v7.27.4
• 5b9468d Reduce regenerator size more (#17287)
• Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates next from 14.2.23 to 14.2.32

Commits

• 89ee561 v14.2.32
• 6a974ad [backport v14]: fix router handling when setting a location response header (...
• 55f7662 v14.2.31
• 5dd68a5 [backport v14]: fix(next/image): improve and simplify detect-content-type (#8...
• bcc7c65 [backport v14]: fix(next/image): fix image-optimizer.ts headers (#82114) (#82...
• 243072b v14.2.30
• f523d4a [backport]: config.allowedDevOrigins (#80410)
• ca92115 v14.2.29
• ec9ee87 Only share incremental cache for edge in next start (#79389)
• e65628a v14.2.28
• Additional commits viewable in compare view

Updates next-auth from 5.0.0-beta.25 to 5.0.0-beta.30

Release notes

Sourced from next-auth's releases.

[email protected]

What's Changed

• fix: always check typeof BroadcastChannel by @​maiconcarraro in nextauthjs/next-auth#12937
• fix(providers): enable OIDC capabilities for Keycloak by @​jvllmr in nextauthjs/next-auth#12964
• Fix typo: succesful -> successful by @​changeworld in nextauthjs/next-auth#12973
• Fix undefined providerId by @​Regloom in nextauthjs/next-auth#12947
• docs: fix typo profie -> profile by @​changeworld in nextauthjs/next-auth#12987
• docs: Fix typo initalization -> initialization by @​changeworld in nextauthjs/next-auth#12989
• docs: Fix typo depencies -> dependencies by @​changeworld in nextauthjs/next-auth#12983
• docs: add missing "key" prop for form element in providerMap iterator by @​frshaad in nextauthjs/next-auth#13023
• chore(docs): fix typo Minmum -> Minimum by @​changeworld in nextauthjs/next-auth#13007
• chore(docs): fix typo Avaliable Scopes -> Available Scopes by @​changeworld in nextauthjs/next-auth#13009
• fix(adapter): transistion to surrealdb@^1.0.0 by @​dvanmali in nextauthjs/next-auth#11911
• Fix(provider): Mailgun region selection by @​benhovinga in nextauthjs/next-auth#13027
• fix(next-auth): add missing middleware wrapper type to auth function by @​k-taro56 in nextauthjs/next-auth#13026
• Update extending-the-session.mdx by @​adriancuadrado in nextauthjs/next-auth#13064
• fix(adapters): handle P2025 errors without importing Prisma namespace by @​karl-barbour in nextauthjs/next-auth#13061
• chore(docs): Fix syntax error in RBAC guide by @​benhovinga in nextauthjs/next-auth#12733
• fix(provider): Microsoft Entra ID by @​benhovinga in nextauthjs/next-auth#12616
• Update index.ts by @​adriancuadrado in nextauthjs/next-auth#13066

New Contributors

• @​maiconcarraro made their first contribution in nextauthjs/next-auth#12937
• @​jvllmr made their first contribution in nextauthjs/next-auth#12964
• @​Regloom made their first contribution in nextauthjs/next-auth#12947
• @​frshaad made their first contribution in nextauthjs/next-auth#13023
• @​dvanmali made their first contribution in nextauthjs/next-auth#11911
• @​adriancuadrado made their first contribution in nextauthjs/next-auth#13064
• @​karl-barbour made their first contribution in nextauthjs/next-auth#13061

Full Changelog: https://github.com/nextauthjs/next-auth/compare/[email protected]@5.0.0-beta.29

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by himself_65, a new releaser for next-auth since your current version.

Updates next from 15.3.2 to 16.0.1

Commits

• 89ee561 v14.2.32
• 6a974ad [backport v14]: fix router handling when setting a location response header (...
• 55f7662 v14.2.31
• 5dd68a5 [backport v14]: fix(next/image): improve and simplify detect-content-type (#8...
• bcc7c65 [backport v14]: fix(next/image): fix image-optimizer.ts headers (#82114) (#82...
• 243072b v14.2.30
• f523d4a [backport]: config.allowedDevOrigins (#80410)
• ca92115 v14.2.29
• ec9ee87 Only share incremental cache for edge in next start (#79389)
• e65628a v14.2.28
• Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates next-auth from 5.0.0-beta.25 to 5.0.0-beta.30

Release notes

Sourced from next-auth's releases.

[email protected]

What's Changed

• fix: always check typeof BroadcastChannel by @​maiconcarraro in nextauthjs/next-auth#12937
• fix(providers): enable OIDC capabilities for Keycloak by @​jvllmr in nextauthjs/next-auth#12964
• Fix typo: succesful -> successful by @​changeworld in nextauthjs/next-auth#12973
• Fix undefined providerId by @​Regloom in nextauthjs/next-auth#12947
• docs: fix typo profie -> profile by @​changeworld in nextauthjs/next-auth#12987
• docs: Fix typo initalization -> initialization by @​changeworld in nextauthjs/next-auth#12989
• docs: Fix typo depencies -> dependencies by @​changeworld in nextauthjs/next-auth#12983
• docs: add missing "key" prop for form element in providerMap iterator by @​frshaad in nextauthjs/next-auth#13023
• chore(docs): fix typo Minmum -> Minimum by @​changeworld in nextauthjs/next-auth#13007
• chore(docs): fix typo Avaliable Scopes -> Available Scopes by @​changeworld in nextauthjs/next-auth#13009
• fix(adapter): transistion to surrealdb@^1.0.0 by @​dvanmali in nextauthjs/next-auth#11911
• Fix(provider): Mailgun region selection by @​benhovinga in nextauthjs/next-auth#13027
• fix(next-auth): add missing middleware wrapper type to auth function by @​k-taro56 in nextauthjs/next-auth#13026
• Update extending-the-session.mdx by @​adriancuadrado in nextauthjs/next-auth#13064
• fix(adapters): handle P2025 errors without importing Prisma namespace by @​karl-barbour in nextauthjs/next-auth#13061
• chore(docs): Fix syntax error in RBAC guide by @​benhovinga in nextauthjs/next-auth#12733
• fix(provider): Microsoft Entra ID by @​benhovinga in nextauthjs/next-auth#12616
• Update index.ts by @​adriancuadrado in nextauthjs/next-auth#13066

New Contributors

• @​maiconcarraro made their first contribution in nextauthjs/next-auth#12937
• @​jvllmr made their first contribution in nextauthjs/next-auth#12964
• @​Regloom made their first contribution in nextauthjs/next-auth#12947
• @​frshaad made their first contribution in nextauthjs/next-auth#13023
• @​dvanmali made their first contribution in nextauthjs/next-auth#11911
• @​adriancuadrado made their first contribution in nextauthjs/next-auth#13064
• @​karl-barbour made their first contribution in nextauthjs/next-auth#13061

Full Changelog: https://github.com/nextauthjs/next-auth/compare/[email protected]@5.0.0-beta.29

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by himself_65, a new releaser for next-auth since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
next-learn-dashboard	Ready	Preview	Comment	Nov 4, 2025 7:56am
next-learn-starter	Error			Nov 4, 2025 7:56am
next-seo-starter	Ready	Preview	Comment	Nov 4, 2025 7:56am

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	next-auth@​5.0.0-beta.25 ⏵ 5.0.0-beta.30	-5		+1
	next@​15.3.2 ⏵ 14.2.32	-1	+16	+4

View full report

[vercel]

🔧 Build Fix:

The engines.node specification uses >=18 which causes Vercel to automatically select Node.js 24.x runtime, but Vercel only supports Node.js versions 20.x and 22.x, causing deployment to fail.

View Details

📝 Patch Details

diff --git a/basics/api-routes-starter/package.json b/basics/api-routes-starter/package.json
index aae3a0e..693358b 100644
--- a/basics/api-routes-starter/package.json
+++ b/basics/api-routes-starter/package.json
@@ -15,6 +15,6 @@
     "remark-html": "^15.0.1"
   },
   "engines": {
-    "node": ">=18"
+    "node": ">=18 <23"
   }
 }
diff --git a/basics/assets-metadata-css-starter/package.json b/basics/assets-metadata-css-starter/package.json
index 159e234..0a0d489 100644
--- a/basics/assets-metadata-css-starter/package.json
+++ b/basics/assets-metadata-css-starter/package.json
@@ -11,6 +11,6 @@
     "react-dom": "latest"
   },
   "engines": {
-    "node": ">=18"
+    "node": ">=18 <23"
   }
 }
diff --git a/basics/basics-final/package.json b/basics/basics-final/package.json
index 40845bb..6d78433 100644
--- a/basics/basics-final/package.json
+++ b/basics/basics-final/package.json
@@ -15,6 +15,6 @@
     "remark-html": "^15.0.1"
   },
   "engines": {
-    "node": ">=18"
+    "node": ">=18 <23"
   }
 }
diff --git a/basics/data-fetching-starter/package.json b/basics/data-fetching-starter/package.json
index b6896d6..59ab9c2 100644
--- a/basics/data-fetching-starter/package.json
+++ b/basics/data-fetching-starter/package.json
@@ -11,6 +11,6 @@
     "react-dom": "latest"
   },
   "engines": {
-    "node": ">=18"
+    "node": ">=18 <23"
   }
 }
diff --git a/basics/demo/package.json b/basics/demo/package.json
index 40845bb..6d78433 100644
--- a/basics/demo/package.json
+++ b/basics/demo/package.json
@@ -15,6 +15,6 @@
     "remark-html": "^15.0.1"
   },
   "engines": {
-    "node": ">=18"
+    "node": ">=18 <23"
   }
 }
diff --git a/basics/dynamic-routes-starter/package.json b/basics/dynamic-routes-starter/package.json
index c298caf..b994c2c 100644
--- a/basics/dynamic-routes-starter/package.json
+++ b/basics/dynamic-routes-starter/package.json
@@ -12,6 +12,6 @@
     "react-dom": "latest"
   },
   "engines": {
-    "node": ">=18"
+    "node": ">=18 <23"
   }
 }
diff --git a/basics/dynamic-routes-step-1/package.json b/basics/dynamic-routes-step-1/package.json
index c298caf..b994c2c 100644
--- a/basics/dynamic-routes-step-1/package.json
+++ b/basics/dynamic-routes-step-1/package.json
@@ -12,6 +12,6 @@
     "react-dom": "latest"
   },
   "engines": {
-    "node": ">=18"
+    "node": ">=18 <23"
   }
 }
diff --git a/basics/learn-starter/package.json b/basics/learn-starter/package.json
index b6896d6..59ab9c2 100644
--- a/basics/learn-starter/package.json
+++ b/basics/learn-starter/package.json
@@ -11,6 +11,6 @@
     "react-dom": "latest"
   },
   "engines": {
-    "node": ">=18"
+    "node": ">=18 <23"
   }
 }
diff --git a/basics/navigate-between-pages-starter/package.json b/basics/navigate-between-pages-starter/package.json
index b6896d6..59ab9c2 100644
--- a/basics/navigate-between-pages-starter/package.json
+++ b/basics/navigate-between-pages-starter/package.json
@@ -11,6 +11,6 @@
     "react-dom": "latest"
   },
   "engines": {
-    "node": ">=18"
+    "node": ">=18 <23"
   }
 }
diff --git a/basics/typescript-final/package.json b/basics/typescript-final/package.json
index 7910951..7ccaab0 100644
--- a/basics/typescript-final/package.json
+++ b/basics/typescript-final/package.json
@@ -20,6 +20,6 @@
     "typescript": "^4.8.4"
   },
   "engines": {
-    "node": ">=18"
+    "node": ">=18 <23"
   }
 }
diff --git a/package.json b/package.json
index 0369a27..32e503e 100644
--- a/package.json
+++ b/package.json
@@ -21,6 +21,6 @@
   },
   "packageManager": "[email protected]",
   "engines": {
-    "node": ">=18.17.0"
+    "node": ">=18.17.0 <23"
   }
 }
diff --git a/seo/demo/package.json b/seo/demo/package.json
index 7f56d60..c8d5e94 100644
--- a/seo/demo/package.json
+++ b/seo/demo/package.json
@@ -15,6 +15,6 @@
     "react-syntax-highlighter": "^15.6.1"
   },
   "engines": {
-    "node": ">=18"
+    "node": ">=18 <23"
   }
 }
diff --git a/seo/package.json b/seo/package.json
index 7f56d60..c8d5e94 100644
--- a/seo/package.json
+++ b/seo/package.json
@@ -15,6 +15,6 @@
     "react-syntax-highlighter": "^15.6.1"
   },
   "engines": {
-    "node": ">=18"
+    "node": ">=18 <23"
   }
 }

Analysis

Vercel deployment fails due to invalid Node.js runtime selection

What fails: Vercel deployment fails when trying to deploy serverless functions with Node.js 24.x runtime

How to reproduce:
Deploy to Vercel with package.json containing:

"engines": {
  "node": ">=18"
}

Result:

[ERROR] Error: A Serverless Function has invalid runtime: "nodejs24.x". : https://vercel.link/function-runtimes

Root cause: Vercel automatically upgrades to Node.js 24.x based on the open-ended >=18 specification, but Vercel only supports Node.js 20.x and 22.x runtimes.