chore: update dependencies

[mfts]

Summary by CodeRabbit

• Chores
  • Updated multiple project dependencies to latest compatible versions for improved stability and compatibility.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
papermark	Error			Nov 10, 2025 1:03pm

[coderabbitai]

Walkthrough

Multiple dependency versions updated in package.json, including AWS SDK packages, Next.js/UI packages, Upstash, Vercel, Radix UI, React-related libraries, testing/dev tools, and assorted utilities. No code logic modifications; version bumps and patch-level adjustments only.

Changes

Cohort / File(s)	Change Summary
Dependency Updates package.json	Multiple dependency versions bumped across AWS SDK packages, Next.js/UI packages, Upstash, Vercel, Radix UI, React-related libraries, testing/dev tools, and various utilities. No code logic or control flow changes; patch-level version adjustments only.

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: update dependencies' directly and accurately summarizes the primary change—dependency version updates across multiple packages with no logic changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 02259a2 and a25491c.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (4)

package.json (4)

22-152: Verify all peer dependencies resolve and run full test suite.

The script confirmed package.json syntax is valid with no duplicate dependencies. However, the verification is incomplete—the script does not execute the full test suite or run npm install to validate peer dependency resolution. To fully address the review comment's requirements:

1. Run npm install to verify all peer dependencies resolve without conflicts
2. Execute the complete test suite to confirm no errors
3. Check for any deprecation warnings during installation

Without these steps, we cannot confirm that all package conflicts are resolved or that the full dependency graph is sound.

---

37-37: No action needed — versions are compatible.

The peer dependency for @next/[email protected] explicitly supports ^14.0.0 || ^15.0.0 || ^16.0.0-beta.0, which includes the pinned next@^14.2.33. No version mismatch exists.

---

87-87: No API breaking changes detected—upgrade is safe.

The codebase uses bcrypt.hash() and bcrypt.compare(), both of which remain unchanged between bcryptjs v2 and v3. Additionally, existing hashes continue to verify correctly; the default hash format change ($2a$ → $2b$) does not require rehashing. The import statement already uses ESM syntax, compatible with v3's default export. No literal hash string comparisons exist in the codebase that would break due to the prefix change.

---

23-27: No security vulnerabilities found—verification complete.

AWS SDK packages @aws-sdk/client-s3 and @aws-sdk/client-lambda at version 3.927.0 have no known CVEs or security vulnerabilities. Upstash packages ([email protected], [email protected], [email protected]) show no specific vulnerabilities at these versions. Vercel packages @vercel/edge-config and @vercel/functions have no published security advisories or CVEs in 2024–2025. All critical infrastructure dependencies at the specified versions are secure.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​radix-ui/​react-portal@​1.1.10
	@​radix-ui/​react-label@​2.1.7 ⏵ 2.1.8
	@​radix-ui/​react-separator@​1.1.7 ⏵ 1.1.8
	@​aws-sdk/​s3-request-presigner@​3.899.0 ⏵ 3.927.0			-32	+1
	@​radix-ui/​react-progress@​1.1.7 ⏵ 1.1.8
	@​radix-ui/​react-slot@​1.2.4
	@​radix-ui/​react-avatar@​1.1.10 ⏵ 1.1.11
	@​next/​third-parties@​15.5.4 ⏵ 16.0.1			+1	+1
	bcryptjs@​3.0.2 ⏵ 3.0.3				+7
	dub@​0.66.5 ⏵ 0.68.0				-7
	@​aws-sdk/​cloudfront-signer@​3.893.0 ⏵ 3.921.0				+3
	@​upstash/​qstash@​2.8.3 ⏵ 2.8.4	+1			+2
	@​aws-sdk/​client-s3@​3.899.0 ⏵ 3.927.0	+1			+1
	@​vercel/​edge-config@​1.4.0 ⏵ 1.4.3				+4
	@​upstash/​redis@​1.35.4 ⏵ 1.35.6	+1			+1
	@​upstash/​ratelimit@​2.0.6 ⏵ 2.0.7	+1		+1
	@​aws-sdk/​client-lambda@​3.899.0 ⏵ 3.927.0	+3			+4
	@​aws-sdk/​lib-storage@​3.900.0 ⏵ 3.927.0	+2		+16	+4
	@​vercel/​functions@​3.1.0 ⏵ 3.3.0	+2		+29	+3

View full report