Skip to content

chore(deps): bump solid-js from 1.8.17 to 1.9.13#111

Merged
hasparus merged 4 commits into
mainfrom
dependabot/npm_and_yarn/solid-js-1.9.13
Jul 2, 2026
Merged

chore(deps): bump solid-js from 1.8.17 to 1.9.13#111
hasparus merged 4 commits into
mainfrom
dependabot/npm_and_yarn/solid-js-1.9.13

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps solid-js from 1.8.17 to 1.9.13.

Release notes

Sourced from solid-js's releases.

v1.9.0 - LGTM!

This release like the last is focusing on small quality of life improvements and adjustments that will help us move towards 2.0. So while not the most exciting release to everyone it provides some really important features and fixes to some developers.

And unlike many previous releases the vast majority of the work and features came from PRs from the community. So really all I can say is Looks Good to Me!

Better JSX Validation

While still incomplete across templates we've added JSDOM to the compiler to better detect invalid HTML at build time by comparing what we expect the template to be with what a browser would output. This now includes things that are nested we didn't detect before like putting <a> inside other <a> tags which will lead to the browser "correcting" it in less than intuitive ways.

Improved Exports

While each environment in solid-js/web has its own methods to be used in the compiler. We are now exporting the client methods from the server to prevent weird import errors. Now these methods will throw if used in this environment but shouldn't break your build.

Additionally we have seen some issues in bundlers that incorrectly feed our ESM exports back through the browser field. While this is a known issue they all pointed issues at each other and with no intention of fixing it. We have removed the browser field in this release, meaning some legacy packages may have issues resolving browser if they don't support export conditions.

This is regretful but this blocked deployments on several platforms and since this was the only fix at our disposal after two years of attempting to push this issue to the bundlers to no avail, we've moved forward with it.

Custom Element improvements

We have a few improvements to our custom element support in this release. First off we now detect elements with the is attribute as custom elements which means all the special behavior is afforded to them.

We've also improved our event handler delegating retargetting to better handle shadow DOM events. There were cases where we skipped over part of the tree.

Finally we've added the bool: attribute namespace to handle explicitly setting certain attributes according to boolean attribute rules. While this isn't necessary for built-in booleans currently we handle most attributes as properties and we lacked a specific override. But now we have it:

<my-element bool:enable={isEnabled()}></my-element>

Support for handleEvent Syntax in Non-Delegated Events

A little known thing is that events actually also support objects instead of functions (See: https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener)

We(thanks @​titoBouzout) realized we can use this mechanism as a way to set advanced rules like passive or capture on this object as way to handle all current and future event attributes that browsers might add. This way we don't need specific mechanisms like oncapture: (which is now deprecated).

Instead using on: you can set the event properties you wish.

<>
  <div on:click={{
    handleEvent(e) {
      console.log("clicked", e)
    },
    once:true
  }/>
  <div on:wheel={{
    handleEvent(e) {
      e.preventDefault() // only works on not passive events
      e.stopPropagation()  
</tr></table> 

... (truncated)

Commits
  • 3be495c v1.9.13
  • 4649b37 Update DOM expression runtimes
  • 265648b Merge remote-tracking branch 'origin/main'
  • a22dd29 Merge pull request #2696 from brenelz/fix-resource-initial-value-inference
  • 4b1919a Fix createResource initial value inference
  • 3ed4753 Tighten produce draft proxy invariant test
  • 75525f0 Merge pull request #2690 from brenelz/fix/2668-leaked-produce-draft-proxy-inv...
  • a7959ca Fix proxy invariant crash in draft production
  • cfde0a1 Harden store prototype pollution guards
  • 43cbc98 Merge pull request #2683 from thomasbuilds/prototype-fix
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 1, 2026

@hasparus hasparus left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI is green on all functional checks (lint, typecheck, build, Playwright e2e including visual regression all pass) despite the solid-js 1.8→1.9 bump. The only failing job step is Deploy Preview to Vercel (deploy.mjs: missing --token), which fails identically on every open Dependabot PR because secrets aren't available in dependabot-triggered pull_request runs — a pre-existing CI gap unrelated to this bump. Approving and merging.


Generated by Claude Code

hasparus commented Jul 1, 2026

Copy link
Copy Markdown
Owner

·@·d·ependabot r·ebase


Generated by Claude Code

Bumps [solid-js](https://github.com/solidjs/solid) from 1.8.17 to 1.9.13.
- [Release notes](https://github.com/solidjs/solid/releases)
- [Changelog](https://github.com/solidjs/solid/blob/main/CHANGELOG.md)
- [Commits](solidjs/solid@v1.8.17...v1.9.13)

---
updated-dependencies:
- dependency-name: solid-js
  dependency-version: 1.9.13
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/solid-js-1.9.13 branch from 44e8ead to e02d636 Compare July 1, 2026 10:12
… Dependabot

The solid-js 1.9 bump tightened JSX.BlockquoteHTMLAttributes typing,
which requires HTMLQuoteElement (blockquote's real DOM interface,
with its 'cite' attribute) rather than the generic HTMLElement used
here. Under exactOptionalPropertyTypes this became a type error on
the spread ref.

Also carries the shared CI fix: Dependabot PRs run from the same
repo (not a fork), so the deploy step's fork-only guard let it
through even though GitHub withholds repository secrets from
dependabot-actor runs, causing deploy.mjs to fail with
'missing --token'. Treat dependabot[bot] runs the same as fork PRs.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>

hasparus commented Jul 2, 2026

Copy link
Copy Markdown
Owner

CI was failing for two separate reasons:

  1. Typecheck: the solid-js 1.9 bump tightened JSX.BlockquoteHTMLAttributes typing, which expects HTMLQuoteElement (blockquote's real DOM interface, with its cite attribute) rather than the generic HTMLElement this component used. Under exactOptionalPropertyTypes that surfaced as a type error on the spread ref. Fixed by typing Blockquote against HTMLQuoteElement in src/lib/prose/Blockquote.tsx.
  2. Deploy: same shared CI issue as the other open Dependabot PRs — the preview-deploy step's fork-only guard doesn't account for dependabot[bot]-authored runs lacking secrets access, causing deploy.mjs: missing --token. Fixed the workflow condition to also treat dependabot runs as untrusted for deploy purposes.

Pushed both fixes. Re-running CI now.


Generated by Claude Code

hasparus and others added 2 commits July 2, 2026 10:39
…t BlockquoteHTMLAttributes

The previous attempt typed props as
JSX.BlockquoteHTMLAttributes<HTMLQuoteElement>, but solid-js's
BlockquoteHTMLAttributes hardcodes its ref type independent of the
generic parameter, so the mismatch just flipped direction (now the
JSX intrinsic's inferred ref didn't satisfy our declared props).
Blockquote doesn't use the cite attribute, so follow the same
pattern already used by the sibling Pre component (HTMLAttributes<T>
matching the intrinsic element type) instead of the element-specific
attributes interface.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
…rn/solid-js-1.9.13

# Conflicts:
#	package.json
#	pnpm-lock.yaml
@hasparus hasparus merged commit 129e9e1 into main Jul 2, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/solid-js-1.9.13 branch July 2, 2026 10:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant