fix: Better Auth 1.4 support

[ARLBR10]

The Convex plugin for BetterAuth 1.4 was bugged! If you updated all your dependencies to a higher version an error would occur when importing 'better-auth/plugins/passkey' because on 1.4 passkey became it own dependence at @better-auth/passkey. The migration guide can be found at Better Auth Blog for 1.4
.

Some codebases might need some changes for maximum compatibility but thats not an topic for this PR. And won't have any problems according to the guide.

---

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Summary by CodeRabbit

• Chores
  • Updated multiple package dependencies, including better-auth, React, TypeScript, Vite, and other development tools to their latest versions for improved stability and performance.
  • Added @better-auth/passkey package integration for enhanced authentication support.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Updated project dependencies including peer dependency better-auth from 1.3.34 to 1.4.5, refreshed multiple dev dependencies, added @better-auth/passkey, and updated several utility package versions. Corrected import path for passkey plugin in src/auth.ts to use the new dedicated package.

Changes

Cohort / File(s)	Change Summary
Dependency and Manifest Updates package.json	Updated peerDependencies: better-auth 1.3.34 → 1.4.5. Added @better-auth/passkey ^1.4.5. Updated devDependencies (React 19.2.1, TypeScript 5.9.3, Vite ^7.2.6, and 30+ others). Updated dependencies: convex-helpers, jose, type-fest, zod.
Import Path Correction src/auth.ts	Changed passkey plugin import from "better-auth/plugins/passkey" to "@better-auth/passkey" to align with better-auth 1.4.5 structure.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verify compatibility across the wide range of updated devDependencies (30+ version changes)
• Confirm the import path change in src/auth.ts resolves without runtime errors
• Check that the peer dependency constraint on better-auth doesn't create conflicts downstream

Possibly related issues

• Issue #179: Fixes the import statement change from "better-auth/plugins/passkey" to "@better-auth/passkey" in src/auth.ts, directly addressing the module resolution issue introduced by the better-auth 1.4.5 upgrade.

Poem

🐰 Hops of joy, the deps take flight,
Better-auth gleams, shiny and bright!
Passkey's new home, a dedicated place,
No more path confusion—let's quicken the pace!
Versions ascend, compatibility blessed,
This little bunny's refreshed and impressed! 🎉

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: Better Auth 1.4 support' directly and accurately describes the main change: updating dependencies to support Better Auth 1.4, including the critical passkey import fix from 'better-auth/plugins/passkey' to '@better-auth/passkey'.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b0149f7 and 3444088.

📒 Files selected for processing (2)

• package.json (1 hunks)
• src/auth.ts (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Agent

🔇 Additional comments (4)

package.json (3)

96-96: Better Auth dependencies correctly updated.

The peer dependency update to better-auth: 1.4.5 and the addition of @better-auth/passkey: ^1.4.5 correctly support the passkey plugin migration in src/auth.ts.

Also applies to: 137-137

---

127-128: The devDependencies are still on React 18.3.1, not React 19.2.1. The peerDependencies correctly allow both ^18.3.1 || ^19.0.0, providing flexibility for downstream users, but this package has not yet upgraded its development dependencies to React 19.

Likely an incorrect or invalid review comment.

---

144-144: Zod 4 upgrade is compatible with current codebase usage.

The codebase uses only z.object() and z.string() in the cross-domain plugin (lines 176-178), both of which remain stable in Zod 4. The breaking changes documented for Zod 4 (unified error customization, .default() behavior, z.number() restrictions, z.record() requiring both key and value schemas, deprecated format helpers, .refine() type narrowing) do not apply to this minimal schema definition. No further action needed.

Likely an incorrect or invalid review comment.

src/auth.ts (1)

17-17: Import path correctly updated for Better Auth 1.4.

The @better-auth/passkey import aligns with the Better Auth 1.4 migration where passkey became a separate package. The official migration guide confirms: import { passkey } from "@better-auth/passkey" with usage as plugins: [passkey()].

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR updates the Convex plugin to support Better Auth version 1.4, addressing a breaking change where the passkey plugin was moved to a separate package @better-auth/passkey.

• Updates the passkey import from better-auth/plugins/passkey to @better-auth/passkey
• Upgrades better-auth peer dependency from 1.3.34 to 1.4.5
• Updates numerous other dependencies to newer versions

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 6 comments.

File	Description
src/auth.ts	Updates passkey import to use the new @better-auth/passkey package per Better Auth 1.4 migration requirements
package.json	Adds @better-auth/passkey as a dependency, updates better-auth to 1.4.5, and updates multiple other dependencies to newer versions

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The type-fest version was updated from ^4.39.1 to ^5.3.1, which is a major version bump. Type-fest follows semantic versioning strictly, and major version updates can introduce breaking type changes that may affect the codebase.

Please verify that this major version update doesn't introduce any breaking changes that affect the usage of type-fest in this project.

[Copilot]

The @types/react-dom version was updated from 18.3.7 to 19.2.3, which corresponds to React 19. However, the peerDependencies still allow React 18 (react-dom: ^18.3.1 || ^19.0.0). This version mismatch may cause type incompatibility issues for users on React 18.

Consider using @types/react-dom version ^18.3.7 to match the minimum supported React version.

Suggested change

	"@types/react-dom": "19.2.3",
	"@types/react-dom": "^18.3.7",

[Copilot]

[nitpick] The react version was updated from 18.3.1 to 19.2.1 in devDependencies. However, the peerDependencies allow both React 18 and 19 (^18.3.1 || ^19.0.0). While this isn't necessarily wrong, it's better practice to test with the minimum supported version to ensure compatibility.

Consider using React 18.3.1 in devDependencies to test against the minimum supported version, or clearly document that the package is primarily tested with React 19.

Suggested change

	"react": "19.2.1",
	"react-dom": "19.2.1",
	"react": "18.3.1",
	"react-dom": "18.3.1",

[Copilot]

[nitpick] The react-dom version was updated from 18.3.1 to 19.2.1 in devDependencies. However, the peerDependencies allow both React 18 and 19 (^18.3.1 || ^19.0.0). While this isn't necessarily wrong, it's better practice to test with the minimum supported version to ensure compatibility.

Consider using React DOM 18.3.1 in devDependencies to test against the minimum supported version.

Suggested change

	"react-dom": "19.2.1",
	"react-dom": "18.3.1",

[Copilot]

The peerDependency for better-auth is pinned to an exact version 1.4.5 instead of using a version range (e.g., ^1.4.5 or ~1.4.5). This is overly restrictive and will cause installation failures if users have a different patch version of better-auth 1.4.x installed.

Consider using ^1.4.5 to allow compatible patch versions.

Suggested change

	"better-auth": "1.4.5",
	"better-auth": "^1.4.5",

[Copilot]

The @types/react version was updated from 18.3.26 to 19.2.7, which corresponds to React 19. However, the peerDependencies still allow React 18 (^18.3.1 || ^19.0.0). Using React 19 types in devDependencies while supporting React 18 in peerDependencies may cause type incompatibility issues for users on React 18.

Consider using @types/react version ^18.3.26 to match the minimum supported React version, or if React 19 is required, update the peerDependencies to reflect that.

Suggested change

	"@types/react": "19.2.7",
	"@types/react-dom": "19.2.3",
	"@types/react": "^18.3.26",
	"@types/react-dom": "^18.3.11",