chore(deps)(deps): bump the production-dependencies group across 1 directory with 17 updates

[dependabot]

Bumps the production-dependencies group with 17 updates in the / directory:

Package	From	To
@ai-sdk/anthropic	3.0.81	3.0.84
@ai-sdk/gateway	3.0.126	3.0.131
@ai-sdk/google	3.0.80	3.0.82
@ai-sdk/openai	3.0.68	3.0.71
esbuild	0.28.0	0.28.1
ai	6.0.198	6.0.205
mongodb	7.2.0	7.3.0
better-sqlite3	12.10.0	12.10.1
@better-auth/core	1.6.15	1.6.18
@better-auth/oauth-provider	1.6.15	1.6.18
better-auth	1.6.15	1.6.18
hono	4.12.24	4.12.25
next	16.2.7	16.2.9
fumadocs-core	16.9.3	16.10.2
fumadocs-mdx	15.0.11	15.0.12
fumadocs-ui	16.9.3	16.10.2
lucide-react	1.17.0	1.18.0

Updates @ai-sdk/anthropic from 3.0.81 to 3.0.84

Release notes

Sourced from @​ai-sdk/anthropic's releases.

@​ai-sdk/google@​3.0.82

Patch Changes

• 3258f22: fix(google): prevent prototype pollution when streaming tool args

• bfa5864: fix: only send provider credentials to same-origin response-supplied URLs

  Several provider clients followed a URL taken from the provider's API response (a polling/status URL or a final media URL such as polling_url, urls.get, result_url, result.sample, or video.uri) and reused the authenticated headers — or appended ?key=<API_KEY> — on that request. Because the host of the response-supplied URL was never validated, the long-lived API key was sent to whatever host the response named (a CDN in the benign case, or an attacker-chosen host if the provider response was tampered with), allowing credential exfiltration.

  A new isSameOrigin helper is added to @ai-sdk/provider-utils, and the affected fetches in @ai-sdk/black-forest-labs, @ai-sdk/fireworks, @ai-sdk/replicate, @ai-sdk/gladia, @ai-sdk/fal, and @ai-sdk/google now attach credentials only when the followed URL is same-origin with the provider's configured API origin. Requests to a foreign origin are made without the credential.

• Updated dependencies [bfa5864]

• Updated dependencies [f42aa79]

  • @​ai-sdk/provider-utils@​4.0.29

Changelog

Sourced from @​ai-sdk/anthropic's changelog.

3.0.84

Patch Changes

• Updated dependencies [bfa5864]
• Updated dependencies [f42aa79]
  • @​ai-sdk/provider-utils@​4.0.29

3.0.83

Patch Changes

• Updated dependencies [942f2f8]
  • @​ai-sdk/provider-utils@​4.0.28

3.0.82

Patch Changes

• 2a91a17: feat(provider/anthropic): add support for claude-fable-5 and the fallbacks API parameter

Commits

• bae9bab Version Packages (#16026)
• 9ef2c3c Version Packages (#15998)
• f6e5881 Version Packages (#15902)
• 2a91a17 backport: feat(provider/anthropic): add support for claude-fable-5 and the ...
• 7aca1fc backport: chore: update TypeScript references and fix `pnpm update-references...
• See full diff in compare view

Updates @ai-sdk/gateway from 3.0.126 to 3.0.131

Release notes

Sourced from @​ai-sdk/gateway's releases.

@​ai-sdk/gateway@​3.0.131

Patch Changes

• 6160ced: fix(gateway): surface provider warnings in embedding and reranking responses
• c9b8abd: fix(provider/gateway): map forbidden error responses to GatewayForbiddenError instead of GatewayInternalServerError

Changelog

Sourced from @​ai-sdk/gateway's changelog.

3.0.131

Patch Changes

• 6160ced: fix(gateway): surface provider warnings in embedding and reranking responses
• c9b8abd: fix(provider/gateway): map forbidden error responses to GatewayForbiddenError instead of GatewayInternalServerError

3.0.130

Patch Changes

• c5d4716: Backport: chore(provider/gateway): update gateway model settings files

3.0.129

Patch Changes

• Updated dependencies [bfa5864]
• Updated dependencies [f42aa79]
  • @​ai-sdk/provider-utils@​4.0.29

3.0.128

Patch Changes

• Updated dependencies [942f2f8]
  • @​ai-sdk/provider-utils@​4.0.28

3.0.127

Patch Changes

• 3851e29: Backport: chore(provider/gateway): update gateway model settings files
• 2a91a17: feat(provider/anthropic): add support for claude-fable-5 and the fallbacks API parameter

Commits

• 5548672 Version Packages (#16097)
• c9b8abd Backport: fix(provider/gateway): map forbidden error responses to GatewayForb...
• 6160ced Backport: fix(gateway): surface provider warnings in embedding and reranking ...
• 63b3f60 Version Packages (#16086)
• c5d4716 Backport: chore(provider/gateway): update gateway model settings files v6 (#1...
• bae9bab Version Packages (#16026)
• 9ef2c3c Version Packages (#15998)
• f6e5881 Version Packages (#15902)
• 2a91a17 backport: feat(provider/anthropic): add support for claude-fable-5 and the ...
• 3851e29 Backport: chore(provider/gateway): update gateway model settings files v6 (#1...
• See full diff in compare view

Updates @ai-sdk/google from 3.0.80 to 3.0.82

Release notes

Sourced from @​ai-sdk/google's releases.

@​ai-sdk/google@​3.0.82

Patch Changes

• 3258f22: fix(google): prevent prototype pollution when streaming tool args

• bfa5864: fix: only send provider credentials to same-origin response-supplied URLs

  Several provider clients followed a URL taken from the provider's API response (a polling/status URL or a final media URL such as polling_url, urls.get, result_url, result.sample, or video.uri) and reused the authenticated headers — or appended ?key=<API_KEY> — on that request. Because the host of the response-supplied URL was never validated, the long-lived API key was sent to whatever host the response named (a CDN in the benign case, or an attacker-chosen host if the provider response was tampered with), allowing credential exfiltration.

  A new isSameOrigin helper is added to @ai-sdk/provider-utils, and the affected fetches in @ai-sdk/black-forest-labs, @ai-sdk/fireworks, @ai-sdk/replicate, @ai-sdk/gladia, @ai-sdk/fal, and @ai-sdk/google now attach credentials only when the followed URL is same-origin with the provider's configured API origin. Requests to a foreign origin are made without the credential.

• Updated dependencies [bfa5864]

• Updated dependencies [f42aa79]

  • @​ai-sdk/provider-utils@​4.0.29

Changelog

Sourced from @​ai-sdk/google's changelog.

3.0.82

Patch Changes

• 3258f22: fix(google): prevent prototype pollution when streaming tool args

• bfa5864: fix: only send provider credentials to same-origin response-supplied URLs

  Several provider clients followed a URL taken from the provider's API response (a polling/status URL or a final media URL such as polling_url, urls.get, result_url, result.sample, or video.uri) and reused the authenticated headers — or appended ?key=<API_KEY> — on that request. Because the host of the response-supplied URL was never validated, the long-lived API key was sent to whatever host the response named (a CDN in the benign case, or an attacker-chosen host if the provider response was tampered with), allowing credential exfiltration.

  A new isSameOrigin helper is added to @ai-sdk/provider-utils, and the affected fetches in @ai-sdk/black-forest-labs, @ai-sdk/fireworks, @ai-sdk/replicate, @ai-sdk/gladia, @ai-sdk/fal, and @ai-sdk/google now attach credentials only when the followed URL is same-origin with the provider's configured API origin. Requests to a foreign origin are made without the credential.

• Updated dependencies [bfa5864]

• Updated dependencies [f42aa79]

  • @​ai-sdk/provider-utils@​4.0.29

3.0.81

Patch Changes

• Updated dependencies [942f2f8]
  • @​ai-sdk/provider-utils@​4.0.28

Commits

• bae9bab Version Packages (#16026)
• 3258f22 Backport: fix(google): prevent prototype pollution when streaming tool args (...
• bfa5864 Backport: fix(providers): only send credentials to same-origin response-suppl...
• 9ef2c3c Version Packages (#15998)
• 7aca1fc backport: chore: update TypeScript references and fix `pnpm update-references...
• See full diff in compare view

Updates @ai-sdk/openai from 3.0.68 to 3.0.71

Release notes

Sourced from @​ai-sdk/openai's releases.

@​ai-sdk/openai@​3.0.71

Patch Changes

• Updated dependencies [bfa5864]
• Updated dependencies [f42aa79]
  • @​ai-sdk/provider-utils@​4.0.29

Changelog

Sourced from @​ai-sdk/openai's changelog.

3.0.71

Patch Changes

• Updated dependencies [bfa5864]
• Updated dependencies [f42aa79]
  • @​ai-sdk/provider-utils@​4.0.29

3.0.70

Patch Changes

• Updated dependencies [942f2f8]
  • @​ai-sdk/provider-utils@​4.0.28

3.0.69

Patch Changes

• 9a55f6d: feat(openai): add namespaces for tool definitions

Commits

• bae9bab Version Packages (#16026)
• 9ef2c3c Version Packages (#15998)
• f6e5881 Version Packages (#15902)
• 9a55f6d Backport: feat(openai): add namespaces for tool definitions (#15910)
• See full diff in compare view

Updates esbuild from 0.28.0 to 0.28.1

Release notes

Sourced from esbuild's releases.

v0.28.1

• Disallow \ in local development server HTTP requests (GHSA-g7r4-m6w7-qqqr)

  This release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \ backslash character. It happened due to the use of Go's path.Clean() function, which only handles Unix-style / characters. HTTP requests with paths containing \ are no longer allowed.

  Thanks to @​dellalibera for reporting this issue.

• Add integrity checks to the Deno API (GHSA-gv7w-rqvm-qjhr)

  The previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.

  Note that esbuild's Deno API installs from registry.npmjs.org by default, but allows the NPM_CONFIG_REGISTRY environment variable to override this with a custom package registry. This change means that the esbuild executable served by NPM_CONFIG_REGISTRY must now match the expected content.

  Thanks to @​sondt99 for reporting this issue.

• Avoid inlining using and await using declarations (#4482)

  Previously esbuild's minifier sometimes incorrectly inlined using and await using declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for let and const declarations by avoiding doing it for var declarations, which no longer worked when more declaration types were added. Here's an example:

  // Original code
  {
    using x = new Resource()
    x.activate()
  }
  // Old output (with --minify)
  new Resource().activate();
  // New output (with --minify)
  {using e=new Resource;e.activate()}

• Fix module evaluation when an error is thrown (#4461, #4467)

  If an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if import() or require() is used to import a module multiple times. The thrown error is supposed to be thrown by every call to import() or require(), not just the first. With this release, esbuild will now throw the same error every time you call import() or require() on a module that throws during its evaluation.

• Fix some edge cases around the new operator (#4477)

  Previously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a new expression (specifically an optional chain and/or a tagged template literal). The generated code for the new target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the new target in parentheses. Here is an example of some affected code:

  // Original code
  new (foo()`bar`)()
  new (foo()?.bar)()
  // Old output
  new foo()bar();
  new (foo())?.bar();

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.28.1

• Disallow \ in local development server HTTP requests (GHSA-g7r4-m6w7-qqqr)

  This release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \ backslash character. It happened due to the use of Go's path.Clean() function, which only handles Unix-style / characters. HTTP requests with paths containing \ are no longer allowed.

  Thanks to @​dellalibera for reporting this issue.

• Add integrity checks to the Deno API (GHSA-gv7w-rqvm-qjhr)

  The previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.

  Note that esbuild's Deno API installs from registry.npmjs.org by default, but allows the NPM_CONFIG_REGISTRY environment variable to override this with a custom package registry. This change means that the esbuild executable served by NPM_CONFIG_REGISTRY must now match the expected content.

  Thanks to @​sondt99 for reporting this issue.

• Avoid inlining using and await using declarations (#4482)

  Previously esbuild's minifier sometimes incorrectly inlined using and await using declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for let and const declarations by avoiding doing it for var declarations, which no longer worked when more declaration types were added. Here's an example:

  // Original code
  {
    using x = new Resource()
    x.activate()
  }
  // Old output (with --minify)
  new Resource().activate();
  // New output (with --minify)
  {using e=new Resource;e.activate()}

• Fix module evaluation when an error is thrown (#4461, #4467)

  If an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if import() or require() is used to import a module multiple times. The thrown error is supposed to be thrown by every call to import() or require(), not just the first. With this release, esbuild will now throw the same error every time you call import() or require() on a module that throws during its evaluation.

• Fix some edge cases around the new operator (#4477)

  Previously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a new expression (specifically an optional chain and/or a tagged template literal). The generated code for the new target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the new target in parentheses. Here is an example of some affected code:

  // Original code
  new (foo()`bar`)()
  new (foo()?.bar)()
  // Old output
  new foo()bar();
  new (foo())?.bar();

... (truncated)

Commits

• bb9db84 publish 0.28.1 to npm
• 9ff053e security: add integrity checks to the Deno API
• 0a9bf21 enforce non-negative size in gzip parser
• e2a1a71 security: forbid \\ in local dev server requests
• 83a2cbf fix #4482: don't inline using declarations
• 308ad74 fix #4471: renaming of nested var declarations
• f013f5f fix some typos
• aafd6e4 chore: fix some minor issues in comments (#4462)
• 15300c3 follow up: cjs evaluation fixes
• 1bda0c3 fix #4461, fix #4467: esm evaluation fixes
• Additional commits viewable in compare view

Updates ai from 6.0.198 to 6.0.205

Release notes

Sourced from ai's releases.

ai@6.0.205

Patch Changes

• Updated dependencies [6160ced]
• Updated dependencies [c9b8abd]
  • @​ai-sdk/gateway@​3.0.131

ai@6.0.204

Patch Changes

• Updated dependencies [c5d4716]
  • @​ai-sdk/gateway@​3.0.130

ai@6.0.203

Patch Changes

• f42aa79: fix: harden download URL SSRF guard against hostname and redirect bypasses

  validateDownloadUrl and the file download helpers (downloadBlob, download) could be bypassed in several ways when handling untrusted URLs:

  • A fully-qualified hostname with a trailing dot (e.g. localhost., myhost.local.) skipped the localhost/.local blocklist.
  • IPv6 addresses that embed an IPv4 address in their last 32 bits — IPv4-compatible (::127.0.0.1), IPv4-translated (::ffff:0:127.0.0.1), and NAT64 (64:ff9b::127.0.0.1, including the 64:ff9b:1::/48 local-use prefix) — were not decoded and checked against the private IPv4 ranges.
  • Redirects were validated only after fetch had already followed them, so the request to a redirect target (e.g. an internal/metadata address) had already been issued before the check ran.
  • Several reserved/internal address ranges were not blocked: CGNAT (100.64.0.0/10, used by some cloud providers for internal traffic), benchmarking (198.18.0.0/15), IETF protocol assignments (192.0.0.0/24), the reserved 240.0.0.0/4 block (including the 255.255.255.255 broadcast address), and IPv6 site-local (fec0::/10) and multicast (ff00::/8).

  The validator now strips trailing dots before the hostname checks and fully expands IPv6 addresses to detect embedded private IPv4 targets. The download helpers now follow redirects manually (redirect: 'manual'), re-validating each hop before requesting it, so an unsafe redirect target is never fetched. When a redirect cannot be inspected because the runtime returns an opaque response, the helpers fail closed (reject the redirect) on the server; only in a real browser — where SSRF is not reachable (fetch is constrained by CORS and cannot reach a server's internal network or cloud-metadata endpoints) — is the redirect followed natively so legitimate redirected downloads keep working.

• 5291f7e: Harden stream text processing and middleware against prototype pollution from stream part IDs.

• b4b575a: fix: redact server error details from UI message streams by default

  streamText(...).toUIMessageStream() and createUIMessageStream defaulted their onError callback to getErrorMessage, which serializes the raw error (error.toString() / JSON.stringify(error)) into the client-facing { type: 'error', errorText } chunk — and also into tool-output-error parts. The documented default was () => 'An error occurred.', so applications relying on the documented behavior were unknowingly streaming server exception details (internal hostnames, paths, provider request data, validation inputs) to end users.

  The default onError now returns the documented generic 'An error occurred.'. Raw error details are only emitted when the developer explicitly supplies an onError handler. This also redacts tool-output-error and invalid-tool-input error text by default; pass an onError to surface richer messages.

• Updated dependencies [bfa5864]

• Updated dependencies [f42aa79]

  • @​ai-sdk/provider-utils@​4.0.29
  • @​ai-sdk/gateway@​3.0.129

Changelog

Sourced from ai's changelog.

6.0.205

Patch Changes

• Updated dependencies [6160ced]
• Updated dependencies [c9b8abd]
  • @​ai-sdk/gateway@​3.0.131

6.0.204

Patch Changes

• Updated dependencies [c5d4716]
  • @​ai-sdk/gateway@​3.0.130

6.0.203

Patch Changes

• f42aa79: fix: harden download URL SSRF guard against hostname and redirect bypasses

  validateDownloadUrl and the file download helpers (downloadBlob, download) could be bypassed in several ways when handling untrusted URLs:

  • A fully-qualified hostname with a trailing dot (e.g. localhost., myhost.local.) skipped the localhost/.local blocklist.
  • IPv6 addresses that embed an IPv4 address in their last 32 bits — IPv4-compatible (::127.0.0.1), IPv4-translated (::ffff:0:127.0.0.1), and NAT64 (64:ff9b::127.0.0.1, including the 64:ff9b:1::/48 local-use prefix) — were not decoded and checked against the private IPv4 ranges.
  • Redirects were validated only after fetch had already followed them, so the request to a redirect target (e.g. an internal/metadata address) had already been issued before the check ran.
  • Several reserved/internal address ranges were not blocked: CGNAT (100.64.0.0/10, used by some cloud providers for internal traffic), benchmarking (198.18.0.0/15), IETF protocol assignments (192.0.0.0/24), the reserved 240.0.0.0/4 block (including the 255.255.255.255 broadcast address), and IPv6 site-local (fec0::/10) and multicast (ff00::/8).

  The validator now strips trailing dots before the hostname checks and fully expands IPv6 addresses to detect embedded private IPv4 targets. The download helpers now follow redirects manually (redirect: 'manual'), re-validating each hop before requesting it, so an unsafe redirect target is never fetched. When a redirect cannot be inspected because the runtime returns an opaque response, the helpers fail closed (reject the redirect) on the server; only in a real browser — where SSRF is not reachable (fetch is constrained by CORS and cannot reach a server's internal network or cloud-metadata endpoints) — is the redirect followed natively so legitimate redirected downloads keep working.

• 5291f7e: Harden stream text processing and middleware against prototype pollution from stream part IDs.

• b4b575a: fix: redact server error details from UI message streams by default

  streamText(...).toUIMessageStream() and createUIMessageStream defaulted their onError callback to getErrorMessage, which serializes the raw error (error.toString() / JSON.stringify(error)) into the client-facing { type: 'error', errorText } chunk — and also into tool-output-error parts. The documented default was () => 'An error occurred.', so applications relying on the documented behavior were unknowingly streaming server exception details (internal hostnames, paths, provider request data, validation inputs) to end users.

  The default onError now returns the documented generic 'An error occurred.'. Raw error details are only emitted when the developer explicitly supplies an onError handler. This also redacts tool-output-error and invalid-tool-input error text by default; pass an onError to surface richer messages.

• Updated dependencies [bfa5864]

• Updated dependencies [f42aa79]

  • @​ai-sdk/provider-utils@​4.0.29
  • @​ai-sdk/gateway@​3.0.129

6.0.202

Patch Changes

• 942f2f8: fix(security): re-validate tool approvals from client message history before execution

  The approval-replay path in generateText/streamText reconstructed approved tool calls from the client-supplied messages array and executed them without re-validating input against the tool's schema or re-checking that the tool actually requires approval. A client could forge an assistant message with a pre-approved tool-call part and have the server execute a tool with attacker-chosen arguments.

... (truncated)

Commits

• 5548672 Version Packages (#16097)
• 63b3f60 Version Packages (#16086)
• bae9bab Version Packages (#16026)
• b4b575a Backport: fix(ai): redact server error details from UI message streams by def...
• f42aa79 Backport: fix(provider-utils,ai): harden download SSRF guard against hostname...
• 5291f7e Backport: fix: Harden stream text processing and middleware against prototype...
• 9ef2c3c Version Packages (#15998)
• 942f2f8 Backport: fix(security): harden tool approval replay path against client-forg...
• dca8c38 Version Packages (#15992)
• 0c8c0ed Backport: fix(ai): return schema-transformed elements in array output mode (#...
• Additional commits viewable in compare view

Updates mongodb from 7.2.0 to 7.3.0

Release notes

Sourced from mongodb's releases.

v7.3.0

[!IMPORTANT] A future minor release will raise the minimum supported MongoDB Server version from 4.2 to 4.4. This is in accordance with MongoDB Software Lifecycle Schedules. Support for MongoDB Server 4.2 will be dropped in a future release!

7.3.0 (2026-06-04)

The MongoDB Node.js team is pleased to announce version 7.3.0 of the mongodb package!

Release Notes

maxWireVersion is bumped to 29

Max wire version & max server version bumped in preparation for MongoDB LTS (v9.0).

Fixed SCRAM authentication for non-Node.js runtimes (e.g., Deno)

SCRAM-based authentication (the default mechanism for username/password connections) was broken when using the driver in non-Node.js environments such as Deno. The root cause was an implicit toString() call on byte arrays that produced incorrect output outside of Node.js. This fix ensures explicit UTF-8 string conversion is used throughout the SCRAM implementation, restoring authentication in Deno and other web-compatible runtimes.

Features

• NODE-7518: bump maxWireVersion (#4950) (4447050)

Bug Fixes

• NODE-7548: SCRAM authentication fails on non-Node runtimes (#4932) (a10d2c9)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

Changelog

Sourced from mongodb's changelog.

7.3.0 (2026-06-04)

Features

• NODE-7518: bump maxWireVersion (#4950) (4447050)

Bug Fixes

• NODE-7548: SCRAM authentication fails on non-Node runtimes (#4932) (a10d2c9)

Commits

• 99106de chore(main): release 7.3.0 (#4944)
• fd940fe ci: use toolchain python in windows (#4954)
• b7f54b5 test(NODE-5517): display installed deps in CI (#4948)
• de29d72 chore: disable bson compat tests in prs (#4952)
• 4447050 feat(NODE-7518): bump maxWireVersion (#4950)
• d2b828b chore(NODE-7599): tighten build workflow permissions and update release docs ...
• 24e5705 chore(NODE-7512): add Windows Node Latest to smoke test configuration (#4940)
• 90f6967 chore(NODE-7563): migrate main release workflows to npm trusted publishers (#...
• a10d2c9 fix(NODE-7548): SCRAM authentication fails on non-Node runtimes (#4932)
• 5c986b1 test(NODE-6820): test on Graviton processor (#4936)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for mongodb since your current version.

Updates better-sqlite3 from 12.10.0 to 12.10.1

Release notes

Sourced from better-sqlite3's releases.

v12.10.1

What's Changed

• Bump the github-actions group across 1 directory with 4 updates by @​dependabot[bot] in WiseLibs/better-sqlite3#1451
• Fix V8 external API usage for Electron 42 by @​tstone-1 in WiseLibs/better-sqlite3#1475

Full Changelog: WiseLibs/better-sqlite3@v12.10.0...v12.10.1

Commits

• da6152c 12.10.1
• 5bb63a2 Fix V8 external API usage for Electron 42 (#1475)
• ca60e36 Bump the github-actions group across 1 directory with 4 updates (#1451)
• f93f490 Update SQLite to version 3.53.2 (#1483)
• See full diff in compare view

Updates @better-auth/core from 1.6.15 to 1.6.18

Release notes

Sourced from @​better-auth/core's releases.

v1.6.18

better-auth

Bug Fixes

• Fixed getCookieCache to return null for expired sessions instead of treating stale signed cookies as live sessions.
• Fixed the delete-account confirmation link to prevent duplicate account deletions from concurrent callback requests.
• Fixed one-time tokens from being redeemable multiple times under concurrent requests.
• Fixed password reset tokens from changing a password more than once under concurrent requests.
• Fixed Reddit sign-in to assign a non-routable placeholder address (<id>@reddit.invalid) to users with no email, preventing accidental matches with real mailboxes.
• Fixed Sign-In with Ethereum nonces from being accepted multiple times under concurrent sign-in requests.
• Added internalAdapter.reserveVerificationValue to atomically record single-use markers, ensuring only one concurrent caller succeeds for replay-protected operations.
• Added the incrementOne adapter method and SecondaryStorage.increment for atomic counter updates, enabling strict rate-limit and usage-counter enforcement under concurrent load.
• Fixed expired two-factor challenges from completing login and prevented duplicate session creation from concurrent verifications.
• Fixed captcha verification to time out after 10 seconds, preventing slow or unreachable captcha providers from hanging requests indefinitely.
• Fixed /delete-user/callback to reject account deletion when the session has been revoked server-side (cookie-only session deployments are unaffected).
• Fixed rate limiting to prevent concurrent requests from slipping past configured limits, with a new optional consume method for custom storage backends to opt into strict enforcement.
• Fixed team deletion to preserve pending invitations by removing only the deleted team's reference rather than invalidating the invitations entirely.
• Fixed expected authentication validation failures to log as warnings instead of errors.
• Fixed MCP bearer token validation to reject expired access tokens and require the offline_access scope for refresh token usage.
• Fixed plugin API inference in composite monorepo setups where the core package resolved through multiple paths (#9583)
• Fixed OpenAPI generation to accurately serialize Zod request schemas, including optional, nullable, intersected, and record-shaped types (#9315)
• Fixed a memory leak where the JWKS cache could grow on every access token verification.
• Fixed Google One Tap to require a configured client ID (set via the oneTap plugin or socialProviders.google) and reject tokens issued for other applications.
• Fixed device-authorization token polling to prevent the same approved device code from being redeemed multiple times under concurrent polls.
• Fixed account cookie preservation when switching users in the same browser session.
• Fixed email OTP sign-in to prevent concurrent requests from signing in multiple times or exceeding the attempt limit.
• Fixed phone-number OTP sign-in to prevent concurrent requests from signing in multiple times or exceeding the attempt limit.
• Fixed two-factor OTP sign-in to prevent concurrent requests from signing in multiple times or exceeding the attempt limit.
• Fixed the Have I Been Pwned plugin to check breached passwords on additional endpoints, including email-OTP and phone-number reset-password routes and admin password-setting routes.
• Fixed the multi-session set-active and revoke endpoints to only act on sessions the caller holds a signed cookie for, preventing unauthorized session manipulation.
• Fixed the OIDC /oauth2/endsession endpoint to reject cross-site logout requests that carry only a session cookie without a valid id_token_hint.
• Fixed WeChat sign-in to work without an email address by assigning a stable placeholder email, with mapProfileToUser available to supply a real one.

For detailed changes, see CHANGELOG

@better-auth/sso

Bug Fixes

• Fixed SAML assertion replay protection to hold under concurrent requests, preventing a duplicate submission from being accepted more than once.
• Fixed organization admins and owners to verify domain ownership for SSO providers their organization owns, not just the member who originally registered the provider.
• Fixed trustEmailVerified to treat only a boolean true or the string "true" as a verified email, rejecting the string "false" as unverified.

For detailed changes, see CHANGELOG

@better-auth/memory-adapter

Bug Fixes

... (truncated)

Changelog

Sourced from @​better-auth/core's changelog.

1.6.18

Patch Changes

• #9583 b21a5f7 Thanks @​GautamBytes! - Fix plugin-provided client methods and additional session fields not being inferred in composite monorepos.

1.6.17

Patch Changes

• #9993 baeaa00 Thanks @​gustavovalverde! - Add the optional incrementOne adapter method and the optional SecondaryStorage.increment method. incrementOne atomically applies signed numeric deltas to a single row under a where-clause guard (for example, decrementing a remaining-uses counter only while it is still positive) and returns the updated row, or null when the guard matched no row. Adapters that do not implement it natively keep working through a transaction-based fallback. SecondaryStorage.increment atomically increments a counter and sets its time-to-live only when the key is first created.

• #9987 7343284 Thanks @​bytaesu! - Fixed a memory leak where the JWKS cache could grow on every access token verification.

• #10003 fdef997 Thanks @​gustavovalverde! - Microsoft Entra ID sign-in now honors the configured tenant restriction. tenantId: "organizations" rejects personal Microsoft accounts, and tenantId: "consumers" rejects work and school accounts. Both were accepted before.

• #9993 baeaa00 Thanks @​gustavovalverde! - Concurrent requests can no longer slip past the configured rate limit. The in-memory rate-limit store no longer grows without bound, and the database backend removes expired entries on its own. A custom rate-limit storage may implement a new optional consume method for strict enforcement; without it, the previous behavior is kept and a one-time warning is logged.

• #10003 fdef997 Thanks @​gustavovalverde! - A Reddit user with no email now receives a non-routable placeholder address (<id>@reddit.invalid) instead of one on the real reddit.com domain, so it cannot match a deliverable mailbox. The address stays unverified, and mapProfileToUser can supply a real email.

• #9993 baeaa00 Thanks @​gustavovalverde! - Add internalAdapter.reserveVerificationValue. It atomically records a single-use marker (such as a replay tombstone) so that exactly one of several concurrent callers succeeds and the rest observe that the marker is already taken. Database-backed verification storage is atomic; secondary-storage-only verification is best-effort.

• #9990 1dbf5bb Thanks @​gustavovalverde! - Hardens how requests are trusted across several flows. Rate limiting is now enforced even when a client IP cannot be determined, instead of being skipped. When baseURL is not configured, password-reset and verification links use the current request's host rather than the host of the first request the server handled, and a request-scoped trustedOrigins callback no longer affects other concurrent requests. The OAuth proxy, Google One Tap, and the Expo authorization proxy reject redirect and callback targets that are not in trustedOrigins. Google reCAPTCHA and Cloudflare Turnstile accept optional expectedAction and allowedHostnames to reject tokens minted for a different action or hostname. Server-side fetches reject additional reserved IPv6 ranges, and malformed redirect parameters return a 400 instead of a 500.

• #10003 fdef997 Thanks @​gustavovalverde! - WeChat sign-in now succeeds with the documented default setup, which previously failed because WeChat returns no email address. The created user receives a stable, unverified placeholder email; supply a real one with mapProfileToUser.

1.6.16

Patch Changes

• #9974 cb1cbfa Thanks @​Bekacru! - Validate Facebook opaque access tokens against the configured app. Previously verifyIdToken returned true for any non-JWT token and getUserInfo called Graph /me with the caller-supplied token without checking which app issued it, so tokens issued for other Facebook apps were not distinguished on the direct sign-in path. Facebook tokens are now inspected via the debug_token endpoint, requiring is_valid, an app_id that matches one of the configured client ids, and a user_id that matches the returned profile, before the token is accepted. A client secret must be configured for access-token sign-in to work.

• #9974 cb1cbfa Thanks @​Bekacru! - Enforce the Google hd (hosted domain) option against the id token. Previously hd was only sent to Google as an authorization hint, which does not by itself restrict sign-in to the configured Workspace domain. When hd is set, the hd claim on the verified id token (verifyIdToken) and the decoded callback profile (getUserInfo) must be present and match, otherwise sign-in is rejected.

• #9974 cb1cbfa Thanks @​Bekacru! - Scope the JWKS cache per source. Access-token verification previously kept a single global key set and reused it whenever it contained a key matching the token's kid, without considering which JWKS source the verification was for. When verifying tokens against more than one source, a token could end up matched against keys fetched for a different source if the two shared a kid. The cache is now keyed per JWKS source and honors a TTL, so each verification uses the keys for its own source and rotated or removed keys are no longer used after the TTL elapses.

• #9974 cb1cbfa Thanks @​Bekacru! - Cryptographically verify PayPal ID tokens on direct sign-in. Previously verifyIdToken only decoded the JWT and checked that a sub claim was present, performing no signature, issuer, audience, or expiration checks, so any well-formed token paired with a valid access token would be accepted. The token is now verified against PayPal's issuer and published JWKS (RS256) or the client secret (HS256), with the aud pinned to the configured clientId, a maxTokenAge bound, and the nonce checked when supplied.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
spec	Ready	Preview, Comment	Jun 15, 2026 3:17am