build(deps): bump @auth0/nextjs-auth0 from 3.6.0 to 4.13.1

[dependabot]

Bumps @auth0/nextjs-auth0 from 3.6.0 to 4.13.1.

Release notes

Sourced from @​auth0/nextjs-auth0's releases.

v4.13.1

Added

• docs: Add docs for silent authentication #2422 (tusharpandey13)

Fixed

• fix: broken next-16 app when basePath is used #2424 (nandan-bhat)

v4.13.0

Added

• feat: add support scopes parameter for connected accounts #2407 (guabu)
• Adding support for Next 16 #2405 (nandan-bhat)

Fixed

• fix: merge sessionChanges before finalizing session after refresh (#2401) #2414 (Clone of #2401 by wolfgangGoedel )
• fix: prevent OAuth parameter injection via returnTo (#2381) #2413 (Clone of #2381 by MegaManSec)

v4.12.1

Changed

• Remove TokenRequestCache when calling getAccessToken

v4.12.0

Added

• feat: Proxy handler support enabling My Account and My Org #2400 (tusharpandey13)

v4.11.2

Changed

• Remove TokenRequestCache when calling getAccessToken

v4.11.1

Fixed

• fix: DPoP nonce retry on auth code callback #2391 (tusharpandey13)
• fix: append intl headers in with-next-intl instead of overwrite #2386 (tusharpandey13)
• fix: make sure beforeSessionSaved hook gets the updated token after refresh #2387 (tusharpandey13)
• Fix updateSession and header overwrite issues #2330 (tusharpandey13)
• bugfix: Remove React dependency from server helpers to fix edge runtime bundling #2329 (tusharpandey13)

v4.11.0

📋 Changes

Added

• feat: Add DPoP (Demonstrating Proof-of-Possession) #2357 (tusharpandey13)
• feat: add support for connected accounts #2344 (guabu)
• Add support for access tokens with difference audiences (MRRT) #2333 (frederikprijck)

Fixed

• fix: ensure Connected Accounts use fetcher to properly use DPoP #2366 (frederikprijck)
• fix: ensure fetcher honors token_type #2365 (frederikprijck)
• fix: address typos in comments and examples #2347 (frederikprijck)

... (truncated)

Changelog

Sourced from @​auth0/nextjs-auth0's changelog.

v4.13.1 (2025-11-19)

Full Changelog

Added

• docs: Add docs for silent authentication #2422 (tusharpandey13)

Fixed

• fix: broken next-16 app when basePath is used #2424 (nandan-bhat)

v4.13.0 (2025-11-17)

Full Changelog

Added

• feat: add support scopes parameter for connected accounts #2407 (guabu)
• Adding support for Next 16 #2405 (nandan-bhat)

Fixed

• fix: merge sessionChanges before finalizing session after refresh (#2401) #2414 (Clone of #2401 by wolfgangGoedel )
• fix: prevent OAuth parameter injection via returnTo (#2381) #2413 (Clone of #2381 by MegaManSec)

v4.12.1 (2025-11-13)

Full Changelog

Changed

• Remove TokenRequestCache when calling getAccessToken

v4.12.0 (2025-11-07)

Full Changelog

Added

• feat: Proxy handler support enabling My Account and My Org #2400 (tusharpandey13)

v4.11.1 (2025-10-31)

Full Changelog

Fixed

• fix: DPoP nonce retry on auth code callback #2391 (tusharpandey13)
• fix: append intl headers in with-next-intl instead of overwrite #2386 (tusharpandey13)
• fix: make sure beforeSessionSaved hook gets the updated token after refresh #2387 (tusharpandey13)
• Fix updateSession and header overwrite issues #2330 (tusharpandey13)
• bugfix: Remove React dependency from server helpers to fix edge runtime bundling #2329 (tusharpandey13)

v4.11.0 (2025-10-18)

Full Changelog

Added

• feat: Add DPoP (Demonstrating Proof-of-Possession) #2357 (tusharpandey13)
• feat: add support for connected accounts #2344 (guabu)
• Add support for access tokens with difference audiences (MRRT) #2333 (frederikprijck)

... (truncated)

Commits

• b128e0d Release v4.13.1 (#2427)
• c850dbd fix: broken next-16 app when basePath is used (#2424)
• db481b0 Removed no-op code block
• b35be78 Adding 'i18' and 'trailingSlash' properties
• b284d7b Adding UT coverage to request.ts
• 2c28827 fix: Fixed broken next-16 app when basePath is used
• ea51d68 docs: Add docs for silent authentication (#2422)
• dd7764b docs: add docs for silent auth
• 08bf226 chore(deps-dev): bump typescript-eslint from 8.46.2 to 8.46.4 (#2420)
• 56d09a7 chore(deps-dev): bump msw from 2.11.3 to 2.12.2 (#2418)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[netlify]

❌ Deploy Preview for fxms-skylight failed. Why did it fail? →

Name	Link
🔨 Latest commit	17b781e
🔍 Latest deploy log	https://app.netlify.com/projects/fxms-skylight/deploys/691f13065a502f0009a39e77

[dependabot]

Superseded by #863.