chore(deps): bump the production-dependencies group across 1 directory with 13 updates

[dependabot]

Bumps the production-dependencies group with 13 updates in the / directory:

Package	From	To
@better-auth/stripe	1.4.18	1.6.9
@tanstack/db	0.5.25	0.6.5
@tanstack/electric-db-collection	0.2.31	0.3.3
@tanstack/react-db	0.1.69	0.1.83
better-auth	1.4.18	1.6.9
better-sqlite3	12.6.2	12.9.0
drizzle-orm	0.45.1	0.45.2
lucide-react	0.563.0	1.14.0
os-locale	6.0.2	8.0.0
posthog-js	1.339.1	1.372.5
react	19.2.4	19.2.5
react-dom	19.2.4	19.2.5
uuid	13.0.1	14.0.0

Updates @better-auth/stripe from 1.4.18 to 1.6.9

Release notes

Sourced from @​better-auth/stripe's releases.

v1.6.9

better-auth

Bug Fixes

• Fixed instrumentation resolution in the adapter factory so edge and browser environments correctly use the pure variant (#9340)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​erquhart

Full changelog: v1.6.8...v1.6.9

v1.6.8

better-auth

Bug Fixes

• Fixed mapProfileToUser fallback for OAuth providers that may omit email from their profile response (#9331)
• Fixed support for passing id through beforeCreateTeam and beforeCreateInvitation hooks (#9253)

For detailed changes, see CHANGELOG

@better-auth/oauth-provider

Bug Fixes

• Fixed authorization flows that do not include a state parameter (#9328)

For detailed changes, see CHANGELOG

@better-auth/passkey

Bug Fixes

• Fixed incompatibility with TypeScript's exactOptionalPropertyTypes compiler option (#9270)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​baptisteArno, @​gustavovalverde, @​ping-maxwell

Full changelog: v1.6.7...v1.6.8

... (truncated)

Changelog

Sourced from @​better-auth/stripe's changelog.

1.6.9

Patch Changes

• Updated dependencies [815ecf6]:
  • @​better-auth/core@​1.6.9
  • better-auth@1.6.9

1.6.8

Patch Changes

• Updated dependencies [856ab24, 9aa8e63]:
  • better-auth@1.6.8
  • @​better-auth/core@​1.6.8

1.6.7

Patch Changes

• Updated dependencies [307196a, 4a180f0, 4f373ee, e1b1cfc, d053a45]:
  • better-auth@1.6.7
  • @​better-auth/core@​1.6.7

1.6.6

Patch Changes

• Updated dependencies [b5742f9, 4debfb6, 9ea7eb1, a844c7d, ab4c10f, a61083e, e64ff72]:
  • @​better-auth/core@​1.6.6
  • better-auth@1.6.6

1.6.5

Patch Changes

• Updated dependencies [938dd80, 0538627]:
  • better-auth@1.6.5
  • @​better-auth/core@​1.6.5

1.6.4

Patch Changes

• Updated dependencies [9aed910, acbd6ef, 39d6af2]:
  • better-auth@1.6.4
  • @​better-auth/core@​1.6.4

1.6.3

... (truncated)

Commits

• f484269 chore: release v1.6.9 (#9341)
• b289ac6 chore: release v1.6.8 (#9316)
• f8076d1 chore: release v1.6.7 (#9289)
• 0290077 chore: release v1.6.6 (#9222)
• c8a91f4 chore: release v1.6.5 (#9209)
• 9ec849f chore: release v1.6.4 (#9175)
• 6f17bb3 chore: release v1.6.3 (#9081)
• 390a031 fix(stripe): prevent prototype pollution via user-supplied metadata (#9164)
• c5066fe fix(stripe): omit quantity for metered prices in checkout and upgrades (#8926)
• 5f84335 feat(stripe): support Stripe SDK v21 and v22 (#9084)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​better-auth/stripe since your current version.

Updates @tanstack/db from 0.5.25 to 0.6.5

Release notes

Sourced from @​tanstack/db's releases.

@​tanstack/db@​0.6.5

Patch Changes

• fix: pass child where clauses to loadSubset in includes (#1471)

  Pure-child WHERE clauses on includes subqueries (e.g., .where(({ item }) => eq(item.status, 'active'))) are now passed through to the child collection's loadSubset/queryFn, enabling server-side filtering. Previously only the correlation filter reached the sync layer; additional child filters were applied client-side only.

• fix: lazy load includes child collections in on-demand sync mode (#1471)

  Includes child collections now use the same lazy loading mechanism as regular joins. When a query uses includes with a correlation WHERE clause (e.g., .where(({ item }) => eq(item.rootId, r.id))), only matching child rows are loaded on-demand via requestSnapshot({ where: inArray(field, keys) }) instead of loading all data upfront. This ensures the sync layer's queryFn receives the correlation filter in loadSubsetOptions, enabling efficient server-side filtering.

@​tanstack/db@​0.6.4

Patch Changes

• Add includes (hierarchical data) documentation to all framework SKILL.md files and fix inaccurate toArray scalar select constraint in db-core/live-queries skill. (#1361)

@​tanstack/db@​0.6.3

Patch Changes

• Fix nested toArray() includes not propagating changes at depth 3+. When a query used nested includes like toArray(runs) → toArray(texts) → concat(toArray(textDeltas)), changes to the deepest level (e.g., inserting a textDelta) were silently lost because flushIncludesState only drained one level of nested buffers. Also throw a clear error when toArray() or concat(toArray()) is used inside expressions like coalesce(), instead of silently producing incorrect results. (#1457)

• fix: orderBy + limit queries crash when no index exists (#1437)

  When auto-indexing is disabled (the default), queries with orderBy and limit where the limit exceeds the available data would crash with "Ordered snapshot was requested but no index was found". The on-demand loader now correctly skips cursor-based loading when no index is available.

@​tanstack/db@​0.6.2

Patch Changes

• Deduplicate and filter null join keys in lazy join subset queries. Previously, when multiple rows referenced the same foreign key or had null foreign keys, the full unfiltered array was passed to inArray(), producing bloated ANY() SQL params with repeated IDs and NULLs. (#1448)

• fix: default getKey on live query collections fails when used as a source in chained collections (#1432)

  The default WeakMap-based getKey breaks when enriched change values (with virtual props like $synced, $origin, $key) are passed through chained live query collections. The enriched objects are new references not found in the WeakMap, causing all items to resolve to key undefined and collapse into a single item. Falls back to item.$key when the WeakMap lookup misses.

@​tanstack/db@​0.6.1

Patch Changes

• Update all SKILL.md files to v0.6.0 with new documentation for persistence, virtual properties, queryOnce, createEffect, includes, indexing, and sync metadata. Add tanstack-intent keyword to all packages with skills. (#1421)

Changelog

Sourced from @​tanstack/db's changelog.

0.6.5

Patch Changes

• fix: pass child where clauses to loadSubset in includes (#1471)

  Pure-child WHERE clauses on includes subqueries (e.g., .where(({ item }) => eq(item.status, 'active'))) are now passed through to the child collection's loadSubset/queryFn, enabling server-side filtering. Previously only the correlation filter reached the sync layer; additional child filters were applied client-side only.

• fix: lazy load includes child collections in on-demand sync mode (#1471)

  Includes child collections now use the same lazy loading mechanism as regular joins. When a query uses includes with a correlation WHERE clause (e.g., .where(({ item }) => eq(item.rootId, r.id))), only matching child rows are loaded on-demand via requestSnapshot({ where: inArray(field, keys) }) instead of loading all data upfront. This ensures the sync layer's queryFn receives the correlation filter in loadSubsetOptions, enabling efficient server-side filtering.

0.6.4

Patch Changes

• Add includes (hierarchical data) documentation to all framework SKILL.md files and fix inaccurate toArray scalar select constraint in db-core/live-queries skill. (#1361)

0.6.3

Patch Changes

• Fix nested toArray() includes not propagating changes at depth 3+. When a query used nested includes like toArray(runs) → toArray(texts) → concat(toArray(textDeltas)), changes to the deepest level (e.g., inserting a textDelta) were silently lost because flushIncludesState only drained one level of nested buffers. Also throw a clear error when toArray() or concat(toArray()) is used inside expressions like coalesce(), instead of silently producing incorrect results. (#1457)

• fix: orderBy + limit queries crash when no index exists (#1437)

  When auto-indexing is disabled (the default), queries with orderBy and limit where the limit exceeds the available data would crash with "Ordered snapshot was requested but no index was found". The on-demand loader now correctly skips cursor-based loading when no index is available.

0.6.2

Patch Changes

• Deduplicate and filter null join keys in lazy join subset queries. Previously, when multiple rows referenced the same foreign key or had null foreign keys, the full unfiltered array was passed to inArray(), producing bloated ANY() SQL params with repeated IDs and NULLs. (#1448)

• fix: default getKey on live query collections fails when used as a source in chained collections (#1432)

  The default WeakMap-based getKey breaks when enriched change values (with virtual props like $synced, $origin, $key) are passed through chained live query collections. The enriched objects are new references not found in the WeakMap, causing all items to resolve to key undefined and collapse into a single item. Falls back to item.$key when the WeakMap lookup misses.

0.6.1

Patch Changes

• Update all SKILL.md files to v0.6.0 with new documentation for persistence, virtual properties, queryOnce, createEffect, includes, indexing, and sync metadata. Add tanstack-intent keyword to all packages with skills. (#1421)

0.6.0

Minor Changes

• Make indexing explicit with two index types for different use cases (#1353)

... (truncated)

Commits

• 29cf7ce ci: Version Packages (#1475)
• 232f228 fix: lazy load includes child collections in on-demand sync mode (#1471)
• 7ea2020 ci: Version Packages (#1462)
• 1e69dd6 Docs for includes (#1361)
• c336aae ci: Version Packages (#1459)
• e29aab3 fix(db): propagate changes through nested toArray includes at depth 3+ (#1457)
• f4a9bd2 fix: skip on-demand loading when no index exists for orderBy + limit queries ...
• e8e029e ci: Version Packages (#1433)
• 3fe689a fix: deduplicate and filter null join keys in lazy join subset queries (#1448)
• c314c36 fix: default getKey on live query collections fails on enriched objects (#1432)
• Additional commits viewable in compare view

Updates @tanstack/electric-db-collection from 0.2.31 to 0.3.3

Release notes

Sourced from @​tanstack/electric-db-collection's releases.

@​tanstack/electric-db-collection@​0.3.3

Patch Changes

• Updated dependencies [232f228, 232f228]:
  • @​tanstack/db@​0.6.5

@​tanstack/electric-db-collection@​0.3.2

Patch Changes

• Updated dependencies [1e69dd6]:
  • @​tanstack/db@​0.6.4

@​tanstack/electric-db-collection@​0.3.1

Patch Changes

• Updated dependencies [e29aab3, f4a9bd2]:
  • @​tanstack/db@​0.6.3

@​tanstack/electric-db-collection@​0.3.0

Minor Changes

• feat: add DNF/active_conditions support for arbitrary boolean WHERE clauses (#1270)

  electric-sql/electric#3791/ delimiter with empty segments for non-participating positions. Shapes with subquery dependencies send active_conditions headers and use DNF evaluation for row visibility. Simple shapes without subqueries retain existing empty-tag-set deletion behavior.

Patch Changes

• Updated dependencies [3fe689a, c314c36]:
  • @​tanstack/db@​0.6.2

@​tanstack/electric-db-collection@​0.2.43

Patch Changes

• Updated dependencies [8b7fb1a]:
  • @​tanstack/db@​0.6.1

Changelog

Sourced from @​tanstack/electric-db-collection's changelog.

0.3.3

Patch Changes

• Updated dependencies [232f228, 232f228]:
  • @​tanstack/db@​0.6.5

0.3.2

Patch Changes

• Updated dependencies [1e69dd6]:
  • @​tanstack/db@​0.6.4

0.3.1

Patch Changes

• Updated dependencies [e29aab3, f4a9bd2]:
  • @​tanstack/db@​0.6.3

0.3.0

Minor Changes

• feat: add DNF/active_conditions support for arbitrary boolean WHERE clauses (#1270)

  electric-sql/electric#3791/ delimiter with empty segments for non-participating positions. Shapes with subquery dependencies send active_conditions headers and use DNF evaluation for row visibility. Simple shapes without subqueries retain existing empty-tag-set deletion behavior.

Patch Changes

• Updated dependencies [3fe689a, c314c36]:
  • @​tanstack/db@​0.6.2

0.2.43

Patch Changes

• Updated dependencies [8b7fb1a]:
  • @​tanstack/db@​0.6.1

0.2.42

Patch Changes

• fix(persistence): harden persisted startup, truncate metadata semantics, and resume identity matching (#1380)
  • Restore persisted wrapper markReady fallback behavior so startup failures do not leave collections stuck in loading state
  • Replace load cancellation reference identity tracking with deterministic load keys for loadSubset / unloadSubset
  • Document intentional truncate behavior where collection-scoped metadata writes are preserved across truncate transactions
  • Tighten SQLite applied_tx migration handling to only ignore duplicate-column add errors

... (truncated)

Commits

• 29cf7ce ci: Version Packages (#1475)
• dd16655 chore: bump @​electric-sql/client to ^1.5.15 (#1466)
• 7ea2020 ci: Version Packages (#1462)
• c336aae ci: Version Packages (#1459)
• e8e029e ci: Version Packages (#1433)
• cde8af1 feat(electric-db-collection): DNF/active_conditions support (#1270)
• caf5166 ci: Version Packages (#1422)
• 3180109 ci: Version Packages (#1377)
• 2376b47 refactor: rename persistence packages to follow naming convention (#1404)
• b65d8f7 Make indexing opt-in (#1353)
• Additional commits viewable in compare view

Updates @tanstack/react-db from 0.1.69 to 0.1.83

Release notes

Sourced from @​tanstack/react-db's releases.

@​tanstack/react-db@​0.1.83

Patch Changes

• Updated dependencies [232f228, 232f228]:
  • @​tanstack/db@​0.6.5

@​tanstack/react-db@​0.1.82

Patch Changes

• Add includes (hierarchical data) documentation to all framework SKILL.md files and fix inaccurate toArray scalar select constraint in db-core/live-queries skill. (#1361)

• Updated dependencies [1e69dd6]:

  • @​tanstack/db@​0.6.4

@​tanstack/react-db@​0.1.81

Patch Changes

• Updated dependencies [e29aab3, f4a9bd2]:
  • @​tanstack/db@​0.6.3

@​tanstack/react-db@​0.1.80

Patch Changes

• Fix stale status mismatch in useLiveSuspenseQuery causing infinite suspense fallback. (#1427)

• Updated dependencies [3fe689a, c314c36]:

  • @​tanstack/db@​0.6.2

@​tanstack/react-db@​0.1.79

Patch Changes

• Update all SKILL.md files to v0.6.0 with new documentation for persistence, virtual properties, queryOnce, createEffect, includes, indexing, and sync metadata. Add tanstack-intent keyword to all packages with skills. (#1421)

• Updated dependencies [8b7fb1a]:

  • @​tanstack/db@​0.6.1

Changelog

Sourced from @​tanstack/react-db's changelog.

0.1.83

Patch Changes

• Updated dependencies [232f228, 232f228]:
  • @​tanstack/db@​0.6.5

0.1.82

Patch Changes

• Add includes (hierarchical data) documentation to all framework SKILL.md files and fix inaccurate toArray scalar select constraint in db-core/live-queries skill. (#1361)

• Updated dependencies [1e69dd6]:

  • @​tanstack/db@​0.6.4

0.1.81

Patch Changes

• Updated dependencies [e29aab3, f4a9bd2]:
  • @​tanstack/db@​0.6.3

0.1.80

Patch Changes

• Fix stale status mismatch in useLiveSuspenseQuery causing infinite suspense fallback. (#1427)

• Updated dependencies [3fe689a, c314c36]:

  • @​tanstack/db@​0.6.2

0.1.79

Patch Changes

• Update all SKILL.md files to v0.6.0 with new documentation for persistence, virtual properties, queryOnce, createEffect, includes, indexing, and sync metadata. Add tanstack-intent keyword to all packages with skills. (#1421)

• Updated dependencies [8b7fb1a]:

  • @​tanstack/db@​0.6.1

0.1.78

Patch Changes

• Update dependencies across workspace to resolve version mismatches: @electric-sql/client ^1.5.13, @tanstack/store ^0.9.2, pg ^8.20.0. Adapt subscription cleanup to @tanstack/store 0.9.x API which returns Subscription objects instead of unsubscribe functions. (#1381)

• Updated dependencies [f60384b, b8abc02, 09c7afc, bb09eb1, 179d666, 43ecbfa, 055fd94, 055fd94, 055fd94, 055fd94, 85f5435, b65d8f7, e0df07e, 9952921, d351c67]:

  • @​tanstack/db@​0.6.0

... (truncated)

Commits

• 29cf7ce ci: Version Packages (#1475)
• dd16655 chore: bump @​electric-sql/client to ^1.5.15 (#1466)
• 7ea2020 ci: Version Packages (#1462)
• 1e69dd6 Docs for includes (#1361)
• c336aae ci: Version Packages (#1459)
• e8e029e ci: Version Packages (#1433)
• 6428fe3 fix(react-db): use collection.status instead of snapshot in useLiveSuspenseQu...
• cde8af1 feat(electric-db-collection): DNF/active_conditions support (#1270)
• caf5166 ci: Version Packages (#1422)
• 8b7fb1a docs: Add db-core/persistence skill and update library version to 0.6.0 (#1421)
• Additional commits viewable in compare view

Updates better-auth from 1.4.18 to 1.6.9

Release notes

Sourced from better-auth's releases.

v1.6.9

better-auth

Bug Fixes

• Fixed instrumentation resolution in the adapter factory so edge and browser environments correctly use the pure variant (#9340)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​erquhart

Full changelog: v1.6.8...v1.6.9

v1.6.8

better-auth

Bug Fixes

• Fixed mapProfileToUser fallback for OAuth providers that may omit email from their profile response (#9331)
• Fixed support for passing id through beforeCreateTeam and beforeCreateInvitation hooks (#9253)

For detailed changes, see CHANGELOG

@better-auth/oauth-provider

Bug Fixes

• Fixed authorization flows that do not include a state parameter (#9328)

For detailed changes, see CHANGELOG

@better-auth/passkey

Bug Fixes

• Fixed incompatibility with TypeScript's exactOptionalPropertyTypes compiler option (#9270)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​baptisteArno, @​gustavovalverde, @​ping-maxwell

Full changelog: v1.6.7...v1.6.8

... (truncated)

Changelog

Sourced from better-auth's changelog.

1.6.9

Patch Changes

• Updated dependencies [815ecf6]:
  • @​better-auth/core@​1.6.9
  • @​better-auth/drizzle-adapter@​1.6.9
  • @​better-auth/kysely-adapter@​1.6.9
  • @​better-auth/memory-adapter@​1.6.9
  • @​better-auth/mongo-adapter@​1.6.9
  • @​better-auth/prisma-adapter@​1.6.9
  • @​better-auth/telemetry@​1.6.9

1.6.8

Patch Changes

• #9253 856ab24 Thanks @​baptisteArno! - fix(organization): allow passing id through beforeCreateTeam and beforeCreateInvitation

  Mirrors #4765 for teams and invitations: adapter.createTeam and adapter.createInvitation now pass forceAllowId: true, so ids returned from the respective hooks survive the DB insert.

• #9331 9aa8e63 Thanks @​gustavovalverde! - fix(oauth): support mapProfileToUser fallback for providers that may omit email

  Social sign-in with OAuth providers that may return no email address (Discord phone-only accounts, Apple subsequent sign-ins, GitHub private emails, Facebook, LinkedIn, and Microsoft Entra ID managed users) can now be unblocked by synthesizing an email inside mapProfileToUser. Rejection logger messages now point at this workaround and at the new "Handling Providers Without Email" docs section.

  Provider profile types now reflect where email can be null or absent:

  • DiscordProfile.email is string | null and optional (absent when the email scope is not granted)
  • AppleProfile.email is optional
  • GithubProfile.email is string | null
  • FacebookProfile.email is optional
  • FacebookProfile.email_verified is optional (Meta's Graph API does not include this field)
  • LinkedInProfile.email is optional
  • LinkedInProfile.email_verified is optional
  • MicrosoftEntraIDProfile.email is optional

  TypeScript consumers who previously dereferenced profile.email directly inside mapProfileToUser will see a compile error that matches the runtime reality; use a nullish-coalescing fallback (profile.email ?? ...) or null-check the field.

  Sign-in still rejects with error=email_not_found (social callback) or error=email_is_missing (Generic OAuth plugin) when neither the provider nor mapProfileToUser produces an email. First-class support for users without an email, keyed on (providerId, accountId) per OpenID Connect Core §5.7, is tracked in #9124.

• Updated dependencies [9aa8e63]:

  • @​better-auth/core@​1.6.8
  • @​better-auth/drizzle-adapter@​1.6.8
  • @​better-auth/kysely-adapter@​1.6.8
  • @​better-auth/memory-adapter@​1.6.8
  • @​better-auth/mongo-adapter@​1.6.8
  • @​better-auth/prisma-adapter@​1.6.8
  • @​better-auth/telemetry@​1.6.8

1.6.7

... (truncated)

Commits

• f484269 chore: release v1.6.9 (#9341)
• fef7dd6 chore: update readme (#9330)
• b289ac6 chore: release v1.6.8 (#9316)
• 9aa8e63 fix(oauth): support mapProfileToUser fallback for providers that may omit e...
• 856ab24 fix(organization): allow passing id through beforeCreateTeam and `beforeCre...
• f8076d1 chore: release v1.6.7 (#9289)
• 4f373ee feat(social-providers): accept array of Client IDs for ID token audience (#9292)
• e1b1cfc fix(oauth2): guard against undefined body when parsing state (#9293)
• d053a45 fix(phone-number): call callbackOnVerification when updatePhoneNumber is enab...
• 307196a fix(api): preserve response headers when APIError is thrown (#9211)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for better-auth since your current version.

Updates better-sqlite3 from 12.6.2 to 12.9.0

Release notes

Sourced from better-sqlite3's releases.

v12.9.0

What's Changed

• Update SQLite to version 3.53.0 in WiseLibs/better-sqlite3#1464

Full Changelog: WiseLibs/better-sqlite3@v12.8.0...v12.9.0

v12.8.0

What's Changed

• Readme: requires Node.js v20 or later by @​Prinzhorn in WiseLibs/better-sqlite3#1443
• Update SQLite to version 3.51.3 in WiseLibs/better-sqlite3#1460
• fix: use HolderV2() for PropertyCallbackInfo on V8 >= 12.5 by @​tstone-1 in WiseLibs/better-sqlite3#1459

New Contributors

• @​tstone-1 made their first contribution in WiseLibs/better-sqlite3#1459

Why SQLite v3.51.3 instead of v3.52.0

From the SQLite team:

Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

Hence, if you were planning to upgrade to 3.52.0 tomorrow (Friday, 2026-03-14), perhaps it would be better to wait a day or so for 3.51.3.

At some point we will do version 3.52.1 which will hopefully resolve the issues that have arisen with the 3.52.0 release.

Full Changelog: WiseLibs/better-sqlite3@v12.7.1...v12.8.0

v12.7.1

Also not a viable release

The V8 API change was more bonkers than expected. See v12.8.0.

What's Changed

• fix: use Holder() instead of This() for Electron 41 compatibility by @​mceachen in WiseLibs/better-sqlite3#1456
• Roll back to SQLite to version 3.51.2 in WiseLibs/better-sqlite3#1457

Full Changelog: WiseLibs/better-sqlite3@v12.7.0...v12.7.1

v12.7.0

CAUTION: NOT A VIABLE RELEASE

Two (!!) reasons:

1. Electron v41 bit us and removed functions we were using, so a bunch of prebuilds are missing
2. From the SQLite team:

   Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

What's Changed

... (truncated)

Commits

• 4058d24 12.9.0
• f653513 Update SQLite to version 3.53.0 (#1464)
• fe774f5 12.8.0
• 8617ed6 fix: use HolderV2() for PropertyCallbackInfo on V8 >= 12.5 (#1459)
• 959a018 Update SQLite to version 3.51.3 (#1460)
• 43729c0 Readme: requires Node.js v20 or later (#1443)
• 27dc751 12.7.1
• db1119c Update SQLite to version 3.51.2 (#1457)
• d2c4815 fix: use Holder() instead of This() for Electron 41 compatibility (#1456)
• ef9ffce 12.7.0
• Additional commits viewable in compare view

Updates drizzle-orm from 0.45.1 to 0.45.2

Release notes

Sourced from drizzle-orm's releases.

0.45.2

• Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @​EthanKim88, @​0x90sh and @​wgoodall01 for reaching out to us with a reproduction and suggested fix

Commits

• 273c780 + 0.45.2 (#5534)
• 4aa6ecf Kit updates (#5490)
• e8e6edf feat(drizzle-kit): support d1 via binding (#5302)
• See full diff in compare view

Updates lucide-react from 0.563.0 to 1.14.0

Release notes

Sourced from lucide-react's releases.

Version 1.14.0

What's Changed

• feat(icons): added repeat-off icon by @​jguddas in lucide-icons/lucide#3102

Full Changelog: lucide-icons/lucide@1.13.0...1.14.0

Version 1.13.0

What's Changed

• fix(docs): sync URL params with UI state on categories page by @​taimar in lucide-icons/lucide#4111
• feat(icons): add waves-vertical icon by @​jamiemlaw in lucide-icons/lucide#3867

Full Changelog: lucide-icons/lucide@1.12.0...1.13.0

Version 1.12.0...

Description has been truncated