build(deps): bump the dependencies group with 7 updates

[dependabot]

Bumps the dependencies group with 7 updates:

Package	From	To
@auth/core	0.37.4	0.41.1
drizzle-orm	0.36.4	0.44.7
drizzle-seed	0.1.3	0.3.1
lucide-react	0.454.0	0.555.0
sharp	0.33.5	0.34.5
drizzle-kit	0.28.1	0.31.7
prettier-plugin-tailwindcss	0.6.14	0.7.2

Updates @auth/core from 0.37.4 to 0.41.1

Release notes

Sourced from @​auth/core's releases.

@​auth/core@​0.41.1

Bugfixes

• security issue from nodemailer (#13305)

Other

• update links for Credentials-based Authentication (#13258)

@​auth/core@​0.41.0

Features

• providers: support custom baseURL for Gitlab (#13260) (745751e9)

Other

• fix build
• adjust default fusionauth provider details (#10868)

@​auth/core@​0.40.0

Features

• providers: Mailgun region selection (#13027) (e0168ed1)

Bugfixes

• core: undefined providerId (#12947) (dd211c56)
• providers: Microsoft Entra ID (#12616) (e16b07b8)
• providers: enable OIDC capabilities for Keycloak (#12964) (0adbd101)

Other

• docs: fix typo Avaliable Scopes -> Available Scopes (#13009) (22c1b8b0)
• typo succesful -> successful (#12973)
• fix typo profie -> profile (#12987)

Commits

• 089f0e3 chore(release): bump package version(s) [skip ci]
• 2824fa1 feat: add next 16 support (#13298)
• 8f3b2c7 fix: security issue from nodemailer (#13305)
• 240e343 docs: update the Prisma ORM page to use Prisma Postgres (#13299)
• 0bcd32d chore(drizzle): migrate sqliteTable to array API (#13280)
• 90188fa ci: enable merge queue (#13288)
• 8d02b3d docs: remove carbon developer ads widget from docs sidebar (#13286)
• c8cd9b1 chore: remove unused script (#13279)
• 3a7c669 docs: update links for Credentials-based Authentication (#13258)
• e9e2b50 chore(release): bump package version(s) [skip ci]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bekacru, a new releaser for @​auth/core since your current version.

Updates drizzle-orm from 0.36.4 to 0.44.7

Release notes

Sourced from drizzle-orm's releases.

0.44.7

• fix durable sqlite transaction return value #3746 - thanks @​joaocstro

0.44.6

• feat: add $replicas reference #4874

0.44.5

• Fixed invalid usage of .one() in durable-sqlite session
• Fixed spread operator related crash in sqlite blob columns
• Better browser support for sqlite blob columns
• Improved sqlite blob mapping

0.44.4

• Fix wrong DrizzleQueryError export. thanks @​nathankleyn

0.44.3

• Fixed types of $client for clients created by drizzle function

await db.$client.[...]

• Added the updated_at column to the neon_auth.users_sync table definition.

0.44.2

• [BUG]: Fixed type issues with joins with certain variations of tsconfig: #4535, #4457

0.44.1

• [BUG]: Drizzle can no longer run on Durable Objects

0.44.0

Error handling

Starting from this version, we’ve introduced a new DrizzleQueryError that wraps all errors from database drivers and provides a set of useful information:

1. A proper stack trace to identify which exact Drizzle query failed
2. The generated SQL string and its parameters
3. The original stack trace from the driver that caused the DrizzleQueryError

Drizzle cache module

Drizzle sends every query straight to your database by default. There are no hidden actions, no automatic caching or invalidation - you’ll always see exactly what runs. If you want caching, you must opt in.

By default, Drizzle uses a explicit caching strategy (i.e. global: false), so nothing is ever cached unless you ask. This prevents surprises or hidden performance traps in your application. Alternatively, you can flip on all caching (global: true) so that every select will look in cache first.

Out first native integration was built together with Upstash team and let you natively use upstash as a cache for your drizzle queries

import { upstashCache } from "drizzle-orm/cache/upstash";
import { drizzle } from "drizzle-orm/...";
</tr></table> 

... (truncated)

Commits

• 11ff664 fix durable sqlite transaction return value (#3746)
• 6caba5b Merge pull request #4826 from divyenduz/patch-1
• 9fc4a6c Merge branch 'main' into patch-1
• a9136ee dprint
• 6f89bdd Merge branch 'feat/issue-4873'
• b529598 dprint
• e31c65f feat: add $replicas reference (#4874)
• d1d61d9 Bump version
• c920a3a Merge branch 'main' into feat/issue-4873
• 8e8a9e9 [Drizzle Kit]: Add casing support to studio configuration and related functio...
• Additional commits viewable in compare view

Updates drizzle-seed from 0.1.3 to 0.3.1

Commits

• See full diff in compare view

Updates lucide-react from 0.454.0 to 0.555.0

Release notes

Sourced from lucide-react's releases.

Version 0.555.0

What's Changed

• fix(icons): changed calendars icon by @​jguddas in lucide-icons/lucide#3795
• fix(docs): correct package name and description for Flutter and Lustre package (#3701) by @​epifaniofrancisco in lucide-icons/lucide#3703
• feat(angular): Angular V21 Support by @​JeevanMahesha in lucide-icons/lucide#3807
• chore(metadata): Adjust navigation category by @​ericfennis in lucide-icons/lucide#3461
• feat(icons): Add waves-arrow-up and waves-arrow-down by @​ericfennis in lucide-icons/lucide#3463
• fix(icons): changed scale icon by @​jamiemlaw in lucide-icons/lucide#3800
• feat(icons): added form icon by @​jguddas in lucide-icons/lucide#3558

Full Changelog: lucide-icons/lucide@0.554.0...0.555.0

Version 0.554.0

What's Changed

• fix(icons): Rename fingerprint icon to fingerprint-pattern by @​ericfennis in lucide-icons/lucide#3767
• feat(docs): added lucide-rails third-party package by @​theiereman in lucide-icons/lucide#3769
• fix(icons): changed ampersand icon by @​jguddas in lucide-icons/lucide#3771
• fix(icons): changed folder-git-2 icon by @​jguddas in lucide-icons/lucide#3790
• fix(icons): update anchor icon by @​jamiemlaw in lucide-icons/lucide#2523
• feat(icons): added calendars icon by @​jguddas in lucide-icons/lucide#3788

Breaking change

For lucide-react and lucide-solid, imports for Fingerprint icon are changed to FingerprintPattern.

Lucide React

- import { Fingerprint } from "lucide-react";
+ import { FingerprintPattern } from "lucide-react";

Lucide Solid

- import { Fingerprint } from "lucide/solid";
+ import { FingerprintPattern } from "lucide/solid";
// Or

import Fingerprint from "lucide/solid/icons/fingerprint";


import FingerprintPattern from "lucide/solid/icons/fingerprint-pattern";

New Contributors

• @​theiereman made their first contribution in lucide-icons/lucide#3769

Full Changelog: lucide-icons/lucide@0.553.0...0.554.0

Version 0.553.0

What's Changed

• feat(icons): added mouse-pointer-2-off icon by @​domingasp in lucide-icons/lucide#3570

... (truncated)

Commits

• 80d6f73 fix(icons): Rename fingerprint icon to fingerprint-pattern (#3767)
• 1cfb3ff chore(deps-dev): bump vite from 6.3.5 to 6.3.6 (#3611)
• e71198d chore: icon alias improvements (#2861)
• 3e644fd chore(scripts): Refactor scripts to typescript (#3316)
• 19fa01b build(deps-dev): bump vite from 6.3.2 to 6.3.4 (#3181)
• 03eb862 use implicit return in react package (#2325)
• 0fccc27 Bump dependencies (#3096)
• 7b95480 Added periods (#3065)
• e4988bc build(deps-dev): bump vite from 5.4.15 to 5.4.17 (#2993)
• a11ba9e fix(react): added aria-hidden fallback for decorative icons (#2158)
• Additional commits viewable in compare view

Updates sharp from 0.33.5 to 0.34.5

Release notes

Sourced from sharp's releases.

v0.34.5

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag. #4458

• Add support for BigTIFF output. #4459 @​throwbi

• Improve error messaging when only warnings issued. #4465

• Simplify ICC processing when retaining input profiles. #4468

v0.34.5-rc.1

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag. #4458

• Add support for BigTIFF output. #4459 @​throwbi

• Improve error messaging when only warnings issued. #4465

• Simplify ICC processing when retaining input profiles. #4468

v0.34.5-rc.0

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag. #4458

• Add support for BigTIFF output. #4459 @​throwbi

• Improve error messaging when only warnings issued. #4465

... (truncated)

Commits

• e062456 Release v0.34.5
• 6450c70 Prerelease v0.34.5-rc.1
• f7c95d1 TypeScript: consolidate a few enum-like properties
• ef86a75 Prerelease v0.34.5-rc.0
• 6c1e840 Use structured binding for tuples where possible
• e1628d8 Simplify ICC processing when retaining input profiles #4468
• 4f9f817 Linter: apply all recommended biome settings
• 09d5aa8 Docs: update internal and libvips doc links
• 040b73c Upgrade to libvips v8.17.3
• 1f2f33d Ensure licensing headers are retained by code bundlers
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for sharp since your current version.

Updates drizzle-kit from 0.28.1 to 0.31.7

Release notes

Sourced from drizzle-kit's releases.

drizzle-kit@0.31.6

Bug fixes

• [BUG]: Importing drizzle-kit/api fails in ESM modules

drizzle-kit@0.31.5

• Add casing support to studio configuration and related functions

drizzle-kit@0.31.4

• Fixed halfvec, bit and sparsevec type generation bug in drizzle-kit

drizzle-kit@0.31.3

• Internal changes to Studio context. Added databaseName and packageName properties for Studio

drizzle-kit@0.31.2

Bug fixes

• Fixed relations extraction to not interfere with Drizzle Studio.

drizzle-kit@0.31.1

Fixed drizzle-kit pull bugs when using Gel extensions.

Because Gel extensions create schema names containing :: (for example, ext::auth), Drizzle previously handled these names incorrectly. Starting with this release, you can use Gel extensions without any problems. Here’s what you should do:

1. Enable extensions schemas in drizzle.config.ts

import  { defineConfig } from "drizzle-kit";
export default defineConfig({
dialect: 'gel',
schemaFilter: ['ext::auth', 'public']
});

2. Run drizzle-kit pull

3. Done!

drizzle-kit@0.31.0

Features and improvements

Enum DDL improvements

For situations where you drop an enum value or reorder values in an enum, there is no native way to do this in PostgreSQL. To handle these cases, drizzle-kit used to:

• Change the column data types from the enum to text
• Drop the old enum
• Add the new enum
• Change the column data types back to the new enum

... (truncated)

Commits

• 47ba9c8 Merge remote-tracking branch 'origin/main'
• 4e61887 +
• c66862c Merge pull request #5036 from drizzle-team/kit-checks
• 391d33b Merge branch 'main' into kit-checks
• 97f9a45 fix: Update permissions and streamline npm configuration in release workflows
• 0dfed1b Merge pull request #5035 from drizzle-team/kit-checks
• b6a6aac fix: Add environment variables for npm authentication in release workflow
• b9d7199 fix: Fix release-latest
• c314c8d Merge pull request #5034 from drizzle-team/kit-checks
• 64f4c79 +
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for drizzle-kit since your current version.

Updates prettier-plugin-tailwindcss from 0.6.14 to 0.7.2

Release notes

Sourced from prettier-plugin-tailwindcss's releases.

v0.7.2

Fixed

• Load compatible plugins sequentially to work around race conditions in Node.js (#412)
• Fix compatibility with prettier-plugin-svelte when using Prettier v3.7+ (#418)

v0.7.1

Fixed

• Match against correct name of dynamic attributes when using regexes (#410)

v0.7.0

Added

• Format quotes in @source, @plugin, and @config (#387)
• Sort in function calls in Twig (#358)
• Sort in callable template literals (#367)
• Sort in function calls mixed with property accesses (#367)
• Support regular expression patterns for attributes (#405)
• Support regular expression patterns for function names (#405)

Changed

• Improved monorepo support by loading Tailwind CSS relative to the input file instead of prettier config file (#386)
• Improved monorepo support by loading v3 configs relative to the input file instead of prettier config file (#386)
• Fallback to Tailwind CSS v4 instead of v3 by default (#390)
• Don't augment global Prettier ParserOptions and RequiredOptions types (#354)
• Drop support for prettier-plugin-import-sort (#385)

Fixed

• Handle quote escapes in LESS when sorting @apply (#392)
• Fix whitespace removal inside nested concat and template expressions (#396)

Changelog

Sourced from prettier-plugin-tailwindcss's changelog.

[0.7.2] - 2025-12-01

Fixed

• Load compatible plugins sequentially to work around race conditions in Node.js (#412)
• Fix compatibility with prettier-plugin-svelte when using Prettier v3.7+ (#418)

[0.7.1] - 2025-10-17

Fixed

• Match against correct name of dynamic attributes when using regexes (#410)

[0.7.0] - 2025-10-14

Added

• Format quotes in @source, @plugin, and @config (#387)
• Sort in function calls in Twig (#358)
• Sort in callable template literals (#367)
• Sort in function calls mixed with property accesses (#367)
• Support regular expression patterns for attributes (#405)
• Support regular expression patterns for function names (#405)

Changed

• Improved monorepo support by loading Tailwind CSS relative to the input file instead of prettier config file (#386)
• Improved monorepo support by loading v3 configs relative to the input file instead of prettier config file (#386)
• Fallback to Tailwind CSS v4 instead of v3 by default (#390)
• Don't augment global Prettier ParserOptions and RequiredOptions types (#354)
• Drop support for prettier-plugin-import-sort (#385)

Fixed

• Handle quote escapes in LESS when sorting @apply (#392)
• Fix whitespace removal inside nested concat and template expressions (#396)

Commits

• 28beb4e 0.7.2
• 63d859d Tweak overrides
• bd7ff3c Fix install issue
• 90e56c3 Fix plugin compatibility with Prettier v3.7+ (#418)
• dd02e91 Add test for subpath imports
• 908f169 Don’t use Promise.all when dynamically loading compatible plugins (#412)
• a0fea3f 0.7.1
• 56fa1fc Update changelog
• 42aca0c Match against correct name of dynamic attributes when using regexes (#410)
• 3a58565 Fix building on windows
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Cloudflare Deployment

Status: ❌ Deployment failed
Commit: 0d0d379
Branch: dependabot/npm_and_yarn/dependencies-6ea709be78

The deployment to Cloudflare failed. Please check the workflow logs for more details.

---

Last updated: 12/02/2025, 15:01:00 +05:30 GMT