fix: updates the patch to fix the next-auth no proxy issue (#6987)

Co-authored-by: Matti Nannt <matti@formbricks.com>
2026-01-06 16:24:08 -06:00 · 2025-12-17 22:41:40 +05:30
parent 15dc83a4eb
commit 07ed926225
6 changed files with 69 additions and 13 deletions
--- a/package.json
+++ b/package.json
@@ -80,9 +80,6 @@
    "showDetails": true
  },
  "pnpm": {
-    "patchedDependencies": {
-      "next-auth@4.24.12": "patches/next-auth@4.24.12.patch"
-    },
    "overrides": {
      "axios": ">=1.12.2",
      "node-forge": ">=1.3.2",
@@ -91,6 +88,9 @@
    },
    "comments": {
      "overrides": "Security fixes for transitive dependencies. Remove when upstream packages update: axios (CVE-2025-58754) - awaiting @boxyhq/saml-jackson update | node-forge (Dependabot #230) - awaiting @boxyhq/saml-jackson update | tar-fs (Dependabot #205) - awaiting upstream dependency updates | typeorm (Dependabot #223) - awaiting @boxyhq/saml-jackson update"
+    },
+    "patchedDependencies": {
+      "next-auth@4.24.12": "patches/next-auth@4.24.12.patch"
    }
  }
 }
--- a/packages/database/src/scripts/generate-data-migration.ts
+++ b/packages/database/src/scripts/generate-data-migration.ts
@@ -1,8 +1,8 @@
+import { createId } from "@paralleldrive/cuid2";
 import fs from "node:fs/promises";
 import path from "node:path";
 import readline from "node:readline";
 import { fileURLToPath } from "node:url";
-import { createId } from "@paralleldrive/cuid2";
 import { logger } from "@formbricks/logger";

 const __filename = fileURLToPath(import.meta.url);
--- a/packages/database/src/scripts/migration-runner.ts
+++ b/packages/database/src/scripts/migration-runner.ts
@@ -1,9 +1,9 @@
+import { type Prisma, PrismaClient } from "@prisma/client";
 import { exec } from "node:child_process";
 import fs from "node:fs/promises";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
 import { promisify } from "node:util";
-import { type Prisma, PrismaClient } from "@prisma/client";
 import { logger } from "@formbricks/logger";

 const __filename = fileURLToPath(import.meta.url);
--- a/packages/surveys/src/components/elements/picture-selection-element.tsx
+++ b/packages/surveys/src/components/elements/picture-selection-element.tsx
@@ -1,11 +1,11 @@
 import { useState } from "preact/hooks";
+import { useTranslation } from "react-i18next";
 import { PictureSelect, type PictureSelectOption } from "@formbricks/survey-ui";
 import { type TResponseData, type TResponseTtc } from "@formbricks/types/responses";
 import type { TSurveyPictureSelectionElement } from "@formbricks/types/surveys/elements";
 import { getLocalizedValue } from "@/lib/i18n";
 import { getOriginalFileNameFromUrl } from "@/lib/storage";
 import { getUpdatedTtc, useTtc } from "@/lib/ttc";
-import { useTranslation } from "react-i18next";

 interface PictureSelectionProps {
  element: TSurveyPictureSelectionElement;
@@ -82,7 +82,7 @@ export function PictureSelectionElement({
        setTtc(updatedTtcObj);
      }
    }
-  }
+  };

  return (
    <form key={element.id} onSubmit={handleSubmit} className="w-full">
--- a/patches/next-auth@4.24.12.patch
+++ b/patches/next-auth@4.24.12.patch
@@ -1,22 +1,78 @@
 diff --git a/core/lib/oauth/client.js b/core/lib/oauth/client.js
-index 52c51eb6ff422dc0899ccec31baf3fa39e42eeae..d33754cb23f5fb949b367b4ed159e53cb12723fa 100644
+index 52c51eb6ff422dc0899ccec31baf3fa39e42eeae..472772cfefc2c2947536d6a22b022c2f9c27c61f 100644
 --- a/core/lib/oauth/client.js
 +++ b/core/lib/oauth/client.js
-@@ -5,9 +5,17 @@ Object.defineProperty(exports, "__esModule", {
+@@ -5,9 +5,73 @@ Object.defineProperty(exports, "__esModule", {
 });
 exports.openidClient = openidClient;
 var _openidClient = require("openid-client");
 +var httpProxyAgent = require("https-proxy-agent");
+
+function isGlobMatch(str, pattern) {
+  if (pattern === '*') return true;
+  if (pattern === str) return true;
+  if (pattern.startsWith('*')) {
+    var suffix = pattern.slice(1);
+    return str.endsWith(suffix) || str === suffix.replace(/^\./, '');
+  }
+  if (pattern.endsWith('*')) {
+    var prefix = pattern.slice(0, -1);
+    return str.startsWith(prefix);
+  }
+  return false;
+}
+
+function isUrlMatchingNoProxy(subjectUrl, noProxy) {
+  if (!noProxy) return false;
+  
+  var subjectUrlTokens;
+  try {
+    subjectUrlTokens = new URL(subjectUrl);
+  } catch (e) {
+    return false;
+  }
+
+  var rules = noProxy.split(/[\s,]+/).filter(function(r) { return r.length > 0; });
+
+  for (var i = 0; i < rules.length; i++) {
+    var rule = rules[i];
+    var normalizedRule = rule.replace(/^\./, '*');
+    var ruleMatch = normalizedRule.match(/^(.+?)(?::(\d+))?$/);
+    
+    if (!ruleMatch || !ruleMatch[1]) {
+      continue;
+    }
+    
+    var ruleHostname = ruleMatch[1].toLowerCase();
+    var rulePort = ruleMatch[2];
+    var subjectHostname = subjectUrlTokens.hostname.toLowerCase();
+    var subjectPort = subjectUrlTokens.port;
+    
+    var hostnameIsMatch = isGlobMatch(subjectHostname, ruleHostname);
+    var portIsMatch = !rulePort || (subjectPort && subjectPort === rulePort);
+    
+    if (hostnameIsMatch && portIsMatch) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
 async function openidClient(options) {
   const provider = options.provider;
 -  if (provider.httpOptions) _openidClient.custom.setHttpOptionsDefaults(provider.httpOptions);
 +  let httpOptions = {};
 +  if (provider.httpOptions) httpOptions = { ...provider.httpOptions };
+  
 +  const proxyUrl = process.env.HTTPS_PROXY || process.env.HTTP_PROXY || process.env.https_proxy || process.env.http_proxy;
-+  if(proxyUrl) {
+  const noProxy = process.env.NO_PROXY || process.env.no_proxy || '';
+  
+  if (proxyUrl && provider.wellKnown && !isUrlMatchingNoProxy(provider.wellKnown, noProxy)) {
 +    const agent = new httpProxyAgent.HttpsProxyAgent(proxyUrl);
 +    httpOptions.agent = agent;
 +  }
+  
 +  _openidClient.custom.setHttpOptionsDefaults(httpOptions);
   let issuer;
   if (provider.wellKnown) {
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -12,7 +12,7 @@ overrides:

 patchedDependencies:
  next-auth@4.24.12:
-    hash: bdy3m55bopfzpysceipfxj5eei
+    hash: 43pqaaqjvqhdw6jmcjbeq3fjse
    path: patches/next-auth@4.24.12.patch

 importers:
@@ -368,7 +368,7 @@ importers:
        version: 15.5.9(@opentelemetry/api@1.9.0)(@playwright/test@1.56.1)(react-dom@19.2.1(react@19.2.1))(react@19.2.1)
      next-auth:
        specifier: 4.24.12
-        version: 4.24.12(patch_hash=bdy3m55bopfzpysceipfxj5eei)(next@15.5.9(@opentelemetry/api@1.9.0)(@playwright/test@1.56.1)(react-dom@19.2.1(react@19.2.1))(react@19.2.1))(nodemailer@7.0.11)(react-dom@19.2.1(react@19.2.1))(react@19.2.1)
+        version: 4.24.12(patch_hash=43pqaaqjvqhdw6jmcjbeq3fjse)(next@15.5.9(@opentelemetry/api@1.9.0)(@playwright/test@1.56.1)(react-dom@19.2.1(react@19.2.1))(react@19.2.1))(nodemailer@7.0.11)(react-dom@19.2.1(react@19.2.1))(react@19.2.1)
      next-safe-action:
        specifier: 7.10.8
        version: 7.10.8(next@15.5.9(@opentelemetry/api@1.9.0)(@playwright/test@1.56.1)(react-dom@19.2.1(react@19.2.1))(react@19.2.1))(react-dom@19.2.1(react@19.2.1))(react@19.2.1)(zod@3.24.4)
@@ -19672,7 +19672,7 @@ snapshots:

  neo-async@2.6.2: {}

-  next-auth@4.24.12(patch_hash=bdy3m55bopfzpysceipfxj5eei)(next@15.5.9(@opentelemetry/api@1.9.0)(@playwright/test@1.56.1)(react-dom@19.2.1(react@19.2.1))(react@19.2.1))(nodemailer@7.0.11)(react-dom@19.2.1(react@19.2.1))(react@19.2.1):
+  next-auth@4.24.12(patch_hash=43pqaaqjvqhdw6jmcjbeq3fjse)(next@15.5.9(@opentelemetry/api@1.9.0)(@playwright/test@1.56.1)(react-dom@19.2.1(react@19.2.1))(react@19.2.1))(nodemailer@7.0.11)(react-dom@19.2.1(react@19.2.1))(react@19.2.1):
    dependencies:
      '@babel/runtime': 7.28.4
      '@panva/hkdf': 1.2.1