chore(core, react): fix snyk medium vulnerabilities

[harishsundar-okta]

Summary

Fixes medium severity security vulnerabilities identified by Snyk across dependencies and
application code.

Why

The project had 49+ medium/low severity vulnerabilities including directory traversal, XSS,
prototype pollution, DoS, and missing security controls that could be exploited in production.

What

• Upgraded hono, @hono/node-server to patch directory traversal, XSS, prototype pollution, HTTP
  response splitting, and input validation issues
• Upgraded next to fix resource exhaustion, CSRF, and HTTP request smuggling
• Upgraded @auth0/nextjs-auth0 to fix incorrect authorization bypass
• Upgraded postcss to fix XSS vulnerability
• Upgraded diff to fix ReDoS vulnerability
• Upgraded vite to fix directory traversal
• Added rate limiting to docs-site/api/r.ts and docs-site/src/api/registry-middleware.ts
• Fixed format string injection in docs-site/api/r.ts
• Added type validation for query parameters in docs-site/api/r.ts
• Added secure; samesite=lax to sidebar cookie in docs-site/src/components/ui/sidebar.tsx
• Sanitized image URL with encodeURI() in image-preview-field.tsx

Packages

• packages/core
• packages/react

Testing

• 

Checklist

• Breaking change
• Requires docs update
• Backward compatible

Contributing

• I have read the Auth0 general contribution guidelines
• I have read the Auth0 Code of Conduct

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.41%. Comparing base (0aea0b1) to head (e798ef7).

Additional details and impacted files

@@           Coverage Diff            @@
##             main     #269    +/-   ##
========================================
  Coverage   89.41%   89.41%            
========================================
  Files         159      159            
  Lines       13334    13334            
  Branches     1828     1436   -392     
========================================
  Hits        11923    11923            
  Misses       1411     1411            

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🚀 Preview deployment

Branch: refs/pull/269/merge
Commit: 7f382f4

📝 Preview URL: https://auth0-universal-components-5x2huxyar-ui-components-217de888.vercel.app

---

Updated at 2026-05-14T19:12:48.193Z