- Update Next.js from 15.5.6 to 16.0.7 (fixes CVE-2025-66478)
- Migrate from next-auth v4 to Auth.js v5
- Update API route handlers to use new Auth.js v5 API
- Simplify auth configuration with new NextAuth export pattern
- Update TypeScript types for Auth.js v5 compatibility
- Fix all security vulnerabilities
