chore(deps): update dependency better-auth to v1.4.19 #67

2026-02-23T23:05:24+07:00

Renovate-Clanker commented

2026-02-23 23:05:24 +07:00

This PR contains the following updates:

Package	Change	Age	Confidence
better-auth (source)	`1.4.18` → `1.4.19`

Release Notes

better-auth/better-auth (better-auth)

`v1.4.19`

Compare Source

🚀 Features

adapter:
- Improve select support - by @jslno in #7667 (4aae0)
oauth-provider:
- Add iss parameter to authorization responses (RFC 9207) - by @Paola3stefania in #7669 (766fc)
- Add configurable rate limiting for OAuth endpoints - by @Paola3stefania in #7666 (2410d)
- Enforce HTTPS for redirect URIs - by @Paola3stefania in #7670 (cf473)
phone-number:
- Support user additionalFields in signUpOnVerification flow - by @bytaesu and @himself65 in #7699 (f3080)

🐞 Bug Fixes

Skip sending email verification to already verified users without a session - by @bytaesu in #7712 (1667f)
Improve Headers detection with instanceof check and cross-realm fallback - by @bytaesu in #7651 (1dc6a)
Safely coerce date values from DB in OAuth provider plugin - by @himself65 in #7937 (f7074)
Correct error redirect URL construction - by @bytaesu in #7799 (61cc2)
Encode callbackURL in delete-user verification email - by @Paola3stefania in #8007 (fab61)
Add error handling for id token verification in Apple and Google providers - by @Paola3stefania in #8011 (90ffd)
access:
- Allow passing statements directly into newRole - by @jslno in #7687 (9312d)
adapter:
- Use getCurrentAdapter for user lookup to avoid transaction deadlock - by @sakamoto-wk in #7758 (327ee)
admin:
- Change list type from never[] to UserWithRole[] - by @LovelessCodes in #7701 (3c0c5)
- Apply listUsers filter when filterValue is defined - by @coderrshyam, @bytaesu and Taesu in #7827 (5f611)
- Optional chain user in hooks - by @jslno in #8026 (17407)
api-key:
- Error details not passed to response - by @ping-maxwell and @himself65 in #7692 (8fd94)
cli:
- Add .env.local to dotenv - by @himself65 in #7831 (e804e)
cookie:
- Relax cookie retrieval for getSessionCookie - by @jslno in #8008 (81f50)
custom-session:
- Use getSetCookie() to preserve individual Set-Cookie headers - by @thomaspeklak in #7879 (0f035)
db:
- Infer default value for required attr properly - by @jslno in #7996 (c44a8)
email-otp:
- Typo in OpenAPI response metadata - by @smsunarto and Claude Opus 4.5 in #7737 (defcb)
expo:
- Construct the new Request to avoid immutable headers error on Cloudflare Workers - by @bytaesu in #7774 (5e83e)
- Avoid a leading “; ” when constructing the first cookie - by @Laurin-Notemann in #7821 (3f5c1)
- Support wildcard trusted origins in deep link cookie injection - by @bytaesu in #8013 (7153e)
generic-oauth:
- Emit duplicate id warning - by @himself65 in #7779 (c682a)
microsoft:
- Add verifyIdToken support for Microsoft Entra ID provider - by @bytaesu in #7795 (80120)
oauth:
- Support case-insensitive email matching for social account linking - by @karuppusamy-d in #7812 (987f4)
oauth-provider:
- Return url instead of uri in continue and consent endpoints - by @bytaesu in #7811 (fb56f)
- Add missing oauthClient createdAt/updatedAt values - by @dvanmali in #7851 (16b11)
- Return "invalid_client" on encrypted secret verification failure - by @bytaesu in #8030 (358a8)
organization:
- Prevent deletion of roles assigned to members - by @bytaesu in #7736 (8d98b)
- Remove unreachable null check in acceptInvitation - by @Saurav3004, Taesu and @himself65 in #7825 (3f254)
passkey:
- Compute expirationTime per-request instead of at init - by @bytaesu in #7731 (763fd)
- Use deleteVerificationByIdentifier for secondary-storage cleanup - by @bytaesu in #7790 (6efdc)
sso:
- Add better-call peerDeps - by @bytaesu in #7676 (d323b)
- Allow custom organization roles in provisioning types - by @MuzzaiyyanHussain in #7722 (2803e)
- Resolve TXT record at verification subdomain instead of root domain - by @Paola3stefania in #7935 (87093)
- Correct IdentityProvider configuration in signInSSO - by @theNailz and Claude Opus 4.5 in #7708 (69ea7)
- Fix broken relay state redirect on SAML ACS route - by @rbayliss in #7781 (68b6b)
- Validate aud claim in OpenID Connect ID tokens - by @Paola3stefania in #7816 (3cd15)
- Harden SAML ACS error redirects and add regression test for #7777 - by @Paola3stefania in #7815 and #7777 (a6d8d)
stripe:
- Restore better-call peerDeps - by @bytaesu in #7675 (f63bf)
- Use correct stripeCustomerId on /subscription/cancel/callback endpoint - by @bytaesu in #8032 (15519)
- Clarify error when authorizeReference is missing - by @bytaesu in #7741 (91130)

View changes on GitHub

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [better-auth](https://better-auth.com) ([source](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth)) | [`1.4.18` → `1.4.19`](https://renovatebot.com/diffs/npm/better-auth/1.4.18/1.4.19) | ![age](https://developer.mend.io/api/mc/badges/age/npm/better-auth/1.4.19?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/better-auth/1.4.18/1.4.19?slim=true) | --- ### Release Notes <details> <summary>better-auth/better-auth (better-auth)</summary> ### [`v1.4.19`](https://github.com/better-auth/better-auth/releases/tag/v1.4.19) [Compare Source](https://github.com/better-auth/better-auth/compare/v1.4.18...v1.4.19) ##### 🚀 Features - **adapter**: - Improve `select` support - by [@jslno](https://github.com/jslno) in [#7667](https://github.com/better-auth/better-auth/issues/7667) [<samp>(4aae0)</samp>](https://github.com/better-auth/better-auth/commit/4aae092b6) - **oauth-provider**: - Add iss parameter to authorization responses (RFC 9207) - by [@Paola3stefania](https://github.com/Paola3stefania) in [#7669](https://github.com/better-auth/better-auth/issues/7669) [<samp>(766fc)</samp>](https://github.com/better-auth/better-auth/commit/766fcc8a2) - Add configurable rate limiting for OAuth endpoints - by [@Paola3stefania](https://github.com/Paola3stefania) in [#7666](https://github.com/better-auth/better-auth/issues/7666) [<samp>(2410d)</samp>](https://github.com/better-auth/better-auth/commit/2410d70ee) - Enforce HTTPS for redirect URIs - by [@Paola3stefania](https://github.com/Paola3stefania) in [#7670](https://github.com/better-auth/better-auth/issues/7670) [<samp>(cf473)</samp>](https://github.com/better-auth/better-auth/commit/cf473b2bb) - **phone-number**: - Support user additionalFields in `signUpOnVerification` flow - by [@bytaesu](https://github.com/bytaesu) and [@himself65](https://github.com/himself65) in [#7699](https://github.com/better-auth/better-auth/issues/7699) [<samp>(f3080)</samp>](https://github.com/better-auth/better-auth/commit/f308056ee) ##### 🐞 Bug Fixes - Skip sending email verification to already verified users without a session - by [@bytaesu](https://github.com/bytaesu) in [#7712](https://github.com/better-auth/better-auth/issues/7712) [<samp>(1667f)</samp>](https://github.com/better-auth/better-auth/commit/1667f4b01) - Improve Headers detection with instanceof check and cross-realm fallback - by [@bytaesu](https://github.com/bytaesu) in [#7651](https://github.com/better-auth/better-auth/issues/7651) [<samp>(1dc6a)</samp>](https://github.com/better-auth/better-auth/commit/1dc6a7fe2) - Safely coerce date values from DB in OAuth provider plugin - by [@himself65](https://github.com/himself65) in [#7937](https://github.com/better-auth/better-auth/issues/7937) [<samp>(f7074)</samp>](https://github.com/better-auth/better-auth/commit/f7074a340) - Correct error redirect URL construction - by [@bytaesu](https://github.com/bytaesu) in [#7799](https://github.com/better-auth/better-auth/issues/7799) [<samp>(61cc2)</samp>](https://github.com/better-auth/better-auth/commit/61cc2a525) - Encode callbackURL in delete-user verification email - by [@Paola3stefania](https://github.com/Paola3stefania) in [#8007](https://github.com/better-auth/better-auth/issues/8007) [<samp>(fab61)</samp>](https://github.com/better-auth/better-auth/commit/fab61af71) - Add error handling for id token verification in Apple and Google providers - by [@Paola3stefania](https://github.com/Paola3stefania) in [#8011](https://github.com/better-auth/better-auth/issues/8011) [<samp>(90ffd)</samp>](https://github.com/better-auth/better-auth/commit/90ffd2cff) - **access**: - Allow passing statements directly into `newRole` - by [@jslno](https://github.com/jslno) in [#7687](https://github.com/better-auth/better-auth/issues/7687) [<samp>(9312d)</samp>](https://github.com/better-auth/better-auth/commit/9312d9720) - **adapter**: - Use `getCurrentAdapter` for user lookup to avoid transaction deadlock - by [@sakamoto-wk](https://github.com/sakamoto-wk) in [#7758](https://github.com/better-auth/better-auth/issues/7758) [<samp>(327ee)</samp>](https://github.com/better-auth/better-auth/commit/327ee7141) - **admin**: - Change list type from `never[]` to `UserWithRole[]` - by [@LovelessCodes](https://github.com/LovelessCodes) in [#7701](https://github.com/better-auth/better-auth/issues/7701) [<samp>(3c0c5)</samp>](https://github.com/better-auth/better-auth/commit/3c0c5ad3f) - Apply listUsers filter when filterValue is defined - by [@coderrshyam](https://github.com/coderrshyam), [@bytaesu](https://github.com/bytaesu) and **Taesu** in [#7827](https://github.com/better-auth/better-auth/issues/7827) [<samp>(5f611)</samp>](https://github.com/better-auth/better-auth/commit/5f6112441) - Optional chain `user` in hooks - by [@jslno](https://github.com/jslno) in [#8026](https://github.com/better-auth/better-auth/issues/8026) [<samp>(17407)</samp>](https://github.com/better-auth/better-auth/commit/17407ba32) - **api-key**: - Error details not passed to response - by [@ping-maxwell](https://github.com/ping-maxwell) and [@himself65](https://github.com/himself65) in [#7692](https://github.com/better-auth/better-auth/issues/7692) [<samp>(8fd94)</samp>](https://github.com/better-auth/better-auth/commit/8fd94d3c8) - **cli**: - Add `.env.local` to dotenv - by [@himself65](https://github.com/himself65) in [#7831](https://github.com/better-auth/better-auth/issues/7831) [<samp>(e804e)</samp>](https://github.com/better-auth/better-auth/commit/e804ef1a6) - **cookie**: - Relax cookie retrieval for `getSessionCookie` - by [@jslno](https://github.com/jslno) in [#8008](https://github.com/better-auth/better-auth/issues/8008) [<samp>(81f50)</samp>](https://github.com/better-auth/better-auth/commit/81f507a92) - **custom-session**: - Use getSetCookie() to preserve individual Set-Cookie headers - by [@thomaspeklak](https://github.com/thomaspeklak) in [#7879](https://github.com/better-auth/better-auth/issues/7879) [<samp>(0f035)</samp>](https://github.com/better-auth/better-auth/commit/0f035e33e) - **db**: - Infer default value for `required` attr properly - by [@jslno](https://github.com/jslno) in [#7996](https://github.com/better-auth/better-auth/issues/7996) [<samp>(c44a8)</samp>](https://github.com/better-auth/better-auth/commit/c44a84ddc) - **email-otp**: - Typo in OpenAPI response metadata - by [@smsunarto](https://github.com/smsunarto) and **Claude Opus 4.5** in [#7737](https://github.com/better-auth/better-auth/issues/7737) [<samp>(defcb)</samp>](https://github.com/better-auth/better-auth/commit/defcb362f) - **expo**: - Construct the new Request to avoid immutable headers error on Cloudflare Workers - by [@bytaesu](https://github.com/bytaesu) in [#7774](https://github.com/better-auth/better-auth/issues/7774) [<samp>(5e83e)</samp>](https://github.com/better-auth/better-auth/commit/5e83ebc2f) - Avoid a leading “; ” when constructing the first cookie - by [@Laurin-Notemann](https://github.com/Laurin-Notemann) in [#7821](https://github.com/better-auth/better-auth/issues/7821) [<samp>(3f5c1)</samp>](https://github.com/better-auth/better-auth/commit/3f5c1a2c1) - Support wildcard trusted origins in deep link cookie injection - by [@bytaesu](https://github.com/bytaesu) in [#8013](https://github.com/better-auth/better-auth/issues/8013) [<samp>(7153e)</samp>](https://github.com/better-auth/better-auth/commit/7153e1b6d) - **generic-oauth**: - Emit duplicate id warning - by [@himself65](https://github.com/himself65) in [#7779](https://github.com/better-auth/better-auth/issues/7779) [<samp>(c682a)</samp>](https://github.com/better-auth/better-auth/commit/c682ac860) - **microsoft**: - Add `verifyIdToken` support for Microsoft Entra ID provider - by [@bytaesu](https://github.com/bytaesu) in [#7795](https://github.com/better-auth/better-auth/issues/7795) [<samp>(80120)</samp>](https://github.com/better-auth/better-auth/commit/80120ae67) - **oauth**: - Support case-insensitive email matching for social account linking - by [@karuppusamy-d](https://github.com/karuppusamy-d) in [#7812](https://github.com/better-auth/better-auth/issues/7812) [<samp>(987f4)</samp>](https://github.com/better-auth/better-auth/commit/987f4549d) - **oauth-provider**: - Return `url` instead of `uri` in continue and consent endpoints - by [@bytaesu](https://github.com/bytaesu) in [#7811](https://github.com/better-auth/better-auth/issues/7811) [<samp>(fb56f)</samp>](https://github.com/better-auth/better-auth/commit/fb56f8726) - Add missing oauthClient createdAt/updatedAt values - by [@dvanmali](https://github.com/dvanmali) in [#7851](https://github.com/better-auth/better-auth/issues/7851) [<samp>(16b11)</samp>](https://github.com/better-auth/better-auth/commit/16b11058b) - Return "invalid\_client" on encrypted secret verification failure - by [@bytaesu](https://github.com/bytaesu) in [#8030](https://github.com/better-auth/better-auth/issues/8030) [<samp>(358a8)</samp>](https://github.com/better-auth/better-auth/commit/358a8e380) - **organization**: - Prevent deletion of roles assigned to members - by [@bytaesu](https://github.com/bytaesu) in [#7736](https://github.com/better-auth/better-auth/issues/7736) [<samp>(8d98b)</samp>](https://github.com/better-auth/better-auth/commit/8d98bcc0f) - Remove unreachable null check in `acceptInvitation` - by [@Saurav3004](https://github.com/Saurav3004), **Taesu** and [@himself65](https://github.com/himself65) in [#7825](https://github.com/better-auth/better-auth/issues/7825) [<samp>(3f254)</samp>](https://github.com/better-auth/better-auth/commit/3f254979e) - **passkey**: - Compute expirationTime per-request instead of at init - by [@bytaesu](https://github.com/bytaesu) in [#7731](https://github.com/better-auth/better-auth/issues/7731) [<samp>(763fd)</samp>](https://github.com/better-auth/better-auth/commit/763fdedb4) - Use `deleteVerificationByIdentifier` for secondary-storage cleanup - by [@bytaesu](https://github.com/bytaesu) in [#7790](https://github.com/better-auth/better-auth/issues/7790) [<samp>(6efdc)</samp>](https://github.com/better-auth/better-auth/commit/6efdc3832) - **sso**: - Add `better-call` peerDeps - by [@bytaesu](https://github.com/bytaesu) in [#7676](https://github.com/better-auth/better-auth/issues/7676) [<samp>(d323b)</samp>](https://github.com/better-auth/better-auth/commit/d323b1a00) - Allow custom organization roles in provisioning types - by [@MuzzaiyyanHussain](https://github.com/MuzzaiyyanHussain) in [#7722](https://github.com/better-auth/better-auth/issues/7722) [<samp>(2803e)</samp>](https://github.com/better-auth/better-auth/commit/2803e1e8f) - Resolve TXT record at verification subdomain instead of root domain - by [@Paola3stefania](https://github.com/Paola3stefania) in [#7935](https://github.com/better-auth/better-auth/issues/7935) [<samp>(87093)</samp>](https://github.com/better-auth/better-auth/commit/87093e725) - Correct IdentityProvider configuration in signInSSO - by [@theNailz](https://github.com/theNailz) and **Claude Opus 4.5** in [#7708](https://github.com/better-auth/better-auth/issues/7708) [<samp>(69ea7)</samp>](https://github.com/better-auth/better-auth/commit/69ea7fcfe) - Fix broken relay state redirect on SAML ACS route - by [@rbayliss](https://github.com/rbayliss) in [#7781](https://github.com/better-auth/better-auth/issues/7781) [<samp>(68b6b)</samp>](https://github.com/better-auth/better-auth/commit/68b6b5d1a) - Validate aud claim in OpenID Connect ID tokens - by [@Paola3stefania](https://github.com/Paola3stefania) in [#7816](https://github.com/better-auth/better-auth/issues/7816) [<samp>(3cd15)</samp>](https://github.com/better-auth/better-auth/commit/3cd159589) - Harden SAML ACS error redirects and add regression test for [#7777](https://github.com/better-auth/better-auth/issues/7777) - by [@Paola3stefania](https://github.com/Paola3stefania) in [#7815](https://github.com/better-auth/better-auth/issues/7815) and [#7777](https://github.com/better-auth/better-auth/issues/7777) [<samp>(a6d8d)</samp>](https://github.com/better-auth/better-auth/commit/a6d8de488) - **stripe**: - Restore `better-call` peerDeps - by [@bytaesu](https://github.com/bytaesu) in [#7675](https://github.com/better-auth/better-auth/issues/7675) [<samp>(f63bf)</samp>](https://github.com/better-auth/better-auth/commit/f63bfad2e) - Use correct `stripeCustomerId` on `/subscription/cancel/callback` endpoint - by [@bytaesu](https://github.com/bytaesu) in [#8032](https://github.com/better-auth/better-auth/issues/8032) [<samp>(15519)</samp>](https://github.com/better-auth/better-auth/commit/155194992) - Clarify error when authorizeReference is missing - by [@bytaesu](https://github.com/bytaesu) in [#7741](https://github.com/better-auth/better-auth/issues/7741) [<samp>(91130)</samp>](https://github.com/better-auth/better-auth/commit/911300458) ##### [View changes on GitHub](https://github.com/better-auth/better-auth/compare/v1.4.18...v1.4.19) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

Renovate-Clanker added 1 commit 2026-02-23 23:05:25 +07:00

chore(deps): update dependency better-auth to v1.4.19 d7b275274a

Renovate-Clanker scheduled this pull request to auto merge when all checks succeed 2026-02-23 23:05:25 +07:00

Renovate-Clanker merged commit 27bf266e7a into main

2026-02-23 23:05:26 +07:00

Renovate-Clanker deleted branch renovate/all-dependencies

2026-02-23 23:05:26 +07:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: bagas/tunnel-please-frontend#67