2.23.0: Enforce Policies API for invitations and creating accounts; added WeakPassword handling; Fix dialog open/closed states (#439)

* chore: bump version to 2.22.1 and update dependencies

- Updated application version from 2.22.0 to 2.22.1 in package.json.
- Updated various dependencies including @marsidev/react-turnstile to 1.4.1, @stripe/react-stripe-js to 5.4.1, @stripe/stripe-js to 8.6.1, and react-hook-form to 7.70.0.
- Adjusted lucide-react version to be referenced from the catalog across multiple package.json files.
- Enhanced consistency in pnpm-lock.yaml and pnpm-workspace.yaml with updated package versions.

* chore: bump version to 2.23.0 and update dependencies

- Updated application version from 2.22.1 to 2.23.0 in package.json.
- Upgraded turbo dependency from 2.7.1 to 2.7.3 in package.json and pnpm-lock.yaml.
- Enhanced end-to-end testing documentation in AGENTS.md and CLAUDE.md with instructions for running tests.
- Updated AuthPageObject to use a new secret for user creation in auth.po.ts.
- Refactored team ownership transfer and member role update dialogs to close on success.
- Improved error handling for weak passwords in AuthErrorAlert component.
- Adjusted database schemas and tests to reflect changes in invitation policies and role management.

apps/web/supabase/tests/database/update-membership.test.sql

@@ -3,25 +3,42 @@ create extension "basejump-supabase_test_helpers" version '0.0.6';
 
 select no_plan();
 
-select makerkit.set_identifier('primary_owner', 'test@makerkit.dev');
-select makerkit.set_identifier('owner', 'owner@makerkit.dev');
-select makerkit.set_identifier('member', 'member@makerkit.dev');
-select makerkit.set_identifier('custom', 'custom@makerkit.dev');
+-- Create fresh test users
+select tests.create_supabase_user('update_test_owner', 'update-owner@test.com');
+select tests.create_supabase_user('update_test_member', 'update-member@test.com');
 
--- another user not in the team
-select tests.create_supabase_user('test', 'test@supabase.com');
+-- Authenticate as owner to create team account
+select makerkit.authenticate_as('update_test_owner');
 
-select makerkit.authenticate_as('member');
+-- Create a team account (owner is added automatically via trigger)
+insert into public.accounts (name, is_personal_account)
+values ('Update Test Team', false);
 
--- run an update query
-update public.accounts_memberships set account_role = 'owner' where user_id = auth.uid() and account_id = makerkit.get_account_id_by_slug('makerkit');
+-- Add member to the team with 'member' role using service_role
+set role service_role;
+
+insert into public.accounts_memberships (account_id, user_id, account_role)
+values (
+    (select id from public.accounts where name = 'Update Test Team'),
+    tests.get_supabase_uid('update_test_member'),
+    'member'
+);
+
+-- Authenticate as member
+select makerkit.authenticate_as('update_test_member');
+
+-- Member tries to update their own role to 'owner' - should fail silently
+update public.accounts_memberships
+set account_role = 'owner'
+where user_id = auth.uid()
+and account_id = (select id from public.accounts where name = 'Update Test Team');
 
 select row_eq(
-    $$ select account_role from public.accounts_memberships where user_id = auth.uid() and account_id = makerkit.get_account_id_by_slug('makerkit'); $$,
+    $$ select account_role from public.accounts_memberships where user_id = auth.uid() and account_id = (select id from public.accounts where name = 'Update Test Team'); $$,
     row('member'::varchar),
     'Updates fail silently to any field of the accounts_membership table'
 );
 
 select * from finish();
 
-rollback;
+rollback;