chore(release): bump version [skip ci]

`sudo echo > /etc/hosts` attempts to write to /etc/hosts as a non-priv user, which will fail. `echo | sudo tee /etc/hosts` works.

docs/docs/configuration/callbacks.md

@@ -139,8 +139,8 @@ The session callback is called whenever a session is checked. By default, **only
 
 e.g. `getSession()`, `useSession()`, `/api/auth/session`
 
-- When using database sessions, the User object is passed as an argument.
-- When using JSON Web Tokens for sessions, the JWT payload is provided instead.
+- When using database sessions, the User (`user`) object is passed as an argument.
+- When using JSON Web Tokens for sessions, the JWT payload (`token`) is provided instead.
 
 ```js title="pages/api/auth/[...nextauth].js"
 ...

docs/docs/configuration/nextjs.md

@@ -6,7 +6,7 @@ This method was renamed to `getServerSession`. See the documentation below.
 
 ## `getServerSession`
 
-When calling from server-side i.e. in API routes or in `getServerSideProps`, we recommend using this function instead of `getSession` to retrieve the `session` object. This method is especially useful when you are using NextAuth.js with a database. This method can _drastically_ reduce response time when used over `getSession` server-side, due to avoiding an extra `fetch` to an API Route (this is generally [not recommended in Next.js](https://nextjs.org/docs/basic-features/data-fetching/get-server-side-props#getserversideprops-or-api-routes)). In addition, `getServerSession` will correctly update the cookie expiry time and update the session content if `callbacks.jwt` or `callbacks.session` changed something.
+When calling from server-side i.e. in API routes or in `getServerSideProps`, we recommend using this function instead of `getSession` to retrieve the `session` object. This method is especially useful when you are using NextAuth.js with a database. This method can _drastically_ reduce response time when used over `getSession` on server-side, due to avoiding an extra `fetch` to an API Route (this is generally [not recommended in Next.js](https://nextjs.org/docs/basic-features/data-fetching/get-server-side-props#getserversideprops-or-api-routes)). In addition, `getServerSession` will correctly update the cookie expiry time and update the session content if `callbacks.jwt` or `callbacks.session` changed something.
 
 Otherwise, if you only want to get the session token, see [`getToken`](/tutorials/securing-pages-and-api-routes#using-gettoken).
 
@@ -84,7 +84,7 @@ export default async function Page() {
 ```
 
 :::warning
-Currently, the underlying Next.js `cookies()` method does [only provides read access](https://beta.nextjs.org/docs/api-reference/cookies) to the request cookies. This means that the `expires` value is stripped away from `session` in Server Components. Furthermore, there is a hard expiry on sessions, after which the user will be required to sign in again. (The default expiry is 30 days).
+Currently, the underlying Next.js `cookies()` method [only provides read access](https://beta.nextjs.org/docs/api-reference/cookies) to the request cookies. This means that the `expires` value is stripped away from `session` in Server Components. Furthermore, there is a hard expiry on sessions, after which the user will be required to sign in again. (The default expiry is 30 days).
 :::
 
 ## Middleware

docs/docs/configuration/pages.md

@@ -77,10 +77,13 @@ In addition, you can define a `theme.brandColor` to define a custom accent color
 
 In order to get the available authentication providers and the URLs to use for them, you can make a request to the API endpoint `/api/auth/providers`:
 
-```jsx title="pages/auth/signin.js"
+```tsx title="pages/auth/signin.tsx"
+import type { GetServerSidePropsContext, InferGetServerSidePropsType } from "next";
 import { getProviders, signIn } from "next-auth/react"
+import { getServerSession } from "next-auth/next"
+import { authOptions } from "../api/auth/[...nextauth]";
 
-export default function SignIn({ providers }) {
+export default function SignIn({ providers }: InferGetServerSidePropsType<typeof getServerSideProps>) {
   return (
     <>
       {Object.values(providers).map((provider) => (
@@ -94,10 +97,20 @@ export default function SignIn({ providers }) {
   )
 }
 
-export async function getServerSideProps(context) {
-  const providers = await getProviders()
+export async function getServerSideProps(context: GetServerSidePropsContext) {
+  const session = await getServerSession(context.req, context.res, authOptions);
+  
+  // If the user is already logged in, redirect.
+  // Note: Make sure not to redirect to the same page
+  // To avoid an infinite loop!
+  if (session) {
+    return { redirect: { destination: "/" } };
+  }
+
+  const providers = await getProviders();
+  
   return {
-    props: { providers },
+    props: { providers: providers ?? [] },
   }
 }
 ```
@@ -108,10 +121,11 @@ There is another, more fully styled example signin page available [here](https:/
 
 If you create a custom sign in form for email sign in, you will need to submit both fields for the **email** address and **csrfToken** from **/api/auth/csrf** in a POST request to **/api/auth/signin/email**.
 
-```jsx title="pages/auth/email-signin.js"
+```tsx title="pages/auth/email-signin.tsx"
+import type { GetServerSidePropsContext, InferGetServerSidePropsType } from "next";
 import { getCsrfToken } from "next-auth/react"
 
-export default function SignIn({ csrfToken }) {
+export default function SignIn({ csrfToken }: InferGetServerSidePropsType<typeof getServerSideProps>) {
   return (
     <form method="post" action="/api/auth/signin/email">
       <input name="csrfToken" type="hidden" defaultValue={csrfToken} />
@@ -124,7 +138,7 @@ export default function SignIn({ csrfToken }) {
   )
 }
 
-export async function getServerSideProps(context) {
+export async function getServerSideProps(context: GetServerSidePropsContext) {
   const csrfToken = await getCsrfToken(context)
   return {
     props: { csrfToken },
@@ -134,7 +148,7 @@ export async function getServerSideProps(context) {
 
 You can also use the `signIn()` function which will handle obtaining the CSRF token for you:
 
-```js
+```ts
 signIn("email", { email: "jsmith@example.com" })
 ```
 
@@ -142,10 +156,11 @@ signIn("email", { email: "jsmith@example.com" })
 
 If you create a sign in form for credentials based authentication, you will need to pass a **csrfToken** from **/api/auth/csrf** in a POST request to **/api/auth/callback/credentials**.
 
-```jsx title="pages/auth/credentials-signin.js"
+```tsx title="pages/auth/credentials-signin.tsx"
+import type { GetServerSidePropsContext, InferGetServerSidePropsType } from "next";
 import { getCsrfToken } from "next-auth/react"
 
-export default function SignIn({ csrfToken }) {
+export default function SignIn({ csrfToken }: InferGetServerSidePropsType<typeof getServerSideProps>) {
   return (
     <form method="post" action="/api/auth/callback/credentials">
       <input name="csrfToken" type="hidden" defaultValue={csrfToken} />
@@ -162,7 +177,7 @@ export default function SignIn({ csrfToken }) {
   )
 }
 
-export async function getServerSideProps(context) {
+export async function getServerSideProps(context: GetServerSidePropsContext) {
   return {
     props: {
       csrfToken: await getCsrfToken(context),
@@ -173,7 +188,7 @@ export async function getServerSideProps(context) {
 
 You can also use the `signIn()` function which will handle obtaining the CSRF token for you:
 
-```js
+```ts
 signIn("credentials", { username: "jsmith", password: "1234" })
 ```
 

docs/docs/configuration/providers/oauth.md

@@ -40,7 +40,7 @@ sequenceDiagram
     Note left of Browser: User inserts their<br/>credentials in Github
     Browser->>Auth Server (Github): Github validates the inserted credentials
     Auth Server (Github)->>Auth Server (Github): Generates one time access code<br/>and calls callback<br>URL defined in<br/>App settings
-    Auth Server (Github)->>App Server: GET<br/>"api/auth/github/callback?code=123"
+    Auth Server (Github)->>App Server: GET<br/>"api/auth/callback/github?code=123"
     App Server->>App Server: Grabs code<br/>to exchange it for<br/>access token
     App Server->>Auth Server (Github): POST<br/>"github.com/login/oauth/access_token"<br/>{code: 123}
     Auth Server (Github)->>Auth Server (Github): Verifies code is<br/>valid and generates<br/>access token
@@ -424,17 +424,3 @@ GoogleProvider({
   allowDangerousEmailAccountLinking: true,
 })
 ```
-
-### Adding a new built-in provider
-
-If you think your custom provider might be useful to others, we encourage you to open a PR and add it to the built-in list so others can discover it much more easily!
-
-You only need to add three changes:
-
-1. Add your config: [`src/providers/{provider}.ts`](https://github.com/nextauthjs/next-auth/tree/main/packages/next-auth/src/providers)<br />
-    - Make sure you use a named default export, like this: `export default function YourProvider`
-    - Add two SVG's of the provider logo, like `google-dark.svg` (dark mode) and `google.svg` (light mode), to the `/packages/next-auth/provider-logos/` directory as well as the styling config to the provider config object. See existing provider for example
-2. Add provider documentation: [`/docs/providers/{provider}.md`](https://github.com/nextauthjs/next-auth/tree/main/docs/docs/providers)
-3. Add the new provider name to the `Provider type` dropdown options in [`the provider issue template`](https://github.com/nextauthjs/next-auth/edit/main/.github/ISSUE_TEMPLATE/2_bug_provider.yml)
-
-That's it! 🎉 Others will be able to discover and use this provider much more easily now!

docs/docs/deployment.md

@@ -79,7 +79,7 @@ export default NextAuth({
 
 #### Using the branch based preview URL
 
-Preview deployments at Vercel are often available via multiple URLs. For example, PR's merged to `master` or `main`, will be available the commit and PR specific preview URLs, but also the branch specific preview URLs. This branch specific URL will obviously not change as long as you work with that same branch. Therefore, you could add to your OAuth provider your `{project}-git-main-{user}.vercel.app` preview URL. As this will stay constant for that branch, you can reuse that preview deployment / URL for testing any authentication related deployments.
+Preview deployments at Vercel are often available via multiple URLs. For example, PR's merged to `master` or `main`, will be available via commit and PR specific preview URLs, but also the branch specific preview URLs. This branch specific URL will obviously not change as long as you work with that same branch. Therefore, you could add to your OAuth provider your `{project}-git-main-{user}.vercel.app` preview URL. As this will stay constant for that branch, you can reuse that preview deployment / URL for testing any authentication related deployments.
 
 ## Netlify
 

docs/docs/faq.md

@@ -67,7 +67,7 @@ _If you use a custom credentials provider user accounts will not be persisted in
 </summary>
 <p>
 
-NextAuth.js was originally designed for use with Next.js and Serverless. However, today you could use the NextAuth.js core with any other framework. Checkout the examples for <a href="https://github.com/nextauthjs/next-auth/tree/main/apps/playground-gatsby" target="_blank">Gatsby</a> and <a href="https://sveltekit.authjs.dev/" target="_blank">SvelteKit</a>. If you would add another integration with other frameworks, feel free to work on it and send a pull request. Make sure to check if there's any on-going work before open a new issue.
+NextAuth.js was originally designed for use with Next.js and Serverless. However, today you could use the NextAuth.js core with any other framework. Checkout the examples for <a href="https://github.com/nextauthjs/next-auth/tree/main/apps/playground-gatsby" target="_blank">Gatsby</a> and <a href="https://sveltekit.authjs.dev/" target="_blank">SvelteKit</a>. If you would add another integration with other frameworks, feel free to work on it and send a pull request. Make sure to check if there's any on-going work before opening a new issue.
 
 </p>
 </details>

docs/docs/providers/apple.md

@@ -64,7 +64,7 @@ Edit your host file and point your site to `127.0.0.1`.
 _Linux/macOS_
 
 ```
-sudo echo '127.0.0.1 dev.example.com' >> /etc/hosts
+echo '127.0.0.1 dev.example.com' | sudo tee -a /etc/hosts
 ```
 
 _Windows_ (run PowerShell as administrator)

docs/docs/providers/duende-identity-server6.md

@@ -0,0 +1,53 @@
+---
+id: duende-identityserver6
+title: DuendeIdentityServer6
+---
+
+## Documentation
+
+https://docs.duendesoftware.com/identityserver/v6
+
+## Options
+
+The **DuendeIdentityServer6 Provider** comes with a set of default options:
+
+- [DuendeIdentityServer6 Provider options](https://github.com/nextauthjs/next-auth/blob/v4/packages/next-auth/src/providers/duende-identity-server6.ts)
+
+You can override any of the options to suit your own use case.
+
+## Example
+
+```js
+import DuendeIDS6Provider from "next-auth/providers/duende-identity-server6"
+
+...
+providers: [
+  DuendeIDS6Provider({
+    clientId: process.env.DUENDE_IDS6_ID,
+    clientSecret: process.env.DUENDE_IDS6_SECRET,
+    issuer: process.env.DUENDE_IDS6_ISSUER,
+  })
+]
+...
+```
+
+## Demo IdentityServer
+
+The configuration below is for the demo server at https://demo.duendesoftware.com/
+
+If you want to try it out, you can copy and paste the configuration below.
+
+You can sign in to the demo service with either <b>bob/bob</b> or <b>alice/alice</b>.
+
+```js
+import DuendeIDS6Provider from "next-auth/providers/duende-identity-server6"
+...
+providers: [
+  DuendeIDS6Provider({
+    clientId: "interactive.confidential",
+    clientSecret: "secret",
+    issuer: "https://demo.duendesoftware.com",
+  })
+]
+...
+```

docs/vercel.json

@@ -1,4 +1,5 @@
 {
+  "$schema": "https://openapi.vercel.sh/vercel.json",
   "headers": [
     {
       "source": "/(.*)",
@@ -57,6 +58,21 @@
       "source": "/schemas/adapters",
       "destination": "/adapters/overview",
       "permanent": true
+    },
+    {
+      "source": "/tutorials/role-based-login-strategy",
+      "destination": "https://authjs.dev/guides/basics/role-based-authentication",
+      "permanent": true
+    },
+    {
+      "source": "/adapters/firebase",
+      "destination": "https://authjs.dev/reference/adapter/firebase",
+      "permanent": true
+    },
+    {
+      "source": "/tutorials/refresh-token-rotation",
+      "destination": "https://authjs.dev/guides/basics/refresh-token-rotation",
+      "permanent": true
     }
   ]
 }

packages/next-auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "next-auth",
-  "version": "4.19.1",
+  "version": "4.20.0",
   "description": "Authentication for Next.js",
   "homepage": "https://next-auth.js.org",
   "repository": "https://github.com/nextauthjs/next-auth.git",
@@ -67,12 +67,12 @@
   ],
   "license": "ISC",
   "dependencies": {
-    "@babel/runtime": "^7.16.3",
-    "@panva/hkdf": "^1.0.1",
+    "@babel/runtime": "^7.20.13",
+    "@panva/hkdf": "^1.0.2",
     "cookie": "^0.5.0",
-    "jose": "^4.9.3",
+    "jose": "^4.11.4",
     "oauth": "^0.9.15",
-    "openid-client": "^5.1.0",
+    "openid-client": "^5.4.0",
     "preact": "^10.6.3",
     "preact-render-to-string": "^5.1.19",
     "uuid": "^8.3.2"

packages/next-auth/src/core/lib/oauth/state-handler.ts

@@ -49,7 +49,9 @@ export async function useState(
 ): Promise<{ value: string; cookie: Cookie } | undefined> {
   const { cookies, provider, jwt } = options
 
-  if (!provider.checks?.includes("state") || !state) return
+  if (!provider.checks?.includes("state")) return
+
+  if (!state) throw new Error("No state provided")
 
   const value = (await jwt.decode({ ...options.jwt, token: state })) as any
 

packages/next-auth/src/core/pages/signin.tsx

@@ -107,6 +107,7 @@ export default function SigninPage(props: SignInServerPageParams) {
         />
       )}
       <div className="card">
+        {theme.logo && <img src={theme.logo} alt="Logo" className="logo" />}
         {error && (
           <div className="error">
             <p>{error}</p>

packages/next-auth/src/next/index.ts

@@ -90,18 +90,18 @@ type GetServerSessionOptions = Partial<Omit<AuthOptions, "callbacks">> & {
   }
 }
 
+type GetServerSessionParams<O extends GetServerSessionOptions> =
+  | [GetServerSidePropsContext["req"], GetServerSidePropsContext["res"], O]
+  | [NextApiRequest, NextApiResponse, O]
+  | [O]
+  | []
+
 export async function getServerSession<
   O extends GetServerSessionOptions,
   R = O["callbacks"] extends { session: (...args: any[]) => infer U }
     ? U
     : Session
->(
-  ...args:
-    | [GetServerSidePropsContext["req"], GetServerSidePropsContext["res"], O]
-    | [NextApiRequest, NextApiResponse, O]
-    | [O]
-    | []
-): Promise<R | null> {
+>(...args: GetServerSessionParams<O>): Promise<R | null> {
   const isRSC = args.length === 0 || args.length === 1
   if (
     !experimentalRSCWarningShown &&
@@ -175,9 +175,7 @@ export async function unstable_getServerSession<
   R = O["callbacks"] extends { session: (...args: any[]) => infer U }
     ? U
     : Session
->(
-  ...args: Parameters<typeof getServerSession<O, R>>
-): ReturnType<typeof getServerSession<O, R>> {
+>(...args: GetServerSessionParams<O>): Promise<R | null> {
   if (!deprecatedWarningShown && process.env.NODE_ENV !== "production") {
     console.warn(
       "`unstable_getServerSession` has been renamed to `getServerSession`."

packages/next-auth/src/utils/detect-host.ts

@@ -1,5 +1,10 @@
 /** Extract the host from the environment */
 export function detectHost(forwardedHost: any) {
+  // if `NEXTAUTH_URL_INTERNAL` is set, it means NextAuth.js is deployed 
+  // behind a proxy - we prioritize it over `forwardedHost`.
+  if (process.env.NEXTAUTH_URL_INTERNAL) {
+    return process.env.NEXTAUTH_URL_INTERNAL
+  }
   // If we detect a Vercel environment, we can trust the host
   if (process.env.VERCEL ?? process.env.AUTH_TRUST_HOST)
     return forwardedHost

pnpm-lock.yaml

@@ -447,10 +447,10 @@ importers:
       '@babel/preset-env': ^7.18.2
       '@babel/preset-react': ^7.17.12
       '@babel/preset-typescript': ^7.17.12
-      '@babel/runtime': ^7.16.3
+      '@babel/runtime': ^7.20.13
       '@edge-runtime/jest-environment': 1.1.0-beta.35
       '@next-auth/tsconfig': workspace:*
-      '@panva/hkdf': ^1.0.1
+      '@panva/hkdf': ^1.0.2
       '@swc/core': ^1.2.198
       '@swc/jest': ^0.2.21
       '@testing-library/dom': ^8.13.0
@@ -473,11 +473,11 @@ importers:
       jest: ^28.1.1
       jest-environment-jsdom: ^28.1.1
       jest-watch-typeahead: ^1.1.0
-      jose: ^4.9.3
+      jose: ^4.11.4
       msw: ^0.42.3
       next: 13.0.6
       oauth: ^0.9.15
-      openid-client: ^5.1.0
+      openid-client: ^5.4.0
       postcss: ^8.4.14
       postcss-cli: ^9.1.0
       postcss-nested: ^5.0.6
@@ -488,12 +488,12 @@ importers:
       uuid: ^8.3.2
       whatwg-fetch: ^3.6.2
     dependencies:
-      '@babel/runtime': 7.18.3
+      '@babel/runtime': 7.20.13
       '@panva/hkdf': 1.0.2
       cookie: 0.5.0
-      jose: 4.11.0
+      jose: 4.11.4
       oauth: 0.9.15
-      openid-client: 5.1.6
+      openid-client: 5.4.0
       preact: 10.8.2
       preact-render-to-string: 5.2.0_preact@10.8.2
       uuid: 8.3.2
@@ -4996,22 +4996,22 @@ packages:
     engines: {node: '>=6.9.0'}
     dependencies:
       core-js-pure: 3.26.0
-      regenerator-runtime: 0.13.10
+      regenerator-runtime: 0.13.11
     dev: true
 
-  /@babel/runtime/7.18.3:
-    resolution: {integrity: sha512-38Y8f7YUhce/K7RMwTp7m0uCumpv9hZkitCbBClqQIow1qSbCvGkcegKOXpEWCQLfWmevgRiWokZ1GkpfhbZug==}
-    engines: {node: '>=6.9.0'}
-    dependencies:
-      regenerator-runtime: 0.13.9
-
   /@babel/runtime/7.20.1:
     resolution: {integrity: sha512-mrzLkl6U9YLF8qpqI7TB82PESyEGjm/0Ly91jG575eVxMMlb8fYfOXFZIJ8XfLrJZQbm7dlKry2bJmXBUEkdFg==}
     engines: {node: '>=6.9.0'}
     dependencies:
-      regenerator-runtime: 0.13.10
+      regenerator-runtime: 0.13.11
     dev: true
 
+  /@babel/runtime/7.20.13:
+    resolution: {integrity: sha512-gt3PKXs0DBoL9xCvOIIZ2NEqAGZqHjAnmVbfQtB620V0uReIQutpel14KcneZuer7UioY8ALKZ7iocavvzTNFA==}
+    engines: {node: '>=6.9.0'}
+    dependencies:
+      regenerator-runtime: 0.13.11
+
   /@babel/template/7.16.7:
     resolution: {integrity: sha512-I8j/x8kHUrbYRTUxXrrMbfCa7jxkE7tZre39x3kjr9hvI82cK1FfqLygotcWN5kdPGWcLdWMHpSBavse5tWw3w==}
     engines: {node: '>=6.9.0'}
@@ -8245,7 +8245,7 @@ packages:
     engines: {node: '>=12'}
     dependencies:
       '@babel/code-frame': 7.16.7
-      '@babel/runtime': 7.18.3
+      '@babel/runtime': 7.20.13
       '@types/aria-query': 4.2.2
       aria-query: 5.0.0
       chalk: 4.1.2
@@ -8258,7 +8258,7 @@ packages:
     resolution: {integrity: sha512-Gy+IoFutbMQcky0k+bqqumXZ1cTGswLsFqmNLzNdSKkU9KGV2u9oXhukCbbJ9/LRPKiqwxEE8VpV/+YZlfkPUA==}
     engines: {node: '>=8', npm: '>=6', yarn: '>=1'}
     dependencies:
-      '@babel/runtime': 7.18.3
+      '@babel/runtime': 7.20.13
       '@types/testing-library__jest-dom': 5.14.5
       aria-query: 5.0.0
       chalk: 3.0.0
@@ -8285,7 +8285,7 @@ packages:
       react-test-renderer:
         optional: true
     dependencies:
-      '@babel/runtime': 7.18.3
+      '@babel/runtime': 7.20.13
       '@types/react': 18.0.15
       react: 18.2.0
       react-dom: 18.2.0_react@18.2.0
@@ -8299,7 +8299,7 @@ packages:
       react: ^18.0.0
       react-dom: ^18.0.0
     dependencies:
-      '@babel/runtime': 7.18.3
+      '@babel/runtime': 7.20.13
       '@testing-library/dom': 8.14.0
       '@types/react-dom': 18.0.6
       react: 18.2.0
@@ -15236,7 +15236,7 @@ packages:
   /history/4.10.1:
     resolution: {integrity: sha512-36nwAD620w12kuzPAsyINPWJqlNbij+hpK1k9XRloDtym8mxzGYl2c17LnV6IAGB2Dmg4tEa7G7DlawS0+qjew==}
     dependencies:
-      '@babel/runtime': 7.20.1
+      '@babel/runtime': 7.20.13
       loose-envify: 1.4.0
       resolve-pathname: 3.0.0
       tiny-invariant: 1.2.0
@@ -17659,12 +17659,8 @@ packages:
       valid-url: 1.0.9
     dev: true
 
-  /jose/4.11.0:
-    resolution: {integrity: sha512-wLe+lJHeG8Xt6uEubS4x0LVjS/3kXXu9dGoj9BNnlhYq7Kts0Pbb2pvv5KiI0yaKH/eaiR0LUOBhOVo9ktd05A==}
-    dev: false
-
-  /jose/4.11.1:
-    resolution: {integrity: sha512-YRv4Tk/Wlug8qicwqFNFVEZSdbROCHRAC6qu/i0dyNKr5JQdoa2pIGoS04lLO/jXQX7Z9omoNewYIVIxqZBd9Q==}
+  /jose/4.11.4:
+    resolution: {integrity: sha512-94FdcR8felat4vaTJyL/WVdtlWLlsnLMZP8v+A0Vru18K3bQ22vn7TtpVh3JlgBFNIlYOUlGqwp/MjRPOnIyCQ==}
     dev: false
 
   /js-beautify/1.14.4:
@@ -18839,7 +18835,7 @@ packages:
       prop-types: ^15.0.0
       react: ^0.14.0 || ^15.0.0 || ^16.0.0 || ^17.0.0
     dependencies:
-      '@babel/runtime': 7.20.1
+      '@babel/runtime': 7.20.13
       prop-types: 15.8.1
       react: 18.2.0
       tiny-warning: 1.0.3
@@ -19214,7 +19210,7 @@ packages:
   /neo4j-driver/4.4.6:
     resolution: {integrity: sha512-KzTEQ/PYuaVkeEuQmr8jZm0cFLlK/zAAMe3IkhxWj56Tgwn2nT2RASPrqwvyEVfk8jg6xS4U1Fx2VABmkO4cdQ==}
     dependencies:
-      '@babel/runtime': 7.18.3
+      '@babel/runtime': 7.20.13
       neo4j-driver-bolt-connection: 4.4.6
       neo4j-driver-core: 4.4.6
       rxjs: 6.6.7
@@ -19680,11 +19676,10 @@ packages:
     hasBin: true
     dev: true
 
-  /openid-client/5.1.6:
-    resolution: {integrity: sha512-HTFaXWdUHvLFw4GaEMgC0jXYBgpjgzQQNHW1pZsSqJorSgrXzxJ+4u/LWCGaClDEse5HLjXRV+zU5Bn3OefiZw==}
-    engines: {node: ^12.19.0 || ^14.15.0 || ^16.13.0}
+  /openid-client/5.4.0:
+    resolution: {integrity: sha512-hgJa2aQKcM2hn3eyVtN12tEA45ECjTJPXCgUh5YzTzy9qwapCvmDTVPWOcWVL0d34zeQoQ/hbG9lJhl3AYxJlQ==}
     dependencies:
-      jose: 4.11.1
+      jose: 4.11.4
       lru-cache: 6.0.0
       object-hash: 2.2.0
       oidc-token-hash: 5.0.1
@@ -21606,7 +21601,7 @@ packages:
     peerDependencies:
       react: '>=16.13.1'
     dependencies:
-      '@babel/runtime': 7.18.3
+      '@babel/runtime': 7.20.13
       react: 18.2.0
     dev: true
 
@@ -21624,7 +21619,7 @@ packages:
       react: ^16.6.0 || ^17.0.0 || ^18.0.0
       react-dom: ^16.6.0 || ^17.0.0 || ^18.0.0
     dependencies:
-      '@babel/runtime': 7.20.1
+      '@babel/runtime': 7.20.13
       invariant: 2.2.4
       prop-types: 15.8.1
       react: 18.2.0
@@ -21672,7 +21667,7 @@ packages:
       react-loadable: '*'
       webpack: '>=4.41.1 || 5.x'
     dependencies:
-      '@babel/runtime': 7.20.1
+      '@babel/runtime': 7.20.13
       react-loadable: /@docusaurus/react-loadable/5.5.2_react@18.2.0
       webpack: 5.73.0
     dev: true
@@ -21691,7 +21686,7 @@ packages:
       react: '>=15'
       react-router: '>=5'
     dependencies:
-      '@babel/runtime': 7.20.1
+      '@babel/runtime': 7.20.13
       react: 18.2.0
       react-router: 5.3.3_react@18.2.0
     dev: true
@@ -21701,7 +21696,7 @@ packages:
     peerDependencies:
       react: '>=15'
     dependencies:
-      '@babel/runtime': 7.20.1
+      '@babel/runtime': 7.20.13
       history: 4.10.1
       loose-envify: 1.4.0
       prop-types: 15.8.1
@@ -21716,7 +21711,7 @@ packages:
     peerDependencies:
       react: '>=15'
     dependencies:
-      '@babel/runtime': 7.20.1
+      '@babel/runtime': 7.20.13
       history: 4.10.1
       hoist-non-react-statics: 3.3.2
       loose-envify: 1.4.0
@@ -21735,7 +21730,7 @@ packages:
     peerDependencies:
       react: ^16.8.0 || ^17.0.0 || ^18.0.0
     dependencies:
-      '@babel/runtime': 7.20.1
+      '@babel/runtime': 7.20.13
       react: 18.2.0
       use-composed-ref: 1.3.0_react@18.2.0
       use-latest: 1.2.1_react@18.2.0
@@ -21882,17 +21877,13 @@ packages:
     resolution: {integrity: sha512-zrceR/XhGYU/d/opr2EKO7aRHUeiBI8qjtfHqADTwZd6Szfy16la6kqD0MIUs5z5hx6AaKa+PixpPrR289+I0A==}
     dev: true
 
-  /regenerator-runtime/0.13.10:
-    resolution: {integrity: sha512-KepLsg4dU12hryUO7bp/axHAKvwGOCV0sGloQtpagJ12ai+ojVDqkeGSiRX1zlq+kjIMZ1t7gpze+26QqtdGqw==}
-    dev: true
-
-  /regenerator-runtime/0.13.9:
-    resolution: {integrity: sha512-p3VT+cOEgxFsRRA9X4lkI1E+k2/CtnKtU4gcxyaCUreilL/vqI6CdZ3wxVUx3UOUg+gnUOQQcRI7BmSI656MYA==}
+  /regenerator-runtime/0.13.11:
+    resolution: {integrity: sha512-kY1AZVr2Ra+t+piVaJ4gxaFaReZVH40AKNo7UCX6W+dEwBo/2oZJzqfuN1qLq1oL45o56cPaTXELwrTh8Fpggg==}
 
   /regenerator-transform/0.15.0:
     resolution: {integrity: sha512-LsrGtPmbYg19bcPHwdtmXwbW+TqNvtY4riE3P83foeHRroMbH6/2ddFBfab3t7kbzc7v7p4wbkIecHImqt0QNg==}
     dependencies:
-      '@babel/runtime': 7.18.3
+      '@babel/runtime': 7.20.13
     dev: true
 
   /regexp.prototype.flags/1.4.3: