Skip to content

chore: sync upstream v1.6.5 + bump @btst to v2.2.2#41

Draft
cursor[bot] wants to merge 50 commits into
mainfrom
cursor/upstream-release-integration-73de
Draft

chore: sync upstream v1.6.5 + bump @btst to v2.2.2#41
cursor[bot] wants to merge 50 commits into
mainfrom
cursor/upstream-release-integration-73de

Conversation

@cursor
Copy link
Copy Markdown

@cursor cursor Bot commented Apr 17, 2026

Summary

Weekly upstream sync with better-auth/better-auth v1.6.5 (from v1.6.2).

Upstream changes included (v1.6.3 → v1.6.5)

@BTST changes

  • Bumped all 8 @btst/* packages from 2.2.12.2.2 (patch bump — pure upstream sync, no new @BTST features)
  • Fixed trailing spaces in scripts/sync-upstream.ts HEADER_COMMENT to prevent Biome lint failures on future syncs

Conflicts resolved

  • docs/content/blogs/1-5.mdx — accepted upstream
  • pnpm-lock.yaml — accepted upstream, re-ran pnpm install --no-frozen-lockfile

CI checks

  • pnpm lint (Biome)
  • pnpm lint:spell (cspell)
  • pnpm format:check (remark)
  • pnpm lint:types (attw + tsc)
  • pnpm --filter "@btst/*" exec tsc --noEmit
  • @btst/db tests — all pass
  • @btst/adapter-memory tests — all pass
  • @btst/cli schema-conversion.test.ts — all pass
  • @btst/cli generate-all-orms.test.ts — 20 tests pass, no snapshot changes
  • ⚠️ @btst/cli e2e-cli.test.ts — fails as expected (needs live Postgres + MySQL, CI-only)

Post-merge release steps

After merging to main:

git checkout main && git pull
git tag btst-v2.2.2
git push origin btst-v2.2.2
# Then create GitHub Release from that tag
Open in Web View Automation 

gustavovalverde and others added 30 commits April 9, 2026 18:15
@gustavovalverde
fix(ci): prevent label explosion on PRs targeting the next branch (be…
83ed1fe 
…tter-auth#9071)
@gustavovalverde
refactor(ci): simplify release notes to one-line entries (better-auth…
a2fbe07 
…#9067)
@demhadais @ping-maxwell
docs: add database table names (better-auth#9062)
41679fa 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
@ramonclaudio @ping-maxwell
fix: incorrect operationId in password reset callback endpoint (bet…
6ce30cf 
…ter-auth#9072)

Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
@Oluwatobi-Mustapha @ping-maxwell
fix(open-api): correct get-session nullable schema for OAS 3.1 (bette…
f6428d0 
…r-auth#8389)

Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
Co-authored-by: ping-maxwell <maxwell.multinite@gmail.com>
@bytaesu
chore(docs): format markdown including mdx files (better-auth#9085)
099ee48
@tonytkachenko
docs: fix PostgreSQL Prisma native type typo (better-auth#9090)
d141a3b
@bytaesu @leonardo2204 @better-release
feat(stripe): support Stripe SDK v21 and v22 (better-auth#9084)
5f84335 
Co-authored-by: leonardo2204 <1509421+leonardo2204@users.noreply.github.com>
Co-authored-by: better-release[bot] <273320539+better-release[bot]@users.noreply.github.com>
@Saiyaswanthpasupuleti @ping-maxwell @bytaesu
chore: replace z.union with z.xor for permission schemas in admin plu…
684154d 
…gin (better-auth#8982)

Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
Co-authored-by: Taesu <bytaesu@gmail.com>
Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>
@bytaesu @better-release
fix(stripe): omit quantity for metered prices in checkout and upgrades (
c5066fe 
better-auth#8926)

Co-authored-by: better-release[bot] <273320539+better-release[bot]@users.noreply.github.com>
@gustavovalverde
fix(ci): rename release PR with actual version (better-auth#9066)
7fb4a55
@gustavovalverde
fix(sso): unify SAML response processing and fix bugs (better-auth#9097)
52c4751
@bytaesu
fix(cli): handle extends and mid-path wildcards in tsconfig paths (be…
4673c6d 
…tter-auth#9032)
@bytaesu
chore: fix typecheck command in CLAUDE.md (better-auth#9110)
f320994
@gustavovalverde
fix(ci): fix grep -c fallback producing invalid integer in release va…
9fd0192 
…lidation

grep -coP outputs "0" to stdout on no matches but exits 1, causing
the || echo 0 fallback to append a second "0". The resulting "0\n0"
value fails the -lt integer comparison. Use || true instead since
grep -c already outputs the correct count.
@gustavovalverde
feat(oauth-provider): add customTokenResponseFields and harden auth…
314e06f 
…orization code validation (better-auth#9118)
@gustavovalverde
fix(two-factor): enforce 2FA on all sign-in paths (better-auth#9122)
484ce6a
@Byte-Biscuit @gustavovalverde
fix(two-factor): updated backup codes respect storeBackupCodes opti…
f875897 
…on (better-auth#7231)

Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
@gustavovalverde
fix(oauth-provider): graceful DCR override for unauthenticated confid…
e2e25a4 
…ential clients (better-auth#9123)
@dependabot
chore(deps-dev): bump @sveltejs/kit from 2.53.3 to 2.57.1 (better-aut…
504ea25 
…h#9109)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@bytaesu
docs: improve enterprise contact form (better-auth#9128)
a6e9b94
@dependabot @bytaesu
chore(deps): bump next from 16.2.2 to 16.2.3 in /docs (better-auth#9112)
ed2c18d 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Taesu <bytaesu@gmail.com>
Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>
@bytaesu
docs(landing): polish sentinel section (better-auth#9142)
a6f3197
@bytaesu
docs: fix fk references in schema tables to match actual plugin schem…
daf7ab7 
…as (better-auth#9143)
@bytaesu
docs(sso): extract inline fields to named exports (better-auth#9144)
6c946a3
@bytaesu
docs: update not-found page (better-auth#9158)
8dcb988
@seanfilimon
docs: update Convex Labs link in documentation (better-auth#9161)
a1f6199
@Jadenstanton
docs: correct wording for invocable endpoints in integration guides (b…
2514c3d 
…etter-auth#9160)
@bytaesu
fix: resolve dynamic baseURL for direct auth.api calls (better-auth…
513dabb 
…#9113)
@gustavovalverde
chore: minor review followups on recent main commits (better-auth#9163)
92256a2
gustavovalverde and others added 20 commits April 14, 2026 08:01
@gustavovalverde
fix(auth): harden dynamic baseURL resolution (better-auth#9131)
5142e9c
@gustavovalverde
fix(stripe): prevent prototype pollution via user-supplied metadata (b…
390a031 
…etter-auth#9164)
@ping-maxwell @bytaesu @gustavovalverde
fix(client): prevent isMounted race condition causing many rps (bet…
9a6d475 
…ter-auth#9078)

Co-authored-by: Taesu <bytaesu@gmail.com>
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
@better-release
chore: release v1.6.3 (better-auth#9081)
6f17bb3
@bytaesu @ping-maxwell
docs(guides): move dynamic base url from concepts to guides and optio…
dd6528f 
…ns (better-auth#9145)

Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
@GautamBytes @ping-maxwell
fix: honor forceAllowId UUIDs on postgres adapters (better-auth#9068)
acbd6ef 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
@jonathansamines
docs: add docs email normalization on sentinel (better-auth#9188)
7be52d9
@bytaesu
docs(device-authorization): fix approval page query param (better-aut…
a0caa1f 
…h#9197)
@gustavovalverde
fix(two-factor): revert enforcement broadening from better-auth#9122 (b…
9aed910 
…etter-auth#9205)
@gustavovalverde
chore(deps): bump electron and next devDependencies to patched versio…
ba03fb5 
…ns (better-auth#9166)
@gustavovalverde @ping-maxwell
chore(adapters): require patched drizzle-orm and kysely peer versions (
39d6af2 
…better-auth#9165)

Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
@better-release
chore: release v1.6.4 (better-auth#9175)
9ec849f
@ramonclaudio
fix(client): trigger $sessionSignal for session-rotating endpoints (b…
0538627 
…etter-auth#9087)
@jonathansamines @ping-maxwell
docs: add mention to self service directory sync (better-auth#9194)
09005a9 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
@ahmedivy @ping-maxwell
docs: fix wrong AutumnProvider usage in docs (better-auth#9176)
25c8f59 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
@GautamBytes @ping-maxwell
docs(test-utils): clarify production usage (better-auth#9119)
938dd80 
Signed-off-by: Gautam Manchandani <manchandanigautam@gmail.com>
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
@chdanielmueller @gustavovalverde
Merge commit from fork
5b900a2 
* Add tests reproducing GHSA-xr8f-h2gw-9xh6

* Fix GHSA-xr8f-h2gw-9xh6

* Move clientPrivilege assertion to shared helper

* chore: add oauth-provider changeset for GHSA-xr8f-h2gw-9xh6

---------

Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
@better-release
chore: release v1.6.5 (better-auth#9209)
c8a91f4
@cursoragent
chore: merge upstream better-auth v1.6.5
4db8114
@cursoragent
chore: sync upstream v1.6.5 + bump @BTST to v2.2.2
ad2cf46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.