Skip to content

deps: bump the app-dependencies group across 1 directory with 11 updates#139

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/app-dependencies-e2f6e8c348
Closed

deps: bump the app-dependencies group across 1 directory with 11 updates#139
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/app-dependencies-e2f6e8c348

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the app-dependencies group with 11 updates in the / directory:

Package From To
@biomejs/biome 2.4.8 2.5.2
ultracite 7.3.2 7.9.2
@opentui/core 0.3.4 0.4.3
@opentui/solid 0.3.4 0.4.3
solid-js 1.9.13 1.9.14
convex-svelte 0.0.12 0.14.0
@sveltejs/kit 2.61.1 2.69.1
svelte 5.55.10 5.56.4
svelte-check 4.4.8 4.7.1
vite 8.0.14 8.1.3
convex-test 0.0.53 0.0.54

Updates @biomejs/biome from 2.4.8 to 2.5.2

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.5.2

2.5.2

Patch Changes

  • #10595 f458028 Thanks @​pkallos! - Added the option ignoreBooleanCoercion to useNullishCoalescing. When enabled, Biome ignores || and ||= used inside a Boolean() call, where coalescing on falsy values is intentional.

  • #10798 4a32b63 Thanks @​pkallos! - Added the option ignorePrimitives to useNullishCoalescing. When enabled, Biome ignores ||, ||=, and ternary expressions whose non-nullish operands are all primitives the option opts out of. Use true to ignore all primitives, or an object selecting string, number, boolean, or bigint.

  • #10545 f3d4c00 Thanks @​Mokto! - Added the new nursery rule noSvelteUnnecessaryStateWrap, which reports unnecessary $state() wrapping of classes from svelte/reactivity that are already reactive.

    <script>
    import { SvelteMap } from "svelte/reactivity";
    const map = $state(new SvelteMap()); // redundant
    </script>
  • #10752 f62fb8b Thanks @​ematipico! - Fixed #10739. Now the rule useValidAutocomplete correctly flags the autoComplete attribute.

  • #10796 f1b3ab2 Thanks @​ematipico! - Fixed #10768. Improved the performance of the Biome Language Server by cancelling certain in-flight operations when there are fast updates.

  • #10719 aa649b5 Thanks @​minseong0324! - Fixed noMisleadingReturnType false positive on returns that use a widening type assertion: "a" as string is no longer reported as misleading. The rule now also reports a literal-pinning assertion such as false as false, matching the existing as const behavior.

    // No longer flagged (returns are `string`):
    function getValue(b: boolean): string {
      if (b) return "a" as string;
      return "b" as string;
    }
    // Now also reported, like as const (returns false):
    function isReady(): boolean {
    return false as false;
    }

  • #10678 8f073a7 Thanks @​PranavAchar01! - Fixed #7718: Biome now correctly parses CSS nesting selectors when & appears as a trailing sub-selector after a type selector, e.g. h1& { color: red; }.

  • #10756 5ec965a Thanks @​denbezrukov! - Fixed CSS formatter output for selector lists with allowWrongLineComments and // comments after a selector comma. Biome now keeps the selector before the line comment inline instead of breaking it across descendant combinators.

    -.powerPathNavigator
    -  .helm
    -  button.pressedButton, // pressed
    +.powerPathNavigator .helm button.pressedButton, // pressed
     .powerPathNavigator .helm button:active:not(.disabledButton) {
     }

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.5.2

Patch Changes

  • #10595 f458028 Thanks @​pkallos! - Added the option ignoreBooleanCoercion to useNullishCoalescing. When enabled, Biome ignores || and ||= used inside a Boolean() call, where coalescing on falsy values is intentional.

  • #10798 4a32b63 Thanks @​pkallos! - Added the option ignorePrimitives to useNullishCoalescing. When enabled, Biome ignores ||, ||=, and ternary expressions whose non-nullish operands are all primitives the option opts out of. Use true to ignore all primitives, or an object selecting string, number, boolean, or bigint.

  • #10545 f3d4c00 Thanks @​Mokto! - Added the new nursery rule noSvelteUnnecessaryStateWrap, which reports unnecessary $state() wrapping of classes from svelte/reactivity that are already reactive.

    <script>
    import { SvelteMap } from "svelte/reactivity";
    const map = $state(new SvelteMap()); // redundant
    </script>
  • #10752 f62fb8b Thanks @​ematipico! - Fixed #10739. Now the rule useValidAutocomplete correctly flags the autoComplete attribute.

  • #10796 f1b3ab2 Thanks @​ematipico! - Fixed #10768. Improved the performance of the Biome Language Server by cancelling certain in-flight operations when there are fast updates.

  • #10719 aa649b5 Thanks @​minseong0324! - Fixed noMisleadingReturnType false positive on returns that use a widening type assertion: "a" as string is no longer reported as misleading. The rule now also reports a literal-pinning assertion such as false as false, matching the existing as const behavior.

    // No longer flagged (returns are `string`):
    function getValue(b: boolean): string {
      if (b) return "a" as string;
      return "b" as string;
    }
    // Now also reported, like as const (returns false):
    function isReady(): boolean {
    return false as false;
    }

  • #10678 8f073a7 Thanks @​PranavAchar01! - Fixed #7718: Biome now correctly parses CSS nesting selectors when & appears as a trailing sub-selector after a type selector, e.g. h1& { color: red; }.

  • #10756 5ec965a Thanks @​denbezrukov! - Fixed CSS formatter output for selector lists with allowWrongLineComments and // comments after a selector comma. Biome now keeps the selector before the line comment inline instead of breaking it across descendant combinators.

    -.powerPathNavigator
    -  .helm
    -  button.pressedButton, // pressed
    +.powerPathNavigator .helm button.pressedButton, // pressed
     .powerPathNavigator .helm button:active:not(.disabledButton) {
     }
  • #10757 6232fcd Thanks @​PranavAchar01! - Fixed #8269: the CSS parser now accepts Tailwind @variant and @utility names that start with a digit, such as the 2xl breakpoint.

... (truncated)

Commits

Updates ultracite from 7.3.2 to 7.9.2

Release notes

Sourced from ultracite's releases.

ultracite@7.9.2

Patch Changes

  • c335a1f: Add **/node_modules and **/.git to the shared ignore patterns. oxlint only skips node_modules when a .gitignore lists it, so in projects without one, ultracite fix would lint and autofix files inside node_modules — corrupting installed packages (e.g. rewriting var enum wrappers in typescript/lib/typescript.js to self-referencing const, causing "Cannot access 'Comparison' before initialization" when oxlint loads eslint-plugin-sonarjs). Fixes #737.

ultracite@7.9.1

Patch Changes

  • ecd10cc: Disable sonarjs/no-implicit-dependencies and github/no-implicit-buggy-globals in the oxlint and ESLint presets. Both produce false positives through oxlint's JS plugin bridge: no-implicit-dependencies has no dependency-manifest resolution so it flags builtin (bun:test) and workspace imports as missing dependencies, and no-implicit-buggy-globals misreads module-scoped declarations such as Astro frontmatter as implicit globals.

  • c76f59d: Disable sonarjs/file-name-differ-from-class in the oxlint and ESLint presets. It fires on any file whose name differs from an exported class, which is noise for the many config and module files that export objects rather than classes.

  • 29e30ce: Fold the github and sonarjs rules into the oxlint core preset. The standalone ultracite/oxlint/github and ultracite/oxlint/sonarjs presets are removed — ultracite ships framework presets, not individual plugins. Their rules now live in ultracite/oxlint/core, so every oxlint setup gets eslint-plugin-github and eslint-plugin-sonarjs through oxlint's JS plugin bridge, matching how the ESLint preset already bundles them into core.

    This is a breaking change to generated configs: ultracite/oxlint/github and ultracite/oxlint/sonarjs no longer exist. Re-run ultracite init to regenerate oxlint.config.ts.

    Also fixed: nine sonarjs rules (async-test-assertions, hooks-before-test-cases, no-duplicate-test-title, no-empty-test-title, no-floating-point-equality, no-forced-browser-interaction, no-trivial-assertions, prefer-specific-assertions, super-linear-regex) that exist in eslint-plugin-sonarjs but that oxlint's JS plugin bridge does not register. Naming them made oxlint hard-fail config parsing, which broke ultracite fix/check for oxlint projects using the sonarjs preset. They are omitted from oxlint core (still enabled in the ESLint preset), and a test now runs oxlint against core to catch this class of regression.

    The React Doctor, github, and sonarjs plugins are installed into your project's devDependencies at init (as the ESLint plugins already were), rather than bundled as dependencies of ultracite — oxlint resolves JS plugin specifiers from the project root, so they must be installed there directly.

  • 8a4291f: Upgrade to Oxlint 1.72.0 and Oxfmt 0.57.0. Oxfmt 0.57 adds native CSS and GraphQL formatters. The five new non-nursery Oxlint rules from the 1.71/1.72 releases are already covered by the presets (node/no-sync, node/no-mixed-requires, unicorn/prefer-number-coercion, unicorn/max-nested-calls, vue/no-async-in-computed-properties). The markdown ::: container-directive fence patch (which keeps proseWrap: "never" from folding fences into prose) was regenerated against the 0.57 bundle.

ultracite@7.9.0

Minor Changes

  • aea7fc0: Update Biome to 2.5.2 and enable the newly-stabilized rules. This adds coverage for the rules promoted out of nursery in Biome 2.5.0, including noShadow, noUnnecessaryConditions, noUnusedInstantiation (formerly noFloatingClasses), useArrayFind, useDestructuring, useGlobalThis, useErrorCause, noNestedPromises, GraphQL validation rules, and the recommended Vue/Next.js domain rules.
  • 2687cf9: Align the ESLint and Biome presets with the oxlint preset, which is now the benchmark for rule decisions across linters. ESLint: rules that oxlint deliberately disables are now off (no-console, no-continue, id-length, new-cap, max-depth, no-implicit-coercion, no-underscore-dangle, init-declarations, n/no-sync, promise/always-return, promise/catch-or-return, import-x/no-commonjs, import-x/no-dynamic-require, import-x/no-nodejs-modules, import-x/unambiguous, import-x/no-anonymous-default-export, @typescript-eslint/explicit-member-accessibility, @typescript-eslint/explicit-module-boundary-types, @typescript-eslint/no-require-imports, and the unicorn rules explicit-length-check, max-nested-calls, no-process-exit, prefer-global-this, prefer-string-raw, prefer-top-level-await); consistent-type-definitions now enforces interface instead of type, matching oxlint and Biome; no-void allows statement position to coexist with no-floating-promises; import-x/no-named-as-default is enabled; and curly and no-unexpected-multiline are re-enabled past eslint-config-prettier. Biome: noAwaitInLoops and noIncrementDecrement are now errors and the useSortedKeys assist is on (matching no-await-in-loop, no-plusplus, and sort-keys in the other presets), while useGlobalThis is off (matching unicorn/prefer-global-this).
  • 73c1993: Require ESLint 10 for ESLint setups. The plugin suite upgrade (notably eslint-plugin-unicorn 70 and eslint-plugin-astro 2) requires ESLint 10, but ultracite init still installed eslint@^9.0.0, which crashed at config load time. Init now installs eslint@^10.0.0 and @eslint/js@^10.0.0, and the presets are fixed for ESLint 10 compatibility: settings.react.version is pinned to 19.0.0 instead of "detect" (detection uses an API removed in ESLint 10), react/jsx-filename-extension and react/forward-ref-uses-ref are disabled (their implementations use removed APIs; the former is already off in the oxlint preset and the latter is covered by react-doctor/no-react19-deprecated-apis), the react config re-applies eslint-config-prettier so JSX formatting rules stay off (several crash under ESLint 10), and import-x/no-unused-modules is disabled (it is a warning-emitting no-op under ESLint 10). Note that some plugins (eslint-plugin-github, eslint-plugin-react, eslint-plugin-jsx-a11y, eslint-plugin-solid, @tanstack/eslint-plugin-start) have not yet updated their declared peer ranges to include ESLint 10 even though they work at runtime, so strict package managers may report peer dependency warnings.
  • 4cfdf3d: Add eslint-plugin-jsdoc to the ESLint preset. The oxlint preset already enforces a set of jsdoc rules, but the ESLint preset had no jsdoc coverage at all. The plugin is now installed by ultracite init for ESLint setups and enables the same rule selection the oxlint preset enforces (check-access, check-property-names, check-tag-names, empty-tags, implements-on-classes, no-defaults, and the require-* description/name/type rules), keeping the two presets in lockstep.
  • 0b8fc12: Upgrade the ESLint plugin suite and enable the new rules that ship with it. Notable bumps: eslint-plugin-unicorn 64 → 70 (adds a large batch of new correctness and quality rules), eslint-plugin-astro 1 → 2 (adds no-omitted-end-tags, now requires ESLint 10), eslint-plugin-sonarjs 4.0 → 4.1 (adds test-assertion and ReDoS rules like super-linear-regex), eslint-plugin-svelte 3.19 → 3.20 (adds no-at-const-tags), plus @typescript-eslint, eslint-plugin-import-x, eslint-plugin-n, @vitest/eslint-plugin, and others. Two Unicorn rules that were renamed are re-mapped in the config (prefer-dom-node-datasetdom-node-dataset, prevent-abbreviationsname-replacements). Two new Unicorn rules are disabled: prefer-temporal (since Temporal still lacks broad runtime support) and no-asterisk-prefix-in-documentation-comments (it fights the conventional JSDoc comment style).
  • 4440393: Bring the oxlint preset closer to ESLint parity with two new presets that run ESLint plugins through oxlint's JS plugin support: ultracite/oxlint/github (eslint-plugin-github) and ultracite/oxlint/sonarjs (eslint-plugin-sonarjs, 187 rules — type-aware rules are excluded since the JS plugin bridge provides no type information, and no-reference-error is off because the bridge provides no globals). ultracite init now adds both presets to generated oxlint configs and installs the two plugins; existing configs are untouched until the next init, and either preset can be dropped from extends to opt out (the plugins add roughly 1–3s to a lint run for the JS runtime bridge). Rule decisions mirror the oxlint benchmark in both directions: the ESLint preset now disables sonarjs/file-header (it errored on every file), sonarjs/arrow-function-convention (fights the formatter), sonarjs/cyclomatic-complexity, sonarjs/max-lines, sonarjs/max-lines-per-function, sonarjs/nested-control-flow (duplicates of core rules the preset disables), sonarjs/shorthand-property-grouping (conflicts with sort-keys), and github/no-dataset (conflicts with unicorn/prefer-dom-node-dataset), and sets sonarjs/cognitive-complexity to 20 to match Biome's noExcessiveCognitiveComplexity. Switching linters with init no longer removes dependencies that the newly selected linter still needs.
  • f7025b1: Extend cross-linter parity to the framework presets and add an automated parity check. The oxlint react preset now explicitly lists all 102 non-nursery react/react-perf/jsx-a11y rules (previously only ~20 were configured, so most a11y and correctness rules silently never ran) and the next preset lists all 21 nextjs rules, with decisions matching the ESLint presets. The revived exhaustiveness test (the oxlint --rules markdown output it parsed is empty as of oxlint 1.72, so it was passing vacuously) also caught five newly stabilized rules which are now enabled: getter-return, no-unreachable, oxc/branches-sharing-code, unicorn/prefer-export-from, and unicorn/prefer-single-call. ESLint preset fixes that fell out of the audit: no-loss-of-precision and no-duplicate-imports are re-enabled for TypeScript files (their @typescript-eslint twins were removed in v8, leaving TS uncovered), no-duplicate-imports gets allowSeparateTypeImports to match oxlint, the react/vue configs now only re-apply the react/-vue/-prefixed entries of eslint-config-prettier so they can't clobber unrelated rules, the svelte preset keeps the formatting rules disabled that eslint-plugin-svelte's own prettier preset lists, and astro/semi is off (Prettier owns formatting). A new compare-rule-parity script runs as part of validate:configs: it resolves the effective ESLint rule sets with ESLint's own config resolution, normalizes names to oxlint's, and fails on any divergence not recorded in an explicit allowlist — currently just two entries (sonarjs/no-reference-error, unicorn/number-literal-case), both with documented reasons.
  • 223233f: Add React Doctor rules to the ESLint and Oxlint React, Next.js, and TanStack presets. This enables React Doctor's own rules — the "You Might Not Need an Effect" family (no-fetch-in-effect, no-derived-state, no-mirror-prop-effect, etc.) plus its render-performance, hydration, server-component, security, and framework-specific rules — via eslint-plugin-react-doctor and the oxlint-plugin-react-doctor JS plugin. Rules that React Doctor ports from eslint-plugin-react, eslint-plugin-react-hooks, and eslint-plugin-jsx-a11y are intentionally left off to avoid duplicate diagnostics with the plugins Ultracite already ships.

Patch Changes

  • d247ff2: Migrate stale linter and formatter configuration when switching toolchains during init. Running ultracite init now removes config files and dependencies for unselected Biome, ESLint/Prettier/Stylelint, or Oxlint/Oxfmt setups before writing the selected toolchain config.
  • e24068b: Sort package.json keys when using Biome

ultracite@7.8.4

Patch Changes

  • e4ddd22: Ignore .yarn directories by default
  • a1d5c06: Configure Oxfmt to never wrap prose (proseWrap: "never")
  • df709a4: Ignore .wrangler and .wrangler-dry-run output directories by default

ultracite@7.8.3

Patch Changes

  • c863d09: Fix automatic editor extension installation during ultracite init.

    The whole command line (e.g. code --install-extension) was passed to

... (truncated)

Commits

Updates @opentui/core from 0.3.4 to 0.4.3

Release notes

Sourced from @​opentui/core's releases.

Release v0.4.3

What's Changed

New Contributors

Full Changelog: anomalyco/opentui@v0.4.2...v0.4.3

Release v0.4.2

What's Changed

Full Changelog: anomalyco/opentui@v0.4.1...v0.4.2

Release v0.4.1

What's Changed

Full Changelog: anomalyco/opentui@v0.4.0...v0.4.1

Release v0.4.0

What's Changed

... (truncated)

Commits
  • 5803b2c Release v0.4.3
  • ff1fc35 fix(core): identity-based child management, resolves duplicate-id culling cor...
  • eeece97 refactor(core): remove unused ADDED/REMOVED LayoutEvents (#1218)
  • b15b909 Reduce Yoga callback pressure for native text measurement (#1219)
  • fb3b607 fix(ffi): preserve borrowed pointer owners (#1221)
  • 38bc1a1 renderer: isolate tests from the host terminal environment (#1223)
  • cea1dae core: fix Select test assertions (#1204)
  • 4a247a0 feat(core): make Select selection indicator optional
  • 50fd529 fix(core): guard lifecycle passes loop against destroyed renderables (#882)
  • 3e2d0aa Release v0.4.2
  • Additional commits viewable in compare view

Updates @opentui/solid from 0.3.4 to 0.4.3

Release notes

Sourced from @​opentui/solid's releases.

Release v0.4.3

What's Changed

New Contributors

Full Changelog: anomalyco/opentui@v0.4.2...v0.4.3

Release v0.4.2

What's Changed

Full Changelog: anomalyco/opentui@v0.4.1...v0.4.2

Release v0.4.1

What's Changed

Full Changelog: anomalyco/opentui@v0.4.0...v0.4.1

Release v0.4.0

What's Changed

... (truncated)

Commits
  • 5803b2c Release v0.4.3
  • 5ab00a8 solid: fix plugin subpath resolution (#1217)
  • ff1fc35 fix(core): identity-based child management, resolves duplicate-id culling cor...
  • 3e2d0aa Release v0.4.2
  • fb6c5ca fix(solid): share catalogue across entry points (#1171)
  • b7e0bb9 prepare release v0.4.1
  • 26f364f Native yoga-layout (#1126)
  • 71f759e Release v0.4.0
  • c79845f build: require preinstalled Node.js 26.3.0
  • 6e3f91d keymap: smoke-test packed dist from Node
  • Additional commits viewable in compare view

Updates solid-js from 1.9.13 to 1.9.14

Commits

Updates convex-svelte from 0.0.12 to 0.14.0

Release notes

Sourced from convex-svelte's releases.

v0.14.0

Minor Changes

  • 97e072f: ### Features

    • closeConvex() - new export (from convex-svelte and convex-svelte/sveltekit) for explicit client teardown, e.g. in tests. After closing, the next setupConvex() / initConvex() creates a fresh client.

    Fixes

    • HMR and remounts - setupConvex() no longer closes the client when its component unmounts. The client is shared app-wide (context hooks, SSR transport, detached queries), so closing it on component teardown broke remounts and crashed dev-mode HMR with a misleading "ConvexClient is disabled" error. The client is now app-scoped, stays open for the lifetime of the app, and a closed client is never reused.
    • usePaginatedQuery with keepPreviousData - existing paginated results stay visible while new query arguments load, preventing transient empty states during search/filter changes.
    • usePaginatedQuery with SSR initialData - loadMore() calls made before the live subscription is ready are now queued and run once it connects, instead of being silently dropped.

    Improvements

    • Single deployment per app - setupConvex() and initConvex() now throw when called with a different URL while a client already exists, instead of silently reusing the old deployment's client.

v0.13.0

Minor Changes

  • 874612c: ### Features

    • Authentication - setupAuth() and useAuth() for reactive auth state management. Includes SSR hydration via initialState option.
    • getConvexClient() - retrieves the Convex client from a module-level singleton, working anywhere (.ts, .svelte, hooks) as long as setupConvex() has been called first.
    • SvelteKit subpath (convex-svelte/sveltekit) - new export with SvelteKit-specific helpers:
      • convexLoad() - SSR data fetching that auto-upgrades to live subscriptions on the client
      • createConvexHttpClient() - server-side HTTP client helper with auth token support
      • getConvexUrl() - retrieve the deployment URL set by initConvex() or setupConvex()
    • convexLoadPaginated() - SSR-compatible paginated query loading. Fetches the first page on the server and automatically upgrades to a live paginated subscription on the client, with loadMore() support for incremental loading.
    • useMutation() / useAction() - thin wrappers that return callable functions for mutations and actions. They work in .svelte components and plain .ts / .js files.
    • withServerConvexToken(token, fn) - new server-only helper (exported from convex-svelte/sveltekit/server) that stores the auth token in request-scoped AsyncLocalStorage. Wrap your SvelteKit resolve() call with it in hooks.server.ts and convexLoad / createConvexHttpClient will automatically use the token during SSR.
    • Automatic server-side token for convexLoad, convexLoadPaginated, and createConvexHttpClient - when no explicit { token } option is provided, the server path falls back to the token set by withServerConvexToken.
    • New export path convex-svelte/sveltekit/server - server-only utilities that depend on node:async_hooks. Currently exports withServerConvexToken.
    • Skip support for convexLoad / convexLoadPaginated - pass 'skip' as args to avoid fetching. Useful for auth-gated queries that should not run when the user is unauthenticated.

    Fixes

    • Use authenticated singleton ConvexClient for client-side initial fetches in convexLoad() and convexLoadPaginated() instead of creating new HTTP clients.
    • Prevent flash of null query results during SSR hydration by calling client.setAuth() synchronously during setupAuth() initialization.
    • Add deferred subscription queue to prevent auth gap between transport.decode and setupAuth.
    • Add isLoading, error, and isStale properties to ConvexLoadResult for consistent query state interface.

    Improvements

    • Expose UsePaginatedQuery types and consolidate API reference table with type exports.
    • Raise peer dependency floors to convex@^1.30.0 and svelte@^5.19.0. convex-svelte relies on Convex 1.30.0 behavior for paginated query SSR hydration, and on Svelte 5.19.0 compiler fixes for TypeScript/runes syntax.
    • Explicit { token } option still takes priority (fully backward compatible). Client-side navigation still uses the authenticated singleton.
    • Restructured README with expanded installation guide, client access patterns, SSR performance rationale, and API reference.

    Docs

... (truncated)

Changelog

Sourced from convex-svelte's changelog.

0.14.0

Minor Changes

  • 97e072f: ### Features

    • closeConvex() - new export (from convex-svelte and convex-svelte/sveltekit) for explicit client teardown, e.g. in tests. After closing, the next setupConvex() / initConvex() creates a fresh client.

    Fixes

    • HMR and remounts - setupConvex() no longer closes the client when its component unmounts. The client is shared app-wide (context hooks, SSR transport, detached queries), so closing it on component teardown broke remounts and crashed dev-mode HMR with a misleading "ConvexClient is disabled" error. The client is now app-scoped, stays open for the lifetime of the app, and a closed client is never reused.
    • usePaginatedQuery with keepPreviousData - existing paginated results stay visible while new query arguments load, preventing transient empty states during search/filter changes.
    • usePaginatedQuery with SSR initialData - loadMore() calls made before the live subscription is ready are now queued and run once it connects, instead of being silently dropped.

    Improvements

    • Single deployment per app - setupConvex() and initConvex() now throw when called with a different URL while a client already exists, instead of silently reusing the old deployment's client.

0.13.0

Minor Changes

  • 874612c: ### Features

    • Authentication - setupAuth() and useAuth() for reactive auth state management. Includes SSR hydration via initialState option.
    • getConvexClient() - retrieves the Convex client from a module-level singleton, working anywhere (.ts, .svelte, hooks) as long as setupConvex() has been called first.
    • SvelteKit subpath (convex-svelte/sveltekit) - new export with SvelteKit-specific helpers:
      • convexLoad() - SSR data fetching that auto-upgrades to live subscriptions on the client
      • createConvexHttpClient() - server-side HTTP client helper with auth token support
      • getConvexUrl() - retrieve the deployment URL set by initConvex() or setupConvex()
    • convexLoadPaginated() - SSR-compatible paginated query loading. Fetches the first page on the server and automatically upgrades to a live paginated subscription on the client, with loadMore() support for incremental loading.
    • useMutation() / useAction() - thin wrappers that return callable functions for mutations and actions. They work in .svelte components and plain .ts / .js files.
    • withServerConvexToken(token, fn) - new server-only helper (exported from convex-svelte/sveltekit/server) that stores the auth token in request-scoped AsyncLocalStorage. Wrap your SvelteKit resolve() call with it in hooks.server.ts and convexLoad / createConvexHttpClient will automatically use the token during SSR.
    • Automatic server-side token for convexLoad, convexLoadPaginated, and createConvexHttpClient - when no explicit { token } option is provided, the server path falls back to the token set by withServerConvexToken.
    • New export path convex-svelte/sveltekit/server - server-only utilities that depend on node:async_hooks. Currently exports withServerConvexToken.
    • Skip support for convexLoad / convexLoadPaginated - pass 'skip' as args to avoid fetching. Useful for auth-gated queries that should not run when the user is unauthenticated.

    Fixes

    • Use authenticated singleton ConvexClient for client-side initial fetches in convexLoad() and convexLoadPaginated() instead of creating new HTTP clients.
    • Prevent flash of null query results during SSR hydration by calling client.setAuth() synchronously during setupAuth() initialization.
    • Add deferred subscription queue to prevent auth gap between transport.decode and setupAuth.
    • Add isLoading, error, and isStale properties to ConvexLoadResult for consistent query state interface.

    Improvements

    • Expose UsePaginatedQuery types and consolidate API reference table with type exports.
    • Raise peer dependency floors to convex@^1.30.0 and svelte@^5.19.0. convex-svelte relies on Convex 1.30.0 behavior for paginated query SSR hydration, and on Svelte 5.19.0 compiler fixes for TypeScript/runes syntax.
    • Explicit { token } option still takes priority (fully backward compatible). Client-side navigation still uses the authenticated singleton.
    • Restructured README with expanded installation guide, client access patterns, SSR performance rationale, and API reference.

    Docs

    • Fully reworked documentation with complete examples and in-depth explanations covering all features.
    • Added guidance on choosing between +page.ts (universal) and +page.server.ts (server-only) for convexLoad.
Commits
Ma...

Description has been truncated

Bumps the app-dependencies group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.8` | `2.5.2` |
| [ultracite](https://github.com/haydenbleasel/ultracite) | `7.3.2` | `7.9.2` |
| [@opentui/core](https://github.com/anomalyco/opentui/tree/HEAD/packages/core) | `0.3.4` | `0.4.3` |
| [@opentui/solid](https://github.com/anomalyco/opentui/tree/HEAD/packages/solid) | `0.3.4` | `0.4.3` |
| [solid-js](https://github.com/solidjs/solid) | `1.9.13` | `1.9.14` |
| [convex-svelte](https://github.com/get-convex/convex-svelte) | `0.0.12` | `0.14.0` |
| [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `2.61.1` | `2.69.1` |
| [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `5.55.10` | `5.56.4` |
| [svelte-check](https://github.com/sveltejs/language-tools) | `4.4.8` | `4.7.1` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.14` | `8.1.3` |
| [convex-test](https://github.com/get-convex/convex-test) | `0.0.53` | `0.0.54` |



Updates `@biomejs/biome` from 2.4.8 to 2.5.2
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.5.2/packages/@biomejs/biome)

Updates `ultracite` from 7.3.2 to 7.9.2
- [Release notes](https://github.com/haydenbleasel/ultracite/releases)
- [Commits](https://github.com/haydenbleasel/ultracite/compare/ultracite@7.3.2...ultracite@7.9.2)

Updates `@opentui/core` from 0.3.4 to 0.4.3
- [Release notes](https://github.com/anomalyco/opentui/releases)
- [Commits](https://github.com/anomalyco/opentui/commits/v0.4.3/packages/core)

Updates `@opentui/solid` from 0.3.4 to 0.4.3
- [Release notes](https://github.com/anomalyco/opentui/releases)
- [Commits](https://github.com/anomalyco/opentui/commits/v0.4.3/packages/solid)

Updates `solid-js` from 1.9.13 to 1.9.14
- [Release notes](https://github.com/solidjs/solid/releases)
- [Changelog](https://github.com/solidjs/solid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/solidjs/solid/commits)

Updates `convex-svelte` from 0.0.12 to 0.14.0
- [Release notes](https://github.com/get-convex/convex-svelte/releases)
- [Changelog](https://github.com/get-convex/convex-svelte/blob/main/CHANGELOG.md)
- [Commits](https://github.com/get-convex/convex-svelte/commits/v0.14.0)

Updates `@sveltejs/kit` from 2.61.1 to 2.69.1
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/HEAD/packages/kit)

Updates `svelte` from 5.55.10 to 5.56.4
- [Release notes](https://github.com/sveltejs/svelte/releases)
- [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.56.4/packages/svelte)

Updates `svelte-check` from 4.4.8 to 4.7.1
- [Release notes](https://github.com/sveltejs/language-tools/releases)
- [Commits](https://github.com/sveltejs/language-tools/compare/svelte-check@4.4.8...svelte-check@4.7.1)

Updates `vite` from 8.0.14 to 8.1.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.3/packages/vite)

Updates `convex-test` from 0.0.53 to 0.0.54
- [Changelog](https://github.com/get-convex/convex-test/blob/main/CHANGELOG.md)
- [Commits](get-convex/convex-test@v0.0.53...v0.0.54)

---
updated-dependencies:
- dependency-name: "@biomejs/biome"
  dependency-version: 2.5.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: app-dependencies
- dependency-name: ultracite
  dependency-version: 7.9.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: app-dependencies
- dependency-name: "@opentui/core"
  dependency-version: 0.4.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: app-dependencies
- dependency-name: "@opentui/solid"
  dependency-version: 0.4.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: app-dependencies
- dependency-name: solid-js
  dependency-version: 1.9.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: app-dependencies
- dependency-name: convex-svelte
  dependency-version: 0.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: app-dependencies
- dependency-name: "@sveltejs/kit"
  dependency-version: 2.69.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: app-dependencies
- dependency-name: svelte
  dependency-version: 5.56.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: app-dependencies
- dependency-name: svelte-check
  dependency-version: 4.7.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: app-dependencies
- dependency-name: vite
  dependency-version: 8.1.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: app-dependencies
- dependency-name: convex-test
  dependency-version: 0.0.54
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: app-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
@vercel

vercel Bot commented Jul 6, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
cable-intel-web Ready Ready Preview, Comment Jul 6, 2026 6:36am

Request Review

@dependabot @github

dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 13, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/app-dependencies-e2f6e8c348 branch July 13, 2026 06:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants