chore(deps): bump the minor-and-patch group across 1 directory with 9 updates

[dependabot]

Bumps the minor-and-patch group with 9 updates in the / directory:

Package	From	To
@auth/core	0.37.0	0.41.1
@codemirror/state	6.5.4	6.6.0
@codemirror/view	6.39.16	6.40.0
@sentry/solid	10.43.0	10.46.0
@tanstack/solid-virtual	3.13.21	3.13.23
convex	1.32.0	1.34.1
solid-js	1.9.11	1.9.12
vite-plugin-solid	2.11.10	2.11.11
vitest	4.1.0	4.1.2

Updates @auth/core from 0.37.0 to 0.41.1

Release notes

Sourced from @​auth/core's releases.

@​auth/core@​0.41.1

Bugfixes

• security issue from nodemailer (#13305)

Other

• update links for Credentials-based Authentication (#13258)

@​auth/core@​0.41.0

Features

• providers: support custom baseURL for Gitlab (#13260) (745751e9)

Other

• fix build
• adjust default fusionauth provider details (#10868)

@​auth/core@​0.40.0

Features

• providers: Mailgun region selection (#13027) (e0168ed1)

Bugfixes

• core: undefined providerId (#12947) (dd211c56)
• providers: Microsoft Entra ID (#12616) (e16b07b8)
• providers: enable OIDC capabilities for Keycloak (#12964) (0adbd101)

Other

• docs: fix typo Avaliable Scopes -> Available Scopes (#13009) (22c1b8b0)
• typo succesful -> successful (#12973)
• fix typo profie -> profile (#12987)

Commits

• 089f0e3 chore(release): bump package version(s) [skip ci]
• 2824fa1 feat: add next 16 support (#13298)
• 8f3b2c7 fix: security issue from nodemailer (#13305)
• 240e343 docs: update the Prisma ORM page to use Prisma Postgres (#13299)
• 0bcd32d chore(drizzle): migrate sqliteTable to array API (#13280)
• 90188fa ci: enable merge queue (#13288)
• 8d02b3d docs: remove carbon developer ads widget from docs sidebar (#13286)
• c8cd9b1 chore: remove unused script (#13279)
• 3a7c669 docs: update links for Credentials-based Authentication (#13258)
• e9e2b50 chore(release): bump package version(s) [skip ci]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bekacru, a new releaser for @​auth/core since your current version.

Updates @codemirror/state from 6.5.4 to 6.6.0

Changelog

Sourced from @​codemirror/state's changelog.

6.6.0 (2026-03-12)

New features

EditorSelection.range now takes an optional assoc argument.

SelectionRange.extend can now be given a third argument to specify associativity.

Commits

• 821d9b7 Mark version 6.6.0
• e035c74 Support an assoc argument to EditorSelection.range and SelectionRange.extend
• eef74db Add type conversions to asArray
• See full diff in compare view

Updates @codemirror/view from 6.39.16 to 6.40.0

Changelog

Sourced from @​codemirror/view's changelog.

6.40.0 (2026-03-12)

Bug fixes

Fix a bug that caused Shift-Enter/Backspace/Delete on iOS to lose the shift modifier when delivered to key event handlers.

Fix an issue where EditorView.moveVertically could move to the wrong place in wrapped lines with a large line height.

Make sure the selection head associativity is properly set for mouse selections made with shift held down.

New features

WidgetType.updateDOM is now called with the previous widget value as third argument.

6.39.17 (2026-03-10)

Bug fixes

Improve touch tap-selection on line wrapping boundaries.

Make drawSelection draw our own selection handles on iOS.

Fix an issue where posAtCoords, when querying line wrapping points, got confused by extra empty client rectangles produced by Safari.

Commits

• 4773b2e Mark version 6.40.0
• 773a0ee Properly track associativity for shift-click selections
• 3612d3f Bring back the vertical scan loop in moveVertically
• bc58375 Don't put Shift-Enter/Backspace/Del through the iOS pending key hack
• fd252fa Change WidgetType.updateDOM from type to this
• 9373f52 Pass the old widget value to WidgetType.updateDOM
• 3d236d2 Mark version 6.39.17
• 0a8ddb1 Avoid posAtCoords getting confused by empty wrapping rectangles returned by S...
• f22a194 Implement iOS selection handle drawing in the selection layer
• 07d54a0 Use last touch position to assign a side to touch selections in wrapping editors
• See full diff in compare view

Updates @sentry/solid from 10.43.0 to 10.46.0

Release notes

Sourced from @​sentry/solid's releases.

10.46.0

Important Changes

• feat(elysia): @sentry/elysia - Alpha Release (#19509)

  New Sentry SDK for the Elysia web framework, supporting both Bun and Node.js runtimes.

  Note: This is an alpha release. Please report any issues or feedback on GitHub.

  Features

  • Automatic error capturing — 5xx errors captured via global onError hook; 3xx/4xx ignored by default. Customizable with shouldHandleError.
  • Automatic tracing — Lifecycle spans for every Elysia phase (Request, Parse, Transform, BeforeHandle, Handle, AfterHandle, MapResponse, AfterResponse, Error) with parameterized route names (e.g. GET /users/:id).
  • Distributed tracing — sentry-trace and baggage headers propagated automatically on incoming/outgoing requests.

  Usage

  import * as Sentry from '@sentry/elysia';
  import { Elysia } from 'elysia';
  Sentry.init({ dsn: 'DSN', tracesSampleRate: 1.0 });
  const app = Sentry.withElysia(new Elysia());
  app.get('/', () => 'Hello World');
  app.listen(3000);

Other Changes

• feat(nuxt): Conditionally use plugins based on Nitro version (v2/v3) (#19955)
• fix(cloudflare): Forward ctx argument to Workflow.do user callback (#19891)
• fix(cloudflare): Send correct events in local development (#19900)
• fix(core): Do not overwrite user provided conversation id in Vercel (#19903)
• fix(core): Preserve .withResponse() on Anthropic instrumentation (#19935)
• fix(core): Send internal_error as span status for Vercel error spans (#19921)
• fix(core): Truncate content array format in Vercel (#19911)
• fix(deps): bump fast-xml-parser to 5.5.8 in @​azure/core-xml chain (#19918)
• fix(deps): bump socket.io-parser to 4.2.6 to fix CVE-2026-33151 (#19880)
• fix(nestjs): Add node to nest metadata (#19875)
• fix(serverless): Add node to metadata (#19878)

• chore(ci): Fix "Gatbsy" typo in issue package label workflow (#19905)
• chore(claude): Enable Claude Code Intelligence (LSP) (#19930)
• chore(deps): bump mongodb-memory-server-global from 10.1.4 to 11.0.1 (#19888)
• chore(deps-dev): bump @​react-router/node from 7.13.0 to 7.13.1 (#19544)
• chore(deps-dev): bump effect from 3.19.19 to 3.20.0 (#19926)
• chore(deps-dev): bump qunit-dom from 3.2.1 to 3.5.0 (#19546)

... (truncated)

Changelog

Sourced from @​sentry/solid's changelog.

10.46.0

Important Changes

• feat(elysia): @sentry/elysia - Alpha Release (#19509)

  New Sentry SDK for the Elysia web framework, supporting both Bun and Node.js runtimes.

  Note: This is an alpha release. Please report any issues or feedback on GitHub.

  Features

  • Automatic error capturing — 5xx errors captured via global onError hook; 3xx/4xx ignored by default. Customizable with shouldHandleError.
  • Automatic tracing — Lifecycle spans for every Elysia phase (Request, Parse, Transform, BeforeHandle, Handle, AfterHandle, MapResponse, AfterResponse, Error) with parameterized route names (e.g. GET /users/:id).
  • Distributed tracing — sentry-trace and baggage headers propagated automatically on incoming/outgoing requests.

  Usage

  import * as Sentry from '@sentry/elysia';
  import { Elysia } from 'elysia';
  Sentry.init({ dsn: 'DSN', tracesSampleRate: 1.0 });
  const app = Sentry.withElysia(new Elysia());
  app.get('/', () => 'Hello World');
  app.listen(3000);

Other Changes

• feat(nuxt): Conditionally use plugins based on Nitro version (v2/v3) (#19955)
• fix(cloudflare): Forward ctx argument to Workflow.do user callback (#19891)
• fix(cloudflare): Send correct events in local development (#19900)
• fix(core): Do not overwrite user provided conversation id in Vercel (#19903)
• fix(core): Preserve .withResponse() on Anthropic instrumentation (#19935)
• fix(core): Send internal_error as span status for Vercel error spans (#19921)
• fix(core): Truncate content array format in Vercel (#19911)
• fix(deps): bump fast-xml-parser to 5.5.8 in @​azure/core-xml chain (#19918)
• fix(deps): bump socket.io-parser to 4.2.6 to fix CVE-2026-33151 (#19880)
• fix(nestjs): Add node to nest metadata (#19875)
• fix(serverless): Add node to metadata (#19878)

• chore(ci): Fix "Gatbsy" typo in issue package label workflow (#19905)
• chore(claude): Enable Claude Code Intelligence (LSP) (#19930)
• chore(deps): bump mongodb-memory-server-global from 10.1.4 to 11.0.1 (#19888)
• chore(deps-dev): bump @​react-router/node from 7.13.0 to 7.13.1 (#19544)
• chore(deps-dev): bump effect from 3.19.19 to 3.20.0 (#19926)

... (truncated)

Commits

• e5fdc9d release: 10.46.0
• c01fe86 release: 10.46.0
• 0f1171b Merge pull request #19973 from getsentry/prepare-release/10.46.0
• 6f48cc4 meta(changelog): Update changelog for 10.46.0
• 54abb35 refactor(elysia): drop @​elysiajs/opentelemetry dependency (#19947)
• a54de04 ref(core): Remove duplicate buildMethodPath utility from openai (#19969)
• 0156846 feat(nuxt): Conditionally use plugins based on Nitro version (v2/v3) (#19955)
• 18a624e feat(elysia): Elysia SDK (#19509)
• c9812ae test(cloudflare): Enable multi-worker tests for CF integration tests (#19938)
• 83cabf3 fix(core): Preserve .withResponse() on Anthropic instrumentation (#19935)
• Additional commits viewable in compare view

Updates @tanstack/solid-virtual from 3.13.21 to 3.13.23

Release notes

Sourced from @​tanstack/solid-virtual's releases.

@​tanstack/solid-virtual@​3.13.23

Patch Changes

• Updated dependencies [7ece2d5]:
  • @​tanstack/virtual-core@​3.13.23

@​tanstack/solid-virtual@​3.13.22

Patch Changes

• Updated dependencies [54d771a, d3416c3]:
  • @​tanstack/virtual-core@​3.13.22

Changelog

Sourced from @​tanstack/solid-virtual's changelog.

3.13.23

Patch Changes

• Updated dependencies [7ece2d5]:
  • @​tanstack/virtual-core@​3.13.23

3.13.22

Patch Changes

• Updated dependencies [54d771a, d3416c3]:
  • @​tanstack/virtual-core@​3.13.22

Commits

• 9394e13 ci: Version Packages (#1149)
• c2f1c39 ci: Version Packages (#1139)
• See full diff in compare view

Updates convex from 1.32.0 to 1.34.1

Changelog

Sourced from convex's changelog.

1.34.1

• Hides the --yes flag on npx convex deploy to discourage YOLO agents being run in privileged environments from pushing to production.
• Improves client backoff strategy to reconnect more quickly. The changes in 1.34.0 did not correctly reset backoff sufficiently after reconnect.
• AI files will not be installed by default in non-interactive environments.
• Disabling AI files is now tracked with an "enabled" flag in convex.json that hides nags for initial setup and updates when set to false.
• Fix ai-files re-prompting to install files on setup when they already exist.
• Fix local deployments returning stale credentials when ports change.

1.34.0

• The CLI can now automatically provide Convex AI context files (AGENTS.md, CLAUDE.md, guidelines/state files) to your project when using npx convex dev. You can manage Convex AI files using the new npx convex ai-files command:
  • npx convex ai-files install - Install or refresh AI files
  • npx convex ai-files update - Update to latest available AI files
  • npx convex ai-files status - Show what is installed and what is stale
  • npx convex ai-files disable - Suppress install and staleness messages in npx convex dev
  • npx convex ai-files enable - Re-enable install and staleness messages
  • npx convex ai-files remove - Remove Convex-managed AI files
• Adds new npx convex deployment commands:
  • npx convex deployment create allows you to create new cloud deployments for a project
  • npx convex deployment select allows you to select the deployment to use in your project directory when running commands
• CLI commands now support the --deployment flag to select a deployment to target. It accepts a deployment name (e.g. joyful-capybara-123), ref (e.g. dev/james), dev (for your personal dev deployment), or prod (for your project’s default production deployment). You can also select deployments in other projects with project-slug:ref or team-slug:project-slug:ref.
• Improves websocket client backoff behavior.
• No longer recreates convex/README.md when convex/ already exists.

1.33.1

• Fixes the ConvexProviderWithClerk to fetch the JWT template if the (new) Convex integration is not enabled. It is safe to both set the JWT template and enable the integration. In 1.33.0 it broke if you only had the JWT template specified.

1.33.0

• npx convex env set can now:
  • Accept a value interactively

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by ianatconvex, a new releaser for convex since your current version.

Updates solid-js from 1.9.11 to 1.9.12

Commits

• See full diff in compare view

Updates vite-plugin-solid from 2.11.10 to 2.11.11

Release notes

Sourced from vite-plugin-solid's releases.

vite-plugin-solid@2.11.11

Patch Changes

• 7f39675: Add vite 8 in peer deps

Changelog

Sourced from vite-plugin-solid's changelog.

2.11.11

Patch Changes

• 7f39675: Add vite 8 in peer deps

Commits

• 9c7a3a5 Merge pull request #246 from solidjs/ci--trusted-publishing-permissions
• 25fb0a1 ci: trusted publishing permissions
• 04eec66 Merge pull request #245 from solidjs/chore--bump-github-ci-to-node-24
• 52f1033 chore: bump github ci to node 24
• 37dcf09 Version Packages (#244)
• 7f39675 [main] Allow vite 8 in peerDeps (#242)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vite-plugin-solid since your current version.

Updates vitest from 4.1.0 to 4.1.2

Release notes

Sourced from vitest's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in vitest-dev/vitest#9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in vitest-dev/vitest#9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in vitest-dev/vitest#9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in vitest-dev/vitest#9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#9851 (6f97b)

    View changes on GitHub

v4.1.1

   🚀 Features

• experimental:
  • Expose matchesTags to test if the current filter matches tags  -  by @​sheremet-va in vitest-dev/vitest#9913 (eec53)
  • Introduce experimental.vcsProvider  -  by @​sheremet-va in vitest-dev/vitest#9928 (56115)

   🐞 Bug Fixes

• Mark TestProject.testFilesList internal properly  -  by @​sapphi-red in vitest-dev/vitest#9867 (54f26)
• Detect fixture that returns without calling use  -  by @​oilater in vitest-dev/vitest#9831 and vitest-dev/vitest#9861 (633ae)
• Drop vite 8.beta support  -  by @​AriPerkkio in vitest-dev/vitest#9862 (b78f5)
• Type regression in vi.mocked() static class methods  -  by @​purepear and @​hi-ogawa in vitest-dev/vitest#9857 (90926)
• Properly re-evaluate actual modules of mocked external  -  by @​hi-ogawa in vitest-dev/vitest#9898 (ae5ec)
• Preserve coverage report when html reporter overlaps  -  by @​hi-ogawa in vitest-dev/vitest#9889 (2d81a)
• Provide vi.advanceTimers to the preview provider  -  by @​sheremet-va in vitest-dev/vitest#9891 (1bc3e)
• Don't leak event listener in playwright provider  -  by @​sheremet-va in vitest-dev/vitest#9910 (d9355)
• Open browser in --standalone mode without running tests  -  by @​sheremet-va in vitest-dev/vitest#9911 (e78ad)
• Guard disposable and optional body  -  by @​sheremet-va in vitest-dev/vitest#9912 (6fdb2)
• Resolve retry.condition RegExp serialization issue  -  by @​nstepien and @​hi-ogawa in vitest-dev/vitest#9942 (7b605)
• collect:
  • Don't treat extra props on test return as tests  -  by @​sheremet-va in vitest-dev/vitest#9871 (141e7)
• coverage:
  • Simplify provider types  -  by @​AriPerkkio in vitest-dev/vitest#9931 (aaf9f)
  • Load built-in provider without module runner  -  by @​AriPerkkio in vitest-dev/vitest#9939 (bf892)
• expect:
  • Soft assertions continue after .resolves/.rejects promise errors  -  by @​mixelburg, Maks Pikov, Claude Opus 4.6 (1M context) and @​hi-ogawa in vitest-dev/vitest#9843 (6d74b)
  • Fix sinon-chai style API  -  by @​hi-ogawa in vitest-dev/vitest#9943 (0f08d)
• pretty-format:
  • Limit output for large object  -  by @​hi-ogawa and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9949 (0d5f9)

    View changes on GitHub

Commits

• fc6f482 chore: release v4.1.2
• 6f97b55 feat: disable colors if agent is detected (#9851)
• b3c992c fix(coverage): correct coverageConfigDefaults values and types (#9940)
• 7c06598 fix: ensure sequential mock/unmock resolution (#9830)
• f54abad chore: add typo-checker skill and fix typos (#9963)
• 7aa9377 fix: don't resolve setupFiles from parent directory (#9960)
• 1f2d318 chore: release v4.1.1
• ebfde79 refactor: rename matchesTagsFilter to matchesTags (#9956)
• 5611500 feat(experimental): introduce experimental.vcsProvider (#9928)
• eec53d9 feat(experimental): expose matchesTagsFilter to test if the current filter ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions