Merge pull request #26 #27 #28 (#29) (#30) (#50)

[Dargon789]

• Delete .circleci directory

• Merge pull request #25 from Dargon789/main #26 Create config.yml #27 Delete .circleci directory #28 (#26 #27 #28 #29) (#26 #27 #28 (#29) #30)

• Create config.yml

d37b38e

• Update .github/config.yml

• Delete .circleci directory

---

• deps: bump next from 16.0.10 to 16.1.6 (deps: bump next from 16.0.10 to 16.1.6 #39)

Bumps next from 16.0.10 to 16.1.6.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: next dependency-version: 16.1.6 dependency-type: direct:production ...

• fix: package.json & package-lock.json to reduce vulnerabilities ([Snyk] Security upgrade @arcjet/next from 1.0.0-beta.9 to 1.1.0 #44)

The following vulnerabilities are fixed with an upgrade:

• https://snyk.io/vuln/SNYK-JS-UNDICI-14943963

• deps: bump next-auth from 5.0.0-beta.29 to 5.0.0-beta.30 (deps: bump next-auth from 5.0.0-beta.29 to 5.0.0-beta.30 #45)

Bumps next-auth from 5.0.0-beta.29 to 5.0.0-beta.30.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: next-auth dependency-version: 5.0.0-beta.30 dependency-type: direct:production ...

• deps: bump the dependencies-minor group across 1 directory with 16 updates (deps: bump the dependencies-minor group across 1 directory with 16 updates #49)

Bumps the dependencies-minor group with 16 updates in the / directory:

Package	From	To
@arcjet/decorate	1.0.0-beta.9	1.1.0

Updates @arcjet/decorate from 1.0.0-beta.9 to 1.1.0

• Release notes
• Changelog
• Commits

Updates @arcjet/env from 1.0.0-beta.9 to 1.1.0

• Release notes
• Changelog
• Commits

Updates @arcjet/ip from 1.0.0-beta.9 to 1.1.0

• Release notes
• Changelog
• Commits

Updates @fontsource-variable/figtree from 5.2.8 to 5.2.10

• Changelog
• Commits

Updates @fontsource/ibm-plex-mono from 5.2.6 to 5.2.7

• Changelog
• Commits

Updates @hookform/resolvers from 5.1.1 to 5.2.2

• Release notes
• Commits

Updates @nosecone/next from 1.0.0-beta.9 to 1.1.0

• Release notes
• Changelog
• Commits

Updates @oddbird/css-anchor-positioning from 0.6.1 to 0.8.0

• Release notes
• Changelog
• Commits

Updates react from 19.2.0 to 19.2.4

• Release notes
• Changelog
• Commits

Updates @types/react from 19.1.8 to 19.2.13

• Release notes
• Commits

Updates react-dom from 19.1.0 to 19.2.4

• Release notes
• Changelog
• Commits

Updates @types/react-dom from 19.1.6 to 19.2.3

• Release notes
• Commits

Updates react-hook-form from 7.60.0 to 7.71.1

• Release notes
• Changelog
• Commits

Updates zod from 4.2.1 to 4.3.6

• Release notes
• Commits

Updates @playwright/test from 1.55.1 to 1.58.2

• Release notes
• Commits

Updates @types/react from 19.1.8 to 19.2.13

• Release notes
• Commits

Updates @types/react-dom from 19.1.6 to 19.2.3

• Release notes
• Commits

Updates sass from 1.89.2 to 1.97.3

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: "@arcjet/decorate" dependency-version: 1.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies-minor
• dependency-name: "@arcjet/env" dependency-version: 1.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies-minor
• dependency-name: "@arcjet/ip" dependency-version: 1.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies-minor
• dependency-name: "@fontsource-variable/figtree" dependency-version: 5.2.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies-minor
• dependency-name: "@fontsource/ibm-plex-mono" dependency-version: 5.2.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies-minor
• dependency-name: "@hookform/resolvers" dependency-version: 5.2.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies-minor
• dependency-name: "@nosecone/next" dependency-version: 1.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies-minor
• dependency-name: "@oddbird/css-anchor-positioning" dependency-version: 0.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies-minor
• dependency-name: react dependency-version: 19.2.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies-minor
• dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies-minor
• dependency-name: react-dom dependency-version: 19.2.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies-minor
• dependency-name: "@types/react-dom" dependency-version: 19.2.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies-minor
• dependency-name: react-hook-form dependency-version: 7.71.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies-minor
• dependency-name: zod dependency-version: 4.3.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies-minor
• dependency-name: "@playwright/test" dependency-version: 1.58.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies-minor
• dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies-minor
• dependency-name: "@types/react-dom" dependency-version: 19.2.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies-minor
• dependency-name: sass dependency-version: 1.97.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies-minor ...

---

Summary by Sourcery

Update frontend and Arcjet-related dependencies and remove legacy CircleCI configuration.

Bug Fixes:

• Address security vulnerabilities by updating npm dependencies to patched versions.

Enhancements:

• Upgrade Next.js, NextAuth, React, React DOM, Arcjet packages, and various UI/form libraries to newer minor or patch releases.
• Refresh TypeScript type packages, Playwright test runner, and Sass to more recent versions.

CI:

• Remove obsolete CircleCI configuration in favor of existing GitHub-based workflows.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
arcjet-example	Error		Feb 7, 2026 3:43am
arcjet-example-pvhg	Error		Feb 7, 2026 3:43am

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR consolidates several dependency upgrade and CI cleanup changes: it removes legacy CircleCI configuration, updates GitHub config, and bumps Next.js, NextAuth, Arcjet-related packages, React, form/validation libs, Playwright, Sass, and related type packages to newer minor/patch versions to address vulnerabilities and keep the stack current.

Flow diagram of dependency updates across the stack

flowchart TD
  A["Dependencies_before_PR"] --> B["Upgrade_Arcjet_and_related_SDKs\n@arcjet_decorate_1_0_0_beta_9_to_1_1_0\n@arcjet_env_1_0_0_beta_9_to_1_1_0\n@arcjet_ip_1_0_0_beta_9_to_1_1_0\n@arcjet_next_1_0_0_beta_9_to_1_1_0\n@nosecone_next_1_0_0_beta_9_to_1_1_0"]
  B --> C["Upgrade_UI_runtime_stack\nnext_16_0_10_to_16_1_6\nnext_auth_5_0_0_beta_29_to_5_0_0_beta_30\nreact_19_2_0_to_19_2_4\nreact_dom_19_1_0_to_19_2_4"]
  C --> D["Upgrade_form_and_validation\nreact_hook_form_7_60_0_to_7_71_1\n@hookform_resolvers_5_1_1_to_5_2_2\nzod_4_2_1_to_4_3_6"]
  D --> E["Upgrade_fonts_and_CSS\n@fontsource_variable_figtree_5_2_8_to_5_2_10\n@fontsource_ibm_plex_mono_5_2_6_to_5_2_7\n@oddbird_css_anchor_positioning_0_6_1_to_0_8_0"]
  E --> F["Upgrade_tooling_and_types\n@playwright_test_1_55_1_to_1_58_2\n@types_react_19_1_8_to_19_2_13\n@types_react_dom_19_1_6_to_19_2_3\nsass_1_89_2_to_1_97_3"]
  F --> G["Dependencies_after_PR_with_security_and_compatibility_updates"]

Loading

File-Level Changes

Change	Details	Files
Remove legacy CircleCI pipeline configuration in favor of GitHub-based workflows.	Delete the .circleci/config.yml file so CircleCI no longer runs for this repo Rely on existing or updated GitHub configuration for CI instead of CircleCI	.circleci/config.yml
Refresh the frontend build/runtime stack to newer Next/React and related versions.	Upgrade Next.js from 16.0.10 to 16.1.6 to pick up the latest fixes and features Upgrade React and ReactDOM to 19.2.4 and align their @types packages Bump next-auth and Next-related Arcjet packages (@arcjet/*, @nosecone/next) to 1.1.0 / latest betas Update react-hook-form, @hookform/resolvers, zod, and CSS/typography packages to newer minor/patch versions	package.json package-lock.json
Update test and tooling dependencies to recent versions and address security advisories.	Upgrade @playwright/test from 1.55.1 to 1.58.2 for E2E tests Bump Sass from 1.89.2 to 1.97.3 for styling builds Refresh lockfile (package-lock.json) so resolved versions match the updated dependency constraints and fix known vulnerabilities	package.json package-lock.json

Possibly linked issues

• [Snyk] Security upgrade @playwright/test from 1.54.1 to 1.55.1 #7: PR upgrades @playwright/test beyond the requested 1.55.1 version, effectively fulfilling the security upgrade issue.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[gemini-code-assist]

Summary of Changes

Hello @Dargon789, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request integrates a series of critical dependency updates and a vulnerability fix, ensuring the project utilizes the latest stable versions of its core libraries, including Next.js and NextAuth. Additionally, it refines the project's continuous integration configuration by removing outdated files and establishing a new config.yml.

Highlights

• Major Dependency Updates: Updated Next.js from version 16.0.10 to 16.1.6 and NextAuth from 5.0.0-beta.29 to 5.0.0-beta.30.
• Vulnerability Fixes: Addressed reported vulnerabilities by upgrading various packages in package.json and package-lock.json.
• Bulk Minor Dependency Upgrades: Performed a comprehensive update of 16 minor dependencies, including @arcjet/* packages, React, React Hook Form, Zod, Playwright, and several font-related packages.
• CI Configuration Changes: The .circleci directory was removed, and a new config.yml file was introduced and updated in the .github directory, streamlining the continuous integration setup.
• Node.js Engine Requirement Bump: Several @arcjet packages and nosecone now require Node.js version >=20.

Changelog

• package-lock.json
  • Updated numerous package versions, including @arcjet/*, next, next-auth, react, react-dom, react-hook-form, zod, @playwright/test, sass, and typescript.
  • Added @arcjet/body and baseline-browser-mapping dependencies.
  • Removed @fastify/busboy and undici entries.
  • Adjusted Node.js engine requirements for several @arcjet packages and nosecone to >=20.
  • Cleaned up peer and dev flags for various dependencies.
• package.json
  • Bumped next from 16.0.10 to 16.1.6.
  • Bumped next-auth from 5.0.0-beta.29 to 5.0.0-beta.30.
  • Updated @arcjet/decorate, @arcjet/env, @arcjet/ip, @arcjet/next, @nosecone/next from 1.0.0-beta.9 to 1.1.0.
  • Updated @fontsource-variable/figtree from 5.2.8 to 5.2.10.
  • Updated @fontsource/ibm-plex-mono from 5.2.6 to 5.2.7.
  • Updated @hookform/resolvers from 5.1.1 to 5.2.2.
  • Updated @oddbird/css-anchor-positioning from 0.6.1 to 0.8.0.
  • Updated react from 19.2.0 to 19.2.4.
  • Updated react-dom from 19.1.0 to 19.2.4.
  • Updated react-hook-form from 7.60.0 to 7.71.1.
  • Updated zod from 4.2.1 to 4.3.6.
  • Updated @playwright/test from 1.55.1 to 1.58.2.
  • Updated @types/react from 19.1.8 to 19.2.13.
  • Updated @types/react-dom from 19.1.6 to 19.2.3.
  • Updated sass from 1.89.2 to 1.97.3.
  • Updated typescript from 5.8.3 to 5.9.3.

Activity

• Multiple dependency updates were merged into this pull request.
• A vulnerability fix was applied by upgrading relevant packages.
• CI configuration files were modified, including the deletion of .circleci and creation/update of config.yml.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sourcery-ai]

Hey - I've left some high level feedback:

• Since this PR removes the .circleci configuration entirely, double-check that all equivalent workflows (build, test, deploy) are now covered in GitHub Actions or another CI system so you don’t silently lose checks.
• With the coordinated bump of Next, React, NextAuth, and multiple Arcjet packages, it would be helpful to briefly note in the PR description any required runtime/config changes or known behavioral differences you validated for these versions to aid future maintainers.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Since this PR removes the `.circleci` configuration entirely, double-check that all equivalent workflows (build, test, deploy) are now covered in GitHub Actions or another CI system so you don’t silently lose checks.
- With the coordinated bump of Next, React, NextAuth, and multiple Arcjet packages, it would be helpful to briefly note in the PR description any required runtime/config changes or known behavioral differences you validated for these versions to aid future maintainers.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[gemini-code-assist]

Code Review

This pull request consists of a significant dependency update, merging several smaller pull requests. These changes bring many packages up to their latest minor or patch versions, which is a good practice for security and maintenance. A key improvement is the resolution of a vulnerability by updating dependencies, which led to the removal of the undici package. The update also corrects a version mismatch between react and react-dom. My review includes a suggestion regarding the use of beta dependencies.

[gemini-code-assist]

While this PR updates next-auth to a newer beta version, it's important to be cautious when using beta software in a project. Beta versions are not guaranteed to be stable and may introduce breaking changes or bugs. Consider planning a migration to a stable version of next-auth once it becomes available to ensure long-term stability and support.