chore: update versions (#2888)

This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @nhost/hasura-auth-js@2.6.0

### Minor Changes

- 55d8bb5: feat: support custom headers in sign-up and deanonymize
requests

## @nhost/react@3.6.0

### Minor Changes

- 55d8bb5: feat: add `requestOptions` to `signUpEmailPassword` to allow
passing extra headers with the signup request

### Patch Changes

-   @nhost/nhost-js@3.1.10

## @nhost/apollo@7.1.7

### Patch Changes

-   @nhost/nhost-js@3.1.10

## @nhost/react-apollo@13.0.0

### Patch Changes

-   Updated dependencies [55d8bb5]
    -   @nhost/react@3.6.0
    -   @nhost/apollo@7.1.7

## @nhost/react-urql@10.0.0

### Patch Changes

-   Updated dependencies [55d8bb5]
    -   @nhost/react@3.6.0

## @nhost/nextjs@2.1.22

### Patch Changes

-   Updated dependencies [55d8bb5]
    -   @nhost/react@3.6.0

## @nhost/nhost-js@3.1.10

### Patch Changes

-   Updated dependencies [55d8bb5]
    -   @nhost/hasura-auth-js@2.6.0

## @nhost/vue@2.6.7

### Patch Changes

-   @nhost/nhost-js@3.1.10

## @nhost/dashboard@1.29.0

### Minor Changes

-   55d8bb5: feat: integrate turnstile for signup verification
-   2a2e54c: fix: update docs url in run services form tooltip
- 18f942f: fix: display long error messages in error toast without
overflow

### Patch Changes

-   @nhost/react-apollo@13.0.0
-   @nhost/nextjs@2.1.22

## @nhost-examples/cli@0.3.12

### Patch Changes

-   @nhost/nhost-js@3.1.10

## @nhost-examples/codegen-react-apollo@0.4.13

### Patch Changes

-   Updated dependencies [55d8bb5]
    -   @nhost/react@3.6.0
    -   @nhost/react-apollo@13.0.0

## @nhost-examples/codegen-react-query@0.4.13

### Patch Changes

-   Updated dependencies [55d8bb5]
    -   @nhost/react@3.6.0

## @nhost-examples/codegen-react-urql@0.3.13

### Patch Changes

-   Updated dependencies [55d8bb5]
    -   @nhost/react@3.6.0
    -   @nhost/react-urql@10.0.0

## @nhost-examples/multi-tenant-one-to-many@2.2.13

### Patch Changes

-   @nhost/nhost-js@3.1.10

## @nhost-examples/nextjs@0.3.13

### Patch Changes

-   Updated dependencies [55d8bb5]
    -   @nhost/react@3.6.0
    -   @nhost/react-apollo@13.0.0
    -   @nhost/nextjs@2.1.22

## @nhost-examples/node-storage@0.2.12

### Patch Changes

-   @nhost/nhost-js@3.1.10

## @nhost-examples/nextjs-server-components@0.4.14

### Patch Changes

-   @nhost/nhost-js@3.1.10

## @nhost-examples/react-apollo@1.0.2

### Patch Changes

-   Updated dependencies [55d8bb5]
    -   @nhost/react@3.6.0
    -   @nhost/react-apollo@13.0.0

## @nhost-examples/react-gqty@1.2.13

### Patch Changes

-   Updated dependencies [55d8bb5]
    -   @nhost/react@3.6.0

## @nhost-examples/react-native@0.0.6

### Patch Changes

-   Updated dependencies [55d8bb5]
    -   @nhost/react@3.6.0
    -   @nhost/react-apollo@13.0.0

## @nhost-examples/vue-apollo@0.6.13

### Patch Changes

-   @nhost/nhost-js@3.1.10
-   @nhost/apollo@7.1.7
-   @nhost/vue@2.6.7

## @nhost-examples/vue-quickstart@0.2.13

### Patch Changes

-   @nhost/apollo@7.1.7
-   @nhost/vue@2.6.7

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

dashboard/.env.example

@@ -24,3 +24,4 @@ NEXT_PUBLIC_ZENDESK_USER_EMAIL=
 
 CODEGEN_GRAPHQL_URL=https://local.graphql.nhost.run/v1
 CODEGEN_HASURA_ADMIN_SECRET=nhost-admin-secret
+NEXT_PUBLIC_TURNSTILE_SITE_KEY=FIXME

dashboard/CHANGELOG.md

@@ -1,5 +1,26 @@
 # @nhost/dashboard
 
+## 1.29.0
+
+### Minor Changes
+
+- 55d8bb5: feat: integrate turnstile for signup verification
+- 2a2e54c: fix: update docs url in run services form tooltip
+- 18f942f: fix: display long error messages in error toast without overflow
+
+### Patch Changes
+
+- @nhost/react-apollo@13.0.0
+- @nhost/nextjs@2.1.22
+
+## 1.28.2
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+- Updated dependencies [52a38fe]
+  - @nhost/nextjs@2.1.21
+
 ## 1.28.1
 
 ### Patch Changes

dashboard/next-env.d.ts

@@ -2,4 +2,4 @@
 /// <reference types="next/image-types/global" />
 
 // NOTE: This file should not be edited
-// see https://nextjs.org/docs/basic-features/typescript for more information.
+// see https://nextjs.org/docs/pages/building-your-application/configuring/typescript for more information.

dashboard/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/dashboard",
-  "version": "1.28.1",
+  "version": "1.29.0",
   "private": true,
   "scripts": {
     "preinstall": "npx only-allow pnpm",
@@ -35,6 +35,7 @@
     "@heroicons/react": "^1.0.6",
     "@hookform/resolvers": "^3.3.4",
     "@iarna/toml": "^2.2.5",
+    "@marsidev/react-turnstile": "^1.0.2",
     "@mui/base": "5.0.0-beta.31",
     "@mui/material": "^5.15.14",
     "@mui/system": "^5.15.14",
@@ -65,7 +66,7 @@
     "graphql-ws": "^5.16.0",
     "just-kebab-case": "^4.2.0",
     "lodash.debounce": "^4.0.8",
-    "next": "^14.1.4",
+    "next": "^14.2.10",
     "next-seo": "^6.5.0",
     "node-pg-format": "^1.3.5",
     "pluralize": "^8.0.0",
@@ -165,7 +166,7 @@
     "tailwindcss": "^3.4.3",
     "ts-node": "^10.9.2",
     "tsconfig-paths-webpack-plugin": "^4.1.0",
-    "vite": "^5.2.7",
+    "vite": "^5.4.6",
     "vite-tsconfig-paths": "^4.3.2",
     "vitest": "^0.32.4"
   },

dashboard/src/components/ui/v2/ErrorToast/ErrorToast.tsx

@@ -112,18 +112,24 @@ export default function ErrorToast({
             bounce: 0.1,
           }}
         >
-          <div className="flex w-full flex-row items-center justify-between space-x-4">
+          <div className="flex w-full flex-row items-center justify-between gap-4">
-            <button onClick={close} type="button" aria-label="Close">
+            <button
+              className="flex-shrink-0"
+              onClick={close}
+              type="button"
+              aria-label="Close"
+            >
               <XIcon className="h-4 w-4 text-white" />
             </button>
-            <span>
+            <span className="flex-grow overflow-hidden break-words">
               {msg ?? 'An unkown error has occured, please try again later!'}
             </span>
 
             <button
               type="button"
               onClick={() => setShowInfo(!showInfo)}
-              className="flex flex-row items-center justify-center space-x-2 text-white"
+              className="flex flex-shrink-0 flex-row items-center justify-center space-x-2 text-white"
+              aria-label="Show error details"
             >
               <span>Info</span>
               {showInfo ? (

dashboard/src/features/services/components/ServiceForm/components/ComputeFormSection/ComputeFormSection.tsx

@@ -70,7 +70,7 @@ export default function ComputeFormSection({
                 <a
                   target="_blank"
                   rel="noopener noreferrer"
-                  href="https://docs.nhost.io/run/resources"
+                  href="https://docs.nhost.io/guides/run/resources"
                   className="underline"
                 >
                   resources

dashboard/src/features/services/components/ServiceForm/components/ReplicasFormSection/ReplicasFormSection.tsx

@@ -35,7 +35,7 @@ export default function ReplicasFormSection() {
               <a
                 target="_blank"
                 rel="noopener noreferrer"
-                href="https://docs.nhost.io/run/resources"
+                href="https://docs.nhost.io/guides/run/resources"
                 className="underline"
               >
                 resources

dashboard/src/pages/signup.tsx

@@ -10,6 +10,7 @@ import { Text } from '@/components/ui/v2/Text';
 import { getToastStyleProps } from '@/utils/constants/settings';
 import { nhost } from '@/utils/nhost';
 import { yupResolver } from '@hookform/resolvers/yup';
+import { Turnstile } from '@marsidev/react-turnstile';
 import { styled } from '@mui/material';
 import { useSignUpEmailPassword } from '@nhost/nextjs';
 import { useRouter } from 'next/router';
@@ -39,6 +40,9 @@ export default function SignUpPage() {
   const [loading, setLoading] = useState(false);
   const router = useRouter();
 
+  // x-cf-turnstile-response
+  const [turnstileResponse, setTurnstileResponse] = useState(null);
+
   const form = useForm<SignUpFormValues>({
     reValidateMode: 'onSubmit',
     defaultValues: {
@@ -66,11 +70,27 @@ export default function SignUpPage() {
     password,
     displayName,
   }: SignUpFormValues) {
+    if (!turnstileResponse) {
+      toast.error(
+        'Please complete the signup verification challenge to continue.',
+        getToastStyleProps(),
+      );
+
+      return;
+    }
+
     try {
       const { needsEmailVerification } = await signUpEmailPassword(
         email,
         password,
-        { displayName },
+        {
+          displayName,
+        },
+        {
+          headers: {
+            'x-cf-turnstile-response': turnstileResponse,
+          },
+        },
       );
 
       if (needsEmailVerification) {
@@ -94,7 +114,7 @@ export default function SignUpPage() {
         Sign Up
       </Text>
 
-      <Box className="grid grid-flow-row gap-4 rounded-md border bg-transparent p-6 lg:p-12">
+      <Box className="grid grid-flow-row gap-4 p-6 bg-transparent border rounded-md lg:p-12">
         <Button
           variant="borderless"
           className="!bg-white !text-black hover:ring-2 hover:ring-white hover:ring-opacity-50 disabled:!text-black disabled:!text-opacity-60"
@@ -122,7 +142,7 @@ export default function SignUpPage() {
 
         <div className="relative py-2">
           <Text
-            className="absolute left-0 right-0 top-1/2 mx-auto w-12 -translate-y-1/2 bg-black px-2 text-center text-sm"
+            className="absolute left-0 right-0 w-12 px-2 mx-auto text-sm text-center -translate-y-1/2 bg-black top-1/2"
             color="disabled"
           >
             OR
@@ -172,6 +192,12 @@ export default function SignUpPage() {
               helperText={formState.errors.password?.message}
             />
 
+            <Turnstile
+              siteKey={process.env.NEXT_PUBLIC_TURNSTILE_SITE_KEY}
+              options={{ theme: 'dark', size: 'flexible' }}
+              onSuccess={setTurnstileResponse}
+            />
+
             <Button
               variant="outlined"
               color="secondary"
@@ -188,7 +214,7 @@ export default function SignUpPage() {
 
         <Divider className="!my-2" />
 
-        <Text color="secondary" className="text-center text-sm">
+        <Text color="secondary" className="text-sm text-center">
           By signing up, you agree to our{' '}
           <NavLink
             href="https://nhost.io/legal/terms-of-service"
@@ -212,7 +238,7 @@ export default function SignUpPage() {
         </Text>
       </Box>
 
-      <Text color="secondary" className="text-center text-base lg:text-lg">
+      <Text color="secondary" className="text-base text-center lg:text-lg">
         Already have an account?{' '}
         <NavLink href="/signin" color="white" className="font-medium">
           Sign In

docs/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @nhost/docs
 
+## 2.17.2
+
+### Patch Changes
+
+- 52a38fe: chore: added pg_ivm extension
+
 ## 2.17.1
 
 ### Patch Changes

docs/guides/database/extensions.mdx

@@ -159,6 +159,32 @@ DROP EXTENSION pg_hashids;
 
 - [GitHub](https://github.com/iCyberon/pg_hashids)
 
+## pg_ivm
+
+The pg_ivm module provides Incremental View Maintenance (IVM) feature for PostgreSQL.
+
+Incremental View Maintenance (IVM) is a way to make materialized views up-to-date in which only incremental changes are computed and applied on views rather than recomputing the contents from scratch as REFRESH MATERIALIZED VIEW does. IVM can update materialized views more efficiently than recomputation when only small parts of the view are changed.
+
+### Managing
+
+To install the extension you can create a migration with the following contents:
+
+```sql SQL
+SET ROLE postgres;
+CREATE EXTENSION pg_ivm;
+```
+
+To uninstall it, you can use the following migration:
+
+```sql SQL
+SET ROLE postgres;
+DROP EXTENSION pg_ivm;
+```
+
+### Resources
+
+- [GitHub](https://github.com/sraoss/pg_ivm)
+
 ## pg_squeeze
 
 PostgreSQL extension that removes unused space from a table and optionally sorts tuples according to particular index (as if CLUSTER command was executed concurrently with regular reads / writes). In fact we try to replace pg_repack extension.

docs/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/docs",
-  "version": "2.17.1",
+  "version": "2.17.2",
   "private": true,
   "scripts": {
     "start": "mintlify dev"

examples/cli/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @nhost-examples/cli
 
+## 0.3.12
+
+### Patch Changes
+
+- @nhost/nhost-js@3.1.10
+
 ## 0.3.11
 
 ### Patch Changes

examples/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/cli",
-  "version": "0.3.11",
+  "version": "0.3.12",
   "main": "src/index.mjs",
   "private": true,
   "scripts": {

examples/codegen-react-apollo/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @nhost-examples/codegen-react-apollo
 
+## 0.4.13
+
+### Patch Changes
+
+- Updated dependencies [55d8bb5]
+  - @nhost/react@3.6.0
+  - @nhost/react-apollo@13.0.0
+
+## 0.4.12
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
 ## 0.4.11
 
 ### Patch Changes

examples/codegen-react-apollo/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/codegen-react-apollo",
-  "version": "0.4.11",
+  "version": "0.4.13",
   "private": true,
   "scripts": {
     "codegen": "graphql-codegen",
@@ -36,6 +36,6 @@
     "postcss": "^8.4.38",
     "tailwindcss": "^3.4.3",
     "typescript": "^4.9.5",
-    "vite": "^5.2.7"
+    "vite": "^5.4.6"
   }
 }

examples/codegen-react-query/CHANGELOG.md

@@ -1,5 +1,18 @@
 # @nhost-examples/codegen-react-query
 
+## 0.4.13
+
+### Patch Changes
+
+- Updated dependencies [55d8bb5]
+  - @nhost/react@3.6.0
+
+## 0.4.12
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
 ## 0.4.11
 
 ### Patch Changes

examples/codegen-react-query/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/codegen-react-query",
-  "version": "0.4.11",
+  "version": "0.4.13",
   "private": true,
   "scripts": {
     "codegen": "graphql-codegen",
@@ -37,6 +37,6 @@
     "postcss": "^8.4.38",
     "tailwindcss": "^3.4.3",
     "typescript": "^4.9.5",
-    "vite": "^5.2.7"
+    "vite": "^5.4.6"
   }
 }

examples/codegen-react-urql/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @nhost-examples/react-urql
 
+## 0.3.13
+
+### Patch Changes
+
+- Updated dependencies [55d8bb5]
+  - @nhost/react@3.6.0
+  - @nhost/react-urql@10.0.0
+
+## 0.3.12
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
 ## 0.3.11
 
 ### Patch Changes

examples/codegen-react-urql/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@nhost-examples/codegen-react-urql",
   "private": true,
-  "version": "0.3.11",
+  "version": "0.3.13",
   "scripts": {
     "dev": "vite",
     "build": "tsc && vite build",
@@ -30,6 +30,6 @@
     "postcss": "^8.4.38",
     "tailwindcss": "^3.4.3",
     "typescript": "^4.9.5",
-    "vite": "^5.2.7"
+    "vite": "^5.4.6"
   }
 }

examples/multi-tenant-one-to-many/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @nhost-examples/multi-tenant-one-to-many
 
+## 2.2.13
+
+### Patch Changes
+
+- @nhost/nhost-js@3.1.10
+
+## 2.2.12
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
 ## 2.2.11
 
 ### Patch Changes

examples/multi-tenant-one-to-many/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@nhost-examples/multi-tenant-one-to-many",
   "private": true,
-  "version": "2.2.11",
+  "version": "2.2.13",
   "description": "",
   "main": "index.js",
   "scripts": {},

examples/nextjs/CHANGELOG.md

@@ -1,5 +1,22 @@
 # @nhost-examples/nextjs
 
+## 0.3.13
+
+### Patch Changes
+
+- Updated dependencies [55d8bb5]
+  - @nhost/react@3.6.0
+  - @nhost/react-apollo@13.0.0
+  - @nhost/nextjs@2.1.22
+
+## 0.3.12
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+- Updated dependencies [52a38fe]
+  - @nhost/nextjs@2.1.21
+
 ## 0.3.11
 
 ### Patch Changes

examples/nextjs/next-env.d.ts

@@ -2,4 +2,4 @@
 /// <reference types="next/image-types/global" />
 
 // NOTE: This file should not be edited
-// see https://nextjs.org/docs/basic-features/typescript for more information.
+// see https://nextjs.org/docs/pages/building-your-application/configuring/typescript for more information.

examples/nextjs/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/nextjs",
-  "version": "0.3.11",
+  "version": "0.3.13",
   "private": true,
   "scripts": {
     "dev": "next dev",
@@ -24,7 +24,7 @@
     "@nhost/react": "workspace:^",
     "@nhost/react-apollo": "workspace:^",
     "graphql": "16.8.1",
-    "next": "^14.1.4",
+    "next": "^14.2.10",
     "react": "18.2.0",
     "react-dom": "18.2.0",
     "react-icons": "^4.12.0"

examples/node-storage/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @nhost-examples/node-storage
 
+## 0.2.12
+
+### Patch Changes
+
+- @nhost/nhost-js@3.1.10
+
 ## 0.2.11
 
 ### Patch Changes

examples/node-storage/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/node-storage",
-  "version": "0.2.11",
+  "version": "0.2.12",
   "private": true,
   "description": "This is an example of how to use the Storage with Node.js",
   "main": "src/index.mjs",

examples/quickstarts/nextjs-server-components/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @nhost-examples/nextjs-server-components
 
+## 0.4.14
+
+### Patch Changes
+
+- @nhost/nhost-js@3.1.10
+
+## 0.4.13
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
 ## 0.4.12
 
 ### Patch Changes

examples/quickstarts/nextjs-server-components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/nextjs-server-components",
-  "version": "0.4.12",
+  "version": "0.4.14",
   "private": true,
   "scripts": {
     "dev": "next dev",
@@ -18,7 +18,7 @@
     "form-data": "^4.0.0",
     "graphql": "16.8.1",
     "js-cookie": "^3.0.5",
-    "next": "^14.1.4",
+    "next": "^14.2.10",
     "postcss": "^8.4.38",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",

examples/quickstarts/sveltekit/CHANGELOG.md

@@ -1,5 +1,10 @@
 ---
 
+## 0.4.1
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
 ## 0.4.0
 ### Minor Changes
 

examples/quickstarts/sveltekit/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/sveltekit",
-  "version": "0.4.0",
+  "version": "0.4.1",
   "private": true,
   "scripts": {
     "dev": "vite dev",
@@ -29,7 +29,7 @@
     "svelte-check": "^3.6.8",
     "tailwindcss": "^3.4.3",
     "typescript": "^5.4.3",
-    "vite": "^5.2.7",
+    "vite": "^5.4.6",
     "vitest": "^0.25.8"
   },
   "type": "module",

examples/react-apollo/CHANGELOG.md

@@ -1,5 +1,21 @@
 # @nhost-examples/react-apollo
 
+## 1.0.2
+
+### Patch Changes
+
+- Updated dependencies [55d8bb5]
+  - @nhost/react@3.6.0
+  - @nhost/react-apollo@13.0.0
+
+## 1.0.1
+
+### Patch Changes
+
+- 4d6b722: fix: add check for elevated permission before deleting a security key
+- 3dcbacf: fix: add elevated permission check before adding a security key
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
 ## 1.0.0
 
 ### Major Changes

examples/react-apollo/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/react-apollo",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "private": true,
   "type": "module",
   "scripts": {
@@ -32,8 +32,8 @@
     "next-themes": "^0.3.0",
     "prism-react-renderer": "^2.3.1",
     "react": "^18.2.0",
-    "react-dom": "^18.2.0",
     "react-code-block": "^1.0.0",
+    "react-dom": "^18.2.0",
     "react-dropzone": "^14.2.3",
     "react-hook-form": "^7.52.2",
     "react-router-dom": "^6.22.3",
@@ -62,6 +62,6 @@
     "totp-generator": "^0.0.13",
     "typescript": "^5.5.3",
     "typescript-eslint": "^8.0.0",
-    "vite": "^5.4.0"
+    "vite": "^5.4.6"
   }
 }

examples/react-apollo/src/components/profile/security-keys.tsx

@@ -6,7 +6,12 @@ import { Form, FormControl, FormField, FormItem, FormMessage } from '@/component
 import { Input } from '@/components/ui/input'
 import { ApolloError, gql, useMutation } from '@apollo/client'
 import { zodResolver } from '@hookform/resolvers/zod'
-import { useAddSecurityKey, useUserId } from '@nhost/react'
+import {
+  useAddSecurityKey,
+  useElevateSecurityKeyEmail,
+  useUserEmail,
+  useUserId
+} from '@nhost/react'
 import { useAuthQuery } from '@nhost/react-apollo'
 import { Fingerprint, Info, Plus, Trash } from 'lucide-react'
 import { useState } from 'react'
@@ -29,9 +34,11 @@ const addSecurityKeySchema = z.object({
 
 export default function SecurityKeys() {
   const userId = useUserId()
-  const [showAddSecurityKeyDialog, setShowAddSecurityDialog] = useState(false)
+  const email = useUserEmail()
   const { add } = useAddSecurityKey()
   const [keys, setKeys] = useState<SecurityKey[]>([])
+  const { elevated, elevateEmailSecurityKey } = useElevateSecurityKeyEmail()
+  const [showAddSecurityKeyDialog, setShowAddSecurityDialog] = useState(false)
 
   const { refetch: refetchSecurityKeys } = useAuthQuery<SecurityKeysQuery>(
     gql`
@@ -52,30 +59,6 @@ export default function SecurityKeys() {
     }
   )
 
-  const form = useForm<z.infer<typeof addSecurityKeySchema>>({
-    resolver: zodResolver(addSecurityKeySchema),
-    defaultValues: {
-      nickname: ''
-    }
-  })
-
-  const onSubmit = async (values: z.infer<typeof addSecurityKeySchema>) => {
-    const { nickname } = values
-    const { key, isError, error } = await add(nickname)
-
-    if (isError) {
-      toast.error(error?.message)
-    } else {
-      if (key) {
-        setKeys((previousKeys) => [...previousKeys, key])
-        setShowAddSecurityDialog(false)
-      }
-
-      form.reset()
-      await refetchSecurityKeys()
-    }
-  }
-
   const [removeKey] = useMutation<{
     deleteAuthUserSecurityKey?: {
       id: string
@@ -97,7 +80,58 @@ export default function SecurityKeys() {
     }
   )
 
+  const form = useForm<z.infer<typeof addSecurityKeySchema>>({
+    resolver: zodResolver(addSecurityKeySchema),
+    defaultValues: {
+      nickname: ''
+    }
+  })
+
+  const elevatePermission = async () => {
+    if (!elevated && keys.length > 0) {
+      try {
+        const { elevated } = await elevateEmailSecurityKey(email as string)
+
+        if (!elevated) {
+          throw new Error('Permissions were not elevated')
+        }
+        return true
+      } catch {
+        toast.error('Could not elevate permissions')
+        return false
+      }
+    }
+    return true // Return true if already elevated or no keys
+  }
+
+  const onSubmit = async (values: z.infer<typeof addSecurityKeySchema>) => {
+    const { nickname } = values
+
+    const permissionGranted = await elevatePermission()
+
+    if (!permissionGranted) {
+      return
+    }
+
+    const { key, isError, error } = await add(nickname)
+
+    if (isError) {
+      toast.error(error?.message)
+    } else if (key) {
+      setKeys((previousKeys) => [...previousKeys, key])
+      setShowAddSecurityDialog(false)
+      form.reset()
+      await refetchSecurityKeys()
+    }
+  }
+
   const handleDeleteSecurityKey = async (id: string) => {
+    const permissionGranted = await elevatePermission()
+
+    if (!permissionGranted) {
+      return
+    }
+
     try {
       await removeKey({ variables: { id } })
       await refetchSecurityKeys()

examples/react-gqty/CHANGELOG.md

@@ -1,5 +1,18 @@
 # @nhost-examples/react-gqty
 
+## 1.2.13
+
+### Patch Changes
+
+- Updated dependencies [55d8bb5]
+  - @nhost/react@3.6.0
+
+## 1.2.12
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
 ## 1.2.11
 
 ### Patch Changes

examples/react-gqty/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@nhost-examples/react-gqty",
   "private": true,
-  "version": "1.2.11",
+  "version": "1.2.13",
   "type": "module",
   "scripts": {
     "dev": "vite",
@@ -27,6 +27,6 @@
     "postcss": "^8.4.38",
     "tailwindcss": "^3.4.3",
     "typescript": "^4.9.5",
-    "vite": "^5.2.7"
+    "vite": "^5.4.6"
   }
 }

examples/react_native/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @nhost-examples/react-native
 
+## 0.0.6
+
+### Patch Changes
+
+- Updated dependencies [55d8bb5]
+  - @nhost/react@3.6.0
+  - @nhost/react-apollo@13.0.0
+
 ## 0.0.5
 
 ### Patch Changes

examples/react_native/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/react-native",
-  "version": "0.0.5",
+  "version": "0.0.6",
   "private": true,
   "scripts": {
     "android": "react-native run-android",

examples/vue-apollo/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @nhost-examples/vue-apollo
 
+## 0.6.13
+
+### Patch Changes
+
+- @nhost/nhost-js@3.1.10
+- @nhost/apollo@7.1.7
+- @nhost/vue@2.6.7
+
+## 0.6.12
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
 ## 0.6.11
 
 ### Patch Changes

examples/vue-apollo/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@nhost-examples/vue-apollo",
   "private": true,
-  "version": "0.6.11",
+  "version": "0.6.13",
   "scripts": {
     "dev": "vite",
     "build": "vite build",
@@ -37,7 +37,7 @@
     "@xstate/inspect": "^0.6.5",
     "sass": "1.32.0",
     "typescript": "4.9.4",
-    "vite": "^5.2.7",
+    "vite": "^5.4.6",
     "vue-tsc": "^0.38.9"
   },
   "eslintConfig": {

examples/vue-quickstart/CHANGELOG.md

@@ -1,5 +1,18 @@
 # @nhost-examples/vue-quickstart
 
+## 0.2.13
+
+### Patch Changes
+
+- @nhost/apollo@7.1.7
+- @nhost/vue@2.6.7
+
+## 0.2.12
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
 ## 0.2.11
 
 ### Patch Changes

examples/vue-quickstart/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/vue-quickstart",
-  "version": "0.2.11",
+  "version": "0.2.13",
   "private": true,
   "scripts": {
     "build": "vite build",
@@ -35,7 +35,7 @@
     "unocss": "^0.33.5",
     "unplugin-auto-import": "^0.17.5",
     "unplugin-vue-components": "^0.26.0",
-    "vite": "^5.2.7",
+    "vite": "^5.4.6",
     "vite-plugin-pages": "^0.28.0",
     "vue-tsc": "^0.38.9"
   }

integrations/apollo/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @nhost/apollo
 
+## 7.1.7
+
+### Patch Changes
+
+- @nhost/nhost-js@3.1.10
+
 ## 7.1.6
 
 ### Patch Changes

integrations/apollo/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/apollo",
-  "version": "7.1.6",
+  "version": "7.1.7",
   "description": "Nhost Apollo Client library",
   "license": "MIT",
   "keywords": [

integrations/react-apollo/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @nhost/react-apollo
 
+## 13.0.0
+
+### Patch Changes
+
+- Updated dependencies [55d8bb5]
+  - @nhost/react@3.6.0
+  - @nhost/apollo@7.1.7
+
 ## 12.0.6
 
 ### Patch Changes

integrations/react-apollo/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/react-apollo",
-  "version": "12.0.6",
+  "version": "13.0.0",
   "description": "Nhost React Apollo client",
   "license": "MIT",
   "keywords": [

integrations/react-urql/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @nhost/react-urql
 
+## 10.0.0
+
+### Patch Changes
+
+- Updated dependencies [55d8bb5]
+  - @nhost/react@3.6.0
+
 ## 9.0.6
 
 ### Patch Changes

integrations/react-urql/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/react-urql",
-  "version": "9.0.6",
+  "version": "10.0.0",
   "description": "Nhost React URQL client",
   "license": "MIT",
   "keywords": [

package.json

@@ -83,7 +83,7 @@
     "turbo": "1.11.3",
     "typedoc": "^0.22.18",
     "typescript": "4.9.5",
-    "vite": "^5.2.13",
+    "vite": "^5.4.6",
     "vite-plugin-dts": "^3.9.1",
     "vite-tsconfig-paths": "^4.3.2",
     "vitest": "^0.32.4"
@@ -156,7 +156,8 @@
       "react-dom": "18.2.0",
       "@graphiql/react": "^0.22.3",
       "send": "^0.19.0",
-      "dset": "^3.1.4"
+      "dset": "^3.1.4",
+      "rollup": "^4.22.4"
     }
   }
 }

packages/hasura-auth-js/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @nhost/hasura-auth-js
 
+## 2.6.0
+
+### Minor Changes
+
+- 55d8bb5: feat: support custom headers in sign-up and deanonymize requests
+
 ## 2.5.6
 
 ### Patch Changes

packages/hasura-auth-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/hasura-auth-js",
-  "version": "2.5.6",
+  "version": "2.6.0",
   "description": "Hasura-auth client",
   "license": "MIT",
   "keywords": [

packages/hasura-auth-js/src/machines/authentication/events.ts

@@ -1,6 +1,7 @@
 import type {
   NhostSession,
   PasswordlessOptions,
+  RequestOptions,
   SignUpOptions,
   SignUpSecurityKeyOptions
 } from '../../types'
@@ -23,7 +24,13 @@ export type AuthEvents =
       options?: PasswordlessOptions
     }
   | { type: 'PASSWORDLESS_SMS_OTP'; phoneNumber?: string; otp?: string }
-  | { type: 'SIGNUP_EMAIL_PASSWORD'; email?: string; password?: string; options?: SignUpOptions }
+  | {
+      type: 'SIGNUP_EMAIL_PASSWORD'
+      email?: string
+      password?: string
+      options?: SignUpOptions
+      requestOptions?: RequestOptions
+    }
   | { type: 'SIGNUP_SECURITY_KEY'; email?: string; options?: SignUpSecurityKeyOptions }
   | { type: 'SIGNOUT'; all?: boolean }
   | { type: 'SIGNIN_MFA_TOTP'; ticket?: string; otp?: string }

packages/hasura-auth-js/src/machines/authentication/machine.ts

@@ -34,6 +34,7 @@ import {
   PasswordlessSmsOtpResponse,
   PasswordlessSmsResponse,
   RefreshSessionResponse,
+  RequestOptions,
   SignInAnonymousResponse,
   SignInMfaTotpResponse,
   SignInPATResponse,
@@ -92,9 +93,10 @@ export const createAuthMachine = ({
   const postRequest = async <T = any, D = any>(
     url: string,
     data?: D,
-    token?: string | null
+    token?: string | null,
+    headers?: Record<string, string>
   ): Promise<T> => {
-    const result = await postFetch<T>(`${backendUrl}${url}`, data, token)
+    const result = await postFetch<T>(`${backendUrl}${url}`, data, token, headers)
 
     return result.data
   }
@@ -910,13 +912,14 @@ export const createAuthMachine = ({
 
           return signOutResponse
         },
-        signUpEmailPassword: async (context, { email, password, options }) => {
+        signUpEmailPassword: async (context, { email, password, options, requestOptions }) => {
           if (!isValidEmail(email)) {
             return Promise.reject<SignUpResponse>({ error: INVALID_EMAIL_ERROR })
           }
           if (!isValidPassword(password)) {
             return Promise.reject<SignUpResponse>({ error: INVALID_PASSWORD_ERROR })
           }
+
           if (context.user?.isAnonymous) {
             return postRequest<SignUpResponse>(
               '/user/deanonymize',
@@ -926,14 +929,20 @@ export const createAuthMachine = ({
                 password,
                 options: rewriteRedirectTo(clientUrl, options)
               },
-              context.accessToken.value
+              context.accessToken.value,
+              requestOptions?.headers
             )
           } else {
-            return postRequest<SignUpResponse>('/signup/email-password', {
+            return postRequest<SignUpResponse>(
-              email,
+              '/signup/email-password',
-              password,
+              {
-              options: rewriteRedirectTo(clientUrl, options)
+                email,
-            })
+                password,
+                options: rewriteRedirectTo(clientUrl, options)
+              },
+              null,
+              requestOptions?.headers
+            )
           }
         },
         signUpSecurityKey: async (_, { email, options }) => {

packages/hasura-auth-js/src/promises/signUpEmailPassword.ts

@@ -1,6 +1,6 @@
 import { USER_ALREADY_SIGNED_IN } from '../errors'
 import { AuthInterpreter } from '../machines'
-import { SignUpOptions } from '../types'
+import { RequestOptions, SignUpOptions } from '../types'
 
 import {
   AuthActionLoadingState,
@@ -20,13 +20,15 @@ export const signUpEmailPasswordPromise = (
   interpreter: AuthInterpreter,
   email: string,
   password: string,
-  options?: SignUpOptions
+  options?: SignUpOptions,
+  requestOptions?: RequestOptions
 ): Promise<SignUpEmailPasswordHandlerResult> =>
   new Promise<SignUpEmailPasswordHandlerResult>((resolve) => {
     const { changed, context } = interpreter.send('SIGNUP_EMAIL_PASSWORD', {
       email,
       password,
-      options
+      options,
+      requestOptions
     })
     if (!changed) {
       return resolve({

packages/hasura-auth-js/src/types/options.ts

@@ -57,3 +57,8 @@ export interface WorkOsOptions extends CommonProviderOptions {
   provider?: string
 }
 export interface ProviderOptions extends CommonProviderOptions, WorkOsOptions {}
+
+export interface RequestOptions {
+  // optional extra headers to be sent with request (ex: x-cf-turnstile-response)
+  headers?: Record<string, string>
+}

packages/hasura-auth-js/src/utils/fetch.ts

@@ -17,7 +17,11 @@ if (typeof EdgeRuntime !== 'string') {
 const fetchWrapper = async <T>(
   url: string,
   method: 'GET' | 'POST',
-  { token, body }: { token?: string | null; body?: any } = {}
+  {
+    token,
+    body,
+    extraHeaders
+  }: { token?: string | null; body?: any; extraHeaders?: HeadersInit } = {}
 ): Promise<FetcResponse<T>> => {
   const headers: HeadersInit = {
     'Content-Type': 'application/json',
@@ -26,9 +30,12 @@ const fetchWrapper = async <T>(
   if (token) {
     headers['Authorization'] = `Bearer ${token}`
   }
+
+  const mergedHeaders = { ...headers, ...extraHeaders }
+
   const options: RequestInit = {
     method,
-    headers
+    headers: mergedHeaders
   }
   if (body) {
     options.body = JSON.stringify(body)
@@ -59,8 +66,9 @@ const fetchWrapper = async <T>(
 export const postFetch = async <T>(
   url: string,
   body: any,
-  token?: string | null
+  token?: string | null,
-): Promise<FetcResponse<T>> => fetchWrapper<T>(url, 'POST', { token, body })
+  extraHeaders?: HeadersInit
+): Promise<FetcResponse<T>> => fetchWrapper<T>(url, 'POST', { token, body, extraHeaders })
 
 export const getFetch = <T>(url: string, token?: string | null): Promise<FetcResponse<T>> =>
   fetchWrapper<T>(url, 'GET', { token })

packages/nextjs/CHANGELOG.md

@@ -1,5 +1,18 @@
 # @nhost/nextjs
 
+## 2.1.22
+
+### Patch Changes
+
+- Updated dependencies [55d8bb5]
+  - @nhost/react@3.6.0
+
+## 2.1.21
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
 ## 2.1.20
 
 ### Patch Changes

packages/nextjs/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/nextjs",
-  "version": "2.1.20",
+  "version": "2.1.22",
   "description": "Nhost NextJS library",
   "license": "MIT",
   "keywords": [
@@ -78,7 +78,7 @@
   "devDependencies": {
     "@nhost/docgen": "workspace:*",
     "@types/js-cookie": "^3.0.6",
-    "next": "^14.1.4",
+    "next": "^14.2.10",
     "react": "^18.2.0",
     "react-dom": "^18.2.0"
   }

packages/nhost-js/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @nhost/nhost-js
 
+## 3.1.10
+
+### Patch Changes
+
+- Updated dependencies [55d8bb5]
+  - @nhost/hasura-auth-js@2.6.0
+
 ## 3.1.9
 
 ### Patch Changes

packages/nhost-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/nhost-js",
-  "version": "3.1.9",
+  "version": "3.1.10",
   "description": "Nhost JavaScript SDK",
   "license": "MIT",
   "keywords": [

packages/react/CHANGELOG.md

@@ -1,5 +1,15 @@
 # @nhost/react
 
+## 3.6.0
+
+### Minor Changes
+
+- 55d8bb5: feat: add `requestOptions` to `signUpEmailPassword` to allow passing extra headers with the signup request
+
+### Patch Changes
+
+- @nhost/nhost-js@3.1.10
+
 ## 3.5.6
 
 ### Patch Changes

packages/react/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/react",
-  "version": "3.5.6",
+  "version": "3.6.0",
   "description": "Nhost React library",
   "license": "MIT",
   "keywords": [

packages/react/src/useSignUpEmailPassword.ts

@@ -1,7 +1,8 @@
 import {
   signUpEmailPasswordPromise,
   SignUpEmailPasswordState,
-  SignUpOptions
+  SignUpOptions,
+  RequestOptions
 } from '@nhost/nhost-js'
 import { useSelector } from '@xstate/react'
 import { useAuthInterpreter } from './useAuthInterpreter'
@@ -12,7 +13,8 @@ interface SignUpEmailPasswordHandler {
   (
     email: string,
     password: string,
-    options?: SignUpOptions
+    options?: SignUpOptions,
+    requestOptions?: RequestOptions
   ): Promise<SignUpEmailPasswordHandlerResult>
 }
 
@@ -69,8 +71,9 @@ export const useSignUpEmailPassword: SignUpEmailPasswordHook = (options) => {
   const signUpEmailPassword: SignUpEmailPasswordHandler = (
     email,
     password,
-    valueOptions = options
+    valueOptions = options,
-  ) => signUpEmailPasswordPromise(service, email, password as string, valueOptions)
+    requestOptions
+  ) => signUpEmailPasswordPromise(service, email, password as string, valueOptions, requestOptions)
 
   const user = useSelector(
     service,

packages/vue/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @nhost/vue
 
+## 2.6.7
+
+### Patch Changes
+
+- @nhost/nhost-js@3.1.10
+
 ## 2.6.6
 
 ### Patch Changes

packages/vue/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/vue",
-  "version": "2.6.6",
+  "version": "2.6.7",
   "description": "Nhost Vue library",
   "license": "MIT",
   "keywords": [