chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@better-auth/api-key (source)	^1.6.10 → ^1.6.11
@iconify-json/lucide	^1.2.107 → ^1.2.108
@iconify-json/simple-icons	^1.2.82 → ^1.2.83
@vitejs/plugin-vue (source)	^6.0.6 → ^6.0.7
agents (source)	>=0.12.3 → >=0.12.4
ai (source)	^6.0.177 → ^6.0.185
better-auth (source)	^1.6.10 → ^1.6.11
better-sqlite3	^12.9.0 → ^12.10.0
shaders	^2.5.120 → ^2.5.124
turbo (source)	^2.9.12 → ^2.9.14
vite (source)	^8.0.12 → ^8.0.13
vue-tsc (source)	^3.2.8 → ^3.3.0

---

Release Notes

better-auth/better-auth (@​better-auth/api-key)

v1.6.11

Compare Source

Patch Changes

• #​9505 b039985 Thanks @​Kvizas! - API key requests that exceed the configured rate limit now return HTTP 429 (Too Many Requests) instead of HTTP 401 (Unauthorized), so clients can distinguish throttling from authentication failures.

• Updated dependencies [0cbddb8, a26333b, 99a254a, ee93485, 5f09d56, b4bc65a, da7e50b, a1c9f3c, 23094a6, 142b86c, 1f2ff42, b0ef96f, 699b09a, e21d744]:

  • @​better-auth/core@​1.6.11
  • better-auth@​1.6.11

vitejs/vite-plugin-vue (@​vitejs/plugin-vue)

v6.0.7

Features

• use carets for @rolldown/pluginutils version (#​776) (941b651)

Bug Fixes

• deps: update all non-major dependencies (#​762) (9e825b8)
• deps: update all non-major dependencies (#​774) (77dc8bc)

cloudflare/agents (agents)

v0.12.4

Compare Source

Patch Changes

• #​1376 6561a3f Thanks @​hrushikeshdeshpande! - Avoid throwing when chat stream resume negotiation/replay races with a closed WebSocket connection.

• #​1509 4aa4176 Thanks @​threepointone! - Prevent duplicate initial state frames during Agent WebSocket connection setup so client-originated state updates are not overwritten by stale initial state messages.

• #​1476 3c48858 Thanks @​whoiskatrin! - Fixed a bug that could cause client state to drift from internal Durable Object state when agent tool calls spanned a Durable Object restart. Recovery now defers user finish hooks until after agent startup and isolates hook failures so one failed mirror write does not block other recovered runs from finalizing.

• #​1514 0371a6f Thanks @​threepointone! - Route streamable HTTP server-to-client requests through the originating POST stream when no standalone SSE stream is available.

• #​1500 7090e9e Thanks @​threepointone! - Preserve structured tool output shapes when truncating older messages or oversized persisted rows, preventing custom toModelOutput handlers from crashing or mis-replaying compacted results.

  Also harden Think's workspace read tool so legacy raw-string read outputs replay as text instead of stalling subsequent turns.

• #​1504 5d27b71 Thanks @​threepointone! - Prune stale sub-agent schedule rows when their owning facet registry entry no longer exists.

• #​1503 7b8ab51 Thanks @​threepointone! - Bump PartyServer to pick up transient Durable Object routing retries and expose routingRetry configuration through getAgentByName.

vercel/ai (ai)

v6.0.185

Compare Source

Patch Changes

• Updated dependencies [488ef33]
  • @​ai-sdk/gateway@​3.0.116

v6.0.184

Compare Source

Patch Changes

• 40fc5e4: fix(ai): default missing embedding warnings to an empty array

v6.0.183

Compare Source

Patch Changes

• Updated dependencies [363cefe]
  • @​ai-sdk/gateway@​3.0.115

v6.0.182

Compare Source

Patch Changes

• e76a29a: fix(ai): download tool-result file URLs

v6.0.180

Compare Source

Patch Changes

• 253bd5a: fix(gateway): enable retry support for gateway errors
• 57ec10f: fix URL of hero animation in README
• Updated dependencies [253bd5a]
  • @​ai-sdk/gateway@​3.0.114

v6.0.178

Compare Source

Patch Changes

• ac6f27e: fix(ai): update opentelemetry pinned version

better-auth/better-auth (better-auth)

v1.6.11

Compare Source

Patch Changes

• #​9568 0cbddb8 Thanks @​gustavovalverde! - Add internalAdapter.consumeVerificationValue(identifier): atomically consume a verification row keyed by identifier. The first concurrent caller receives the row; later racers receive null. Backed by a new DBAdapter.consumeOne primitive implemented natively per adapter (memory, mongo, drizzle, kysely, prisma), with a transaction(findMany + delete) factory fallback. SecondaryStorage.getAndDelete is added as an optional companion; Redis ships it via an atomic Lua get-and-delete operation for compatibility with Redis versions before 6.2.

• #​9162 a26333b Thanks @​ping-maxwell! - fix: cleanup sessions when admin, anonymous, or SCIM deletes a user

• #​9573 99a254a Thanks @​gustavovalverde! - fix(device-authorization): require verify-time ownership claim for approve/deny

  Pending device codes were not bound to the user who entered the code on the verification page until approval, leaving a window where any authenticated user could approve or deny another user's pending code by knowing the user_code. GET /device now claims the pending row for the calling session, and POST /device/approve and POST /device/deny require the calling session to match the claimed owner. Custom verification pages must be served to an authenticated session for the flow to succeed.

• #​8948 ee93485 Thanks @​ping-maxwell! - fix: add error code to change-email-disabled

• #​9572 5f09d56 Thanks @​gustavovalverde! - Fix race condition in the magic-link plugin's verify handler that allowed two concurrent requests to mint two sessions from the same single-use token. The handler now consumes the verification row atomically via internalAdapter.consumeVerificationValue, so a given magic link mints at most one session regardless of concurrency. The allowedAttempts option is retained for backward compatibility but no longer multiplies successful redemptions; tokens are single-use. The second-redeem error code changes from ATTEMPTS_EXCEEDED to INVALID_TOKEN (the token no longer exists after consumption).

• b4bc65a Thanks @​gustavovalverde! - Fix race condition in the OAuth authorization-code grant: two concurrent token-exchange requests sharing the same code could both pass the find step before either delete completed and each mint an independent access/refresh/id token set. The authorization_code handler in @better-auth/oauth-provider, plus the legacy oidc-provider and mcp plugins in better-auth, now consume the verification row atomically via internalAdapter.consumeVerificationValue. The first caller mints tokens; concurrent racers receive invalid_grant (RFC 6749 §5.2). Malformed-verification-value branches in @better-auth/oauth-provider previously returned a project-specific invalid_verification code; those are now invalid_grant so spec-compliant clients can branch on the standard code.

• #​9578 da7e50b Thanks @​gustavovalverde! - handleOAuthUserInfo (used by every social provider, generic-oauth, oauth-proxy, SSO OIDC and SAML, and idToken sign-in) implicitly linked a returning OAuth identity into a local user row whenever the IdP's email_verified claim was true or the provider was trusted. The local row's own emailVerified flag was read only to flip it after linking, never as a precondition. POST /sign-up/email creates rows with emailVerified: false for any caller, so an attacker who pre-registered a victim's email at the application could wait for the legitimate user's first OAuth sign-in: the IdP's verified claim was treated as ownership proof, and the victim's IdP identity was linked into the attacker-owned row.

  The implicit-link gate now requires dbUser.user.emailVerified === true in addition to the provider trust check by default. A new account.accountLinking.requireLocalEmailVerified option (default true) is the public surface for this gate. Apps whose users sign up via OAuth without verifying their email locally can opt back into the legacy behavior with account: { accountLinking: { requireLocalEmailVerified: false } }; understand the takeover risk before doing so. The option is @deprecated; a FIXME at each gate site points at the next-minor follow-up on next that drops the option and makes the gate unconditional.

  The one-tap plugin honored its own copy of the gate and was updated identically: requireLocalEmailVerified and accountLinking.disableImplicitLinking both apply on /one-tap/callback. The email_verified claim from the Google ID token is now normalized via toBoolean so a string "false" is treated as falsy.

  Test fixtures across admin, oidc-provider, mcp, generic-oauth, last-login-method, and oauth-provider suites now mark users emailVerified: true via a databaseHooks.user.create.before hook (or the disableTestUser opt-in on the oauth-provider RP) so the suites continue to exercise their role/flow logic rather than the new gate.

• #​9507 a1c9f3c Thanks @​GautamBytes! - Preserve exact access-control role statement types so predefined organization roles expose only their configured permissions in TypeScript.

• #​9577 23094a6 Thanks @​gustavovalverde! - The organization plugin's invitation recipient endpoints (acceptInvitation, rejectInvitation, getInvitation, listUserInvitations) treated invitation.email.toLowerCase() === session.user.email.toLowerCase() as proof that the calling user owned the invited address. A session-authenticated user whose email matched but was never verified passed the gate, so anyone who could pre-register an unverified account at a victim's email could accept invitations addressed to that email. The requireEmailVerificationOnInvitation opt-in option closed the gap only when explicitly enabled and did not protect getInvitation or listUserInvitations at all.

  The gate is now applied on all four recipient endpoints and the requireEmailVerificationOnInvitation option default flips from false to true so existing apps are secure by default. Apps that intentionally accept invitations from unverified accounts can keep the legacy permissive behavior with organization({ requireEmailVerificationOnInvitation: false }), but they should understand the takeover risk before doing so. Server-side calls to listUserInvitations with ctx.query.email and no session continue to bypass the gate (the caller is trusted).

  The option is @deprecated. The next-minor release on next removes it entirely and makes the gate unconditional.

• #​9548 142b86c Thanks @​dipan-ck! - anonymous plugin now correctly calls onLinkAccount when email verification triggers auto sign-in

• #​9576 1f2ff42 Thanks @​gustavovalverde! - fix(oidc-provider, mcp): authenticate confidential clients on refresh_token grant and harden secret comparison

  Refresh-token grants on the legacy oidc-provider and mcp plugins now require the registered client_secret from confidential clients, matching the authorization_code path. Public clients (where code_verifier substitutes for the secret on the auth-code grant) continue to skip secret validation. Secret comparisons across both plugins now use constant-time equality. The /mcp/token endpoint no longer emits a wildcard CORS Access-Control-Allow-Origin: * header.

  These plugins are deprecated in favor of @better-auth/oauth-provider, which is unaffected. New deployments should adopt the replacement; this patch keeps existing deployments protected while migrating.

• #​9575 699b09a Thanks @​gustavovalverde! - fix(oidc-provider, mcp): drop "none" from advertised signing algorithms, default allowPlainCodeChallengeMethod to false, and reject missing PKCE method

  The legacy oidc-provider and mcp plugins now follow OAuth 2.1 (RFC 9700) on three protocol gates:

  • id_token_signing_alg_values_supported (oidc-provider, mcp) and resource_signing_alg_values_supported (mcp) no longer include "none". Relying parties that negotiate from this list will no longer be steered toward unsigned tokens.
  • allowPlainCodeChallengeMethod defaults to false. Callers who need plain PKCE must opt in explicitly.
  • Under the secure default the authorize endpoint no longer silently rewrites a missing code_challenge_method to "plain" before the allowlist check. A request that provides code_challenge without code_challenge_method is now rejected with invalid_request; the inverse case (code_challenge_method without code_challenge) is also rejected so no inconsistent PKCE state is persisted on the authorization code record.

  Non-breaking for callers who never relied on "none" advertisement or the plain default. Callers who explicitly set allowPlainCodeChallengeMethod: true keep plain on the allowlist and retain the legacy "missing method defaults to plain" behavior for backward compatibility, so existing integrations that opted into plain PKCE continue to work. The next-minor on next will drop both the plain allowlist entry and this fallback; until then, the option is the single explicit knob for legacy behavior. Migrate to @better-auth/oauth-provider for the canonical, spec-aligned implementation.

• Updated dependencies [0cbddb8, c6918ec, da7e50b, b0ef96f, e21d744]:

  • @​better-auth/core@​1.6.11
  • @​better-auth/drizzle-adapter@​1.6.11
  • @​better-auth/kysely-adapter@​1.6.11
  • @​better-auth/memory-adapter@​1.6.11
  • @​better-auth/mongo-adapter@​1.6.11
  • @​better-auth/prisma-adapter@​1.6.11
  • @​better-auth/telemetry@​1.6.11

WiseLibs/better-sqlite3 (better-sqlite3)

v12.10.0

Compare Source

What's Changed

• Update SQLite to version 3.53.1 by @​JoshuaWise in #​1467
• Add support for Node.js v26 prebuilds and remove EOL builds (Node.js v20, v23) by @​m4heshd in #​1468
• Temporarily rollback support for Electron v42 prebuilds by @​m4heshd in #​1470
• Enable percentile functions by @​Maxime-J in #​1447

Full Changelog: WiseLibs/better-sqlite3@v12.9.1...v12.10.0

vercel/turborepo (turbo)

v2.9.14: Turborepo v2.9.14

Compare Source

[!NOTE]
This release contains important security fixes.

High:

• GHSA-5xc8-49mv-x4mm: Turborepo VSCode Extension command injection

Low:

• GHSA-hcf7-66rw-9f5r: Login callback CSRF/session fixation
• GHSA-3qcw-2rhx-2726: Unexpected local code execution during Yarn Berry detection

What's Changed

Changelog

• release(turborepo): 2.9.12 by @​github-actions[bot] in #​12774
• fix: Restore docs mobile menu by @​anthonyshew in #​12782
• ci: Use pull_request for PR title linting by @​anthonyshew in #​12787
• ci: Scope GitHub Actions caches by branch by @​anthonyshew in #​12788
• test: Validate lockfiles without dependency downloads by @​anthonyshew in #​12789
• Removed unneeded import form hash creation script in docs by @​dancrumb in #​12799
• fix: Validate auth callback state by @​anthonyshew in #​12802
• fix: Harden VS Code extension command execution by @​anthonyshew in #​12800
• fix: Avoid project-local Yarn during detection by @​anthonyshew in #​12801
• chore: Release 2.9.13 by @​anthonyshew in #​12803

New Contributors

• @​dancrumb made their first contribution in #​12799

Full Changelog: vercel/turborepo@v2.9.12...v2.9.14

vitejs/vite (vite)

v8.0.13

Compare Source

Features

• bundled-dev: add lazy bundling support (#​21406) (4f0949f)
• optimizer: improve the esbuild plugin converter to pass some properties of build result to onEnd (#​22357) (47071ce)
• update rolldown to 1.0.1 (#​22444) (8c766a6)

Bug Fixes

• build: copy public directory after building same environment with write=false (#​22328) (158e8ae)
• css: await sass/less/styl worker disposal on teardown (fix #​22274) (#​22275) (b7edcb7)
• css: keep deprecated name/originalFileName in synthetic assetFileNames call (#​22439) (8e59c97)
• make isBundled per environment (#​22257) (a576326)
• ssr: avoid rewriting labels that collide with imports (#​22451) (d9b18e0)

Miscellaneous Chores

• remove irrelevant commits from changelog (#​22430) (6ea3838)
• update changelog (#​22413) (fcdc87c)

vuejs/language-tools (vue-tsc)

v3.3.0

Compare Source

language-core

• feat: check required fallthrough attributes (#​6049) - Thanks to @​KazariEX!
• fix: penetrate v-if branch fragments when collecting single root nodes - Thanks to @​KazariEX!
• refactor: rename Sfc APIs to IR - Thanks to @​KazariEX!

language-service

• fix: reuse ASTs for define assignment suggestions - Thanks to @​KazariEX!
• fix: re-support html.customData (#​5910) - Thanks to @​Bomberus!
• fix: strip ="" only for plain boolean props completion edits - Thanks to @​KazariEX!
• fix: reset to default data provider after running with vue data provider - Thanks to @​KazariEX!

typescript-plugin

• feat: refine props completion logic to follow TS behavior (#​5709) - Thanks to @​KazariEX!

vscode

• fix: include extraFileExtensions in tsserver configure request payload (#​6048) - Thanks to @​KazariEX!
• fix: write typescript plugins at build time (#​6050) - Thanks to @​KazariEX!
• fix: avoid infinite diagnostics on Vue files when project diagnostics is enabled (#​6051) - Thanks to @​KazariEX!

v3.2.9

Compare Source

language-core

• fix: do not process inline markdown syntax in semantic-aware segments (#​6038) - Thanks to @​KazariEX!
• perf: rewrite a subset of template node transforms (#​5769) - Thanks to @​KazariEX!

vscode

• fix: trigger file rename edits when moving folders with Vue files (#​6046) - Thanks to @​KazariEX!

workspace

• chore: bump volar services to 0.0.71 (#​6043) - Thanks to @​TRIS-H!

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
nuxt-mcp-toolkit-docs	Ready	Preview, Comment	May 19, 2026 7:15am

[pkg-pr-new]

npm i https://pkg.pr.new/@nuxtjs/mcp-toolkit@257

commit: 98d0227