4276 Commits

Author	SHA1	Message	Date
better-release[bot]	f484269228	chore: release v1.6.9 (#9341)	2026-04-24 06:25:08 +01:00
Shawn Erquhart	815ecf62b6	fix(core): resolve instrumentation via package self-reference in adapter factory (#9340) ... Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-24 05:12:34 +00:00
Taesu	fef7dd6df5	chore: update readme (#9330) ... Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2026-04-23 19:50:25 +00:00
better-release[bot]	b289ac6c4b	chore: release v1.6.8 (#9316)	2026-04-23 11:31:03 +01:00
Gustavo Valverde	9aa8e63de8	fix(oauth): support mapProfileToUser fallback for providers that may omit email (#9331)	2026-04-23 10:15:36 +00:00
Maxwell	a02e07cb89	fix(passkey): resolve exactOptionalPropertyTypes incompatibility (#9270) ... Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>	2026-04-23 09:48:05 +00:00
Gustavo Valverde	8e3cc3453c	fix(oauth-provider): accept authorization flows without state (#9328)	2026-04-23 07:00:05 +00:00
Baptiste Arnaud	856ab2426c	fix(organization): allow passing id through beforeCreateTeam and beforeCreateInvitation (#9253) ... Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-22 16:56:50 +00:00
Taesu	b828c54698	chore(deps-dev): bump electron from 38.8.6 to 41.2.2 (#9310)	2026-04-22 12:19:47 +00:00
better-release[bot]	f8076d141a	chore: release v1.6.7 (#9289)	2026-04-22 12:36:30 +01:00
Guilherme D'Alessandro	ec20325173	fix(passkey): verify passkey authentication isnt returning the user (#5209) ... Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>	2026-04-22 10:10:48 +00:00
Tanish Valesha	4e0e6e1fd3	fix(oauth-provider): userinfo Authorization from ctx.headers for auth.api (#9244) ... Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>	2026-04-22 09:20:54 +00:00
Gustavo Valverde	4f373eed8a	feat(social-providers): accept array of Client IDs for ID token audience (#9292)	2026-04-22 09:02:56 +00:00
Ray	4a180f0b0c	fix(core): serve noop ./instrumentation on browser and edge conditions (#9281)	2026-04-22 08:44:00 +00:00
Gustavo Valverde	e1b1cfc7a2	fix(oauth2): guard against undefined body when parsing state (#9293) ... Co-authored-by: Menachem Hornbacher <mhornbacher@kiddom.co>	2026-04-22 08:23:13 +00:00
KinfeMichael Tariku	d053a4583e	fix(phone-number): call callbackOnVerification when updatePhoneNumber is enabled (#4894) ... Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>	2026-04-22 08:11:42 +00:00
Jarod Stewart	307196a405	fix(api): preserve response headers when APIError is thrown (#9211) ... Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-22 06:47:16 +00:00
better-release[bot]	0290077760	chore: release v1.6.6 (#9222)	2026-04-21 17:42:18 +01:00
Taesu	9ea7eb1eab	fix(cookies): preserve partitioned attribute on set-cookie round-trip (#9235) ... Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>	2026-04-21 16:11:29 +00:00
Jonathan Samines	fe5f36c7e3	chore(sso): fix samlify ESM/CJS loading compat issue (#9262)	2026-04-21 16:06:04 +00:00
Taesu	b5742f9d08	feat(core): add mapConcurrent bounded-concurrency utility (#9227)	2026-04-21 15:31:08 +00:00
Maxwell	4debfb600f	fix(custom-session): use coerced boolean for disableRefresh query param validation (#9214)	2026-04-21 10:22:32 +00:00
Maxwell	ab4c10fbc0	fix(organization): infer team additional fields correctly (#9266)	2026-04-21 08:16:39 +00:00
Terijaki	4677601429	fix(expo): read cached session data from SecureStore on app startup (#8953) ... Co-authored-by: Taesu <bytaesu@gmail.com> Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>	2026-04-21 06:49:49 +00:00
Gustavo Valverde	e64ff720fb	fix: unify host classification and close SSRF gaps across packages (#9226)	2026-04-17 23:25:25 +00:00
Jonathan Samines	a844c7dd08	chore(core): update @opentelemetry/api dep declaration to be optional (#9111) ... Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>	2026-04-17 14:26:40 +00:00
Maxwell	3728518d1c	fix(api-key): run secondary-storage api-key executions in parallel (#9187) ... Co-authored-by: Taesu <bytaesu@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com> Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>	2026-04-17 12:43:30 +00:00
Taesu	a61083e023	fix(phone-number): allow removing phone number via updateUser (#9219)	2026-04-17 04:19:26 +00:00
better-release[bot]	c8a91f4167	chore: release v1.6.5 (#9209)	2026-04-16 11:05:30 +01:00
Daniel Müller	5b900a2b43	Merge commit from fork ... * Add tests reproducing GHSA-xr8f-h2gw-9xh6 * Fix GHSA-xr8f-h2gw-9xh6 * Move clientPrivilege assertion to shared helper * chore: add oauth-provider changeset for GHSA-xr8f-h2gw-9xh6 --------- Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>	2026-04-16 10:52:33 +01:00
Gautam Manchandani	938dd80e2d	docs(test-utils): clarify production usage (#9119) ... Signed-off-by: Gautam Manchandani <manchandanigautam@gmail.com> Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>	2026-04-16 01:20:34 +00:00
Ray	05386271ca	fix(client): trigger $sessionSignal for session-rotating endpoints (#9087)	2026-04-15 15:27:48 +00:00
better-release[bot]	9ec849ff71	chore: release v1.6.4 (#9175)	2026-04-15 13:00:42 +01:00
Gustavo Valverde	39d6af2a39	chore(adapters): require patched drizzle-orm and kysely peer versions (#9165) ... Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>	2026-04-15 11:37:50 +00:00
Gustavo Valverde	ba03fb59f4	chore(deps): bump electron and next devDependencies to patched versions (#9166)	2026-04-15 11:24:20 +00:00
Gustavo Valverde	9aed910499	fix(two-factor): revert enforcement broadening from #9122 (#9205)	2026-04-15 10:59:53 +00:00
Gautam Manchandani	acbd6ef69f	fix: honor forceAllowId UUIDs on postgres adapters (#9068) ... Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>	2026-04-14 13:05:11 +00:00
better-release[bot]	6f17bb3ebd	chore: release v1.6.3 (#9081)	2026-04-14 12:04:31 +01:00
Maxwell	9a6d4759cd	fix(client): prevent isMounted race condition causing many rps (#9078) ... Co-authored-by: Taesu <bytaesu@gmail.com> Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>	2026-04-14 09:36:59 +00:00
Gustavo Valverde	390a03190c	fix(stripe): prevent prototype pollution via user-supplied metadata (#9164)	2026-04-14 08:05:31 +00:00
Gustavo Valverde	5142e9cec5	fix(auth): harden dynamic baseURL resolution (#9131)	2026-04-14 08:01:13 +00:00
Gustavo Valverde	92256a2d0d	chore: minor review followups on recent main commits (#9163)	2026-04-14 07:22:10 +00:00
Taesu	513dabb132	fix: resolve dynamic baseURL for direct auth.api calls (#9113)	2026-04-14 06:16:53 +00:00
dependabot[bot]	504ea253ac	chore(deps-dev): bump @sveltejs/kit from 2.53.3 to 2.57.1 (#9109) ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-12 08:24:12 +00:00
Gustavo Valverde	e2e25a4954	fix(oauth-provider): graceful DCR override for unauthenticated confidential clients (#9123)	2026-04-11 15:25:06 +00:00
Byte-Biscuit	f8758975ae	fix(two-factor): updated backup codes respect storeBackupCodes option (#7231) ... Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>	2026-04-11 13:19:46 +00:00
Gustavo Valverde	484ce6a262	fix(two-factor): enforce 2FA on all sign-in paths (#9122)	2026-04-11 12:33:58 +00:00
Gustavo Valverde	314e06f0fd	feat(oauth-provider): add customTokenResponseFields and harden authorization code validation (#9118)	2026-04-11 09:54:48 +00:00
Taesu	4673c6d83c	fix(cli): handle extends and mid-path wildcards in tsconfig paths (#9032)	2026-04-10 16:26:53 +00:00
Gustavo Valverde	52c47517a2	fix(sso): unify SAML response processing and fix bugs (#9097)	2026-04-10 15:00:26 +00:00