feat: Web SDK update for version 25.1.0

[ChiragAgg5k]

This PR contains updates to the SDK for version 25.1.0.

What's Changed

• Added: Added setCookie() method to Client for forwarding incoming Cookie headers in server-side runtimes
• Added: Added Fusionauth, Keycloak, and Kick OAuth providers to OAuthProvider enum
• Updated: Updated X-Appwrite-Response-Format header to 1.9.4

[greptile-apps]

Greptile Summary

This PR bumps the Web SDK to version 25.1.0 with three new OAuth providers (Fusionauth, Keycloak, Kick), a new setCookie() helper for forwarding incoming Cookie headers in server-side runtimes, and a response-format header update to 1.9.4.

• src/client.ts: Adds setCookie(value: string), storing the value in this.headers['Cookie'] and this.config.cookie. The method is explicitly documented for server-side use, but the existing credentials: 'include' guard in prepareRequest is not updated to account for the new header, which could allow stray cookies from the runtime's cookie jar to be included alongside the forwarded one.
• src/enums/o-auth-provider.ts: Three new enum values inserted in alphabetical order.
• .github/workflows/publish.yml: Actions pinned to v6 with Node.js 24.14.1.

Confidence Score: 4/5

The PR is safe to merge; the only notable concern is the credentials: 'include' interaction with the new setCookie() method, which is unlikely to cause problems in typical server-side Node.js deployments but could behave unexpectedly in environments with a populated undici cookie jar.

The setCookie() method silently does nothing in browser environments (forbidden header) and leaves credentials: 'include' active in server-side environments, which could leak the runtime's cookie jar cookies alongside the explicitly forwarded ones. This is a non-blocking concern for the intended use case, but it is a real behavioral gap in the abstraction.

src/client.ts — specifically the interaction between the new setCookie() method and the credentials: 'include' logic in prepareRequest

Important Files Changed

Filename	Overview
src/client.ts	Adds setCookie() method for server-side cookie forwarding; credentials: 'include' is still applied when no dev key is set, which could cause unexpected interactions in certain server-side environments
src/enums/o-auth-provider.ts	Adds three new OAuth providers (Fusionauth, Keycloak, Kick) in correct alphabetical order
.github/workflows/publish.yml	Bumps actions/checkout and actions/setup-node to v6; also updates Node.js version to 24.14.1
src/services/account.ts	Updates JSDoc @param provider lists to include the three new OAuth providers
package.json	Version bumped from 25.0.0 to 25.1.0
CHANGELOG.md	Adds 25.1.0 changelog entry describing new features

_{Reviews (1): Last reviewed commit: "chore: update Web SDK to 25.1.0" | Re-trigger Greptile}

[greptile-apps]

credentials: 'include' not suppressed when Cookie is set

When setCookie() is called without also calling setDevKey(), prepareRequest still applies credentials: 'include' because the guard only checks for X-Appwrite-Dev-Key. In browser environments the Cookie header is a forbidden header and will be silently dropped by the Fetch API, meaning the method has no effect there. In Node.js environments the explicit Cookie header works correctly, but if the runtime has a non-empty undici cookie jar, those cookies could be included alongside the manually forwarded ones — which is the opposite of the isolation this method implies. Consider extending the credentials guard to also suppress the flag when a Cookie header is present.

[ChiragAgg5k]

Closing — changes not substantial enough to warrant a release.