Bump the dev-minor-updates group across 1 directory with 10 updates

Bumps the dev-minor-updates group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@dotenvx/dotenvx](https://github.com/dotenvx/dotenvx) | `1.54.1` | `1.64.0` |
| [@tanstack/react-query-devtools](https://github.com/TanStack/query/tree/HEAD/packages/react-query-devtools) | `5.91.3` | `5.100.9` |
| [@types/express-session](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express-session) | `1.18.2` | `1.19.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.3.5` | `25.6.0` |
| [@types/pg](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/pg) | `8.18.0` | `8.20.0` |
| [esbuild](https://github.com/evanw/esbuild) | `0.27.4` | `0.28.0` |
| [esbuild-node-externals](https://github.com/pradel/esbuild-node-externals) | `1.20.1` | `1.22.0` |
| [eslint](https://github.com/eslint/eslint) | `10.0.3` | `10.3.0` |
| [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) | `16.1.7` | `16.2.4` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.56.1` | `8.59.2` |



Updates `@dotenvx/dotenvx` from 1.54.1 to 1.64.0
- [Release notes](https://github.com/dotenvx/dotenvx/releases)
- [Changelog](https://github.com/dotenvx/dotenvx/blob/main/CHANGELOG.md)
- [Commits](https://github.com/dotenvx/dotenvx/compare/v1.54.1...v1.64.0)

Updates `@tanstack/react-query-devtools` from 5.91.3 to 5.100.9
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query-devtools/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query-devtools@5.100.9/packages/react-query-devtools)

Updates `@types/express-session` from 1.18.2 to 1.19.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express-session)

Updates `@types/node` from 25.3.5 to 25.6.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@types/pg` from 8.18.0 to 8.20.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/pg)

Updates `esbuild` from 0.27.4 to 0.28.0
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.27.4...v0.28.0)

Updates `esbuild-node-externals` from 1.20.1 to 1.22.0
- [Release notes](https://github.com/pradel/esbuild-node-externals/releases)
- [Commits](https://github.com/pradel/esbuild-node-externals/compare/esbuild-node-externals-v1.20.1...esbuild-node-externals-v1.22.0)

Updates `eslint` from 10.0.3 to 10.3.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.0.3...v10.3.0)

Updates `eslint-config-next` from 16.1.7 to 16.2.4
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v16.2.4/packages/eslint-config-next)

Updates `typescript-eslint` from 8.56.1 to 8.59.2
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.2/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@dotenvx/dotenvx"
  dependency-version: 1.61.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
- dependency-name: "@tanstack/react-query-devtools"
  dependency-version: 5.99.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
- dependency-name: "@types/express-session"
  dependency-version: 1.19.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
- dependency-name: "@types/node"
  dependency-version: 25.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
- dependency-name: "@types/pg"
  dependency-version: 8.20.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
- dependency-name: esbuild
  dependency-version: 0.28.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
- dependency-name: esbuild-node-externals
  dependency-version: 1.22.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
- dependency-name: eslint
  dependency-version: 10.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
- dependency-name: eslint-config-next
  dependency-version: 16.2.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
- dependency-name: typescript-eslint
  dependency-version: 8.58.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>

package.json

@@ -131,25 +131,25 @@
         "zod-validation-error": "5.0.0"
     },
     "devDependencies": {
-        "@dotenvx/dotenvx": "1.54.1",
+        "@dotenvx/dotenvx": "1.64.0",
         "@esbuild-plugins/tsconfig-paths": "0.1.2",
         "@react-email/preview-server": "5.2.10",
         "@tailwindcss/postcss": "4.2.2",
-        "@tanstack/react-query-devtools": "5.91.3",
+        "@tanstack/react-query-devtools": "5.100.9",
         "@types/better-sqlite3": "7.6.13",
         "@types/cookie-parser": "1.4.10",
         "@types/cors": "2.8.19",
         "@types/crypto-js": "4.2.2",
         "@types/d3": "7.4.3",
         "@types/express": "5.0.6",
-        "@types/express-session": "1.18.2",
+        "@types/express-session": "1.19.0",
         "@types/jmespath": "0.15.2",
         "@types/js-yaml": "4.0.9",
         "@types/jsonwebtoken": "9.0.10",
-        "@types/node": "25.3.5",
+        "@types/node": "25.6.0",
         "@types/nodemailer": "7.0.11",
         "@types/nprogress": "0.2.3",
-        "@types/pg": "8.18.0",
+        "@types/pg": "8.20.0",
         "@types/react": "19.2.14",
         "@types/react-dom": "19.2.3",
         "@types/semver": "7.7.1",
@@ -160,10 +160,10 @@
         "@types/yargs": "17.0.35",
         "babel-plugin-react-compiler": "1.0.0",
         "drizzle-kit": "0.31.10",
-        "esbuild": "0.27.4",
-        "esbuild-node-externals": "1.20.1",
-        "eslint": "10.0.3",
-        "eslint-config-next": "16.1.7",
+        "esbuild": "0.28.0",
+        "esbuild-node-externals": "1.22.0",
+        "eslint": "10.3.0",
+        "eslint-config-next": "16.2.4",
         "postcss": "8.5.8",
         "prettier": "3.8.1",
         "react-email": "5.2.10",
@@ -171,10 +171,10 @@
         "tsc-alias": "1.8.16",
         "tsx": "4.21.0",
         "typescript": "5.9.3",
-        "typescript-eslint": "8.56.1"
+        "typescript-eslint": "8.59.2"
     },
     "overrides": {
-        "esbuild": "0.27.4",
+        "esbuild": "0.28.0",
         "dompurify": "3.3.2"
     }
 }

server/private/lib/acmeCertSync.ts

@@ -500,7 +500,30 @@ function findAcmeJsonFiles(dirPath: string): string[] {
         const fullPath = path.join(dirPath, entry.name);
         if (entry.isDirectory()) {
             results.push(...findAcmeJsonFiles(fullPath));
-        } else if (entry.isFile() && entry.name === "acme.json") {
+        } else if (entry.isFile()) {
+            // check if it is a json file
+            if (entry.name.endsWith(".json")) {
+                let raw: string;
+                try {
+                    raw = fs.readFileSync(fullPath, "utf8");
+                } catch (err) {
+                    logger.warn(
+                        `acmeCertSync: could not read file "${fullPath}": ${err}`
+                    );
+                    continue;
+                }
+
+                let parsed: any;
+                try {
+                    parsed = JSON.parse(raw);
+                } catch (err) {
+                    logger.warn(
+                        `acmeCertSync: could not parse "${fullPath}" as JSON: ${err}`
+                    );
+                    continue;
+                }
+            }
+
             results.push(fullPath);
         }
     }

server/routers/idp/validateOidcCallback.ts

@@ -333,23 +333,16 @@ export async function validateOidcCallback(
                     .innerJoin(orgs, eq(orgs.orgId, idpOrg.orgId));
                 allOrgs = idpOrgs.map((o) => o.orgs);
 
-                // for (const org of allOrgs) {
-                //     const subscribed = await isSubscribed(
-                //         org.orgId,
-                //         tierMatrix.autoProvisioning
-                //     );
-                //     if (!subscribed) {
-                //         // filter out the org
-                //         allOrgs = allOrgs.filter((o) => o.orgId !== org.orgId);
-
-                //         // return next(
-                //         //     createHttpError(
-                //         //         HttpCode.FORBIDDEN,
-                //         //         "This organization's current plan does not support this feature."
-                //         //     )
-                //         // );
-                //     }
-                // }
+                for (const org of allOrgs) {
+                    const subscribed = await isSubscribed(
+                        org.orgId,
+                        tierMatrix.autoProvisioning
+                    );
+                    if (!subscribed) {
+                        // filter out the org
+                        allOrgs = allOrgs.filter((o) => o.orgId !== org.orgId);
+                    }
+                }
             } else {
                 allOrgs = await db.select().from(orgs);
             }
@@ -490,7 +483,14 @@ export async function validateOidcCallback(
                             }
                         }
 
-                        await calculateUserClientsForOrgs(existingUser.userId);
+                        calculateUserClientsForOrgs(existingUser.userId).catch(
+                            (err) => {
+                                logger.error(
+                                    "Error calculating user clients after removing all orgs for user with no valid IdP mappings",
+                                    { error: err }
+                                );
+                            }
+                        );
 
                         return next(
                             createHttpError(
@@ -512,10 +512,9 @@ export async function validateOidcCallback(
 
             const orgUserCounts: { orgId: string; userCount: number }[] = [];
 
+            let userId = existingUser?.userId;
             // sync the user with the orgs and roles
             await db.transaction(async (trx) => {
-                let userId = existingUser?.userId;
-
                 // create user if not exists
                 if (!existingUser) {
                     userId = generateId(15);
@@ -645,8 +644,15 @@ export async function validateOidcCallback(
                         userCount: userCount.length
                     });
                 }
+            });
 
+            db.transaction(async (trx) => {
                 await calculateUserClientsForOrgs(userId!, trx);
+            }).catch((err) => {
+                logger.error(
+                    "Error calculating user clients after syncing orgs and roles for OIDC user",
+                    { error: err }
+                );
             });
 
             for (const orgCount of orgUserCounts) {

src/components/SmartLoginOrgSelector.tsx

@@ -147,7 +147,7 @@ export default function SmartLoginOrgSelector({
             const response = await generateOidcUrlProxy(
                 idpId,
                 safeRedirect,
-                orgId,
+                undefined,
                 forceLogin
             );