chore(deps): bump the frontend group in /frontend with 4 updates

[dependabot]

Bumps the frontend group in /frontend with 4 updates: @solidjs/router, pnpm, vite and vite-plugin-solid.

Updates @solidjs/router from 0.15.4 to 0.16.1

Changelog

Sourced from @​solidjs/router's changelog.

0.16.1

Patch Changes

• e847f96: Fix the published package contents so dist no longer includes mirrored src, test, or co-located spec files.

  Also move the data tests under test/ and align the test TypeScript config with that layout so test:types continues to pass cleanly.

0.16.0

Minor Changes

• 8f0a8c3: Re-export context
• 9e85fe2: Update moduleResolution

Patch Changes

• 63940c5: Use name in action and createAsync

  action() and createAsync() were not respecting user defined name. Moreover, action was not applying the hashed name and only naming the action "mutate".

• f9b6dc6: Make useHref return a string with string param

Commits

• See full diff in compare view

Updates pnpm from 10.30.3 to 10.32.1

Release notes

Sourced from pnpm's releases.

pnpm 10.32.1

Patch Changes

• Fix a regression where pnpm-workspace.yaml without a packages field caused all directories to be treated as workspace projects. This broke projects that use pnpm-workspace.yaml only for settings (e.g. minimumReleaseAge) without defining workspace packages #10909.

Platinum Sponsors

Gold Sponsors

... (truncated)

Changelog

Sourced from pnpm's changelog.

10.32.1

Patch Changes

• Fix a regression where pnpm-workspace.yaml without a packages field caused all directories to be treated as workspace projects. This broke projects that use pnpm-workspace.yaml only for settings (e.g. minimumReleaseAge) without defining workspace packages #10909.

10.32.0

Minor Changes

• Added --all flag to pnpm approve-builds that approves all pending builds without interactive prompts #10136.

Patch Changes

• Reverted change related to setting explicitly the npm config file path, which caused regressions.
• Reverted fix related to lockfile-include-tarball-url. Fixes #10915.

10.31.0

Minor Changes

• When pnpm updates the pnpm-workspace.yaml, comments, string formatting, and whitespace will be preserved.

Patch Changes

• Added -F as a short alias for the --filter option in the help output.

• Handle undefined pkgSnapshot in pnpm why -r #10700.

• Fix headless install not being used when a project has an injected self-referencing file: dependency that resolves to link: in the lockfile.

• Fixed a race condition when multiple worker threads import the same package to the global virtual store concurrently. The rename operation now tolerates ENOTEMPTY/EEXIST errors if another thread already completed the import.

• When lockfile-include-tarball-url is set to false, tarball URLs are now always excluded from the lockfile. Previously, tarball URLs could still appear for packages hosted under non-standard URLs, making the behavior flaky and inconsistent #6667.

• Fixed optimisticRepeatInstall skipping install when overrides, packageExtensions, ignoredOptionalDependencies, patchedDependencies, or peersSuffixMaxLength changed.

• Fixed pnpm patch-commit failing with "unable to access '/.config/git/attributes': Permission denied" error in environments where HOME is unset or non-standard (Docker containers, CI systems).

  The issue occurred because pnpm was setting HOME and the Windows user profile env var to empty strings to suppress user git configuration when running git diff. This caused git to resolve the home directory (~) as root (/), leading to permission errors when attempting to access /.config/git/attributes.

  Now uses GIT_CONFIG_GLOBAL: os.devNull instead, which is git's proper mechanism for bypassing user-level configuration without corrupting the home directory path resolution.

  Fixes #6537

• Fix pnpm why -r --parseable missing dependents when multiple workspace packages share the same dependency #8100.

• Fix link-workspace-packages=true incorrectly linking workspace packages when the requested version doesn't match the workspace package's version. Previously, on fresh installs the version constraint is overridden to * in the fallback resolution paths, causing any workspace package with a matching name to be linked regardless of version #10173.

• Fixed pnpm update --interactive table breaking with long version strings (e.g., prerelease versions like 7.0.0-dev.20251209.1) by dynamically calculating column widths instead of using hardcoded values #10316.

• Explicitly tell npm the path to the global rc config file.

• The parameter set by the --allow-build flag is written to allowBuilds.

• Fix a bug in which specifying filter on pnpm-workspace.yaml would cause pnpm to not detect any projects.

• Print help message on running pnpm dlx without arguments and exit.

Commits

• eaae772 chore(release): 10.32.1
• cda9b1d fix: update dependencies
• 5163697 fix: restore default workspace package patterns when packages field is missin...
• 49d249b chore(release): 10.32.0
• f733456 revert: "fix: explicitly tell npm the config file path (#10154)"
• 229c244 chore(release): 10.31.0
• 80be7f5 chore: update sponsors list to match main branch
• 733447a fix(test): use npm_config_ prefix for env var override test
• 9c7b3ca fix(dlx): print help message when no arguments are provided (#10690)
• 6899966 fix: allow env vars and updateConfig hook to override frozen-lockfile in CI (...
• Additional commits viewable in compare view

Updates vite from 7.3.1 to 8.0.1

Release notes

Sourced from vite's releases.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

create-vite@8.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0-beta.18

Please refer to CHANGELOG.md for details.

v8.0.0-beta.17

Please refer to CHANGELOG.md for details.

v8.0.0-beta.16

Please refer to CHANGELOG.md for details.

v8.0.0-beta.15

Please refer to CHANGELOG.md for details.

v8.0.0-beta.14

Please refer to CHANGELOG.md for details.

v8.0.0-beta.13

Please refer to CHANGELOG.md for details.

v8.0.0-beta.12

Please refer to CHANGELOG.md for details.

v8.0.0-beta.11

Please refer to CHANGELOG.md for details.

v8.0.0-beta.10

Please refer to CHANGELOG.md for details.

v8.0.0-beta.9

Please refer to CHANGELOG.md for details.

v8.0.0-beta.8

Please refer to CHANGELOG.md for details.

v8.0.0-beta.7

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.1 (2026-03-19)

Features

• update rolldown to 1.0.0-rc.10 (#21932) (b3c067d)

Bug Fixes

• bundled-dev: properly disable inlineConst optimization (#21865) (6d97142)
• css: lightningcss minify failed when build.target: 'es6' (#21933) (5fcce46)
• deps: update all non-major dependencies (#21878) (6dbbd7f)
• dev: always use ESM Oxc runtime (#21829) (d323ed7)
• dev: handle concurrent restarts in _createServer (#21810) (40bc729)
• handle + symbol in package subpath exports during dep optimization (#21886) (86db93d)
• improve no-cors request block error (#21902) (5ba688b)
• use precise regexes for transform filter to avoid backtracking (#21800) (dbe41bd)
• worker: require(json) result should not be wrapped (#21847) (0672fd2)
• worker: make worker output consistent with client and SSR (#21871) (69454d7)

Miscellaneous Chores

• add changelog rearrange script (#21835) (efef073)
• deps: bump required @vitejs/devtools version to 0.1+ (#21925) (12932f5)
• deps: update rolldown-related dependencies (#21787) (1af1d3a)
• rearrange 8.0 changelog (8e05b61)
• rearrange 8.0 changelog (#21834) (86edeee)

8.0.0 (2026-03-12)

Today, we're thrilled to announce the release of the next Vite major:

• Vite 8.0 announcement blog post
• Docs (translations: 简体中文, 日本語, Español, Português, 한국어, Deutsch, فارسی)
• Migration Guide

⚠ BREAKING CHANGES

• remove import.meta.hot.accept resolution fallback (#21382)
• update default browser target (#21193)
• the epic rolldown-vite merge (#21189)

Features

• update rolldown to 1.0.0-rc.9 (#21813) (f05be0e)
• warn when vite-tsconfig-paths plugin is detected (#21781) (ada493e)
• css: support es2025 build target for lightningcss (#21769) (08906e7)
• forward browser console logs and errors to dev server terminal (#20916) (2540ed0)
• update rolldown to 1.0.0-rc.8 (#21790) (a0c950e)
• export Visitor and ESTree from rolldown/utils (#21664) (45de31e)

... (truncated)

Commits

• ea68a88 chore(deps): update rolldown-related dependencies (#20810)
• 693d255 release: v7.1.7
• 98a3484 fix(hmr): wait for import.meta.hot.prune callbacks to complete before runni...
• 9f32b1d fix(hmr): trigger prune event when import is removed from non hmr module (#20...
• 9f2247c fix(deps): update all non-major dependencies (#20811)
• 105abe8 fix(glob): handle glob imports from folders starting with dot (#20800)
• 4c4583c fix(build): fix ssr environment emitAssets: true when `sharedConfigBuild: t...
• 9bc9d12 fix(client): use CSP nonce when rendering error overlay (#20791)
• 54377f7 release: v7.1.6
• 88af2ae fix(deps): update all non-major dependencies (#20773)
• Additional commits viewable in compare view

Updates vite-plugin-solid from 2.11.10 to 2.11.11

Release notes

Sourced from vite-plugin-solid's releases.

vite-plugin-solid@2.11.11

Patch Changes

• 7f39675: Add vite 8 in peer deps

Changelog

Sourced from vite-plugin-solid's changelog.

2.11.11

Patch Changes

• 7f39675: Add vite 8 in peer deps

Commits

• 9c7a3a5 Merge pull request #246 from solidjs/ci--trusted-publishing-permissions
• 25fb0a1 ci: trusted publishing permissions
• 04eec66 Merge pull request #245 from solidjs/chore--bump-github-ci-to-node-24
• 52f1033 chore: bump github ci to node 24
• 37dcf09 Version Packages (#244)
• 7f39675 [main] Allow vite 8 in peerDeps (#242)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vite-plugin-solid since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions