security: Upgrade @clerk/nextjs to 6.39.2 (GHSA-vqx2-fgx2-5wq9)

[ulziibay-kernel]

Summary

• Upgrades @clerk/nextjs from 6.32.0 to 6.39.2 and transitively @clerk/shared from 3.25.0 to 3.47.4
• Addresses GHSA-vqx2-fgx2-5wq9 (CVSS 9.1 Critical): createRouteMatcher bypass via percent-encoded URLs and double-slash path manipulation

Risk assessment

This app uses the safe allowlist pattern (isPublicRoute early-return + fallthrough to auth.protect()), which is not actively exploitable per the advisory. Non-public routes always hit await auth.protect(). See:

• src/proxy.ts L14-L24

Upgrading as recommended by Clerk regardless of pattern.

Test plan

• Verify MCP server builds successfully
• Verify OAuth flows (/register, /authorize, /token) still work
• Verify /mcp routes require auth (JWT or API key)
• Verify select-org page requires Clerk auth

Made with Cursor

---

Note

Medium Risk
Updates a core auth dependency (@clerk/nextjs) and its transitive packages, which could affect route protection behavior despite being a targeted security bump. Added CI automation is low risk but will create/modify PRs on a schedule.

Overview
Security dependency update: Upgrades @clerk/nextjs from 6.32.0 to 6.39.2 (and updates transitive Clerk packages like @clerk/backend, @clerk/shared, @clerk/types, plus cookie resolution) via package.json and bun.lock, to remediate GHSA-vqx2-fgx2-5wq9 affecting createRouteMatcher.

Automation: Adds a scheduled/manual GitHub Actions workflow (.github/workflows/vuln-remediation.yml) that reuses kernel/security-workflows to open dependency remediation PRs (with Bun setup), and adds socket.yml configuration (version: 2).

^{Reviewed by Cursor Bugbot for commit ac024f1. Bugbot is set up for automated code reviews on this repo. Configure here.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
mcp	Ready	Preview, Comment	Apr 15, 2026 5:03pm

[firetiger-agent]

Firetiger deploy monitoring skipped

This PR didn't match the auto-monitor filter configured on your GitHub connection:

Any PR that changes the kernel API. Monitor changes to API endpoints (packages/api/cmd/api/) and Temporal workflows (packages/api/lib/temporal) in the kernel repo

Reason: PR upgrades a security dependency (@clerk/nextjs) but does not change kernel API endpoints (packages/api/cmd/api/) or Temporal workflows (packages/api/lib/temporal).

To monitor this PR anyway, reply with @firetiger monitor this.

[masnwilliams]

lgtm — reviewed incrementally:

1. middleware safety: confirmed allowlist pattern (isPublicRoute early-return + fallthrough to auth.protect()) is not exploitable by GHSA-vqx2-fgx2-5wq9. upgrade is defensive-only.
2. CI + socket.yml: standard centralized vuln remediation workflow, minimal permissions, correct bun setup.
3. dependency changes: lockfile resolution is correct — cookie deduplication, themes type pinning, no new deps added.

recommend exercising OAuth flows and /mcp auth paths before merge given the transitive version jumps across 5 clerk packages.