Upgrade dependencies (2026-05-30)

[pokle]

Summary

• better-auth 1.6.12 — fixes session cookie vulnerability allowing 2FA bypass when caching enabled
• wrangler 4.95.0 — bumps workerd to 1.20260526.1, adds validation for always-remote bindings
• concurrently 10.0.0 — major version (ESM-only, Node >= 22 required — both already met). Patches shellquote vulnerability
• hono 4.12.23 — serve-static path fix, Context class export, IPv6 formatting fix
• agents 0.13.3 — session auto-compaction improvements, facet deadlock fix (pinned exact, pre-1.0)
• @cloudflare/vitest-pool-workers 0.16.10 — aligned with wrangler 4.95.0
• @cloudflare/workers-types 4.20260530.1 — weekly type update

Full details in docs/dependency-review-log.md (2026-05-30 entry).

Test plan

• bun audit — 0 vulnerabilities
• bun run typecheck:all — all 6 workspace typechecks pass
• bun run test:all — 412 + 52 + 251 + 21 tests pass
• bun run test:e2e — 6 chromium specs pass
• CI branch deploy passes

https://claude.ai/code/session_01KiiUwt8VdWQpoWyUsdScYy

---

Generated by Claude Code

[github-actions]

Preview Deployment
https://2a6b3ffe.glidecomp.pages.dev
Commit: 71b4561