sandboxnu · dependabot · Mar 21, 2026 · Mar 23, 2026 · Mar 23, 2026
diff --git a/apps/web/next.config.js b/apps/web/next.config.js
@@ -4,7 +4,11 @@ import createJiti from "jiti";
 // Import env files to validate at build time. Use jiti so we can load .ts files in here.
 createJiti(fileURLToPath(import.meta.url))("./src/env");
 
-/** @type {import("next").NextConfig} */
+/**
+ * `eslint` is still supported at runtime but may be omitted from `NextConfig` typings in some Next
+ * releases; intersect so this file typechecks under `tsc` while keeping build behavior.
+ * @type {import("next").NextConfig & { eslint?: { ignoreDuringBuilds?: boolean } }}
+ */
 const config = {
   reactStrictMode: true,
 

diff --git a/apps/web/package.json b/apps/web/package.json
@@ -29,7 +29,7 @@
     "fuse.js": "^7.0.0",
     "geist": "^1.3.0",
     "lucide-react": "^0.436.0",
-    "next": "^14.2.35",
+    "next": "15.6.0-canary.61",
     "react": "catalog:react18",
     "react-dom": "catalog:react18",
     "react-hook-form": "^7.52.1",

diff --git a/apps/web/src/app/api/auth/[...nextauth]/route.ts b/apps/web/src/app/api/auth/[...nextauth]/route.ts
@@ -35,24 +35,25 @@ export const GET = async (
 ) => {
   // First step must be to correct the request URL.
   const req = rewriteRequestUrlInDevelopment(_req);
+  const cookieStore = await cookies();
 
   const nextauthAction = props.params.nextauth[0];
   const isExpoSignIn = req.nextUrl.searchParams.get("expo-redirect");
-  const isExpoCallback = cookies().get(EXPO_COOKIE_NAME);
+  const expoCallbackCookie = cookieStore.get(EXPO_COOKIE_NAME);
 
   if (nextauthAction === "signin" && !!isExpoSignIn) {
     // set a cookie we can read in the callback
     // to know to send the user back to expo
-    cookies().set({
+    cookieStore.set({
       name: EXPO_COOKIE_NAME,
       value: isExpoSignIn,
       maxAge: 60 * 10, // 10 min
       path: "/",
     });
   }
 
-  if (nextauthAction === "callback" && !!isExpoCallback) {
-    cookies().delete(EXPO_COOKIE_NAME);
+  if (nextauthAction === "callback" && !!expoCallbackCookie) {
+    cookieStore.delete(EXPO_COOKIE_NAME);
 
     // Run original handler, then extract the session token from the response
     // Send it back via a query param in the Expo deep link. The Expo app
@@ -69,7 +70,7 @@ export const GET = async (
           JSON.stringify(authResponse.headers.getSetCookie()),
       );
 
-    const url = new URL(isExpoCallback.value);
+    const url = new URL(expoCallbackCookie.value);
     url.searchParams.set("session_token", match);
     return NextResponse.redirect(url);
   }

diff --git a/apps/web/src/trpc/server.ts b/apps/web/src/trpc/server.ts
@@ -13,7 +13,11 @@ import { createQueryClient } from "./query-client";
  * handling a tRPC call from a React Server Component.
  */
 const createContext = cache(async () => {
-  const heads = new Headers(headers());
+  const incoming = await headers();
+  const heads = new Headers();
+  incoming.forEach((value, key) => {
+    heads.set(key, value);
+  });
   heads.set("x-trpc-source", "rsc");
 
   return createTRPCContext({

diff --git a/packages/auth/package.json b/packages/auth/package.json
@@ -22,7 +22,7 @@
     "@auth/drizzle-adapter": "^1.4.1",
     "@cooper/db": "workspace:*",
     "@t3-oss/env-nextjs": "^0.10.1",
-    "next": "^14.2.35",
+    "next": "15.6.0-canary.61",
     "next-auth": "5.0.0-beta.19",
     "react": "catalog:react18",
     "react-dom": "catalog:react18",