chore(deps): bump @clerk/nextjs to 6.39.3 (GHSA-w24r-5266-9c3c)

[coderdan]

Summary

• Bumps `@clerk/nextjs` from `6.39.2` → `6.39.3` to patch GHSA-w24r-5266-9c3c (high): authorization bypass when combining organization, billing, or reverification checks.
• Closes Dependabot alert #105.

Changes

• `pnpm-workspace.yaml` security catalog: `@clerk/nextjs: 6.39.2` → `6.39.3`
• Surgical `pnpm-lock.yaml` edit: catalog block, importer ref, package def + integrity (sourced from `npm view`), snapshot key

The internal `@clerk/*` sub-deps (`types`, `shared`, `backend`, `clerk-react`) in our lockfile already satisfy 6.39.3's bumped peer ranges, so no cascading changes needed.

Test plan

• `pnpm install --frozen-lockfile` from clean `node_modules` validates.
• `@clerk/nextjs@6.39.3` confirmed installed.
• Watch CI on this PR.
• After merge, alert fix(nextjs, protect): update dependencies to address upstream vuln #105 auto-closes.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 67699e6

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Warning

Rate limit exceeded

@coderdan has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 14 minutes and 52 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3abe3349-fe41-4983-8368-477810555931

📥 Commits

Reviewing files that changed from the base of the PR and between b12fb1d and 67699e6.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• pnpm-workspace.yaml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dan/bump-clerk-nextjs-6.39.3

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}