chore(deps): bump the npm-version-updates group across 1 directory with 19 updates

[dependabot]

Bumps the npm-version-updates group with 18 updates in the / directory:

Package	From	To
@auth/core	0.40.0	0.41.0
@auth/sveltekit	1.10.0	1.11.0
openid-client	6.6.2	6.8.1
@eslint/compat	1.3.1	1.4.0
@eslint/js	9.32.0	9.38.0
@sveltejs/adapter-auto	6.0.1	7.0.0
@sveltejs/kit	2.26.1	2.47.3
@sveltejs/vite-plugin-svelte	6.1.0	6.2.1
@tailwindcss/vite	4.1.11	4.1.15
@types/node	20.19.9	24.9.1
eslint	9.32.0	9.38.0
eslint-plugin-svelte	3.11.0	3.12.5
globals	16.3.0	16.4.0
prettier-plugin-tailwindcss	0.6.14	0.7.1
svelte	5.37.1	5.41.2
svelte-check	4.3.0	4.3.3
typescript	5.8.3	5.9.3
typescript-eslint	8.38.0	8.46.2

Updates @auth/core from 0.40.0 to 0.41.0

Release notes

Sourced from @​auth/core's releases.

@​auth/core@​0.41.0

Features

• providers: support custom baseURL for Gitlab (#13260) (745751e9)

Other

• fix build
• adjust default fusionauth provider details (#10868)

Commits

• e9e2b50 chore(release): bump package version(s) [skip ci]
• 3cd5044 ci: fix unit test failure with firebase (#13278)
• 2732fa4 chore(firebase-adapter): update firebase-admin (#13277)
• 745751e feat(providers): support custom baseURL for Gitlab (#13260)
• 03cfd79 chore(neon-adapter): use peer dependency (#13276)
• 14c2cf7 ci: use node.js LTS version (#13275)
• 4b7c843 docs: fix broken link on middleware setup (#13253)
• 826165d docs: remove ads (#13254)
• 608453c docs: cleanup warning
• 0ec6b4f docs: fix migration guide
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bekacru, a new releaser for @​auth/core since your current version.

Updates @auth/sveltekit from 1.10.0 to 1.11.0

Release notes

Sourced from @​auth/sveltekit's releases.

@​auth/sveltekit@​1.11.0

Other

• @​auth/core: dependency update (745751e9)

Commits

• e9e2b50 chore(release): bump package version(s) [skip ci]
• See full diff in compare view

Maintainer changes

This version was pushed to npm by bekacru, a new releaser for @​auth/sveltekit since your current version.

Updates openid-client from 6.6.2 to 6.8.1

Release notes

Sourced from openid-client's releases.

v6.8.1

Refactor

• workaround dpop nonce caching caveats with customFetch (a9eb50f)

v6.8.0

Features

• respect retry-after in CIBA and Device Authorization Grant polling (6ce3411)

Documentation

• remove mention of Edge Runtime from the readme (2e41ad5)

v6.7.1

Fixes

• passport: include req.host from express@5 for ease of use in express@4 (81f6c12)

v6.7.0

Features

• support for the ML-DSA Algorithm Identifiers (9543da5)

v6.6.4

Fixes

• recognize N_A in the token exchange grant (770b177)

v6.6.3

Documentation

• fix TokenEndpointResponseHelpers.claims() note (b77c786)

Refactor

• passport: allow custom logic to drive initiating auth requests (0b57115), closes #811

Changelog

Sourced from openid-client's changelog.

6.8.1 (2025-09-27)

Refactor

• workaround dpop nonce caching caveats with customFetch (a9eb50f)

6.8.0 (2025-09-11)

Features

• respect retry-after in CIBA and Device Authorization Grant polling (6ce3411)

Documentation

• remove mention of Edge Runtime from the readme (2e41ad5)

6.7.1 (2025-08-29)

Fixes

• passport: include req.host from express@5 for ease of use in express@4 (81f6c12)

6.7.0 (2025-08-27)

Features

• support for the ML-DSA Algorithm Identifiers (9543da5)

6.6.4 (2025-08-12)

Fixes

• recognize N_A in the token exchange grant (770b177)

6.6.3 (2025-08-05)

Documentation

• fix TokenEndpointResponseHelpers.claims() note (b77c786)

Refactor

... (truncated)

Commits

• 00990b9 chore(release): 6.8.1
• a9eb50f refactor: workaround dpop nonce caching caveats with customFetch
• 60d7639 chore: bump packages
• ba4040c chore: cleanup after release
• 9d70a05 chore(release): 6.8.0
• 6ce3411 feat: respect retry-after in CIBA and Device Authorization Grant polling
• d26f7a3 chore: bump oidc-provider
• c98e068 chore: bump typedoc and typescript
• 2e41ad5 docs: remove mention of Edge Runtime from the readme
• 3e11c6c chore: cleanup after release
• Additional commits viewable in compare view

Updates @eslint/compat from 1.3.1 to 1.4.0

Release notes

Sourced from @​eslint/compat's releases.

migrate-config: v1.4.0

1.4.0 (2025-03-14)

Features

• Use defineConfig() and globalIgnores() helpers (#164) (727ec5d)

compat: v1.4.0

1.4.0 (2025-09-16)

Features

• Add config types in @​eslint/core (#237) (7b6dd37)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^0.15.2 to ^0.16.0

migrate-config: v1.3.8

1.3.8 (2025-02-21)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/compat bumped from ^1.2.6 to ^1.2.7

migrate-config: v1.3.7

1.3.7 (2025-01-31)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/compat bumped from ^1.2.5 to ^1.2.6

migrate-config: v1.3.6

1.3.6 (2025-01-09)

Dependencies

• The following workspace dependencies were updated

... (truncated)

Changelog

Sourced from @​eslint/compat's changelog.

1.4.0 (2025-09-16)

Features

• Add config types in @​eslint/core (#237) (7b6dd37)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^0.15.2 to ^0.16.0

1.3.2 (2025-08-05)

Dependencies

• The following workspace dependencies were updated
  • devDependencies
    • @​eslint/core bumped from ^0.15.1 to ^0.15.2

Commits

• 7f592e3 chore: release main (#257)
• 4f07e51 docs: correct bun installation command and use defineConfig in README (#269)
• ab10682 docs: Update README sponsors
• 7255100 chore: standardize test filenames to *.test.js (#267)
• 7e61e90 test: remove deprecated type property (#266)
• 100a4c7 docs: Update README sponsors
• b23f179 docs: Update README sponsors
• 7b6dd37 feat: Add config types in @​eslint/core (#237)
• 8ba766a refactor: update eslint-config-eslint (#253)
• 62089bc docs: Update README sponsors
• Additional commits viewable in compare view

Updates @eslint/js from 9.32.0 to 9.38.0

Release notes

Sourced from @​eslint/js's releases.

v9.38.0

Features

• ce40f74 feat: update complexity rule to only highlight function header (#20048) (Atul Nair)
• e37e590 feat: correct no-loss-of-precision false positives with e notation (#20187) (Francesco Trotta)

Bug Fixes

• 50c3dfd fix: improve type support for isolated dependencies in pnpm (#20201) (Francesco Trotta)
• a1f06a3 fix: correct SourceCode typings (#20114) (Pixel998)

Documentation

• 462675a docs: improve web accessibility by hiding non-semantic character (#20205) (루밀LuMir)
• c070e65 docs: correct formatting in no-irregular-whitespace rule documentation (#20203) (루밀LuMir)
• b39e71a docs: Update README (GitHub Actions Bot)
• cd39983 docs: move custom-formatters type descriptions to nodejs-api (#20190) (Percy Ma)

Chores

• d17c795 chore: upgrade @​eslint/js@​9.38.0 (#20221) (Milos Djermanovic)
• 25d0e33 chore: package.json update for @​eslint/js release (Jenkins)
• c82b5ef refactor: Use types from @​eslint/core (#20168) (Nicholas C. Zakas)
• ff31609 ci: add Node.js 25 to ci.yml (#20220) (루밀LuMir)
• 004577e ci: bump github/codeql-action from 3 to 4 (#20211) (dependabot[bot])
• eac71fb test: remove use of nodejsScope option of eslint-scope from tests (#20206) (Milos Djermanovic)
• 4168a18 chore: fix typo in legacy-eslint.js (#20202) (Sweta Tanwar)
• 205dbd2 chore: fix typos (#20200) (ntnyq)
• dbb200e chore: use team member's username when name is not available in data (#20194) (Milos Djermanovic)
• 8962089 chore: mark deprecated rules as available until v11.0.0 (#20184) (Pixel998)

v9.37.0

Features

• 39f7fb4 feat: preserve-caught-error should recognize all static "cause" keys (#20163) (Pixel998)
• f81eabc feat: support TS syntax in no-restricted-imports (#19562) (Nitin Kumar)

Bug Fixes

• a129cce fix: correct no-loss-of-precision false positives for leading zeros (#20164) (Francesco Trotta)
• 09e04fc fix: add missing AST token types (#20172) (Pixel998)
• 861c6da fix: correct ESLint typings (#20122) (Pixel998)

Documentation

• b950359 docs: fix typos across the docs (#20182) (루밀LuMir)
• 42498a2 docs: improve ToC accessibility by hiding non-semantic character (#20181) (Percy Ma)
• 29ea092 docs: Update README (GitHub Actions Bot)
• 5c97a04 docs: show availableUntil in deprecated rule banner (#20170) (Pixel998)
• 90a71bf docs: update README files to add badge and instructions (#20115) (루밀LuMir)
• 1603ae1 docs: update references from master to main (#20153) (루밀LuMir)

Chores

• afe8a13 chore: update @eslint/js dependency to version 9.37.0 (#20183) (Francesco Trotta)
• abee4ca chore: package.json update for @​eslint/js release (Jenkins)
• fc9381f chore: fix typos in comments (#20175) (overlookmotel)
• e1574a2 chore: unpin jiti (#20173) (renovate[bot])

... (truncated)

Commits

• 25d0e33 chore: package.json update for @​eslint/js release
• abee4ca chore: package.json update for @​eslint/js release
• 90a71bf docs: update README files to add badge and instructions (#20115)
• 488cba6 chore: package.json update for @​eslint/js release
• 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116)
• af2a087 chore: package.json update for @​eslint/js release
• 84ffb96 chore: update @eslint-community/eslint-utils (#20069)
• b48fa20 chore: package.json update for @​eslint/js release
• ad28371 chore: package.json update for @​eslint/js release
• See full diff in compare view

Updates @sveltejs/adapter-auto from 6.0.1 to 7.0.0

Release notes

Sourced from @​sveltejs/adapter-auto's releases.

@​sveltejs/adapter-auto@​7.0.0

Major Changes

• feat: update adapter-vercel to version 6 (#14737)

@​sveltejs/adapter-auto@​6.1.1

Patch Changes

• chore: update "homepage" field in package.json (#14579)

@​sveltejs/adapter-auto@​6.1.0

Minor Changes

• feat: add Deno as a supported package manager (#14163)

Patch Changes

• Updated dependencies [ece3906, 5ac9d27, fed6331, 69f4e5f, 6b34122, 9493537, f67ba09]:
  • @​sveltejs/kit@​2.28.0

@​sveltejs/adapter-auto@​6.0.2

Patch Changes

• chore: add .git to the end of package.json repository url (#14134)

• Updated dependencies [c968aef]:

  • @​sveltejs/kit@​2.27.3

Changelog

Sourced from @​sveltejs/adapter-auto's changelog.

7.0.0

Major Changes

• feat: update adapter-vercel to version 6 (#14737)

6.1.1

Patch Changes

• chore: update "homepage" field in package.json (#14579)

6.1.0

Minor Changes

• feat: add Deno as a supported package manager (#14163)

Patch Changes

• Updated dependencies [ece3906, 5ac9d27, fed6331, 69f4e5f, 6b34122, 9493537, f67ba09]:
  • @​sveltejs/kit@​2.28.0

6.0.2

Patch Changes

• chore: add .git to the end of package.json repository url (#14134)

• Updated dependencies [c968aef]:

  • @​sveltejs/kit@​2.27.3

Commits

• 6f13d2b Version Packages (#14738)
• c710a39 breaking: update to adapter-vercel to version 6 (#14737)
• 9fbd0d1 Version Packages (#14580)
• 193d37c chore: fix "homepage" field in package.json (#14579)
• 758ec17 fix: conditionally access builder properties that only exist on the latest Sv...
• d4f00a1 chore: remove skipLibCheck (#14227)
• f635678 feat: OpenTelemetry Tracing (#13899)
• 7a3583b Version Packages (#14164)
• 8d2f608 feat: add Deno as a supported package manager (#14163)
• 0548b15 Version Packages (#14142)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​sveltejs/adapter-auto since your current version.

Updates @sveltejs/kit from 2.26.1 to 2.47.3

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.47.3

Patch Changes

• fix: avoid hanging when error() is used while streaming promises from a server load function (#14722)

• chore: treeshake load function code if we know it's unused (#14764)

• fix: RecursiveFormFields type for recursive or unknown schemas (#14734)

• fix: rework internal representation of form value to be $state (#14771)

@​sveltejs/kit@​2.47.2

Patch Changes

• fix: streamed promise not resolving when another load function returns a fast resolving promise (#14753)

• chore: allow to run preflight validation only (#14744)

• fix: update overload to set invalid type to schema input (#14748)

@​sveltejs/kit@​2.47.1

Patch Changes

• fix: allow read to be used at the top-level of remote function files (#14672)

• fix: more robust remote files generation (#14682)

@​sveltejs/kit@​2.47.0

Minor Changes

• feat: add signal property to request (#14715)

Patch Changes

• fix: resolve remote module syntax errors with trailing expressions (#14728)

@​sveltejs/kit@​2.46.5

Patch Changes

• fix: ensure form remote functions' fields.set triggers reactivity (#14661)

@​sveltejs/kit@​2.46.4

Patch Changes

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.47.3

Patch Changes

• fix: avoid hanging when error() is used while streaming promises from a server load function (#14722)

• chore: treeshake load function code if we know it's unused (#14764)

• fix: RecursiveFormFields type for recursive or unknown schemas (#14734)

• fix: rework internal representation of form value to be $state (#14771)

2.47.2

Patch Changes

• fix: streamed promise not resolving when another load function returns a fast resolving promise (#14753)

• chore: allow to run preflight validation only (#14744)

• fix: update overload to set invalid type to schema input (#14748)

2.47.1

Patch Changes

• fix: allow read to be used at the top-level of remote function files (#14672)

• fix: more robust remote files generation (#14682)

2.47.0

Minor Changes

• feat: add signal property to request (#14715)

Patch Changes

• fix: resolve remote module syntax errors with trailing expressions (#14728)

2.46.5

Patch Changes

... (truncated)

Commits

• 3d55fd2 Version Packages (#14763)
• df679d2 fix: error pages with discarded promises fail to load (#14722)
• a78d8b1 chore: form state rework (#14771)
• 4aca945 chore: treeshake load function code if we know it's unused (#14764)
• 59a2aed fix: RecursiveFormFields type for recursive or unknown schemas (#14734)
• ef107ac Version Packages (#14749)
• 98aae1c feat: allow to run preflight validation only (#14744)
• fc6017c fix: streamed promise not resolving (#14753)
• c9b31d9 fix: update overload to set invalid type to schema input (#14748)
• 9b73e16 Version Packages (#14742)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​sveltejs/kit since your current version.

Updates @sveltejs/vite-plugin-svelte from 6.1.0 to 6.2.1

Release notes

Sourced from @​sveltejs/vite-plugin-svelte's releases.

@​sveltejs/vite-plugin-svelte@​6.2.1

Patch Changes

• fix: remove unscopable global styles warning (#1223)

• Remove automatic configuration for rolldownOptions.optimization.inlineConst because latest version of rolldown-vite has it enabled by default. (#1225)

@​sveltejs/vite-plugin-svelte@​6.2.0

Minor Changes

• feat(rolldown-vite): enable optimization.inlineConst by default to ensure treeshaking works with esm-env in svelte (#1207)

@​sveltejs/vite-plugin-svelte@​6.1.4

Patch Changes

• fix: allow preprocess plugin to run twice (#1206)

• fix(types): update urls to PreprocessorGroup and CompileOptions in type documention (#1203)

• replace kleur dependency with builtin node:utils styleText (#1210)

@​sveltejs/vite-plugin-svelte@​6.1.3

Patch Changes

• fix(api): add api.filter and deprecate api.idFilter to avoid confusing filter.id = idFilter.id assignments when used as hybrid filter in other plugins (#1199)

@​sveltejs/vite-plugin-svelte@​6.1.2

Patch Changes

• fix: ensure compiled css is returned when reloading during dev with ssr (e.g. SvelteKit) (#1194)

@​sveltejs/vite-plugin-svelte@​6.1.1

Patch Changes

• fix: ensure compiled svelte css is loaded correctly when rebuilding in build --watch (#1189)

Changelog

Sourced from @​sveltejs/vite-plugin-svelte's changelog.

6.2.1

Patch Changes

• fix: remove unscopable global styles warning (#1223)

• Remove automatic configuration for rolldownOptions.optimization.inlineConst because latest version of rolldown-vite has it enabled by default. (#1225)

6.2.0

Minor Changes

• feat(rolldown-vite): enable optimization.inlineConst by default to ensure treeshaking works with esm-env in svelte (#1207)

6.1.4

Patch Changes

• fix: allow preprocess plugin to run twice (#1206)

• fix(types): update urls to PreprocessorGroup and CompileOptions in type documention (#1203)

• replace kleur dependency with builtin node:utils styleText (#1210)

6.1.3

Patch Changes

• fix(api): add api.filter and deprecate api.idFilter to avoid confusing filter.id = idFilter.id assignments when used as hybrid filter in other plugins (#1199)

6.1.2

Patch Changes

• fix: ensure compiled css is returned when reloading during dev with ssr (e.g. SvelteKit) (#1194)

6.1.1

Patch Changes

• fix: ensure compiled svelte css is loaded correctly when rebuilding in build --watch (#1189)

Commits

• 1b50eb9 Version Packages (#1224)
• b81ef40 fix: remove automatic setting of rolldown inlineConst (#1225)
• bb4b033 fix: remove unscopable global warning (#1223)
• e3c60c5 fix(deps): update all non-major dependencies (#1218)
• 2a623f2 Version Packages (#1217)
• e1ffd09 feat(rolldown-vite): enable optimization.inlineConst by default (#1207)
• 2842159 Version Packages (#1204)
• 35121ac refactor: replace kleur with styleText (#1210)
• db12c90 fix(deps): update all non-major dependencies (#1205)
• 79a56c4 fix: allow preprocess plugin to run twice (#1206)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​sveltejs/vite-plugin-svelte since your current version.

Updates @tailwindcss/vite from 4.1.11 to 4.1.15

Release notes

Sourced from @​tailwindcss/vite's releases.

v4.1.15

Fixed

• Fix Safari devtools rendering issue due to color-mix fallback (#19069)
• Suppress Lightning CSS warnings about :deep, :slotted, and :global (#19094)
• Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (#19097)
• Allow named groups in combination with not-*, has-*, and in-* (#19100)
• Prevent important utilities from affecting other utilities (#19110)
• Don’t index into strings with the theme(…) function (#19111)
• Fix parsing issue when \t is used in at-rules (#19130)
• Upgrade: Canonicalize utilities containing 0 values (#19095)
• Upgrade: Migrate deprecated break-words to wrap-break-word (#19157)

Changed

• Remove the postinstall script from oxide (#19149)

v4.1.14

Fixed

• Handle ' syntax in ClojureScript when extracting classes (#18888)
• Handle @variant inside @custom-variant (#18885)
• Merge suggestions when using @utility (#18900)
• Ensure that file system watchers created when using the CLI are always cleaned up (#18905)
• Do not generate grid-column utilities when configuring grid-column-start or grid-column-end (#18907)
• Do not generate grid-row utilities when configuring grid-row-start or grid-row-end (#18907)
• Prevent duplicate CSS when overwriting a static utility with a theme key (#18056)
• Show Lightning CSS warnings (if any) when optimizing/minifying (#18918)
• Use default export condition for @tailwindcss/vite (#18948)
• Re-throw errors from PostCSS nodes (#18373)
• Detect classes in markdown inline directives (#18967)
• Ensure files with only @theme produce no output when built (#18979)
• Support Maud templates when extracting classes (#18988)
• Upgrade: Do not migrate variant = 'outline' during upgrades (#18922)
• Upgrade: Show version mismatch (if any) when running upgrade tool (#19028)
• Upgrade: Ensure first class inside className is migrated (#19031)
• Upgrade: Migrate classes inside *ClassName and *Class attributes (#19031)

v4.1.13

Changed

• Drop warning from browser build (#18731)
• Drop exact duplicate declarations when emitting CSS (#18809)

Fixed

• Don't transition visibility when using transition (#18795)
• Discard matched variants with unknown named values (#18799)
• Discard matched variants with non-string values (#18799)
• Show suggestions for known matchVariant values (#18798)

... (truncated)

Changelog

Sourced from @​tailwindcss/vite's changelog.

[4.1.15] - 2025-10-20

Fixed

• Fix Safari devtools rendering issue due to color-mix fallback (#19069)
• Suppress Lightning CSS warnings about :deep, :slotted, and :global (#19094)
• Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (#19097)
• Allow named groups in combination with not-*, has-*, and in-* (#19100)
• Prevent important utilities from affecting other utilities (#19110)
• Don’t index into strings with the theme(…) function (#19111)
• Fix parsing issue when \t is used in at-rules (#19130)
• Upgrade: Canonicalize utilities containing 0 values (#19095)
• Upgrade: Migrate deprecated break-words to wrap-break-word (#19157)

Changed

• Remove the postinstall script from oxide (#19149)(tailwindlabs/tailwindcss#19149)

[4.1.14] - 2025-10-01

Fixed

• Handle ' syntax in ClojureScript when extracting classes (#18888)
• Handle @variant inside @custom-variant (#18885)
• Merge suggestions when using @utility (#18900)
• Ensure that file system watchers created when using the CLI are always cleaned up (#18905)
• Do not generate grid-column utilities when configuring grid-column-start or grid-column-end (#18907)
• Do not generate grid-row utilities when configuring grid-row-start or grid-row-end (#18907)
• Prevent duplicate CSS when overwriting a static utility with a theme key (#18056)
• Show Lightning CSS warnings (if any) when optimizing/minifying (

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.