Bump the dev-dependencies group across 1 directory with 12 updates by dependabot[bot] · Pull Request #17 · vcode-sh/better-auth-invitation-only

dependabot · 2026-05-04T13:42:44Z

Bumps the dev-dependencies group with 10 updates in the / directory:

Package	From	To
@biomejs/biome	`2.4.4`	`2.4.14`
@types/node	`25.3.3`	`25.6.0`
@vitest/coverage-v8	`4.0.18`	`4.1.5`
better-auth	`1.5.1`	`1.6.9`
better-sqlite3	`12.6.2`	`12.9.0`
happy-dom	`20.7.0`	`20.9.0`
lint-staged	`16.3.1`	`16.4.0`
mongodb	`7.1.0`	`7.2.0`
mongodb-memory-server	`11.0.1`	`11.1.0`
ultracite	`7.2.4`	`7.6.3`

Updates @biomejs/biome from 2.4.4 to 2.4.14

Release notes

Sourced from @biomejs/biome's releases.

Biome CLI v2.4.14

2.4.14

Patch Changes
#9393 491b171 Thanks @dyc3! - Added the nursery rule useTestHooksOnTop in the test domain. The rule flags lifecycle hooks (beforeEach, beforeAll, afterEach, afterAll) that appear after test cases in the same block, enforcing that hooks are defined before any test case.

#10157 eefc5ab Thanks @dyc3! - Fixed #7882: The HTML parser will now emit better diagnostics when it encounters a void element with a closing tag, such as <br></br>. Previously, the parser would emit multiple diagnostics with conflicting advice. Now it emits a single diagnostic that clearly states that void elements should not have closing tags.
#10054 0e9f569 Thanks @minseong0324! - noMisleadingReturnType no longer misses widening from concrete object types, class instances, object literals, tuples, functions, and regular expressions to : object.

A function annotated : object returning an object literal:
function f(): object {
  return { retry: true };
}
#10116 53269eb Thanks @jiwon79! - Fixed #6201: noUselessEscapeInRegex no longer flags an escaped backslash followed by - as a useless escape. Patterns like /[\\-]/ are now considered valid because the second \ is the escaped backslash, not an unnecessary escape of the trailing dash.
#10092 33d8543 Thanks @Conaclos! - Fixed #9097: organizeImports no longer adds a blank line between a never-matched group and a matched group.

Given the following organizeImports options:
{
  "groups": [":NODE:", ":BLANK_LINE:", ":PACKAGE:", ":BLANK_LINE:", ":PATH:"]
}
The following code...
// Comment
import "package";
import "./file.js";
...was organized as:
+
  // Comment
  import "package";
+
  import "./file.js";

... (truncated)

Changelog

Sourced from @biomejs/biome's changelog.

2.4.14

Patch Changes
#9393 491b171 Thanks @dyc3! - Added the nursery rule useTestHooksOnTop in the test domain. The rule flags lifecycle hooks (beforeEach, beforeAll, afterEach, afterAll) that appear after test cases in the same block, enforcing that hooks are defined before any test case.

#10157 eefc5ab Thanks @dyc3! - Fixed #7882: The HTML parser will now emit better diagnostics when it encounters a void element with a closing tag, such as <br></br>. Previously, the parser would emit multiple diagnostics with conflicting advice. Now it emits a single diagnostic that clearly states that void elements should not have closing tags.
#10054 0e9f569 Thanks @minseong0324! - noMisleadingReturnType no longer misses widening from concrete object types, class instances, object literals, tuples, functions, and regular expressions to : object.

A function annotated : object returning an object literal:
function f(): object {
  return { retry: true };
}
#10116 53269eb Thanks @jiwon79! - Fixed #6201: noUselessEscapeInRegex no longer flags an escaped backslash followed by - as a useless escape. Patterns like /[\\-]/ are now considered valid because the second \ is the escaped backslash, not an unnecessary escape of the trailing dash.
#10092 33d8543 Thanks @Conaclos! - Fixed #9097: organizeImports no longer adds a blank line between a never-matched group and a matched group.

Given the following organizeImports options:
{
  "groups": [":NODE:", ":BLANK_LINE:", ":PACKAGE:", ":BLANK_LINE:", ":PATH:"]
}
The following code...
// Comment
import "package";
import "./file.js";
...was organized as:
+
  // Comment
  import "package";
+
  import "./file.js";
A blank line was added even though the group ':NODE:' doesn't match any imports here. :BLANK_LINE: between never-matched groups and matched groups are now ignored.

... (truncated)

Commits

46393e0 ci: release (#10100)
ae659dd feat(lint/js): add noExcessiveNestedCallbacks (#10188)
d62b331 feat(lint/js): add useMathMinMax (#9926)
7acf1e0 feat(lint/js): add noReactStringRefs (#9922)
491b171 feat(lint/js): add useTestHooksOnTop (#9393)
4a664c1 fix(noShadow): make sure it doesn't shadow types (#10083)
e316150 ci: release (#9991)
11ddc05 feat(lint): add useReactNativePlatformComponents rule and options (#10033)
1603f78 feat(js_analyze): implement noJsxLeakedDollar (#9911)
c5eb92b feat(linter): add nursery rule noUnnecessaryTemplateExpression (#9969)
Additional commits viewable in compare view

Updates @types/node from 25.3.3 to 25.6.0

Commits

See full diff in compare view

Updates @vitest/coverage-v8 from 4.0.18 to 4.1.5

Release notes

Sourced from @vitest/coverage-v8's releases.

v4.1.5

   🚀 Experimental Features

coverage: Istanbul to support instrumenter option - by @BartWaardenburg and @AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

--project negation excludes browser instances - by @felamaslen in vitest-dev/vitest#10131 (9423d)

Project color label on html reporter - by @hi-ogawa in vitest-dev/vitest#10142 (596f7)

Fix vi.defineHelper called as object method - by @hi-ogawa in vitest-dev/vitest#10163 (122c2)

Alias agent reporter to minimal - by @sheremet-va in vitest-dev/vitest#10157 (663b9)

Respect diff config options in soft assertions - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#8696 (9787d)

Respect diff config options in soft assertions " - by @sheremet-va in vitest-dev/vitest#8696 (7dc6d)

ast-collect: Recognize _vi_import prefix in static test discovery - by @Yejneshwar in vitest-dev/vitest#10129 (32546)

coverage: Descriptive error message when reports directory is removed during test run - by @DaveT1991 and @AriPerkkio in vitest-dev/vitest#10117 (14133)

snapshot: Increase default snapshot max output length - by @hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)

ui: Fix jsx/tsx syntax highlight - by @hi-ogawa in vitest-dev/vitest#10152 (f1b1f)

web-worker: Support MessagePort objects referenced inside postMessage data - by @whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)

api: Make test-specification options writable - by @sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

v4.1.4

   🚀 Experimental Features

coverage:

Default to text reporter skipFull if agent detected - by @hi-ogawa in vitest-dev/vitest#10018 (53757)

experimental:

Expose assertion as a public field - by @sheremet-va in vitest-dev/vitest#10095 (a120e)

Support aria snapshot - by @hi-ogawa, Claude Opus 4.6 (1M context), @AriPerkkio, Codex and @sheremet-va in vitest-dev/vitest#9668 (d4fbb)

reporter:

Add filterMeta option to json reporter - by @nami8824 and @sheremet-va in vitest-dev/vitest#10078 (b77de)

   🐞 Bug Fixes

Use "black" foreground for labeled terminal message to ensure contrast - by @hi-ogawa in vitest-dev/vitest#10076 (203f0)

Make expect(..., message) consistent as error message prefix - by @hi-ogawa and Codex in vitest-dev/vitest#10068 (a1b5f)

Do not hoist imports whose names match class properties . - by @SunsetFi in vitest-dev/vitest#10093 and vitest-dev/vitest#10094 (0fc4b)

browser: Spread user server options into browser Vite server in project - by @GoldStrikeArch in vitest-dev/vitest#10049 (65c9d)

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

Add experimental.preParse flag - by @sheremet-va in vitest-dev/vitest#10070 (78273)

Support browser.locators.exact option - by @sheremet-va in vitest-dev/vitest#10013 (48799)

Add TestAttachment.bodyEncoding - by @hi-ogawa in vitest-dev/vitest#9969 (89ca0)

Support custom snapshot matcher - by @hi-ogawa, Claude Sonnet 4.6 and Codex in vitest-dev/vitest#9973 (59b0e)

... (truncated)

Commits

e399846 chore: release v4.1.5
ac04bac chore: release v4.1.4
2dc0d62 chore: release v4.1.3
fc6f482 chore: release v4.1.2
1f2d318 chore: release v4.1.1
aaf9f18 fix(coverage): simplify provider types (#9931)
4150b91 chore: release v4.1.0
0c2c013 chore: release v4.1.0-beta.6
689a22a fix(browser): types of getCDPSession and cdp() (#9716)
94eb73b chore(deps): update eslint packages (#9615)
Additional commits viewable in compare view

Updates @vitest/ui from 4.0.18 to 4.1.5

Release notes

Sourced from @vitest/ui's releases.

v4.1.5

   🚀 Experimental Features

coverage: Istanbul to support instrumenter option - by @BartWaardenburg and @AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

--project negation excludes browser instances - by @felamaslen in vitest-dev/vitest#10131 (9423d)

Project color label on html reporter - by @hi-ogawa in vitest-dev/vitest#10142 (596f7)

Fix vi.defineHelper called as object method - by @hi-ogawa in vitest-dev/vitest#10163 (122c2)

Alias agent reporter to minimal - by @sheremet-va in vitest-dev/vitest#10157 (663b9)

Respect diff config options in soft assertions - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#8696 (9787d)

Respect diff config options in soft assertions " - by @sheremet-va in vitest-dev/vitest#8696 (7dc6d)

ast-collect: Recognize _vi_import prefix in static test discovery - by @Yejneshwar in vitest-dev/vitest#10129 (32546)

coverage: Descriptive error message when reports directory is removed during test run - by @DaveT1991 and @AriPerkkio in vitest-dev/vitest#10117 (14133)

snapshot: Increase default snapshot max output length - by @hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)

ui: Fix jsx/tsx syntax highlight - by @hi-ogawa in vitest-dev/vitest#10152 (f1b1f)

web-worker: Support MessagePort objects referenced inside postMessage data - by @whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)

api: Make test-specification options writable - by @sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

v4.1.4

   🚀 Experimental Features

coverage:

Default to text reporter skipFull if agent detected - by @hi-ogawa in vitest-dev/vitest#10018 (53757)

experimental:

Expose assertion as a public field - by @sheremet-va in vitest-dev/vitest#10095 (a120e)

Support aria snapshot - by @hi-ogawa, Claude Opus 4.6 (1M context), @AriPerkkio, Codex and @sheremet-va in vitest-dev/vitest#9668 (d4fbb)

reporter:

Add filterMeta option to json reporter - by @nami8824 and @sheremet-va in vitest-dev/vitest#10078 (b77de)

   🐞 Bug Fixes

Use "black" foreground for labeled terminal message to ensure contrast - by @hi-ogawa in vitest-dev/vitest#10076 (203f0)

Make expect(..., message) consistent as error message prefix - by @hi-ogawa and Codex in vitest-dev/vitest#10068 (a1b5f)

Do not hoist imports whose names match class properties . - by @SunsetFi in vitest-dev/vitest#10093 and vitest-dev/vitest#10094 (0fc4b)

browser: Spread user server options into browser Vite server in project - by @GoldStrikeArch in vitest-dev/vitest#10049 (65c9d)

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

Add experimental.preParse flag - by @sheremet-va in vitest-dev/vitest#10070 (78273)

Support browser.locators.exact option - by @sheremet-va in vitest-dev/vitest#10013 (48799)

Add TestAttachment.bodyEncoding - by @hi-ogawa in vitest-dev/vitest#9969 (89ca0)

Support custom snapshot matcher - by @hi-ogawa, Claude Sonnet 4.6 and Codex in vitest-dev/vitest#9973 (59b0e)

... (truncated)

Commits

e399846 chore: release v4.1.5
596f739 fix: project color label on html reporter (#10142)
f1b1f6c fix(ui): fix jsx/tsx syntax highlight (#10152)
ac04bac chore: release v4.1.4
d4fbb5c feat(experimental): support aria snapshot (#9668)
2dc0d62 chore: release v4.1.3
89ca0e2 feat(experimental): add TestAttachment.bodyEncoding (#9969)
fdff1bf fix(ui): don't leak vite types (#10005)
fc6f482 chore: release v4.1.2
f54abad chore: add typo-checker skill and fix typos (#9963)
Additional commits viewable in compare view

Updates better-auth from 1.5.1 to 1.6.9

Release notes

Sourced from better-auth's releases.

v1.6.9

better-auth

Bug Fixes

Fixed instrumentation resolution in the adapter factory so edge and browser environments correctly use the pure variant (#9340)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@erquhart

Full changelog: v1.6.8...v1.6.9

v1.6.8

better-auth

Bug Fixes

Fixed mapProfileToUser fallback for OAuth providers that may omit email from their profile response (#9331)

Fixed support for passing id through beforeCreateTeam and beforeCreateInvitation hooks (#9253)

For detailed changes, see CHANGELOG

@better-auth/oauth-provider

Bug Fixes

Fixed authorization flows that do not include a state parameter (#9328)

For detailed changes, see CHANGELOG

@better-auth/passkey

Bug Fixes

Fixed incompatibility with TypeScript's exactOptionalPropertyTypes compiler option (#9270)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@baptisteArno, @gustavovalverde, @ping-maxwell

Full changelog: v1.6.7...v1.6.8

... (truncated)

Changelog

Sourced from better-auth's changelog.

1.6.9

Patch Changes

Updated dependencies [815ecf6]:

@better-auth/core@1.6.9

@better-auth/drizzle-adapter@1.6.9

@better-auth/kysely-adapter@1.6.9

@better-auth/memory-adapter@1.6.9

@better-auth/mongo-adapter@1.6.9

@better-auth/prisma-adapter@1.6.9

@better-auth/telemetry@1.6.9

1.6.8

Patch Changes

#9253 856ab24 Thanks @baptisteArno! - fix(organization): allow passing id through beforeCreateTeam and beforeCreateInvitation

Mirrors #4765 for teams and invitations: adapter.createTeam and adapter.createInvitation now pass forceAllowId: true, so ids returned from the respective hooks survive the DB insert.

#9331 9aa8e63 Thanks @gustavovalverde! - fix(oauth): support mapProfileToUser fallback for providers that may omit email

Social sign-in with OAuth providers that may return no email address (Discord phone-only accounts, Apple subsequent sign-ins, GitHub private emails, Facebook, LinkedIn, and Microsoft Entra ID managed users) can now be unblocked by synthesizing an email inside mapProfileToUser. Rejection logger messages now point at this workaround and at the new "Handling Providers Without Email" docs section.

Provider profile types now reflect where email can be null or absent:

DiscordProfile.email is string | null and optional (absent when the email scope is not granted)

AppleProfile.email is optional

GithubProfile.email is string | null

FacebookProfile.email is optional

FacebookProfile.email_verified is optional (Meta's Graph API does not include this field)

LinkedInProfile.email is optional

LinkedInProfile.email_verified is optional

MicrosoftEntraIDProfile.email is optional

TypeScript consumers who previously dereferenced profile.email directly inside mapProfileToUser will see a compile error that matches the runtime reality; use a nullish-coalescing fallback (profile.email ?? ...) or null-check the field.

Sign-in still rejects with error=email_not_found (social callback) or error=email_is_missing (Generic OAuth plugin) when neither the provider nor mapProfileToUser produces an email. First-class support for users without an email, keyed on (providerId, accountId) per OpenID Connect Core §5.7, is tracked in #9124.

Updated dependencies [9aa8e63]:

@better-auth/core@1.6.8

@better-auth/drizzle-adapter@1.6.8

@better-auth/kysely-adapter@1.6.8

@better-auth/memory-adapter@1.6.8

@better-auth/mongo-adapter@1.6.8

@better-auth/prisma-adapter@1.6.8

@better-auth/telemetry@1.6.8

1.6.7

... (truncated)

Commits

f484269 chore: release v1.6.9 (#9341)
fef7dd6 chore: update readme (#9330)
b289ac6 chore: release v1.6.8 (#9316)
9aa8e63 fix(oauth): support mapProfileToUser fallback for providers that may omit e...
856ab24 fix(organization): allow passing id through beforeCreateTeam and `beforeCre...
f8076d1 chore: release v1.6.7 (#9289)
4f373ee feat(social-providers): accept array of Client IDs for ID token audience (#9292)
e1b1cfc fix(oauth2): guard against undefined body when parsing state (#9293)
d053a45 fix(phone-number): call callbackOnVerification when updatePhoneNumber is enab...
307196a fix(api): preserve response headers when APIError is thrown (#9211)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for better-auth since your current version.

Updates better-sqlite3 from 12.6.2 to 12.9.0

Release notes

Sourced from better-sqlite3's releases.

v12.9.0

What's Changed

Update SQLite to version 3.53.0 in WiseLibs/better-sqlite3#1464

Full Changelog: WiseLibs/better-sqlite3@v12.8.0...v12.9.0

v12.8.0

What's Changed

Readme: requires Node.js v20 or later by @Prinzhorn in WiseLibs/better-sqlite3#1443

Update SQLite to version 3.51.3 in WiseLibs/better-sqlite3#1460

fix: use HolderV2() for PropertyCallbackInfo on V8 >= 12.5 by @tstone-1 in WiseLibs/better-sqlite3#1459

New Contributors

@tstone-1 made their first contribution in WiseLibs/better-sqlite3#1459

Why SQLite v3.51.3 instead of v3.52.0

From the SQLite team:

Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

Hence, if you were planning to upgrade to 3.52.0 tomorrow (Friday, 2026-03-14), perhaps it would be better to wait a day or so for 3.51.3.

At some point we will do version 3.52.1 which will hopefully resolve the issues that have arisen with the 3.52.0 release.

Full Changelog: WiseLibs/better-sqlite3@v12.7.1...v12.8.0

v12.7.1

Also not a viable release

The V8 API change was more bonkers than expected. See v12.8.0.

What's Changed

fix: use Holder() instead of This() for Electron 41 compatibility by @mceachen in WiseLibs/better-sqlite3#1456

Roll back to SQLite to version 3.51.2 in WiseLibs/better-sqlite3#1457

Full Changelog: WiseLibs/better-sqlite3@v12.7.0...v12.7.1

v12.7.0

CAUTION: NOT A VIABLE RELEASE

Two (!!) reasons:

Electron v41 bit us and removed functions we were using, so a bunch of prebuilds are missing

From the SQLite team:

Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

What's Changed

... (truncated)

Commits

4058d24 12.9.0
f653513 Update SQLite to version 3.53.0 (#1464)
fe774f5 12.8.0
8617ed6 fix: use HolderV2() for PropertyCallbackInfo on V8 >= 12.5 (#1459)
959a018 Update SQLite to version 3.51.3 (#1460)
43729c0 Readme: requires Node.js v20 or later (#1443)
27dc751 12.7.1
db1119c Update SQLite to version 3.51.2 (#1457)
d2c4815 fix: use Holder() instead of This() for Electron 41 compatibility (#1456)
ef9ffce 12.7.0
Additional commits viewable in compare view

Updates happy-dom from 20.7.0 to 20.9.0

Release notes

Sourced from happy-dom's releases.

v20.9.0

🎨 Features

Adds support for event listener properties on Window (e.g. Window.onkeydown) - By @capricorn86 in task #2131

v20.8.9

👷‍♂️ Patch fixes

Fixes issue where cookies from the current origin was being forwarded to the target origin in fetch requests - By @capricorn86 in task #2117

A security advisory (GHSA-w4gp-fjgq-3q4g) was reported for this security vulnerability. Big thanks to @r74tech for reporting this!

v20.8.8

👷‍♂️ Patch fixes

Fixes issue where export names can be interpolated as executable code in ESM - By @capricorn86 in task #2113

A security advisory (GHSA-6q6h-j7hj-3r64) has been reported that shows a security vulnerability where it may be possible to escape the VM context and get access to process level functionality in unsafe environments using CommonJS. Big thanks to @tndud042713 for reporting this!

v20.8.7

👷‍♂️ Patch fixes

Replace implementing Node.js Console with common IConsole interface to support latest version of Bun - By @YevheniiKotyrlo in task #1845

v20.8.6

👷‍♂️ Patch fixes

Request.formData() should honor "Content-Type" header - By @brianhelba in task #2106

v20.8.5

👷‍♂️ Patch fixes

Fixes error thrown when modifying DOM structure in connectedCallback() - By @capricorn86 in task #2110

v20.8.4

👷‍♂️ Patch fixes

Replace ConsoleConstructor import with indexed access type - By @YevheniiKotyrlo in task #1845

v20.8.3

👷‍♂️ Patch fixes

Throw error if event is not of type Event in EventTarget.dispatchEvent() - By @capricorn86 in task #2054

v20.8.2

👷‍♂️ Patch fixes

Resets Event.cancelBubble and Event.defaultPrevented when calling Event.initEvent() - By @capricorn86 in task #2090

v20.8.1

👷‍♂️ Patch fixes

Make "inert" attribute block focus interactions - By @coffeeandwork in task #1422

v20.8.0

🎨 Features

Adds support for setPointerCapture, hasPointerCapture, and releasePointerCapture to Element - By @coffeeandwork in task #1733

v20.7.2

👷‍♂️ Patch fixes

Properly decode CSS escape sequences in attribute selector values - By @silverwind

... (truncated)

Commits

4090ade fix: #0 Fix github release workflow (#2140)
c7c2bb5 fix: #0 Fix github release workflow (#2139)
d541143 fix: #0 Fix github release workflow (#2138)
a78d89e feat: #2131 Adds support for event listener properties on Window (#2132)
68324c2 fix: #2117 Fixes issue related to cookies from the current origin being for...
5437fdf fix: #2113 Fixes issue where export names can be interpolated as executable...
7e97acb fix: #1845 Replace implementing Node js Console with common IConsole interf...
3373929 fix: #2106 Request.formData() should honor Content-Type header (#2107)
55c17ba fix:

Bumps the dev-dependencies group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.4` | `2.4.14` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.3.3` | `25.6.0` | | [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.0.18` | `4.1.5` | | [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth) | `1.5.1` | `1.6.9` | | [better-sqlite3](https://github.com/WiseLibs/better-sqlite3) | `12.6.2` | `12.9.0` | | [happy-dom](https://github.com/capricorn86/happy-dom) | `20.7.0` | `20.9.0` | | [lint-staged](https://github.com/lint-staged/lint-staged) | `16.3.1` | `16.4.0` | | [mongodb](https://github.com/mongodb/node-mongodb-native) | `7.1.0` | `7.2.0` | | [mongodb-memory-server](https://github.com/typegoose/mongodb-memory-server/tree/HEAD/packages/mongodb-memory-server) | `11.0.1` | `11.1.0` | | [ultracite](https://github.com/haydenbleasel/ultracite) | `7.2.4` | `7.6.3` | Updates `@biomejs/biome` from 2.4.4 to 2.4.14 - [Release notes](https://github.com/biomejs/biome/releases) - [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md) - [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.14/packages/@biomejs/biome) Updates `@types/node` from 25.3.3 to 25.6.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@vitest/coverage-v8` from 4.0.18 to 4.1.5 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/coverage-v8) Updates `@vitest/ui` from 4.0.18 to 4.1.5 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/ui) Updates `better-auth` from 1.5.1 to 1.6.9 - [Release notes](https://github.com/better-auth/better-auth/releases) - [Changelog](https://github.com/better-auth/better-auth/blob/main/packages/better-auth/CHANGELOG.md) - [Commits](https://github.com/better-auth/better-auth/commits/better-auth@1.6.9/packages/better-auth) Updates `better-sqlite3` from 12.6.2 to 12.9.0 - [Release notes](https://github.com/WiseLibs/better-sqlite3/releases) - [Commits](WiseLibs/better-sqlite3@v12.6.2...v12.9.0) Updates `happy-dom` from 20.7.0 to 20.9.0 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v20.7.0...v20.9.0) Updates `lint-staged` from 16.3.1 to 16.4.0 - [Release notes](https://github.com/lint-staged/lint-staged/releases) - [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md) - [Commits](lint-staged/lint-staged@v16.3.1...v16.4.0) Updates `mongodb` from 7.1.0 to 7.2.0 - [Release notes](https://github.com/mongodb/node-mongodb-native/releases) - [Changelog](https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md) - [Commits](mongodb/node-mongodb-native@v7.1.0...v7.2.0) Updates `mongodb-memory-server` from 11.0.1 to 11.1.0 - [Release notes](https://github.com/typegoose/mongodb-memory-server/releases) - [Changelog](https://github.com/typegoose/mongodb-memory-server/blob/master/CHANGELOG.md) - [Commits](https://github.com/typegoose/mongodb-memory-server/commits/v11.1.0/packages/mongodb-memory-server) Updates `ultracite` from 7.2.4 to 7.6.3 - [Release notes](https://github.com/haydenbleasel/ultracite/releases) - [Commits](https://github.com/haydenbleasel/ultracite/compare/ultracite@7.2.4...ultracite@7.6.3) Updates `vitest` from 4.0.18 to 4.1.5 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/vitest) --- updated-dependencies: - dependency-name: "@biomejs/biome" dependency-version: 2.4.14 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: "@types/node" dependency-version: 25.6.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: "@vitest/coverage-v8" dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: "@vitest/ui" dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: better-auth dependency-version: 1.6.9 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: better-sqlite3 dependency-version: 12.9.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: happy-dom dependency-version: 20.9.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: lint-staged dependency-version: 16.4.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: mongodb dependency-version: 7.2.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: mongodb-memory-server dependency-version: 11.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: ultracite dependency-version: 7.6.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: vitest dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-04T13:42:45Z

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

sentry · 2026-05-04T13:43:34Z

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

dependabot · 2026-05-11T17:22:43Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot requested a review from vcode-sh as a code owner May 4, 2026 13:42

dependabot Bot closed this May 11, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/dev-dependencies-f2b92cacab branch May 11, 2026 17:22

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the dev-dependencies group across 1 directory with 12 updates#17

Bump the dev-dependencies group across 1 directory with 12 updates#17
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-f2b92cacab

dependabot Bot commented on behalf of github May 4, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 4, 2026

Uh oh!

sentry Bot commented May 4, 2026

Uh oh!

dependabot Bot commented on behalf of github May 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Biome CLI v2.4.14

2.4.14

Patch Changes

2.4.14

Patch Changes

v4.1.5

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.1.4

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.1.3

🚀 Experimental Features

v4.1.5

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.1.4

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.1.3

🚀 Experimental Features

v1.6.9

better-auth

Bug Fixes

Contributors

v1.6.8

better-auth

Bug Fixes

@better-auth/oauth-provider

Bug Fixes

@better-auth/passkey

Bug Fixes

Contributors

1.6.9

Patch Changes

1.6.8

Patch Changes

1.6.7

v12.9.0

What's Changed

v12.8.0

What's Changed

New Contributors

Why SQLite v3.51.3 instead of v3.52.0

v12.7.1

Also not a viable release

What's Changed

v12.7.0

CAUTION: NOT A VIABLE RELEASE

What's Changed

v20.9.0

🎨 Features

v20.8.9

👷‍♂️ Patch fixes

v20.8.8

👷‍♂️ Patch fixes

v20.8.7

👷‍♂️ Patch fixes

v20.8.6

👷‍♂️ Patch fixes

v20.8.5

👷‍♂️ Patch fixes

v20.8.4

👷‍♂️ Patch fixes

v20.8.3

👷‍♂️ Patch fixes

v20.8.2

👷‍♂️ Patch fixes

v20.8.1

👷‍♂️ Patch fixes

v20.8.0

🎨 Features

v20.7.2

dependabot Bot commented on behalf of github May 4, 2026 •

edited

Loading

`better-auth`

`better-auth`

`@better-auth/oauth-provider`

`@better-auth/passkey`