Bump the dev-patch-updates group across 1 directory with 7 updates

Bumps the dev-patch-updates group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) | `4.3.0` | `4.3.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.9.1` | `25.9.3` |
| [esbuild](https://github.com/evanw/esbuild) | `0.28.0` | `0.28.1` |
| [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) | `16.2.6` | `16.2.9` |
| [prettier](https://github.com/prettier/prettier) | `3.8.3` | `3.8.4` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.3.0` | `4.3.1` |
| [tsx](https://github.com/privatenumber/tsx) | `4.22.3` | `4.22.4` |



Updates `@tailwindcss/postcss` from 4.3.0 to 4.3.1
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.1/packages/@tailwindcss-postcss)

Updates `@types/node` from 25.9.1 to 25.9.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `esbuild` from 0.28.0 to 0.28.1
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.28.0...v0.28.1)

Updates `eslint-config-next` from 16.2.6 to 16.2.9
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v16.2.9/packages/eslint-config-next)

Updates `prettier` from 3.8.3 to 3.8.4
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.8.3...3.8.4)

Updates `tailwindcss` from 4.3.0 to 4.3.1
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.1/packages/tailwindcss)

Updates `tsx` from 4.22.3 to 4.22.4
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](https://github.com/privatenumber/tsx/compare/v4.22.3...v4.22.4)

---
updated-dependencies:
- dependency-name: "@tailwindcss/postcss"
  dependency-version: 4.3.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-patch-updates
- dependency-name: "@types/node"
  dependency-version: 25.9.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-patch-updates
- dependency-name: esbuild
  dependency-version: 0.28.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-patch-updates
- dependency-name: eslint-config-next
  dependency-version: 16.2.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-patch-updates
- dependency-name: prettier
  dependency-version: 3.8.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-patch-updates
- dependency-name: tailwindcss
  dependency-version: 4.3.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-patch-updates
- dependency-name: tsx
  dependency-version: 4.22.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-patch-updates
...

Signed-off-by: dependabot[bot] <support@github.com>

package.json

@@ -136,11 +136,11 @@
         "zod-validation-error": "5.0.0"
     },
     "devDependencies": {
-        "@dotenvx/dotenvx": "1.71.3",
+        "@dotenvx/dotenvx": "1.69.1",
         "@esbuild-plugins/tsconfig-paths": "0.1.2",
-        "@react-email/ui": "^6.6.0",
-        "@tailwindcss/postcss": "4.3.0",
-        "@tanstack/react-query-devtools": "5.101.0",
+        "@react-email/ui": "^6.5.0",
+        "@tailwindcss/postcss": "4.3.1",
+        "@tanstack/react-query-devtools": "5.100.14",
         "@types/better-sqlite3": "7.6.13",
         "@types/cookie-parser": "1.4.10",
         "@types/cors": "2.8.19",
@@ -151,7 +151,7 @@
         "@types/jmespath": "0.15.2",
         "@types/js-yaml": "4.0.9",
         "@types/jsonwebtoken": "9.0.10",
-        "@types/node": "25.9.1",
+        "@types/node": "25.9.3",
         "@types/nodemailer": "8.0.0",
         "@types/nprogress": "0.2.3",
         "@types/pg": "8.20.0",
@@ -165,21 +165,21 @@
         "@types/yargs": "17.0.35",
         "babel-plugin-react-compiler": "1.0.0",
         "drizzle-kit": "0.31.10",
-        "esbuild": "0.28.0",
-        "esbuild-node-externals": "1.23.1",
-        "eslint": "10.5.0",
-        "eslint-config-next": "16.2.6",
+        "esbuild": "0.28.1",
+        "esbuild-node-externals": "1.22.0",
+        "eslint": "10.4.0",
+        "eslint-config-next": "16.2.9",
         "postcss": "8.5.15",
-        "prettier": "3.8.3",
-        "react-email": "6.6.0",
-        "tailwindcss": "4.3.0",
+        "prettier": "3.8.4",
+        "react-email": "6.5.0",
+        "tailwindcss": "4.3.1",
         "tsc-alias": "1.8.17",
-        "tsx": "4.22.3",
+        "tsx": "4.22.4",
         "typescript": "6.0.3",
-        "typescript-eslint": "8.61.0"
+        "typescript-eslint": "8.60.0"
     },
     "overrides": {
-        "esbuild": "0.28.0",
+        "esbuild": "0.28.1",
         "dompurify": "3.4.0",
         "postcss": "8.5.15"
     }

server/lib/blueprints/resourcePolicies.ts

@@ -74,33 +74,20 @@ export async function updateResourcePolicies(
             const [provider] = await trx
                 .select()
                 .from(idp)
-                .where(eq(idp.idpId, policyData["auto-login-idp"]))
+                .innerJoin(idpOrg, eq(idpOrg.idpId, idp.idpId))
+                .where(
+                    and(
+                        eq(idp.idpId, policyData["auto-login-idp"]),
+                        eq(idpOrg.orgId, orgId)
+                    )
+                )
                 .limit(1);
 
             if (!provider) {
                 throw new Error(
-                    `Identity provider not found for policy '${policyNiceId}'`
+                    `Identity provider not found for policy '${policyNiceId}' in this organization`
                 );
             }
-
-            if (process.env.IDENTITY_PROVIDER_MODE === "org") {
-                const [providerOrg] = await trx
-                    .select()
-                    .from(idpOrg)
-                    .where(
-                        and(
-                            eq(idpOrg.idpId, policyData["auto-login-idp"]),
-                            eq(idpOrg.orgId, orgId)
-                        )
-                    )
-                    .limit(1);
-
-                if (!providerOrg) {
-                    throw new Error(
-                        `Identity provider not found for policy '${policyNiceId}' in this organization`
-                    );
-                }
-            }
         }
 
         // Look up the admin role

server/private/routers/policy/createResourcePolicy.ts

@@ -207,39 +207,18 @@ export async function createResourcePolicy(
             const [provider] = await db
                 .select()
                 .from(idp)
-                .where(eq(idp.idpId, skipToIdpId))
+                .innerJoin(idpOrg, eq(idpOrg.idpId, idp.idpId))
+                .where(and(eq(idp.idpId, skipToIdpId), eq(idpOrg.orgId, orgId)))
                 .limit(1);
 
             if (!provider) {
                 return next(
                     createHttpError(
                         HttpCode.INTERNAL_SERVER_ERROR,
-                        "Identity provider not found"
+                        "Identity provider not found in this organization"
                     )
                 );
             }
-
-            if (process.env.IDENTITY_PROVIDER_MODE === "org") {
-                const [providerOrg] = await db
-                    .select()
-                    .from(idpOrg)
-                    .where(
-                        and(
-                            eq(idpOrg.idpId, skipToIdpId),
-                            eq(idpOrg.orgId, orgId)
-                        )
-                    )
-                    .limit(1);
-
-                if (!providerOrg) {
-                    return next(
-                        createHttpError(
-                            HttpCode.INTERNAL_SERVER_ERROR,
-                            "Identity provider not found in this organization"
-                        )
-                    );
-                }
-            }
         }
 
         const adminRole = await db

server/routers/policy/setResourcePolicyAccessControl.ts

@@ -107,36 +107,20 @@ export async function setResourcePolicyAccessControl(
             const [provider] = await db
                 .select()
                 .from(idp)
-                .where(eq(idp.idpId, idpId))
+                .innerJoin(idpOrg, eq(idpOrg.idpId, idp.idpId))
+                .where(
+                    and(eq(idp.idpId, idpId), eq(idpOrg.orgId, policy.orgId))
+                )
                 .limit(1);
 
             if (!provider) {
                 return next(
                     createHttpError(
                         HttpCode.INTERNAL_SERVER_ERROR,
-                        "Identity provider not found"
+                        "Identity provider not found in this organization"
                     )
                 );
             }
-
-            if (process.env.IDENTITY_PROVIDER_MODE === "org") {
-                const [providerOrg] = await db
-                    .select()
-                    .from(idpOrg)
-                    .where(
-                        and(eq(idpOrg.idpId, idpId), eq(idpOrg.orgId, policy.orgId))
-                    )
-                    .limit(1);
-
-                if (!providerOrg) {
-                    return next(
-                        createHttpError(
-                            HttpCode.INTERNAL_SERVER_ERROR,
-                            "Identity provider not found in this organization"
-                        )
-                    );
-                }
-            }
         }
 
         // Check if any of the roleIds are admin roles