chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the npm_and_yarn group with 1 update in the /apps/docs directory: next.
Bumps the npm_and_yarn group with 1 update in the /apps/sim directory: better-auth.

Updates next from 15.4.1 to 15.4.7

Release notes

Sourced from next's releases.

v15.4.7

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix router handling when setting a location response header #82588

Credits

Huge thanks to @​ztanner for helping!

v15.4.6

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: _error page's req.url can be overwritten to dynamic param on minimal mode (#82347)
• fix: add ?dpl to fonts in /_next/static/media (#82384)

Credits

Huge thanks to @​devjiwonchoi, @​ijjk, and @​styfle for helping!

v15.4.5

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix API stripping JSON incorrectly (#82062)
• Fix i18n fallback: false collision (#82158)
• Revert "Fix tracing of server actions imported by client components (#82167)
• Ensure setAssetPrefix updates config instance (#82165)
• Turbopack: update mimalloc (#82166)
• fix(next/image): fix image-optimizer.ts headers (#82175)
• fix(next/image): improve and simplify detect-content-type (#82174)

Credits

Huge thanks to @​ijjk, @​sokra, and @​styfle for helping!

v15.4.2-canary.56

Misc Changes

• fix: remove a few old references to 'next lint': #82800
• docs: fix TS error in Node.js runtime local assets example: #82672
• docs: Route props helpers, typegen and next lint deprecation: #82784

Credits

Huge thanks to @​bgub, @​EAzZY-1wnL, and @​icyJoseph for helping!

... (truncated)

Commits

• f30d815 v15.4.7
• 1a026e3 fix router handling when setting a location response header (#82588)
• be4aafd v15.4.6
• 91e5b6b Backport "fix: add ?dpl to fonts in /_next/static/media (#82384)" (#82421)
• f1629d9 Backport "[Pages] fix: _error page's req.url can be overwritten t… (#82377)
• b9aab5d v15.4.5
• a8c93c4 Disable test new tests jobs
• ed2a6c7 [backport]: fix(next/image): improve and simplify detect-content-type (#82118...
• f00fcc9 [backport]: fix(next/image): fix image-optimizer.ts headers (#82114) (#82175)
• 55a7568 Backport: Turbopack: update mimalloc (#81993) (#82166)
• Additional commits viewable in compare view

Updates better-auth from 1.2.9 to 1.2.10

Commits

• 08d9295 chore: release v1.2.10
• 6304efa feat: add Hugging Face provider (#3089)
• 38e422e feat: link account with idToken (#1830)
• de6b53c fix: expose headers override in jwt plugin (#3019)
• 88573aa fix: onLinkAccount trigger on phone number verification (#3007)
• 7eded3d chore: fix typo in authorize comment (#3106)
• 1b0aef5 fix: use correct refresh token endpoint for github (#3095)
• 9714131 feat: Allow passing id in DB hook create (#3048)
• f12e345 chore(org): add comments explaining what shimContext does (#3098)
• 7c72824 fix: delete user should respect freshAge config (#3075)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
docs	Ready	Preview	Comment	Sep 18, 2025 6:59am
sim	Error			Sep 18, 2025 6:59am

[greptile-apps]

Greptile Summary

This PR is an automated Dependabot update that bumps two dependencies across the monorepo: Next.js from 15.4.1 to 15.4.7 in the docs application (apps/docs/package.json) and better-auth from 1.2.9 to 1.2.10 in the sim application (apps/sim/package.json).

The Next.js update includes multiple bug fixes across versions 15.4.2 through 15.4.7, addressing critical issues such as router handling when setting location response headers, API JSON stripping problems, i18n fallback collisions, font loading with deployment prefixes, and image optimization improvements. These are all backward-compatible bug fixes with no breaking changes.

The better-auth update brings new features and fixes, including support for a Hugging Face authentication provider, account linking with ID tokens, exposed headers override in the JWT plugin, fixes for phone number verification triggers, GitHub refresh token endpoints, and user deletion respecting freshAge configuration.

Both updates fit into the codebase's maintenance strategy of keeping dependencies current with security patches and bug fixes. The docs application uses Next.js for its documentation site built with FumaDocs, while the sim application uses better-auth for authentication services. These updates ensure both applications benefit from the latest stability improvements and security patches.

Confidence score: 2/5

• This PR has a critical issue that could cause dependency conflicts in the monorepo
• Score lowered due to version override configuration in sim app that prevents Next.js updates from taking effect
• Pay close attention to apps/sim/package.json overrides section that pins Next.js to 15.4.1 while docs will use 15.4.7

_{2 files reviewed, 1 comment}

_{Edit Code Review Bot Settings | Greptile}