chore(deps): Update non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@base-ui/react (source)	^1.5.0 → ^1.6.0
@better-auth/api-key (source)	^1.6.18 → ^1.6.19
@better-auth/prisma-adapter (source)	^1.6.18 → ^1.6.19
@scalar/nextjs-api-reference (source)	^0.11.3 → ^0.11.4
better-auth (source)	^1.6.18 → ^1.6.19
lucide-react (source)	^1.18.0 → ^1.21.0
radix-ui (source)	^1.5.0 → ^1.6.0

---

Release Notes

mui/base-ui (@​base-ui/react)

v1.6.0

Compare Source

Jun 18, 2026

General changes

• Correct inaccurate prop JSDoc (#​5036) by @​atomiks
• Update the hook value when store/arguments change (#​4866) by @​chuganzy
• Restore viewport morphing after reopen for kept-mounted popups (#​5010) by @​atomiks
• Fix pseudo-element bounds in dev mode (#​5000) by @​atomiks

Accordion

• Fix trigger behavior bugs (#​4833) by @​atomiks
• Remove region role from Accordion.Root (#​4961) by @​chuganzy
• Align keyboard navigation with APG (#​4965) by @​chuganzy

Alert Dialog

• Fix programmatic focus return (#​4849) by @​atomiks

Autocomplete

• Keep ArrowLeft/ArrowRight on the input caret in grid mode (#​4948) by @​spokodev
• Document open requirement for the inline prop (#​5069) by @​atomiks

Avatar

• Fix image status edge cases (#​4835) by @​atomiks

Checkbox

• Fix parent group cancellation and indeterminate state (#​4941) by @​atomiks
• Ignore data-focused Field attribute when disabled (#​4998) by @​atomiks
• Fix extra validate fn calls (#​4911) by @​mj12albert

Checkbox Group

• Fix parent group cancellation and indeterminate state (#​4941) by @​atomiks
• Fix parent checkbox with custom validate fn (#​4912) by @​mj12albert
• Fix validation with multiple required checkboxes (#​4958) by @​atomiks
• Forward group ids (#​4997) by @​atomiks

Collapsible

• Fix trigger and panel state bugs (#​4848) by @​atomiks

Combobox

• Fix chip context error (#​4877) by @​lyzno1
• Keep ArrowLeft/ArrowRight on the input caret in grid mode (#​4948) by @​spokodev
• Avoid re-rendering every item on each keystroke (#​4964) by @​flaviendelangle
• Fix autofill and selected state edge cases (#​4972) by @​atomiks
• Document open requirement for the inline prop (#​5069) by @​atomiks

Dialog

• Fix confirmation return focus (#​5024) by @​atomiks
• Fix programmatic focus return (#​4849) by @​atomiks
• Fix positioning and viewport edge cases (#​4925) by @​atomiks
• Fix non-modal focus-out close and tabindex management (#​5030) by @​atomiks

Drawer

• Fix confirmation return focus (#​5024) by @​atomiks
• Improve swipe dismiss drag performance (#​4867) by @​atomiks
• Drive swipe gestures natively to stop per-frame re-rasterization (#​4980) by @​atomiks
• Add virtual keyboard provider (#​4353) by @​atomiks
• Commit swipe on primary-button release (#​5057) by @​atomiks

Field

• Fix form validation bugs (#​4873) by @​atomiks
• Reflect disabled Field.Item state in Field.Label (#​4916) by @​chuganzy
• Reflect disabled Field.Item state in Field.Description (#​4960) by @​chuganzy
• Fix valueMissing revalidation (#​4995) by @​atomiks
• Fix validation bugs (#​4894) by @​atomiks

Fieldset

• Fix disabled fieldset form bugs (#​4890) by @​atomiks

Form

• Fix form validation bugs (#​4873) by @​atomiks

Menu

• Fix submenu trigger interactions (#​4892) by @​atomiks
• Open submenus on hover after a plain delay (#​4990) by @​atomiks
• Fix controlled hover leave close (#​4893) by @​atomiks
• Fix positioning and viewport edge cases (#​4925) by @​atomiks

Menubar

• Fix vertical menu focus behavior (#​4922) by @​atomiks

Meter

• Sync value text with indicator (#​4904) by @​atomiks

Navigation Menu

• Preserve exit transition when controlled (#​4855) by @​mattrothenberg
• Fix interaction, value, and styling-hook bugs (#​4942) by @​atomiks

Number Field

• Handle unreadable clipboard paste (#​4876) by @​lyzno1
• Fix committed values and keyboard stepping (#​4905) by @​atomiks
• Respect Intl rounding options on blur (#​4804) by @​atomiks
• Fix formatter locale cache (#​4999) by @​atomiks
• Preserve numeric precision while keeping default display formatting (#​5040) by @​atomiks
• Fix input and scrub edge cases (#​5046) by @​atomiks

OTP Field

• 🚨 Breaking change: Unmark preview
  
  the namespace export is renamed OTPFieldPreview → OTPField and should be imported as: { OTPField } from '@​base-ui/react/otp-field' (#​5029) by @​atomiks
• Avoid password manager bubbles after first input (#​4868) by @​atomiks

Popover

• Fix controlled hover leave close (#​4893) by @​atomiks
• Fix programmatic focus return (#​4849) by @​atomiks
• Fix positioning and viewport edge cases (#​4925) by @​atomiks
• Fix non-modal focus-out close and tabindex management (#​5030) by @​atomiks

Preview Card

• Fix controlled hover leave close (#​4893) by @​atomiks
• Fix positioning and viewport edge cases (#​4925) by @​atomiks
• Keep inline preview anchored while open (#​4836) by @​atomiks
• Close when active trigger unmounts (#​4886) by @​michaldudak

Radio Group

• Forward group ids (#​4997) by @​atomiks
• Fix selection on space key press (#​4930) by @​chuganzy
• Fix disabled selected form submission (#​4926) by @​atomiks
• Honor canceled value changes (#​4996) by @​atomiks

Scroll Area

• Fix overflow and scrolling state (#​4936) by @​atomiks
• Add scrolling state to Thumb (#​4982) by @​aarongarciah

Select

• Fix autofill and selected state edge cases (#​4934) by @​atomiks
• Fix dirty state not clearing in multiple mode (#​4971) by @​atomiks
• Skip disabled items in typeahead and fix multiple-mode serialization (#​5025) by @​atomiks

Slider

• Fix extra validate fn calls (#​4911) by @​mj12albert
• Fix interaction edge cases (#​4937) by @​atomiks
• Fix touchend listener accumulation leak (#​5070) by @​atomiks

Switch

• Fix extra validate fn calls (#​4911) by @​mj12albert

Tabs

• Fix state edge cases (#​4935) by @​atomiks
• Fix suspended panel activation (#​4903) by @​atomiks

Toast

• Fix timer and limit edge cases (#​4933) by @​atomiks

Toggle

• Fix grouped cancelation and JSDoc (#​4940) by @​atomiks

Toggle Group

• Fix grouped cancelation and JSDoc (#​4940) by @​atomiks
• Remove invalid aria-orientation from role="group" element (#​4628) by @​sernstberger
• Fix disabled state and roving focus bugs (#​4968) by @​atomiks

Toolbar

• Do not forward disabled to default toolbar button (#​4967) by @​mj12albert
• Fix disabled state and roving focus bugs (#​4968) by @​atomiks

Tooltip

• Fix positioning and viewport edge cases (#​4925) by @​atomiks
• Fix provider delay group lifecycle (#​4887) by @​michaldudak
• Reset preventUnmountOnClose on reopen (#​4885) by @​michaldudak
• Close when active trigger unmounts (#​4886) by @​michaldudak

All contributors of this release in alphabetical order: @​aarongarciah, @​atomiks, @​chuganzy, @​flaviendelangle, @​lyzno1, @​mattrothenberg, @​michaldudak, @​mj12albert, @​sernstberger, @​spokodev

better-auth/better-auth (@​better-auth/api-key)

v1.6.19

Compare Source

Patch Changes

• Updated dependencies [de4aa52, b4b0266, 5bd5e1c, 581f827, 8407885, c1a8a64, 635f190, a787e0b, c2f718f, 7d18175]:
  • better-auth@​1.6.19
  • @​better-auth/core@​1.6.19

better-auth/better-auth (@​better-auth/prisma-adapter)

v1.6.19

Compare Source

Patch Changes

• Updated dependencies [5bd5e1c, a787e0b]:
  • @​better-auth/core@​1.6.19

scalar/scalar (@​scalar/nextjs-api-reference)

v0.11.4

better-auth/better-auth (better-auth)

v1.6.19

Compare Source

Patch Changes

• #​10088 de4aa52 Thanks @​bytaesu! - Session and account cache cookies near the browser's per-cookie size limit (for example with a long cookiePrefix or many cached fields) are now split into chunks instead of being silently dropped by the browser. A cache too large to fit even when chunked is skipped with a warning rather than failing the request, so reads fall back to the database.

• #​9995 b4b0266 Thanks @​ElGauchooooo! - The device authorization plugin now accepts an optional user_id when issuing a device code via /device/code, pre-binding the code to that user. Only the bound user can approve or deny the code, so a publicly visible user code can no longer be claimed by someone else.

• #​10086 5bd5e1c Thanks @​gustavovalverde! - Refresh-token rotation and token revocation, two-factor backup-code regeneration, device-code claiming, and organization invitation acceptance now work on Prisma. Concurrent or repeat requests in these flows could previously return an error on Prisma instead of the expected result.

  On MongoDB servers older than 5.0, these flows and other guarded value updates (rate-limit window resets, API-key refills) no longer fail with an empty-update error.

  @better-auth/core: incrementOne now reports a clear error when called with no increment and no set.

• #​9319 581f827 Thanks @​ping-maxwell! - fix(last-login-method): include domain when clearing cross-subdomain cookies

• #​10067 8407885 Thanks @​bytaesu! - The oauth-popup plugin now ignores internal OAuth state fields passed through its additionalData parameter, so additionalData only ever carries your own custom values.

• #​9555 c1a8a64 Thanks @​ChrisMGeo! - Fix invalid OpenAPI output for Better Auth callback, session, and passkey routes so client generators can consume the schema.

• #​10071 635f190 Thanks @​gustavovalverde! - Auth clients exported from wrapper packages can now be emitted in TypeScript declaration builds without extra type annotations.

• #​10070 a787e0b Thanks @​gustavovalverde! - Single-use verification flows no longer hang on database adapters that use a one-connection pool. This fixes magic-link verification and similar token checks in connection-limited serverless database setups.

• #​9348 c2f718f Thanks @​ping-maxwell! - fix: cookie cache fallback lookup

• #​8863 7d18175 Thanks @​ping-maxwell! - sendVerificationEmail was invoked via runInBackgroundOrAwait, which could defer work when advanced.backgroundTasks.handler is configured (so the handler could return 200 before the email callback finished) and, in the default path, caught and logged errors without rethrowing. User callbacks that throw APIError (e.g. 429 from a rate limiter) were therefore not reliably reflected in the HTTP response (better-auth/better-auth#8757).

  Now we await sendVerificationEmailFn so failures surface to the client with the correct status. The unauthenticated /send-verification-email path enforces a constant-time floor (500 ms) so that the response duration does not reveal whether the email belongs to a real unverified user.

• Updated dependencies [0895993, 5bd5e1c, a787e0b]:

  • @​better-auth/drizzle-adapter@​1.6.19
  • @​better-auth/core@​1.6.19
  • @​better-auth/mongo-adapter@​1.6.19
  • @​better-auth/kysely-adapter@​1.6.19
  • @​better-auth/memory-adapter@​1.6.19
  • @​better-auth/prisma-adapter@​1.6.19
  • @​better-auth/telemetry@​1.6.19

lucide-icons/lucide (lucide-react)

v1.21.0: Version 1.21.0

Compare Source

What's Changed

• ci(release.yml): Remove new-version in release flow by @​ericfennis in #​4478
• ci(release.yml): Fix workflow and remove version scripts in package scripts by @​ericfennis in #​4479
• fix(docs): rename navigation category label by @​Hsiii in #​4483
• feat(icons): added broken-bone icon by @​Patolord in #​4131

New Contributors

• @​Hsiii made their first contribution in #​4483
• @​Patolord made their first contribution in #​4131

Full Changelog: lucide-icons/lucide@1.20.0...1.21.0

v1.20.0: Version 1.20.0

Compare Source

What's Changed

• fix(icons): decreased size of arrows inside square-arrow-* icons by @​jguddas in #​3926
• chore(tags): Add tags to search- icons by @​jamiemlaw in #​4099
• feat(icons): added save-check icon by @​Konixy in #​3120
• feat(icons): added tag-plus and tag-x icons by @​adam-kov in #​3980
• feat(icons): added banknote-check icon by @​mfjramirezf in #​3956
• feat(icons): added clock-arrow-in icon by @​jguddas in #​2403
• feat(icons): added summary icon by @​jpjacobpadilla in #​3114
• feat(icons): added user-round-arrow-in icon by @​jguddas in #​2283
• feat(icons): added clock-arrow-out icon by @​jguddas in #​2404
• docs(docs): fix broken Svelte package source link in README by @​SRKrukowski in #​4468
• chore(deps-dev): bump @​angular/compiler from 21.2.5 to 21.2.17 by @​dependabot[bot] in #​4474
• chore(deps-dev): bump @​angular/core from 21.2.5 to 21.2.17 by @​dependabot[bot] in #​4470
• chore(deps-dev): bump vitest from 4.0.12 to 4.1.0 by @​dependabot[bot] in #​4429
• chore(deps-dev): bump markdown-it from 14.1.1 to 14.2.0 by @​dependabot[bot] in #​4475
• chore(deps-dev): bump @​angular/common from 21.2.5 to 21.2.17 by @​dependabot[bot] in #​4471
• feat(icons): added pencil-sparkles icon by @​jennieboops in #​4445

New Contributors

• @​Konixy made their first contribution in #​3120
• @​adam-kov made their first contribution in #​3980
• @​mfjramirezf made their first contribution in #​3956
• @​SRKrukowski made their first contribution in #​4468
• @​jennieboops made their first contribution in #​4445

Full Changelog: lucide-icons/lucide@1.19.0...1.20.0

v1.19.0: Version 1.19.0

Compare Source

What's Changed

• chore(deps): upgrade pnpm to version 11.6.0 by @​ericfennis in #​4458
• feat(icons): added star-* icons by @​RajnishKMehta in #​3918
• chore(suggest-tags): Update metadata suggestion script by @​ericfennis in #​4462
• feat(icons): added save-pen icon by @​vaporvee in #​4179
• feat(icons): added wrench-off icon by @​nilsjonsson in #​4434
• feat(icons): added ad icon by @​jamiemlaw in #​4323
• feat(icons): added eye-dashed icon by @​karsa-mistmere in #​4415
• feat(icons): added save-plus icon by @​jwlinqx in #​4448
• feat(icons): added list-sort-descending icon by @​ericfennis in #​4457
• fix(lucide-react-native): Fix provider exports by @​ericfennis in #​4463
• fix(site): reserve space for icon detail drawer by @​vyctorbrzezowski in #​4344
• fix(icons): changed wallet-cards icon by @​jguddas in #​3888
• feat(site): Improve search and add sorting options by @​ericfennis in #​4453
• feat(icons): added podium icon by @​jguddas in #​2124

New Contributors

• @​vaporvee made their first contribution in #​4179
• @​nilsjonsson made their first contribution in #​4434
• @​jwlinqx made their first contribution in #​4448
• @​vyctorbrzezowski made their first contribution in #​4344

Full Changelog: lucide-icons/lucide@1.18.0...1.19.0

radix-ui/primitives (radix-ui)

v1.6.0

const Slot = createSlot<HTMLButtonElement, MyCustomButtonProps>('Slot');

Avatar

• Fixed several edge cases with Avatar's loading state
  • An avatar's fallback would not be displayed again if its image component unmounted. This is now fixed.
  • Rendering multiple Avatar.Image components per Avatar.Root was never supported and results in buggy, unpredictable behavior. We now warn about this in development.
  • Zero-sized images were treated as loading, meaning that onLoadingStatusChange is never called once loaded. A zero-sized image now triggers an error status on load.

Password Toggle Field

• Renamed misspelled onVisiblityChange prop to onVisibilityChange.
• Fixed prop type definitions to include asChild for all component parts.

Scroll Area

• Stabilized the viewport style tag unless the nonce changes.

Slot

• SlotProps and createSlot now accept generic type arguments to specify the type of element a slot should render, as well as its props.

Toggle Group

• Updated single-select and multi-select toggle groups to use the radiogroup and toolbar roles, respectively.

Select

• Allowed a Select.Item with an empty string value to act as a "clear" option. Selecting it resets the selection back to the placeholder, restoring the native <select> behavior for optional selects. Previously using an empty string value would throw an error.
• Fixed a bug where typeahead search resulted in focusing an element that no longer exists.

Other updates

• Fixed a regression in that caused submenu misalignment when using custom portals.
• Removed dev-only warnings for dialogs when title and/or description is not rendered.
• Fixed a bug where menus and submenus remained open after a window loses focus.
• Fixed Dismissable Layer so outside interactions stopped by extension UI overlays do not dismiss dialogs or popovers.
• Fixed Duplicate index signature errors that surfaced when consuming multiple packages together.

---

Configuration

📅 Schedule: (in timezone Europe/Berlin)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.