v1.6.5

`better-auth`

Clarified recommended production usage for the test utils plugin (#9119)
Fixed session not refreshing after /change-password and /revoke-other-sessions (#9087)

For detailed changes, see CHANGELOG

Fixed GHSA-xr8f-h2gw-9xh6, a high-severity authorization bypass in @better-auth/oauth-provider where unprivileged authenticated users could create OAuth clients when deployments relied on clientPrivileges to restrict client creation.
First patched stable version: @better-auth/oauth-provider@1.6.5.
Note: the published beta line (1.7.0-beta.0 and 1.7.0-beta.1) remains affected until a fixed beta release is published.

For detailed changes, see CHANGELOG

Thanks to everyone who contributed to this release:

@GautamBytes, @ramonclaudio

Full changelog: v1.6.4...v1.6.5