npm - @veloxts/web - Versions diffs - 0.6.89 → 0.6.90 - Mend

@veloxts/web 0.6.89 → 0.6.90

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/CHANGELOG.md +11 -10
package/package.json +20 -20

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,16 @@
 # @veloxts/web
+## 0.6.90
+### Patch Changes
+- Dependencies updates – fix critical and high severity vulnerabilities
+- Updated dependencies
+  - @veloxts/auth@0.6.90
+  - @veloxts/client@0.6.90
+  - @veloxts/core@0.6.90
+  - @veloxts/router@0.6.90
 ## 0.6.89
 ### Patch Changes
@@ -216,7 +227,6 @@
 - ### feat(auth): Unified Adapter-Only Architecture
   **New Features:**
   - Add `JwtAdapter` implementing the `AuthAdapter` interface for unified JWT authentication
   - Add `jwtAuth()` convenience function for direct adapter usage with optional built-in routes (`/api/auth/refresh`, `/api/auth/logout`)
   - Add `AuthContext` discriminated union (`NativeAuthContext | AdapterAuthContext`) for type-safe auth mode handling
@@ -224,24 +234,20 @@
   - Add shared decoration utilities (`decorateAuth`, `setRequestAuth`, `checkDoubleRegistration`)
   **Architecture Changes:**
   - `authPlugin` now uses `JwtAdapter` internally - all authentication flows through the adapter pattern
   - Single code path for authentication (no more dual native/adapter modes)
   - `authContext.authMode` is now always `'adapter'` with `providerId='jwt'` when using `authPlugin`
   **Breaking Changes:**
   - Remove deprecated `LegacySessionConfig` interface (use `sessionMiddleware` instead)
   - Remove deprecated `session` field from `AuthConfig`
   - `User` interface no longer has index signature (extend via declaration merging)
   **Type Safety Improvements:**
   - `AuthContext` discriminated union enables exhaustive type narrowing based on `authMode`
   - Export `NativeAuthContext` and `AdapterAuthContext` types for explicit typing
   **Migration:**
   - Existing `authPlugin` usage remains backward-compatible
   - If checking `authContext.token`, use `authContext.session` instead (token stored in session for adapter mode)
@@ -262,12 +268,10 @@
   Addresses 9 user feedback items to improve DX, reduce boilerplate, and eliminate template duplications.
   ### Phase 1: Validation Helpers (`@veloxts/validation`)
   - Add `prismaDecimal()`, `prismaDecimalNullable()`, `prismaDecimalOptional()` for Prisma Decimal → number conversion
   - Add `dateToIso`, `dateToIsoNullable`, `dateToIsoOptional` aliases for consistency
   ### Phase 2: Template Deduplication (`@veloxts/auth`)
   - Export `createEnhancedTokenStore()` with token revocation and refresh token reuse detection
   - Export `parseUserRoles()` and `DEFAULT_ALLOWED_ROLES`
   - Fix memory leak: track pending timeouts for proper cleanup on `destroy()`
@@ -275,20 +279,17 @@
   - Fix jwtManager singleton pattern in templates
   ### Phase 3: Router Helpers (`@veloxts/router`)
   - Add `createRouter()` returning `{ collections, router }` for DRY setup
   - Add `toRouter()` for router-only use cases
   - Update all router templates to use `createRouter()`
   ### Phase 4: Guard Type Narrowing - Experimental (`@veloxts/auth`, `@veloxts/router`)
   - Add `NarrowingGuard` interface with phantom `_narrows` type
   - Add `authenticatedNarrow` and `hasRoleNarrow()` guards
   - Add `guardNarrow()` method to `ProcedureBuilder` for context narrowing
   - Enables `ctx.user` to be non-null after guard passes
   ### Phase 5: Documentation (`@veloxts/router`)
   - Document `.rest()` override patterns
   - Document `createRouter()` helper usage
   - Document `guardNarrow()` experimental API

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@veloxts/web",
-  "version": "0.6.89",
+  "version": "0.6.90",
   "description": "React Server Components integration for VeloxTS framework using Vinxi",
   "type": "module",
   "main": "dist/index.js",
@@ -65,17 +65,17 @@
   "dependencies": {
     "@vinxi/server-functions": "0.5.1",
     "radix3": "1.1.2",
-    "vinxi": "0.5.10",
-    "vite-tsconfig-paths": "6.0.3",
+    "vinxi": "0.5.11",
+    "vite-tsconfig-paths": "6.0.5",
     "zod": "3.25.76"
   },
   "peerDependencies": {
     "react": ">=19.2.0",
     "react-dom": ">=19.2.0",
-    "@veloxts/auth": "0.6.89",
-    "@veloxts/client": "0.6.89",
-    "@veloxts/core": "0.6.89",
-    "@veloxts/router": "0.6.89"
+    "@veloxts/auth": "0.6.90",
+    "@veloxts/core": "0.6.90",
+    "@veloxts/client": "0.6.90",
+    "@veloxts/router": "0.6.90"
   },
   "peerDependenciesMeta": {
     "@veloxts/auth": {
@@ -87,21 +87,21 @@
   },
   "devDependencies": {
     "@types/jsdom": "27.0.0",
-    "@types/node": "25.0.3",
-    "@types/react": "19.2.7",
+    "@types/node": "25.1.0",
+    "@types/react": "19.2.10",
     "@types/react-dom": "19.2.3",
-    "@vitest/coverage-v8": "4.0.16",
-    "fastify": "5.6.2",
-    "jsdom": "27.3.0",
-    "react": "19.2.3",
-    "react-dom": "19.2.3",
-    "react-server-dom-webpack": "19.2.3",
+    "@vitest/coverage-v8": "4.0.18",
+    "fastify": "5.7.2",
+    "jsdom": "27.4.0",
+    "react": "19.2.4",
+    "react-dom": "19.2.4",
+    "react-server-dom-webpack": "19.2.4",
     "typescript": "5.9.3",
-    "vitest": "4.0.16",
-    "@veloxts/auth": "0.6.89",
-    "@veloxts/client": "0.6.89",
-    "@veloxts/router": "0.6.89",
-    "@veloxts/core": "0.6.89"
+    "vitest": "4.0.18",
+    "@veloxts/auth": "0.6.90",
+    "@veloxts/core": "0.6.90",
+    "@veloxts/router": "0.6.90",
+    "@veloxts/client": "0.6.90"
   },
   "keywords": [
     "velox",