build(deps): bump better-auth from 1.4.15 to 1.4.17

[dependabot]

Bumps better-auth from 1.4.15 to 1.4.17.

Release notes

Sourced from better-auth's releases.

v1.4.17

   🚀 Features

• two-factor: Add twoFactorCookieMaxAge as a separate option  -  by @​Bekacru (c6e4f)

   🐞 Bug Fixes

• Set default ipv6 subnet to 64  -  by @​himself65 in better-auth/better-auth#7509 (6ef60)
• cookies: Fallback to isProduction when baseURL is not set  -  by @​bytaesu in better-auth/better-auth#7159 (f7cbb)
• db: Only exclude returned: false fields from output schemas  -  by @​Paola3stefania in better-auth/better-auth#7504 (86db4)
• stripe: Allow re-subscribing to the same plan when subscription has expired  -  by @​DIYgod, Claude Opus 4.5, Taesu and @​bytaesu in better-auth/better-auth#7459 (a1b09)
• two-factor: Improve OTP comparision during hashed and encrypted values  -  by @​Bekacru (22534)

    View changes on GitHub

v1.4.16

   🚀 Features

• admin: Make password field optional on create user  -  by @​Bekacru and @​cursoragent in better-auth/better-auth#7441 (01bd8)

   🐞 Bug Fixes

• oauth: Set account cookie on re-login when updateAccountOnSignIn is false  -  by @​bytaesu in better-auth/better-auth#7217 (56bc0)
• organization: Missing activeTeamId field when dynamic access control is enabled  -  by @​longnguyen2004, @​himself65, ping-maxwell and @​ping-maxwell in better-auth/better-auth#7385 (b7ff1)
• rate-limit: Support IPv6 address normalization and subnet  -  by @​himself65 in better-auth/better-auth#7470 (1ba5a)

    View changes on GitHub

Commits

• bcbeeee chore: release v1.4.17
• 225348a fix(two-factor): improve OTP comparision during hashed and encrypted values
• c6e4f16 feat(two-factor): add twoFactorCookieMaxAge as a separate option
• 86db4f7 fix(db): only exclude returned: false fields from output schemas (#7504)
• f7cbbbd fix(cookies): fallback to isProduction when baseURL is not set (#7159)
• 6ef600d fix: set default ipv6 subnet to 64 (#7509)
• f444027 chore: bump zod (#7507)
• 4625dcf chore: release v1.4.16
• 1ba5a3f fix(rate-limit): support IPv6 address normalization and subnet (#7470)
• eb297c2 refactor: return linked account in findOAuthUser (#7331)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
prediction-market	Ready	Preview, Comment	Jan 27, 2026 0:14am