Skip to content

chore(deps): bump better-auth from 1.4.17 to 1.6.9#906

Merged
simple-agent-manager[bot] merged 2 commits intomainfrom
dependabot/npm_and_yarn/better-auth-1.6.9
May 6, 2026
Merged

chore(deps): bump better-auth from 1.4.17 to 1.6.9#906
simple-agent-manager[bot] merged 2 commits intomainfrom
dependabot/npm_and_yarn/better-auth-1.6.9

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 5, 2026
edited
Loading

Bumps better-auth from 1.4.17 to 1.6.9.

Release notes

Sourced from better-auth's releases.

v1.6.9

better-auth

Bug Fixes

  • Fixed instrumentation resolution in the adapter factory so edge and browser environments correctly use the pure variant (#9340)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​erquhart

Full changelog: v1.6.8...v1.6.9

v1.6.8

better-auth

Bug Fixes

  • Fixed mapProfileToUser fallback for OAuth providers that may omit email from their profile response (#9331)
  • Fixed support for passing id through beforeCreateTeam and beforeCreateInvitation hooks (#9253)

For detailed changes, see CHANGELOG

@better-auth/oauth-provider

Bug Fixes

  • Fixed authorization flows that do not include a state parameter (#9328)

For detailed changes, see CHANGELOG

@better-auth/passkey

Bug Fixes

  • Fixed incompatibility with TypeScript's exactOptionalPropertyTypes compiler option (#9270)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​baptisteArno, @​gustavovalverde, @​ping-maxwell

Full changelog: v1.6.7...v1.6.8

... (truncated)

Changelog

Sourced from better-auth's changelog.

1.6.9

Patch Changes

  • Updated dependencies [815ecf6]:
    • @​better-auth/core@​1.6.9
    • @​better-auth/drizzle-adapter@​1.6.9
    • @​better-auth/kysely-adapter@​1.6.9
    • @​better-auth/memory-adapter@​1.6.9
    • @​better-auth/mongo-adapter@​1.6.9
    • @​better-auth/prisma-adapter@​1.6.9
    • @​better-auth/telemetry@​1.6.9

1.6.8

Patch Changes

  • #9253 856ab24 Thanks @​baptisteArno! - fix(organization): allow passing id through beforeCreateTeam and beforeCreateInvitation

    Mirrors #4765 for teams and invitations: adapter.createTeam and adapter.createInvitation now pass forceAllowId: true, so ids returned from the respective hooks survive the DB insert.

  • #9331 9aa8e63 Thanks @​gustavovalverde! - fix(oauth): support mapProfileToUser fallback for providers that may omit email

    Social sign-in with OAuth providers that may return no email address (Discord phone-only accounts, Apple subsequent sign-ins, GitHub private emails, Facebook, LinkedIn, and Microsoft Entra ID managed users) can now be unblocked by synthesizing an email inside mapProfileToUser. Rejection logger messages now point at this workaround and at the new "Handling Providers Without Email" docs section.

    Provider profile types now reflect where email can be null or absent:

    • DiscordProfile.email is string | null and optional (absent when the email scope is not granted)
    • AppleProfile.email is optional
    • GithubProfile.email is string | null
    • FacebookProfile.email is optional
    • FacebookProfile.email_verified is optional (Meta's Graph API does not include this field)
    • LinkedInProfile.email is optional
    • LinkedInProfile.email_verified is optional
    • MicrosoftEntraIDProfile.email is optional

    TypeScript consumers who previously dereferenced profile.email directly inside mapProfileToUser will see a compile error that matches the runtime reality; use a nullish-coalescing fallback (profile.email ?? ...) or null-check the field.

    Sign-in still rejects with error=email_not_found (social callback) or error=email_is_missing (Generic OAuth plugin) when neither the provider nor mapProfileToUser produces an email. First-class support for users without an email, keyed on (providerId, accountId) per OpenID Connect Core §5.7, is tracked in #9124.

  • Updated dependencies [9aa8e63]:

    • @​better-auth/core@​1.6.8
    • @​better-auth/drizzle-adapter@​1.6.8
    • @​better-auth/kysely-adapter@​1.6.8
    • @​better-auth/memory-adapter@​1.6.8
    • @​better-auth/mongo-adapter@​1.6.8
    • @​better-auth/prisma-adapter@​1.6.8
    • @​better-auth/telemetry@​1.6.8

1.6.7

... (truncated)

Commits
  • f484269 chore: release v1.6.9 (#9341)
  • fef7dd6 chore: update readme (#9330)
  • b289ac6 chore: release v1.6.8 (#9316)
  • 9aa8e63 fix(oauth): support mapProfileToUser fallback for providers that may omit e...
  • 856ab24 fix(organization): allow passing id through beforeCreateTeam and `beforeCre...
  • f8076d1 chore: release v1.6.7 (#9289)
  • 4f373ee feat(social-providers): accept array of Client IDs for ID token audience (#9292)
  • e1b1cfc fix(oauth2): guard against undefined body when parsing state (#9293)
  • d053a45 fix(phone-number): call callbackOnVerification when updatePhoneNumber is enab...
  • 307196a fix(api): preserve response headers when APIError is thrown (#9211)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for better-auth since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 5, 2026
@dependabot
chore(deps): bump better-auth from 1.4.17 to 1.6.9
9ef4ce9 
Bumps [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth) from 1.4.17 to 1.6.9.
- [Release notes](https://github.com/better-auth/better-auth/releases)
- [Changelog](https://github.com/better-auth/better-auth/blob/main/packages/better-auth/CHANGELOG.md)
- [Commits](https://github.com/better-auth/better-auth/commits/better-auth@1.6.9/packages/better-auth)

---
updated-dependencies:
- dependency-name: better-auth
  dependency-version: 1.6.9
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/better-auth-1.6.9 branch from 28ed483 to 9ef4ce9 Compare May 6, 2026 02:07
@raphaeltm @claude
fix: add explicit type annotations for better-auth 1.6.x compatibility
953bd30 
The better-auth upgrade from 1.4.x to 1.6.x introduced new internal types
that TypeScript cannot infer portably (TS2742). Adding explicit ReturnType
annotations resolves the type check failures.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 6, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@simple-agent-manager simple-agent-manager Bot merged commit b2de0e5 into main May 6, 2026
17 of 19 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/better-auth-1.6.9 branch May 6, 2026 02:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@raphaeltm