From 07ed926225a9674c467f68fe55c19c267b6a2a9f Mon Sep 17 00:00:00 2001
From: Anshuman Pandey <54475686+pandeymangg@users.noreply.github.com>
Date: Wed, 17 Dec 2025 22:41:40 +0530
Subject: [PATCH] fix: updates the patch to fix the next-auth no proxy issue
 (#6987)

Co-authored-by: Matti Nannt <matti@formbricks.com>
---
 package.json                                  |  6 +-
 .../src/scripts/generate-data-migration.ts    |  2 +-
 .../database/src/scripts/migration-runner.ts  |  2 +-
 .../elements/picture-selection-element.tsx    |  4 +-
 patches/next-auth@4.24.12.patch               | 62 ++++++++++++++++++-
 pnpm-lock.yaml                                |  6 +-
 6 files changed, 69 insertions(+), 13 deletions(-)

diff --git a/package.json b/package.json
index 2f26e67988..458049c86f 100644
--- a/package.json
+++ b/package.json
@@ -80,9 +80,6 @@
     "showDetails": true
   },
   "pnpm": {
-    "patchedDependencies": {
-      "next-auth@4.24.12": "patches/next-auth@4.24.12.patch"
-    },
     "overrides": {
       "axios": ">=1.12.2",
       "node-forge": ">=1.3.2",
@@ -91,6 +88,9 @@
     },
     "comments": {
       "overrides": "Security fixes for transitive dependencies. Remove when upstream packages update: axios (CVE-2025-58754) - awaiting @boxyhq/saml-jackson update | node-forge (Dependabot #230) - awaiting @boxyhq/saml-jackson update | tar-fs (Dependabot #205) - awaiting upstream dependency updates | typeorm (Dependabot #223) - awaiting @boxyhq/saml-jackson update"
+    },
+    "patchedDependencies": {
+      "next-auth@4.24.12": "patches/next-auth@4.24.12.patch"
     }
   }
 }
diff --git a/packages/database/src/scripts/generate-data-migration.ts b/packages/database/src/scripts/generate-data-migration.ts
index 10d4d81b8d..ee2ba5d27a 100644
--- a/packages/database/src/scripts/generate-data-migration.ts
+++ b/packages/database/src/scripts/generate-data-migration.ts
@@ -1,8 +1,8 @@
+import { createId } from "@paralleldrive/cuid2";
 import fs from "node:fs/promises";
 import path from "node:path";
 import readline from "node:readline";
 import { fileURLToPath } from "node:url";
-import { createId } from "@paralleldrive/cuid2";
 import { logger } from "@formbricks/logger";
 
 const __filename = fileURLToPath(import.meta.url);
diff --git a/packages/database/src/scripts/migration-runner.ts b/packages/database/src/scripts/migration-runner.ts
index a57515d3b5..a4eeef2393 100644
--- a/packages/database/src/scripts/migration-runner.ts
+++ b/packages/database/src/scripts/migration-runner.ts
@@ -1,9 +1,9 @@
+import { type Prisma, PrismaClient } from "@prisma/client";
 import { exec } from "node:child_process";
 import fs from "node:fs/promises";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
 import { promisify } from "node:util";
-import { type Prisma, PrismaClient } from "@prisma/client";
 import { logger } from "@formbricks/logger";
 
 const __filename = fileURLToPath(import.meta.url);
diff --git a/packages/surveys/src/components/elements/picture-selection-element.tsx b/packages/surveys/src/components/elements/picture-selection-element.tsx
index 37b3bd538d..73e88b3759 100644
--- a/packages/surveys/src/components/elements/picture-selection-element.tsx
+++ b/packages/surveys/src/components/elements/picture-selection-element.tsx
@@ -1,11 +1,11 @@
 import { useState } from "preact/hooks";
+import { useTranslation } from "react-i18next";
 import { PictureSelect, type PictureSelectOption } from "@formbricks/survey-ui";
 import { type TResponseData, type TResponseTtc } from "@formbricks/types/responses";
 import type { TSurveyPictureSelectionElement } from "@formbricks/types/surveys/elements";
 import { getLocalizedValue } from "@/lib/i18n";
 import { getOriginalFileNameFromUrl } from "@/lib/storage";
 import { getUpdatedTtc, useTtc } from "@/lib/ttc";
-import { useTranslation } from "react-i18next";
 
 interface PictureSelectionProps {
   element: TSurveyPictureSelectionElement;
@@ -82,7 +82,7 @@ export function PictureSelectionElement({
         setTtc(updatedTtcObj);
       }
     }
-  }
+  };
 
   return (
     <form key={element.id} onSubmit={handleSubmit} className="w-full">
diff --git a/patches/next-auth@4.24.12.patch b/patches/next-auth@4.24.12.patch
index 081c634ddb..2d0bfd92e9 100644
--- a/patches/next-auth@4.24.12.patch
+++ b/patches/next-auth@4.24.12.patch
@@ -1,22 +1,78 @@
 diff --git a/core/lib/oauth/client.js b/core/lib/oauth/client.js
-index 52c51eb6ff422dc0899ccec31baf3fa39e42eeae..d33754cb23f5fb949b367b4ed159e53cb12723fa 100644
+index 52c51eb6ff422dc0899ccec31baf3fa39e42eeae..472772cfefc2c2947536d6a22b022c2f9c27c61f 100644
 --- a/core/lib/oauth/client.js
 +++ b/core/lib/oauth/client.js
-@@ -5,9 +5,17 @@ Object.defineProperty(exports, "__esModule", {
+@@ -5,9 +5,73 @@ Object.defineProperty(exports, "__esModule", {
  });
  exports.openidClient = openidClient;
  var _openidClient = require("openid-client");
 +var httpProxyAgent = require("https-proxy-agent");
++
++function isGlobMatch(str, pattern) {
++  if (pattern === '*') return true;
++  if (pattern === str) return true;
++  if (pattern.startsWith('*')) {
++    var suffix = pattern.slice(1);
++    return str.endsWith(suffix) || str === suffix.replace(/^\./, '');
++  }
++  if (pattern.endsWith('*')) {
++    var prefix = pattern.slice(0, -1);
++    return str.startsWith(prefix);
++  }
++  return false;
++}
++
++function isUrlMatchingNoProxy(subjectUrl, noProxy) {
++  if (!noProxy) return false;
++  
++  var subjectUrlTokens;
++  try {
++    subjectUrlTokens = new URL(subjectUrl);
++  } catch (e) {
++    return false;
++  }
++
++  var rules = noProxy.split(/[\s,]+/).filter(function(r) { return r.length > 0; });
++
++  for (var i = 0; i < rules.length; i++) {
++    var rule = rules[i];
++    var normalizedRule = rule.replace(/^\./, '*');
++    var ruleMatch = normalizedRule.match(/^(.+?)(?::(\d+))?$/);
++    
++    if (!ruleMatch || !ruleMatch[1]) {
++      continue;
++    }
++    
++    var ruleHostname = ruleMatch[1].toLowerCase();
++    var rulePort = ruleMatch[2];
++    var subjectHostname = subjectUrlTokens.hostname.toLowerCase();
++    var subjectPort = subjectUrlTokens.port;
++    
++    var hostnameIsMatch = isGlobMatch(subjectHostname, ruleHostname);
++    var portIsMatch = !rulePort || (subjectPort && subjectPort === rulePort);
++    
++    if (hostnameIsMatch && portIsMatch) {
++      return true;
++    }
++  }
++
++  return false;
++}
++
  async function openidClient(options) {
    const provider = options.provider;
 -  if (provider.httpOptions) _openidClient.custom.setHttpOptionsDefaults(provider.httpOptions);
 +  let httpOptions = {};
 +  if (provider.httpOptions) httpOptions = { ...provider.httpOptions };
++  
 +  const proxyUrl = process.env.HTTPS_PROXY || process.env.HTTP_PROXY || process.env.https_proxy || process.env.http_proxy;
-+  if(proxyUrl) {
++  const noProxy = process.env.NO_PROXY || process.env.no_proxy || '';
++  
++  if (proxyUrl && provider.wellKnown && !isUrlMatchingNoProxy(provider.wellKnown, noProxy)) {
 +    const agent = new httpProxyAgent.HttpsProxyAgent(proxyUrl);
 +    httpOptions.agent = agent;
 +  }
++  
 +  _openidClient.custom.setHttpOptionsDefaults(httpOptions);
    let issuer;
    if (provider.wellKnown) {
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 8c7fff94b3..f45506f2db 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -12,7 +12,7 @@ overrides:
 
 patchedDependencies:
   next-auth@4.24.12:
-    hash: bdy3m55bopfzpysceipfxj5eei
+    hash: 43pqaaqjvqhdw6jmcjbeq3fjse
     path: patches/next-auth@4.24.12.patch
 
 importers:
@@ -368,7 +368,7 @@ importers:
         version: 15.5.9(@opentelemetry/api@1.9.0)(@playwright/test@1.56.1)(react-dom@19.2.1(react@19.2.1))(react@19.2.1)
       next-auth:
         specifier: 4.24.12
-        version: 4.24.12(patch_hash=bdy3m55bopfzpysceipfxj5eei)(next@15.5.9(@opentelemetry/api@1.9.0)(@playwright/test@1.56.1)(react-dom@19.2.1(react@19.2.1))(react@19.2.1))(nodemailer@7.0.11)(react-dom@19.2.1(react@19.2.1))(react@19.2.1)
+        version: 4.24.12(patch_hash=43pqaaqjvqhdw6jmcjbeq3fjse)(next@15.5.9(@opentelemetry/api@1.9.0)(@playwright/test@1.56.1)(react-dom@19.2.1(react@19.2.1))(react@19.2.1))(nodemailer@7.0.11)(react-dom@19.2.1(react@19.2.1))(react@19.2.1)
       next-safe-action:
         specifier: 7.10.8
         version: 7.10.8(next@15.5.9(@opentelemetry/api@1.9.0)(@playwright/test@1.56.1)(react-dom@19.2.1(react@19.2.1))(react@19.2.1))(react-dom@19.2.1(react@19.2.1))(react@19.2.1)(zod@3.24.4)
@@ -19672,7 +19672,7 @@ snapshots:
 
   neo-async@2.6.2: {}
 
-  next-auth@4.24.12(patch_hash=bdy3m55bopfzpysceipfxj5eei)(next@15.5.9(@opentelemetry/api@1.9.0)(@playwright/test@1.56.1)(react-dom@19.2.1(react@19.2.1))(react@19.2.1))(nodemailer@7.0.11)(react-dom@19.2.1(react@19.2.1))(react@19.2.1):
+  next-auth@4.24.12(patch_hash=43pqaaqjvqhdw6jmcjbeq3fjse)(next@15.5.9(@opentelemetry/api@1.9.0)(@playwright/test@1.56.1)(react-dom@19.2.1(react@19.2.1))(react@19.2.1))(nodemailer@7.0.11)(react-dom@19.2.1(react@19.2.1))(react@19.2.1):
     dependencies:
       '@babel/runtime': 7.28.4
       '@panva/hkdf': 1.2.1