Skip to content

chore(deps): bump the all-npm group across 1 directory with 2 updates#114

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-npm-658e60b564
Open

chore(deps): bump the all-npm group across 1 directory with 2 updates#114
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-npm-658e60b564

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the all-npm group with 2 updates in the / directory: @better-auth/oauth-provider and better-auth.

Updates @better-auth/oauth-provider from 1.6.14 to 1.6.15

Release notes

Sourced from @​better-auth/oauth-provider's releases.

v1.6.15

better-auth

Bug Fixes

  • Fixed the listSessions endpoint to properly enforce fresh-age session checks (#9865)
  • Fixed unbanUser, setRole, and adminUpdateUser to return USER_NOT_FOUND instead of a generic 500 when the target user does not exist (#9875)
  • Fixed Kysely migration constant import path to restore Kysely 0.28 and 0.29 compatibility (#9811)
  • Improved cookie regex character ranges for more accurate cookie parsing (#9879)

For detailed changes, see CHANGELOG

@better-auth/oauth-provider

Features

  • Added POST support to the /oauth2/userinfo endpoint, allowing the access token to be passed in the Authorization header (#9937)

Bug Fixes

  • Fixed hooks.before and hooks.after to run correctly when OAuth authorization resumes after sign-in, account selection, or consent (#9919)

For detailed changes, see CHANGELOG

@better-auth/kysely-adapter

Bug Fixes

  • Fixed Turbopack build failures by inlining migration table constants, also restoring compatibility with Kysely 0.28 and 0.29 (#9933)

For detailed changes, see CHANGELOG

@better-auth/passkey

Features

  • Added automatic resolution of authenticator names from AAGUID, exposing getAuthenticatorName(aaguid) and commonAuthenticatorNames so passkeys can display a friendly provider name like "1Password" or "Google Password Manager" (#9927)

For detailed changes, see CHANGELOG

@better-auth/sso

Bug Fixes

  • Fixed ERR_SUBJECT_UNCONFIRMED errors caused by clockSkew not being forwarded to samlify's ServiceProvider when validating SAML responses (#9748)

For detailed changes, see CHANGELOG

Contributors

... (truncated)

Changelog

Sourced from @​better-auth/oauth-provider's changelog.

1.6.15

Patch Changes

  • #9919 b0ddfd3 Thanks @​gustavovalverde! - Run configured hooks through the whole OAuth sign-in flow

    hooks.before / hooks.after configured on the auth instance now run for the OAuth authorization that continues after a user signs in, selects an account, or consents. They were being skipped there.

    Headers or cookies a hooks.before sets before returning its own response are no longer dropped, and a hooks.after that throws an APIError no longer loses either its cookies or the error's headers.

  • #9937 fe9600b Thanks @​gustavovalverde! - The UserInfo endpoint (/oauth2/userinfo) now accepts POST with the access token in the Authorization header, in addition to GET.

  • Updated dependencies [1012b69, ad60333, 0933c05, b0ddfd3]:

    • better-auth@1.6.15
    • @​better-auth/core@​1.6.15
Commits

Updates better-auth from 1.6.14 to 1.6.15

Release notes

Sourced from better-auth's releases.

v1.6.15

better-auth

Bug Fixes

  • Fixed the listSessions endpoint to properly enforce fresh-age session checks (#9865)
  • Fixed unbanUser, setRole, and adminUpdateUser to return USER_NOT_FOUND instead of a generic 500 when the target user does not exist (#9875)
  • Fixed Kysely migration constant import path to restore Kysely 0.28 and 0.29 compatibility (#9811)
  • Improved cookie regex character ranges for more accurate cookie parsing (#9879)

For detailed changes, see CHANGELOG

@better-auth/oauth-provider

Features

  • Added POST support to the /oauth2/userinfo endpoint, allowing the access token to be passed in the Authorization header (#9937)

Bug Fixes

  • Fixed hooks.before and hooks.after to run correctly when OAuth authorization resumes after sign-in, account selection, or consent (#9919)

For detailed changes, see CHANGELOG

@better-auth/kysely-adapter

Bug Fixes

  • Fixed Turbopack build failures by inlining migration table constants, also restoring compatibility with Kysely 0.28 and 0.29 (#9933)

For detailed changes, see CHANGELOG

@better-auth/passkey

Features

  • Added automatic resolution of authenticator names from AAGUID, exposing getAuthenticatorName(aaguid) and commonAuthenticatorNames so passkeys can display a friendly provider name like "1Password" or "Google Password Manager" (#9927)

For detailed changes, see CHANGELOG

@better-auth/sso

Bug Fixes

  • Fixed ERR_SUBJECT_UNCONFIRMED errors caused by clockSkew not being forwarded to samlify's ServiceProvider when validating SAML responses (#9748)

For detailed changes, see CHANGELOG

Contributors

... (truncated)

Changelog

Sourced from better-auth's changelog.

1.6.15

Patch Changes

  • #9875 1012b69 Thanks @​WilsonnnTan! - The admin plugin's unbanUser, setRole and adminUpdateUser endpoints used to call internalAdapter.updateUser without checking that the target user existed, so when the caller passed an unknown id the underlying database error (for example Prisma's P2025) bubbled up as a generic HTTP 500. those endpoints now mirror the existing guard in banUser: look the user up via findUserById, and throw a clean NOT_FOUND (USER_NOT_FOUND) when no row is returned. Closes #9800.

  • #9865 ad60333 Thanks @​ping-maxwell! - list-session endpoint now requires a fresh-age session check.

  • #9811 0933c05 Thanks @​zeroknowledge0x! - Restore Kysely 0.28 and 0.29 compatibility for SQLite dialect introspection. The dialects now mirror Kysely's stable migration table names locally, avoiding strict ESM build failures in Turbopack without forcing consumers onto Kysely 0.29.

  • #9919 b0ddfd3 Thanks @​gustavovalverde! - Run configured hooks through the whole OAuth sign-in flow

    hooks.before / hooks.after configured on the auth instance now run for the OAuth authorization that continues after a user signs in, selects an account, or consents. They were being skipped there.

    Headers or cookies a hooks.before sets before returning its own response are no longer dropped, and a hooks.after that throws an APIError no longer loses either its cookies or the error's headers.

  • Updated dependencies []:

    • @​better-auth/core@​1.6.15
    • @​better-auth/drizzle-adapter@​1.6.15
    • @​better-auth/kysely-adapter@​1.6.15
    • @​better-auth/memory-adapter@​1.6.15
    • @​better-auth/mongo-adapter@​1.6.15
    • @​better-auth/prisma-adapter@​1.6.15
    • @​better-auth/telemetry@​1.6.15
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 8, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 8, 2026
@dependabot
chore(deps): bump the all-npm group across 1 directory with 2 updates
6011eab 
Bumps the all-npm group with 2 updates in the / directory: [@better-auth/oauth-provider](https://github.com/better-auth/better-auth/tree/HEAD/packages/oauth-provider) and [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth).


Updates `@better-auth/oauth-provider` from 1.6.14 to 1.6.15
- [Release notes](https://github.com/better-auth/better-auth/releases)
- [Changelog](https://github.com/better-auth/better-auth/blob/main/packages/oauth-provider/CHANGELOG.md)
- [Commits](https://github.com/better-auth/better-auth/commits/@better-auth/oauth-provider@1.6.15/packages/oauth-provider)

Updates `better-auth` from 1.6.14 to 1.6.15
- [Release notes](https://github.com/better-auth/better-auth/releases)
- [Changelog](https://github.com/better-auth/better-auth/blob/main/packages/better-auth/CHANGELOG.md)
- [Commits](https://github.com/better-auth/better-auth/commits/better-auth@1.6.15/packages/better-auth)

---
updated-dependencies:
- dependency-name: "@better-auth/oauth-provider"
  dependency-version: 1.6.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-npm
- dependency-name: better-auth
  dependency-version: 1.6.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump the all-npm group with 2 updates chore(deps): bump the all-npm group across 1 directory with 2 updates Jun 10, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/all-npm-658e60b564 branch from 34b14cc to 6011eab Compare June 10, 2026 02:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@FrkAk FrkAk Awaiting requested review from FrkAk FrkAk is a code owner

@ulascanzorer ulascanzorer Awaiting requested review from ulascanzorer ulascanzorer is a code owner

@ZeyNor ZeyNor Awaiting requested review from ZeyNor ZeyNor is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants