Skip to content

chore(deps): update dependency better-auth to v1.6.23#1847

Open
renovate[bot] wants to merge 1 commit into
devfrom
renovate/better-auth-monorepo
Open

chore(deps): update dependency better-auth to v1.6.23#1847
renovate[bot] wants to merge 1 commit into
devfrom
renovate/better-auth-monorepo

Conversation

@renovate

@renovate renovate Bot commented Jun 1, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
better-auth (source) 1.6.111.6.23 age adoption passing confidence

Release Notes

better-auth/better-auth (better-auth)

v1.6.23

Compare Source

Patch Changes

v1.6.22

Compare Source

Patch Changes
  • #​10239 c06a56d Thanks @​gustavovalverde! - Magic-link and email-OTP sign-in now reset the credentials on an account whose email had never been confirmed. When verification resolves to such an account, any existing password on it is removed and its sessions are revoked before the user is signed in, so proven control of the mailbox is the source of truth for the account.

    If you signed up with email and password but first signed in through a magic link or email OTP rather than confirming the verification email, your password is cleared and you will need to set a new one through password reset.

  • #​10240 3a035e9 Thanks @​gustavovalverde! - Add account-level lockout for two-factor verification. The attempt limit applies per account across sign-in challenges and across factors: TOTP, email-OTP, and backup codes share one counter, and a successful verification resets it.

    Enabled by default: an account locks for 15 minutes after 10 consecutive failed verifications, and locked attempts return 429 with the ACCOUNT_TEMPORARILY_LOCKED error code. Configure it with twoFactor({ accountLockout: { enabled, maxFailedAttempts, durationSeconds } }).

    Run a database migration after upgrading: this adds failedVerificationCount and lockedUntil columns to the twoFactor table.

  • Updated dependencies [8bd43d9]:

v1.6.21

Compare Source

Patch Changes
  • #​10212 e0762a1 Thanks @​bytaesu! - In root-mounted deployments, requests whose path does not start with the configured basePath now return 404 instead of resolving to an endpoint.

  • #​10187 882cf9e Thanks @​ping-maxwell! - Admin permission changes and bans now take effect immediately for admin APIs, even when session cookie cache is enabled. Sensitive session checks also continue to work in stateless apps where signed cookies are the session record.

  • #​9939 f52e1ab Thanks @​benpsnyder! - fixes a bug causing deviceAuthorization() throwing a ZodError at construction when called without a schema option

  • #​10196 b5bec19 Thanks @​Paola3stefania! - OAuth sign-up and account-link profile sync now ignore provider profile values for user fields marked input: false. Input-allowed additional fields still persist from mapProfileToUser, and schema defaults still apply when OAuth creates a user. Apps that used mapProfileToUser to fill input: false fields should set those fields in server-side provisioning code instead.

  • #​10197 816d7f9 Thanks @​Paola3stefania! - Google sign-in now accepts hd: "*" to allow any Google Workspace hosted domain while still rejecting tokens with no hosted-domain claim.

    Google One Tap now applies the configured Google hosted-domain restriction before creating a session.

  • #​10192 239bcc8 Thanks @​bytaesu! - Validate PayPal user info against the verified ID token subject during social sign-in.

  • #​10228 1bc370a Thanks @​gustavovalverde! - The SIWE plugin no longer binds a provided email that already belongs to another account. With anonymous set to false, /siwe/verify previously created the new account using that email even when it was already in use; it now keeps the wallet-derived address in that case, so one email cannot be attached to two accounts.

  • #​10198 570267c Thanks @​rachit367! - Honor disableMigration on plugin schema tables. Tables flagged with disableMigration: true are now skipped by better-auth generate (Drizzle and Prisma output) and by the runtime migrator, instead of being emitted and created anyway. The flag was previously dropped while assembling the table list, so it had no effect.

  • #​10182 461ca6f Thanks @​bytaesu! - Only store display username fallbacks as usernames when they pass username validation during email sign-up.

  • #​10183 88409b0 Thanks @​bytaesu! - Require OAuth proxy profile callbacks to match an issued OAuth state before creating sessions.

  • #​10203 5953157 Thanks @​bytaesu! - Rate limiting no longer trusts multi-hop X-Forwarded-For chains, preventing a client behind an appending proxy from spoofing the leftmost hop to bypass the per-IP rate limit. Single-value IP headers continue to work. To key the real client behind a proxy chain, set advanced.ipAddress.trustedProxies to your reverse-proxy IPs or CIDR ranges (the chain is walked right to left, skipping trusted hops), or point advanced.ipAddress.ipAddressHeaders at a single trusted client-IP header.

  • #​10191 b046f9e Thanks @​bytaesu! - Rate limit client requests before plugin request handlers run.

  • #​10210 ae647b4 Thanks @​gustavovalverde! - Two-factor verification now locks out after five wrong codes per sign-in challenge for TOTP and backup codes. Once the limit is reached the challenge is rejected with TOO_MANY_ATTEMPTS_REQUEST_NEW_CODE, and a new sign-in is required to try again.

    During a rolling deploy, two-factor challenges issued by the previous version may prompt the user to sign in again; this clears once the deploy completes.

  • Updated dependencies [90d509e, 816d7f9, 570267c, 5953157]:

v1.6.20

Compare Source

Patch Changes

v1.6.19

Compare Source

Patch Changes
  • #​10088 de4aa52 Thanks @​bytaesu! - Session and account cache cookies near the browser's per-cookie size limit (for example with a long cookiePrefix or many cached fields) are now split into chunks instead of being silently dropped by the browser. A cache too large to fit even when chunked is skipped with a warning rather than failing the request, so reads fall back to the database.

  • #​9995 b4b0266 Thanks @​ElGauchooooo! - The device authorization plugin now accepts an optional user_id when issuing a device code via /device/code, pre-binding the code to that user. Only the bound user can approve or deny the code, so a publicly visible user code can no longer be claimed by someone else.

  • #​10086 5bd5e1c Thanks @​gustavovalverde! - Refresh-token rotation and token revocation, two-factor backup-code regeneration, device-code claiming, and organization invitation acceptance now work on Prisma. Concurrent or repeat requests in these flows could previously return an error on Prisma instead of the expected result.

    On MongoDB servers older than 5.0, these flows and other guarded value updates (rate-limit window resets, API-key refills) no longer fail with an empty-update error.

    @better-auth/core: incrementOne now reports a clear error when called with no increment and no set.

  • #​9319 581f827 Thanks @​ping-maxwell! - fix(last-login-method): include domain when clearing cross-subdomain cookies

  • #​10067 8407885 Thanks @​bytaesu! - The oauth-popup plugin now ignores internal OAuth state fields passed through its additionalData parameter, so additionalData only ever carries your own custom values.

  • #​9555 c1a8a64 Thanks @​ChrisMGeo! - Fix invalid OpenAPI output for Better Auth callback, session, and passkey routes so client generators can consume the schema.

  • #​10071 635f190 Thanks @​gustavovalverde! - Auth clients exported from wrapper packages can now be emitted in TypeScript declaration builds without extra type annotations.

  • #​10070 a787e0b Thanks @​gustavovalverde! - Single-use verification flows no longer hang on database adapters that use a one-connection pool. This fixes magic-link verification and similar token checks in connection-limited serverless database setups.

  • #​9348 c2f718f Thanks @​ping-maxwell! - fix: cookie cache fallback lookup

  • #​8863 7d18175 Thanks @​ping-maxwell! - sendVerificationEmail was invoked via runInBackgroundOrAwait, which could defer work when advanced.backgroundTasks.handler is configured (so the handler could return 200 before the email callback finished) and, in the default path, caught and logged errors without rethrowing. User callbacks that throw APIError (e.g. 429 from a rate limiter) were therefore not reliably reflected in the HTTP response (better-auth/better-auth#8757).

    Now we await sendVerificationEmailFn so failures surface to the client with the correct status. The unauthenticated /send-verification-email path enforces a constant-time floor (500 ms) so that the response duration does not reveal whether the email belongs to a real unverified user.

  • Updated dependencies [0895993, 5bd5e1c, a787e0b]:

v1.6.18

Compare Source

Patch Changes

v1.6.17

Compare Source

Patch Changes
  • #​9993 baeaa00 Thanks @​gustavovalverde! - When a team had a single open slot, accepting an invitation into it was wrongly rejected as over the member limit and left a dangling membership record. Two invitations accepted into a nearly-full team at the same time could also push it past its limit. Both are fixed.

  • #​9482 3e99e6c Thanks @​bytaesu! - admin.setUserPassword now creates a credential account when the target user does not have one, matching the behavior of resetPassword. Previously the call returned status: true without doing anything for users without an existing credential account (e.g., social-only or magic-link signups), so admins migrating users from another auth system or assigning an initial password to a social-only user can now do so directly without poking the account table.

  • 96c78c3 Thanks @​GautamBytes! - Downgrade expected auth validation failures from error logs to warnings.

  • #​9993 baeaa00 Thanks @​gustavovalverde! - Captcha provider verification requests now time out after 10 seconds and fail closed, so a slow or unreachable captcha provider can no longer tie up a request indefinitely.

  • #​9993 baeaa00 Thanks @​gustavovalverde! - A delete-account confirmation link can no longer delete the account more than once when its callback is opened concurrently.

  • #​9991 0c3856f Thanks @​gustavovalverde! - Completing account deletion through /delete-user/callback now fails when the session has been revoked server-side, instead of proceeding within the cookie-cache window. Deployments that keep sessions only in the cookie are unaffected.

  • #​9993 baeaa00 Thanks @​gustavovalverde! - Polling for a device-authorization token can no longer redeem the same approved device code more than once when several polls arrive together.

  • #​9993 baeaa00 Thanks @​gustavovalverde! - Submitting the same email OTP from several requests at once can no longer sign in more than once or gain extra tries beyond the attempt limit.

  • #​10002 ed7b6c9 Thanks @​gustavovalverde! - Adding a member to a team that is already at its maximumMembersPerTeam limit is now rejected on every path. addMember with a teamId and add-team-member previously skipped the limit that invitation acceptance enforced, so they could push a team over its cap. A rejected addMember no longer creates the organization member.

  • #​9677 e0a768c Thanks @​GautamBytes! - Refactor role.authorize control flow while preserving existing authorization behavior.

  • #​9987 7343284 Thanks @​bytaesu! - Generic OAuth sign-in works again for providers whose userinfo response has no sub or id field when mapProfileToUser derives the account id. An empty id field now falls back to sub.

  • #​9991 0c3856f Thanks @​gustavovalverde! - getCookieCache now returns null for an expired session instead of the stale session data. Middleware that calls it to gate access no longer treats an expired signed cookie as a live session.

  • #​9993 baeaa00 Thanks @​gustavovalverde! - The Have I Been Pwned plugin now checks submitted passwords against the breach database on more password-setting endpoints by default, including the email-OTP and phone-number reset-password routes and the admin create-user and set-user-password routes. A breached password can no longer be set through those routes when the plugin is enabled with its default paths.

  • #​9987 7343284 Thanks @​bytaesu! - Preserve the fresh account cookie issued while switching users in the same browser instead of expiring it from stale request cookie state.

  • #​9991 0c3856f Thanks @​gustavovalverde! - Expired MCP access tokens are no longer accepted. A protected MCP resource now rejects a bearer token once it has expired, both on the server and through the remote client. A refresh token is accepted only when the original authorization included the offline_access scope.

  • #​9991 0c3856f Thanks @​gustavovalverde! - The multi-session set-active and revoke endpoints now act only on the session the caller holds a signed cookie for. A request could previously activate or revoke a different session by naming its token in the request body without holding that session's cookie.

  • #​9890 d9c526b Thanks @​bytaesu! - Add an experimental oauthPopup plugin (with oauthPopupClient and signIn.popup) for popup-based OAuth sign-in. It lets an app sign in inside a cross-site iframe by completing OAuth in a popup and handing the session token back to the opener, where the bearer plugin authenticates with it. The API may change while it is experimental.

  • #​9991 0c3856f Thanks @​gustavovalverde! - The OIDC provider's RP-initiated logout endpoint (/oauth2/endsession) no longer logs a user out, or revokes their OAuth tokens, in response to a cross-site GET that carries only a session cookie. Logout authenticated by a valid id_token_hint is unaffected.

  • #​10003 fdef997 Thanks @​gustavovalverde! - Google One Tap now requires a configured Google client ID and rejects the sign-in callback when none is set. A Google ID token issued for a different application is no longer accepted. Set the client ID on the oneTap plugin or on socialProviders.google.

  • #​9993 baeaa00 Thanks @​gustavovalverde! - A one-time token can no longer be redeemed for a session more than once when redeemed concurrently.

  • #​9993 baeaa00 Thanks @​gustavovalverde! - A password reset token can no longer change the password more than once when used from several requests at the same time.

  • #​9993 baeaa00 Thanks @​gustavovalverde! - Submitting the same phone-number OTP from several requests at once can no longer sign in more than once or gain extra tries beyond the attempt limit.

  • #​9993 baeaa00 Thanks @​gustavovalverde! - Concurrent requests can no longer slip past the configured rate limit. The in-memory rate-limit store no longer grows without bound, and the database backend removes expired entries on its own. A custom rate-limit storage may implement a new optional consume method for strict enforcement; without it, the previous behavior is kept and a one-time warning is logged.

  • #​9987 7343284 Thanks @​bytaesu! - Deleting a team no longer breaks its pending invitations. The removed team is dropped from those invitations, which stay valid for their remaining teams or as plain organization-level invitations. Accepting an invitation that still references a missing team fails without consuming the invitation.

  • #​9993 baeaa00 Thanks @​gustavovalverde! - Add internalAdapter.reserveVerificationValue. It atomically records a single-use marker (such as a replay tombstone) so that exactly one of several concurrent callers succeeds and the rest observe that the marker is already taken. Database-backed verification storage is atomic; secondary-storage-only verification is best-effort.

  • #​8760 8960f5f Thanks @​gustavovalverde! - Session refreshes now avoid duplicate /get-session requests from focus and other browser session events. Client hooks keep stable data references when refetches return unchanged data, reducing unnecessary renders. Unmounting during an in-flight session request no longer leaves session state stuck in a loading state.

  • #​9993 baeaa00 Thanks @​gustavovalverde! - A Sign-In with Ethereum nonce can no longer be used to sign in more than once when submitted from several requests at the same time.

  • #​9979 5c289b5 Thanks @​SferaDev! - Stateless OAuth deployments can now read account info, access tokens, and refresh tokens after different server instances handle sign-in and later requests. Session refresh also keeps the OAuth account cookie instead of clearing it in that case.

  • #​9990 1dbf5bb Thanks @​gustavovalverde! - Hardens how requests are trusted across several flows. Rate limiting is now enforced even when a client IP cannot be determined, instead of being skipped. When baseURL is not configured, password-reset and verification links use the current request's host rather than the host of the first request the server handled, and a request-scoped trustedOrigins callback no longer affects other concurrent requests. The OAuth proxy, Google One Tap, and the Expo authorization proxy reject redirect and callback targets that are not in trustedOrigins. Google reCAPTCHA and Cloudflare Turnstile accept optional expectedAction and allowedHostnames to reject tokens minted for a different action or hostname. Server-side fetches reject additional reserved IPv6 ranges, and malformed redirect parameters return a 400 instead of a 500.

  • #​9993 baeaa00 Thanks @​gustavovalverde! - An expired two-factor sign-in challenge can no longer complete login with a valid TOTP, OTP, or backup code, and the same challenge can no longer create more than one session when verified concurrently.

  • #​9993 baeaa00 Thanks @​gustavovalverde! - Submitting the same two-factor OTP from several requests at once can no longer sign in more than once or gain extra tries beyond the attempt limit.

  • #​9777 59e0ccb Thanks @​GautamBytes! - Client updateSession calls now accept inferred custom session fields from inferAdditionalFields.

  • #​9962 b803c61 Thanks @​Bekacru! - Validate roles when updating an organization member. Roles are now normalized into individual tokens and checked against the configured static and dynamic roles, so unknown or malformed role values are rejected instead of being persisted.

  • Updated dependencies [baeaa00, baeaa00, baeaa00, 7343284, baeaa00, baeaa00, fdef997, baeaa00, baeaa00, fdef997, baeaa00, 1dbf5bb, fdef997]:

v1.6.16

Compare Source

Patch Changes
  • #​9974 cb1cbfa Thanks @​Bekacru! - Guard protected user fields in the admin plugin behind their dedicated permissions. /admin/create-user now requires user:set-role when a role is supplied (top-level or via data.role), validates requested roles against the configured roles, requires user:ban for ban fields passed in data, and no longer lets data override email, name, or role. /admin/update-user now requires user:ban for banned/banReason/banExpires (revoking the user's sessions when banning and rejecting self-bans), requires the new user:set-email permission for email/emailVerified (with email validation, lowercasing, and uniqueness checks), and rejects password updates in favor of /admin/set-user-password. If you use a custom access control, add set-email to your statements and grant it (and ban) to roles that should be able to change those fields through update-user.

  • #​9974 cb1cbfa Thanks @​Bekacru! - Require a provider account id when signing in through generic OAuth. The default userinfo handler previously fell back to an empty string when the provider response had no sub (or id), and the callback never checked the resolved account id. With certain non-OIDC providers that omit sub, accounts could be stored under the same empty id and a later sign-in could resolve to an existing account. The generic OAuth callback now rejects sign-in when no account id can be resolved, the default userinfo handler returns no profile when neither sub nor id is present, and the built-in OAuth callback also rejects an empty account id.

  • #​9974 cb1cbfa Thanks @​Bekacru! - Scope organization invitation team IDs to the invited organization. createInvitation now validates that every requested teamId belongs to the invitation's organization regardless of whether teams.maximumMembersPerTeam is set, and acceptInvitation re-checks each stored team's organization before adding team membership. Previously, with the default unlimited team size, a team ID from another organization could be stored on an invitation and applied on acceptance.

  • #​9973 87e7aa5 Thanks @​gustavovalverde! - Email sign-in and sign-up now validate the Origin or Referer header against trustedOrigins even when the request carries no cookies. Requests that send no Origin/Referer header and no Fetch Metadata (such as curl or server-to-server clients) are unaffected. A non-browser client that sends an untrusted Origin/Referer without cookies now receives a 403 and must add that origin to trustedOrigins.

  • #​9974 cb1cbfa Thanks @​Bekacru! - Require /refresh-token to only trust the account cookie when its userId, providerId and (when supplied) accountId match the resolved session user.

  • #​9967 893cf6c Thanks @​gustavovalverde! - Deleting a session now immediately stops /update-session and the account token endpoints (/get-access-token, /refresh-token, /account-info) from accepting it, when cookie cache is enabled alongside a database or secondary storage. Before, these routes kept serving the deleted session from the cached cookie until the cache expired. Deployments that store the session only in the cookie are unaffected.

  • #​9974 cb1cbfa Thanks @​Bekacru! - Bind the SIWE signed message to server state before creating a session. Previously /siwe/verify only checked that a nonce row existed for the wallet address and then delegated entirely to verifyMessage. Since the documented verifyMessage (viem) performs signature recovery only — without inspecting the message body — a signature the wallet produced for a different message (an earlier nonce, another domain, or arbitrary content) could also satisfy verification against a freshly minted nonce.

    The plugin now parses the ERC-4361 message itself and requires its nonce, domain, address, and chain ID to match the server-issued nonce and configured domain, and enforces the message's Expiration Time / Not Before bounds, before verifying the signature. message must now be a valid ERC-4361 message (which all standard SIWE clients produce); non-conforming or mismatched messages are rejected with a 401 (UNAUTHORIZED_SIWE_MESSAGE_MISMATCH, UNAUTHORIZED_SIWE_MESSAGE_EXPIRED, or UNAUTHORIZED_SIWE_MESSAGE_NOT_YET_VALID). verifyMessage implementations should continue to perform signature recovery only.

  • #​9974 cb1cbfa Thanks @​Bekacru! - Separate SSO provider ids from the account-linking provider namespace used for social/OAuth providers. Previously an SSO provider registered with an id matching a configured accountLinking.trustedProviders entry (e.g. google) was treated as a trusted provider and could implicitly link to an existing verified account with the same email.

    SSO registration now rejects provider ids that collide with a configured social provider, a trustedProviders entry, or a reserved built-in id. In addition, the OIDC and SAML callbacks no longer derive trust from a trustedProviders name match — SSO trust comes solely from verified domain ownership (domainVerified). handleOAuthUserInfo gains a trustProviderByName option (default true, preserving social-provider behavior) that the SSO plugin sets to false.

  • #​9965 5e49c56 Thanks @​gustavovalverde! - Passing activeOrganizationId, activeTeamId, or impersonatedBy to /update-session now returns a 400. Change these plugin-managed session fields through their dedicated endpoints instead, such as organization.setActive.

  • Updated dependencies [cb1cbfa, cb1cbfa, cb1cbfa, cb1cbfa, cb1cbfa, cb1cbfa]:

v1.6.15

Compare Source

Patch Changes
  • #​9875 1012b69 Thanks @​WilsonnnTan! - The admin plugin's unbanUser, setRole and adminUpdateUser endpoints used to call internalAdapter.updateUser without checking that the target user existed, so when the caller passed an unknown id the underlying database error (for example Prisma's P2025) bubbled up as a generic HTTP 500. those endpoints now mirror the existing guard in banUser: look the user up via findUserById, and throw a clean NOT_FOUND (USER_NOT_FOUND) when no row is returned. Closes #​9800.

  • #​9865 ad60333 Thanks @​ping-maxwell! - list-session endpoint now requires a fresh-age session check.

  • #​9811 0933c05 Thanks @​zeroknowledge0x! - Restore Kysely 0.28 and 0.29 compatibility for SQLite dialect introspection. The dialects now mirror Kysely's stable migration table names locally, avoiding strict ESM build failures in Turbopack without forcing consumers onto Kysely 0.29.

  • #​9919 b0ddfd3 Thanks @​gustavovalverde! - Run configured hooks through the whole OAuth sign-in flow

    hooks.before / hooks.after configured on the auth instance now run for the OAuth authorization that continues after a user signs in, selects an account, or consents. They were being skipped there.

    Headers or cookies a hooks.before sets before returning its own response are no longer dropped, and a hooks.after that throws an APIError no longer loses either its cookies or the error's headers.

  • Updated dependencies []:

v1.6.14

Compare Source

Patch Changes
  • #​9877 2d9781a Thanks @​gustavovalverde! - Restore the normal emailed-invitation flow while documenting the stricter verification posture for organization invitations.

    Client-side listUserInvitations now always requires a verified session email because it enumerates invitation IDs from session.user.email. The `requireEmailVe

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jun 1, 2026
@renovate renovate Bot force-pushed the renovate/better-auth-monorepo branch from 3916d9e to 2c5d79c Compare June 2, 2026 13:36
@renovate renovate Bot changed the title chore(deps): update dependency better-auth to v1.6.12 chore(deps): update dependency better-auth to v1.6.13 Jun 2, 2026
@renovate renovate Bot had a problem deploying to data-manager-ui/test June 2, 2026 13:36 Failure
@renovate renovate Bot changed the title chore(deps): update dependency better-auth to v1.6.13 chore(deps): update better-auth monorepo to v1.6.13 Jun 2, 2026
@renovate renovate Bot force-pushed the renovate/better-auth-monorepo branch from 2c5d79c to 6a67797 Compare June 4, 2026 22:04
@renovate renovate Bot changed the title chore(deps): update better-auth monorepo to v1.6.13 chore(deps): update better-auth monorepo to v1.6.14 Jun 4, 2026
@renovate renovate Bot force-pushed the renovate/better-auth-monorepo branch from 6a67797 to 621b8f1 Compare June 9, 2026 21:59
@renovate renovate Bot changed the title chore(deps): update better-auth monorepo to v1.6.14 chore(deps): update better-auth monorepo to v1.6.15 Jun 9, 2026
@renovate renovate Bot force-pushed the renovate/better-auth-monorepo branch from 621b8f1 to 778ef25 Compare June 11, 2026 05:49
@renovate renovate Bot changed the title chore(deps): update better-auth monorepo to v1.6.15 chore(deps): update better-auth monorepo to v1.6.16 Jun 11, 2026
@renovate renovate Bot force-pushed the renovate/better-auth-monorepo branch from 778ef25 to fa0f05b Compare June 13, 2026 04:33
@renovate renovate Bot changed the title chore(deps): update better-auth monorepo to v1.6.16 chore(deps): update better-auth monorepo to v1.6.17 Jun 13, 2026
@renovate renovate Bot had a problem deploying to data-manager-ui/test June 13, 2026 04:33 Failure
@renovate renovate Bot force-pushed the renovate/better-auth-monorepo branch from fa0f05b to dc8f436 Compare June 13, 2026 20:37
@renovate renovate Bot changed the title chore(deps): update better-auth monorepo to v1.6.17 chore(deps): update better-auth monorepo to v1.6.18 Jun 13, 2026
@renovate renovate Bot had a problem deploying to data-manager-ui/test June 13, 2026 20:37 Failure
@renovate renovate Bot force-pushed the renovate/better-auth-monorepo branch from dc8f436 to c5e8a38 Compare June 17, 2026 02:49
@renovate renovate Bot changed the title chore(deps): update better-auth monorepo to v1.6.18 chore(deps): update better-auth monorepo to v1.6.19 Jun 17, 2026
@renovate renovate Bot force-pushed the renovate/better-auth-monorepo branch from c5e8a38 to cbfea1f Compare June 21, 2026 05:09
@renovate renovate Bot changed the title chore(deps): update better-auth monorepo to v1.6.19 chore(deps): update better-auth monorepo to v1.6.20 Jun 21, 2026
@renovate renovate Bot changed the title chore(deps): update better-auth monorepo to v1.6.20 chore(deps): update better-auth monorepo Jun 22, 2026
@renovate renovate Bot changed the title chore(deps): update better-auth monorepo chore(deps): update dependency better-auth to v1.6.20 Jun 25, 2026
@renovate renovate Bot force-pushed the renovate/better-auth-monorepo branch from cbfea1f to f808a65 Compare June 27, 2026 06:37
@renovate renovate Bot changed the title chore(deps): update dependency better-auth to v1.6.20 chore(deps): update dependency better-auth to v1.6.21 Jun 27, 2026
@renovate renovate Bot had a problem deploying to data-manager-ui/test June 27, 2026 06:37 Failure
@renovate renovate Bot force-pushed the renovate/better-auth-monorepo branch from f808a65 to 20f6741 Compare June 27, 2026 12:48
@renovate renovate Bot changed the title chore(deps): update dependency better-auth to v1.6.21 chore(deps): update dependency better-auth to v1.6.22 Jun 27, 2026
@renovate renovate Bot had a problem deploying to data-manager-ui/test June 27, 2026 12:48 Failure
@renovate renovate Bot force-pushed the renovate/better-auth-monorepo branch from 20f6741 to 34b37a5 Compare June 30, 2026 22:57
@renovate renovate Bot changed the title chore(deps): update dependency better-auth to v1.6.22 chore(deps): update dependency better-auth to v1.6.23 Jun 30, 2026
@renovate renovate Bot had a problem deploying to data-manager-ui/test June 30, 2026 22:57 Failure
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants