Skip to content

Bump better-auth from 1.3.8 to 1.3.24 #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Bump better-auth from 1.3.8 to 1.3.24 #14

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 1, 2025
edited
Loading

Bumps better-auth from 1.3.8 to 1.3.24.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Oct 1, 2025
@vercel
Copy link

vercel bot commented Oct 1, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
diff0-web Ready Ready Preview Comment Oct 18, 2025 8:09am

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/better-auth-1.3.24 branch from 2e99f25 to 8a16613 Compare October 1, 2025 10:34
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/better-auth-1.3.24 branch from 8a16613 to 256c81d Compare October 1, 2025 12:09
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/better-auth-1.3.24 branch from 256c81d to 45dbc01 Compare October 1, 2025 18:15
vercel[bot]
vercel bot reviewed Oct 1, 2025
View reviewed changes
packages/backend/package.json Outdated
"@polar-sh/sdk": "^0.35.4",
"@t3-oss/env-core": "^0.13.8",
"better-auth": "1.3.8",
"better-auth": "1.3.24",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The updated better-auth@1.3.24 and its transitive dependencies now require Node.js >= 20.19.0, but the project doesn't specify a minimum Node version, which could cause runtime failures.

View Details
📝 Patch Details 
diff --git a/packages/backend/package.json b/packages/backend/package.json
index 3e2760e..d49fd20 100644
--- a/packages/backend/package.json
+++ b/packages/backend/package.json
@@ -12,6 +12,9 @@
     "@types/node": "^24.3.0",
     "typescript": "^5.9.2"
   },
+  "engines": {
+    "node": ">=20.19.0"
+  },
   "dependencies": {
     "@diff0/sandbox": "workspace:*",
     "@diff0/ai": "workspace:*",

Analysis

Missing Node.js version requirement for better-auth@1.3.24 cryptographic dependencies

What fails: The better-auth@1.3.24 package requires Node.js >=20.19.0 via transitive dependencies @noble/ciphers@2.0.1 and @noble/hashes@2.0.1, but the project lacks an engines field specification.

How to reproduce:

# Install dependencies on Node.js < 20.19.0
cd packages/backend
pnpm install  # May succeed but runtime could fail

# Check dependency requirements
cat node_modules/.pnpm/@noble+ciphers@2.0.1/node_modules/@noble/ciphers/package.json | grep engines
cat node_modules/.pnpm/@noble+hashes@2.0.1/node_modules/@noble/hashes/package.json | grep engines

Result: Dependencies specify "engines": { "node": ">= 20.19.0" } but project has no corresponding specification, creating deployment compatibility risks.

Expected: Project should specify Node.js version requirement in engines field per npm engines documentation to match transitive dependency requirements and ensure consistent deployment environments.

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/better-auth-1.3.24 branch from 45dbc01 to fb00f9c Compare October 2, 2025 13:50
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/better-auth-1.3.24 branch from fb00f9c to 9815dec Compare October 2, 2025 15:18
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/better-auth-1.3.24 branch from 9815dec to cdf2847 Compare October 2, 2025 15:47
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/better-auth-1.3.24 branch from cdf2847 to d77e9c4 Compare October 3, 2025 07:36
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/better-auth-1.3.24 branch from d77e9c4 to 0a41301 Compare October 4, 2025 13:32
@dependabot
Bump better-auth from 1.3.8 to 1.3.24
04d0bdd 
Bumps [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth) from 1.3.8 to 1.3.24.
- [Release notes](https://github.com/better-auth/better-auth/releases)
- [Commits](https://github.com/better-auth/better-auth/commits/v1.3.24/packages/better-auth)

---
updated-dependencies:
- dependency-name: better-auth
  dependency-version: 1.3.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/better-auth-1.3.24 branch from 0a41301 to 04d0bdd Compare October 18, 2025 08:08
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 24, 2025

Dependabot can't authenticate to a private package registry. Because of this, Dependabot cannot update this pull request.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 24, 2025

Superseded by #27.

@dependabot dependabot bot closed this Oct 24, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/better-auth-1.3.24 branch October 24, 2025 15:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vercel vercel[bot] vercel[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant