fix(deps): update dependency better-auth to v1.4.10

[red-hat-konflux-kflux-prd-rh02]

This PR contains the following updates:

Package	Change	Age	Confidence
better-auth (source)	1.4.5 -> 1.4.10

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

better-auth/better-auth (better-auth)

v1.4.10

Compare Source

   🚀 Features

• Support form data for email sign-in/sign-up and fallback to checking fetch Metadata for first login  -  by @​Paola3stefania, @​bytaesu, Bereket Engida and @​jonathansamines in #​6314 (3f06d)
• expo:
  • Add webBrowserOptions to openAuthSessionAsync  -  by @​himself65 and Copilot in #​7054 (d1184)
• saml:
  • Add XML parser hardening with configurable size limits  -  by @​Paola3stefania in #​6805 (6e1f4)
• stripe:
  • Flexible subscription cancellation and termination management  -  by @​bytaesu and @​GautamBytes in #​6961 (c128d)
  • Handle customer.subscription.created webhook event  -  by @​bytaesu, Copilot and @​himself65 in #​6924 (cf64f)
  • Add disableRedirect option for subscription and billing  -  by @​himself65 and Valerii Strilets in #​7068 (11493)

   🐞 Bug Fixes

• Correct accountLinking default to true  -  by @​bytaesu and @​himself65 in #​6963 (0ccdf)
• Add supportsArrays to memory and mongodb adapters  -  by @​bytaesu in #​6984 (855db)
• Sync updateSession changes to secondary storage and active-sessions list  -  by @​Ridhim-RR, @​bytaesu and Taesu in #​6988 (13dbf)
• admin:
  • Custom role type inference  -  by @​bytaesu in #​6997 (63438)
  • UserId check in /has-permission  -  by @​himself65 and Copilot in #​7016 (adc88)
• anonymous:
  • Missing path breaks anonymous hooks  -  by @​ping-maxwell and @​himself65 in #​6794 (8e85b)
• api:
  • Chain plugin onRequest hooks properly  -  by @​bytaesu in #​7070 (1ee6d)
• client:
  • Prevent duplicate signal processing in atom listeners  -  by @​himself65 in #​7018 (016ba)
  • Apply rate limit focus refetch regardless of session state  -  by @​bytaesu and @​himself65 in #​7048 (bf423)
• expo:
  • Improve parseSetCookieHeader  -  by @​bytaesu in #​6990 (66a61)
• oauth-provider:
  • Support jwksPath  -  by @​dvanmali in #​6989 (54847)
  • Only session db store currently supported  -  by @​dvanmali in #​7000 (49821)
• oauth-proxy:
  • Point provider requests to production and fix cookie handling in non-HTTPS environments  -  by @​bytaesu and Bereket Engida in #​6472 (8e6ad)
• organization:
  • Remove unnecessary type re-export  -  by @​bytaesu in #​7011 (40df9)
• passkey:
  • Use data.id instead of challengeId in deleteVerificationValue  -  by @​GautamBytes in #​6826 (8b4cd)
• stripe:
  • Add 'subscription/restore' to pathMethods  -  by @​bytaesu in #​6959 (9acb7)
  • Prevent trial abuse by checking all user subscriptions  -  by @​GautamBytes, Taesu and @​himself65 in #​6950 (08895)

    View changes on GitHub

v1.4.9

Compare Source

   🚀 Features

• Add ctx.isTrustedDomain helper  -  by @​jonathansamines in #​6462 (d09c5)
• Drizzle pg supports JSON  -  by @​dvanmali in #​6518 (7d5f1)
• Add Refresh Token Support to Kick OAuth Provider  -  by @​CesarRodrigu in #​6263 (b1102)
• Add additionalFields option in verification table schema  -  by @​noctarius in #​6747 (eab5b)
• Add patreon social provider  -  by @​Spuffynism, benkingcode and Kinfe123 in #​6245 (07cdd)
• Add a global backgroundTasks config option to defer actions like sending email and updates to run after response is sent  -  by @​nexxeln and @​Bekacru in #​6713 (d544b)
• admin:
  • Prevent impersonating admins by default [breaking]  -  by @​jslno and @​Bekacru in #​6454 (5fb83)
  • Add support role with permissions for user updates and enforce role change validation  -  by @​Bekacru and Copilot in #​6699 (a0a16)
• expo:
  • Last-login-method client plugin  -  by @​jslno and @​himself65 in #​6413 (381f2)
• multi-session:
  • Allow to infer additional fields  -  by @​jslno in #​6585 (13786)
  • Allow to infer additional fields "  -  by @​Bekacru in #​6585 (e26fc)
• oauth-provider:
  • An oauth 2.1 compliant plugin  -  by @​dvanmali in #​4163 (686fb)
• oauth-proxy:
  • Add expirty timestamp for encrypted tokens  -  by @​Bekacru and Copilot in #​6538 (9f6b8)
• one-time-token:
  • Support setting session cookie on ott verify  -  by @​Bekacru in #​3659 (08e05)
• organization:
  • Allow invited users to see organization name  -  by @​GautamBytes and Copilot in #​6602 (a2476)
• phone-number:
  • Add password length validation for reset functionality  -  by @​Bekacru in #​6674 (4cdf8)
• saml:
  • Assertion timestamp validation with per-provider clock skew  -  by @​Paola3stefania in #​6706 (90c59)
  • Validate SAML crypto algorithms during initial phase  -  by @​Paola3stefania in #​6785 (b56d7)
  • Enforce one-time use of SAML assertions  -  by @​Paola3stefania in #​6719 (2053f)
  • Reject deprecated SAML signature and digest algorithms  -  by @​Paola3stefania in #​6784 (1f171)
  • Reject deprecated SAML signature and digest algorithms  -  by @​Paola3stefania in #​6784 (5bab6)
• sso:
  • Use domain verified flag to trust providers automatically  -  by @​Paola3stefania (6f283)
  • Add InResponseTo validation  -  by @​Paola3stefania in #​6557 (50ffe)
  • Add OIDC discovery  -  by @​Paola3stefania and @​Bekacru in #​6395 (57400)
  • Add URL normalization and validation to all discovery URLs  -  by @​jonathansamines, Paola Estefanía de Campos, @​Paola3stefania and @​Bekacru in #​6503 (17ff1)

   🐞 Bug Fixes

• Add helper types to exports  -  by @​himself65 in #​6479 (9b556)
• Avoid throwing on client side  -  by @​landoncolburn and @​Bekacru in #​6361 (b4f45)
• Export organization plugin types  -  by @​pffigueiredo in #​6490 (8efd5)
• Pathname should be normalized when basePath is set to root  -  by @​Bekacru (9228c)
• Prematurely deleting active sessions in secondary storage  -  by @​DevDuki in #​3885 (45cf4)
• Make sure non-chunked session data cookie is cleared  -  by @​Bekacru (26b2b)
• Array field handling across adapters and schema generation  -  by @​ping-maxwell and @​Bekacru in #​6601 (9d3d1)
• StoreStateStrategy default to database if provided  -  by @​himself65 in #​6619 (880e7)
• Should always remove 2FA verification token after successful verification  -  by @​delfortrie in #​6604 (13efb)
• Prevent stateless refresh with database configured  -  by @​Bekacru in #​6700 (a5e7c)
• Revert token masking in listSessions route  -  by @​bytaesu in #​6749 (f659c)
• Compatible with openapi 3.1  -  by @​himself65 and Copilot in #​6705 (81eec)
• Properly merge updated data in account cookie  -  by @​jslno in #​6758 (5d303)
• Preserve = padding in parsed cookies  -  by @​Shridhad in #​6789 (47884)
• Unify SSO/OAuth account linking and add domain-based org assignment to all sign-in flows  -  by @​Paola3stefania in #​6652 (dd8a5)
• Respect BETTER_AUTH_TRUSTED_ORIGINS env variable  -  by @​Paola3stefania in #​6809 (47682)
• Delete verifications with hooks  -  by @​jonathansamines in #​6803 (059b5)
• Respect IP headers in dev/test environments  -  by @​bytaesu in #​6854 (d3ebf)
• Trusted origins resolving  -  by @​Bekacru in #​6887 (94697)
• Update-user breaking during stateless auth  -  by @​ping-maxwell in #​6894 (3d8ee)
• Export necessary adapter types  -  by @​himself65 in #​6903 (cbd21)
• Use operator in list members where clause  -  by @​Diabl0570 in #​6850 (da820)
• Don't set state query param if state is not provided  -  by @​paoloricciuti in #​6822 (cd772)
• Correct wildcard pattern matching for trustedOrigins  -  by @​bytaesu in #​6904 (ae90b)
• adapter:
  • Add logger creation in adapter factory  -  by @​ping-maxwell in #​6597 (aed7a)
  • Allow run internal adapter outside context  -  by @​himself65 in #​6617 (98f51)
  • Apply customTransformInput to where clause values  -  by @​erquhart, ping-maxwell and @​ping-maxwell in #​6914 (525f0)
• admin:
  • Clear admin session cookie on stopImpersonating  -  by @​jslno in #​6568 (6e614)
• api-key:
  • Check metadata is enabled for api key update endpoint  -  by @​Bekacru in #​6632 (b2af3)
  • Prevent id update error with MongoDB adapter  -  by @​balbuzar in #​6752 (c5731)
• auth:
  • Respect trustedOrigins when baseURL is inferred  -  by @​Paola3stefania in #​6882 (19d2b)
• cli:
  • secret generates empty  -  by @​himself65 in #​6504 (dd254)
  • Deduplicate drizzle schema relationships  -  by @​ping-maxwell in #​6547 (5ce4d)
  • Cmd info --json unexpected exit with 1  -  by @​himself65 in #​6949 (54712)
  • Cmd info --json unexpected exit with 1  -  by @​himself65 in #​6949 (bc8ac)
• client:
  • Set session data on refreshManager  -  by @​himself65 and Copilot in #​6932 (93216)
• cognito:
  • Use %20 encoding for scopes instead of +  -  by @​nathannewyen in #​6929 (840d0)
• core:
  • Allow returning null in getUserInfo in provider options  -  by @​Zollerboy1 in #​6528 (088db)
• db:
  • Correctly unwrap validator result in schema parsing  -  by @​GautamBytes in #​6488 (99d3e)
• deps:
  • Update dependency next to v16.0.7 [security]  -  in #​6501 (4ec31)
  • Update dependency @​react-email/components to v1  -  in #​6600 (67ab6)
• expo:
  • Add missing matcher paths  -  by @​bytaesu in #​6939 (ec38c)
• generic-oauth:
  • Ensure encryptOAuthTokens is respected in account linking flow  -  by @​DevanAbinaya in #​6874 (fbafa)
• kysely:
  • Wrong affected row count in updateMany & deleteMany  -  by @​jslno in #​6572 (56abd)
• line:
  • Enforce nonce  -  by @​Bekacru in #​6631 (12a97)
• magic-link:
  • Handle query params in errorCallbackUrl  -  by @​martinriviere in #​6383 (a3086)
• oidc:
  • Compatibility with exact-optional-property  -  by @​ping-maxwell in #​6502 (2fc58)
• openapi:
  • Mark /get-session response as nullable  -  by @​GautamBytes in #​6540 (6066f)
• organization:
  • Validate role existence in inviteMember endpoint  -  by @​GautamBytes and Gautam Manchandani in #​6774 (c0c94)
  • Allow internal organization creation when disabled for client  -  by @​GautamBytes and Gautam Manchandani in #​6857 (4b092)
• passkey:
  • Use deleteVerificationByIdentifier instead of deleteVerificationValue  -  by @​bytaesu in #​6821 (8c1f7)
• prisma:
  • Use findFirst instead of findMany for findOne  -  by @​Bekacru in #​6429 (e8a55)
• prisma-adapter:
  • Extract id to root level for delete operations  -  by @​ping-maxwell in #​6425 (c3eda)
• saml:
  • Enforce trusted provider check  -  by @​Paola3stefania in #​6551 (69db1)
  • Remove signature validation bypass  -  by @​Paola3stefania in #​6682 (dce3c)
• sso:
  • Safely parse provider configs on registration  -  by @​Paola3stefania and @​Bekacru in #​6550 (e8cc7)
  • Deprecate trustEmailVerified  -  by @​Paola3stefania in #​6616 (c5662)
  • Enforce domain verification in assignOrganizationByDomain  -  by @​Paola3stefania in #​6868 (fc78c)
• stripe:
  • Update subscriptionId to use Stripe id  -  by @​bytaesu in #​6920 (1c9a0)
• username:
  • Await username validator  -  by @​jslno in #​6611 (f45d5)

   🏎 Performance

• Add index on organizations slug field  -  by @​matteobad and matteobadini in #​6303 (a9c98)

    View changes on GitHub

v1.4.8

Compare Source

v1.4.7

Compare Source

   🚀 Features

• admin:
  • Add support role with permissions for user updates and enforce role change validation  -  by @​Bekacru and Copilot in #​6699 (6c68e)
• one-time-token:
  • Support setting session cookie on ott verify  -  by @​Bekacru in #​3659 (7a4e8)
• phone-number:
  • Add password length validation for reset functionality  -  by @​Bekacru in #​6674 (700f4)
• saml:
  • Assertion timestamp validation with per-provider clock skew  -  by @​Paola3stefania in #​6706 (f9875)
• sso:
  • Add InResponseTo validation  -  by @​Paola3stefania in #​6557 (5a49f)
  • Add OIDC discovery  -  by @​Paola3stefania and @​Bekacru in #​6395 (b9d4b)
  • Add URL normalization and validation to all discovery URLs  -  by @​jonathansamines, Paola Estefanía de Campos, @​Paola3stefania and @​Bekacru in #​6503 (50248)

   🐞 Bug Fixes

• Prevent stateless refresh with database configured  -  by @​Bekacru in #​6700 (9fed2)
• api-key: Check metadata is enabled for api key update endpoint  -  by @​Bekacru in #​6632 (87441)
• line: Enforce nonce  -  by @​Bekacru in #​6631 (66699)
• saml: Remove signature validation bypass  -  by @​Paola3stefania in #​6682 (9c1a3)

   🏎 Performance

• Add index on organizations slug field  -  by @​matteobad and matteobadini in #​6303 (c3fe9)

    View changes on GitHub

v1.4.6

Compare Source

   🚀 Features

• Add ctx.isTrustedDomain helper  -  by @​jonathansamines in #​6462 (197e8)
• Drizzle pg supports JSON  -  by @​dvanmali in #​6518 (59b61)
• Add Refresh Token Support to Kick OAuth Provider  -  by @​CesarRodrigu in #​6263 (e9543)
• admin: Prevent impersonating admins by default [breaking]  -  by @​jslno and @​Bekacru in #​6454 (9d452)
• expo: Last-login-method client plugin  -  by @​jslno and @​himself65 in #​6413 (b7d32)
• multi-session: Allow to infer additional fields  -  by @​jslno in #​6585 (812a6)
• organization: Allow invited users to see organization name  -  by @​GautamBytes and Copilot in #​6602 (cda99)
• sso: Use domain verified flag to trust providers automatically  -  by @​Paola3stefania (312fc)

   🐞 Bug Fixes

• Avoid throwing on client side  -  by @​landoncolburn and @​Bekacru in #​6361 (bd987)
• Export organization plugin types  -  by @​pffigueiredo in #​6490 (630c5)
• Prematurely deleting active sessions in secondary storage  -  by @​DevDuki in #​3885 (7d0a6)
• Pathname should be normalized when basePath is set to root  -  by @​Bekacru (126e4)
• Make sure non-chunked session data cookie is cleared  -  by @​Bekacru (aa2fb)
• Array field handling across adapters and schema generation  -  by @​ping-maxwell and @​Bekacru in #​6601 (6494d)
• StoreStateStrategy default to database if provided  -  by @​himself65 in #​6619 (49c6b)
• Should always remove 2FA verification token after successful verification  -  by @​delfortrie in #​6604 (c47b5)
• adapter:
  • Add logger creation in adapter factory  -  by @​ping-maxwell in #​6597 (99b4f)
  • Allow run internal adapter outside context  -  by @​himself65 in #​6617 (adb75)
• admin:
  • Clear admin session cookie on stopImpersonating  -  by @​jslno in #​6568 (8e6c6)
• cli:
  • secret generates empty  -  by @​himself65 in #​6504 (0ca6d)
  • Deduplicate drizzle schema relationships  -  by @​ping-maxwell in #​6547 (a501b)
• core:
  • Allow returning null in getUserInfo in provider options  -  by @​Zollerboy1 in #​6528 (d4957)
• db:
  • Correctly unwrap validator result in schema parsing  -  by @​GautamBytes in #​6488 (89030)
• deps:
  • Update dependency next to v16.0.7 [security]  -  in #​6501 (aeb0b)
  • Update dependency @​react-email/components to v1  -  in #​6600 (c4d27)
• kysely:
  • Wrong affected row count in updateMany & deleteMany  -  by @​jslno in #​6572 (df8be)
• magic-link:
  • Handle query params in errorCallbackUrl  -  by @​martinriviere in #​6383 (69b88)
• oidc:
  • Compatibility with exact-optional-property  -  by @​ping-maxwell in #​6502 (51e46)
• openapi:
  • Mark /get-session response as nullable  -  by @​GautamBytes in #​6540 (be00f)
• prisma:
  • Use findFirst instead of findMany for findOne  -  by @​Bekacru in #​6429 (d814c)
• saml:
  • Enforce trusted provider check  -  by @​Paola3stefania in #​6551 (816f1)
• sso:
  • Safely parse provider configs on registration  -  by @​Paola3stefania and @​Bekacru in #​6550 (cfafc)
• username:
  • Await username validator  -  by @​jslno in #​6611 (b4320)

    View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch konflux/mintmaker/main/better-auth-1.x-lockfile

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[red-hat-konflux-kflux-prd-rh02]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: app/package-lock.json

npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: kartograph-visualizer@0.3.3
npm error Found: better-sqlite3@11.10.0
npm error node_modules/better-sqlite3
npm error   better-sqlite3@"^11.8.1" from the root project
npm error   peerOptional better-sqlite3@">=9.0.0" from prisma@7.2.0
npm error   node_modules/prisma
npm error     peerOptional prisma@"^5.0.0 || ^6.0.0 || ^7.0.0" from better-auth@1.4.10
npm error     node_modules/better-auth
npm error       better-auth@"1.4.10" from the root project
npm error     peerOptional prisma@"*" from @prisma/client@7.2.0
npm error     node_modules/@prisma/client
npm error       peerOptional @prisma/client@"^5.0.0 || ^6.0.0 || ^7.0.0" from better-auth@1.4.10
npm error       node_modules/better-auth
npm error         better-auth@"1.4.10" from the root project
npm error
npm error Could not resolve dependency:
npm error peerOptional better-sqlite3@"^12.0.0" from better-auth@1.4.10
npm error node_modules/better-auth
npm error   better-auth@"1.4.10" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /tmp/renovate/cache/others/npm/_logs/2026-01-08T00_09_13_450Z-eresolve-report.txt
npm error A complete log of this run can be found in: /tmp/renovate/cache/others/npm/_logs/2026-01-08T00_09_13_450Z-debug-0.log