build(deps-dev): bump the svelte group in /svelte with 6 updates

[dependabot]

Bumps the svelte group in /svelte with 6 updates:

Package	From	To
@sveltejs/kit	2.16.0	2.16.1
@sveltejs/package	2.3.7	2.3.9
@typescript-eslint/eslint-plugin	8.20.0	8.21.0
@typescript-eslint/parser	8.20.0	8.21.0
svelte	5.19.0	5.19.3
vite	6.0.7	6.0.11

Updates @sveltejs/kit from 2.16.0 to 2.16.1

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.16.1

Patch Changes

• fix: avoid overwriting headers for sub-requests made while loading the error page (#13341)

• fix: correctly resolve index file entrypoints such as src/service-worker/index.js (#13354)

• fix: correctly handle relative anchors when using the hash router (#13356)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.16.1

Patch Changes

• fix: avoid overwriting headers for sub-requests made while loading the error page (#13341)

• fix: correctly resolve index file entrypoints such as src/service-worker/index.js (#13354)

• fix: correctly handle relative anchors when using the hash router (#13356)

Commits

• 7c81ac9 Version Packages (#13353)
• ab58c22 fix: correctly check index file exists when resolving an entry (#13354)
• a8bdcf8 fix: correctly handle relative anchors when hash router is enabled (#13356)
• b764298 fix: do not replace headers on fetch requests with error state (#13341)
• f5103c6 docs: document derived use of $app/state's page (#13346)
• 18d69fb docs: mention page state (#13348)
• 702575e chore: upgrade to vitest 3 (#13330)
• See full diff in compare view

Updates @sveltejs/package from 2.3.7 to 2.3.9

Release notes

Sourced from @​sveltejs/package's releases.

@​sveltejs/package@​2.3.9

Patch Changes

• chore: bump svelte2tsx dependency for more up-to-date d.ts output (#8843)

• fix: adjust declaration map paths (#8843)

@​sveltejs/package@​2.3.8

Patch Changes

• fix: resolve aliases more robustly (#13351)

Changelog

Sourced from @​sveltejs/package's changelog.

2.3.9

Patch Changes

• chore: bump svelte2tsx dependency for more up-to-date d.ts output (#8843)

• fix: adjust declaration map paths (#8843)

2.3.8

Patch Changes

• fix: resolve aliases more robustly (#13351)

Commits

• ca1d09f Version Packages (#13358)
• d9f1522 fix: adjust declaration map paths (#8843)
• 7c81ac9 Version Packages (#13353)
• 2ca09ce fix: svelte-package resolve alias (#13351)
• d030f4b feat: support Vite 6 (#12270)
• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.20.0 to 8.21.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.21.0

8.21.0 (2025-01-20)

🚀 Features

• ast-spec: support import attributes in TSImportType (#10640)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-arguments] handle type args on jsx (#10630)
• eslint-plugin: check JSX spread elements for misused spread usage (#10653)
• eslint-plugin: [no-for-in-array] report on any type which may be an array or array-like (#10535)
• eslint-plugin: [no-base-to-string] don't crash for recursive array or tuple types (#10633)
• eslint-plugin: [no-duplicate-enum-values] handle template literal (#10675)
• eslint-plugin-internal: [debug-namespace] on windows (#10661)
• rule-tester: handle window root path (#10654)
• scope-manager: add a reference for JSX closing element if it exists (#10614)

❤️ Thank You

• Arya Emami @​aryaemami59
• Ronen Amiel
• YeonJuan @​yeonjuan

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.21.0 (2025-01-20)

🩹 Fixes

• eslint-plugin: [no-duplicate-enum-values] handle template literal (#10675)
• eslint-plugin: [no-base-to-string] don't crash for recursive array or tuple types (#10633)
• eslint-plugin: [no-for-in-array] report on any type which may be an array or array-like (#10535)
• eslint-plugin: check JSX spread elements for misused spread usage (#10653)
• eslint-plugin: [no-unnecessary-type-arguments] handle type args on jsx (#10630)

❤️ Thank You

• Ronen Amiel
• YeonJuan @​yeonjuan

You can read about our versioning strategy and releases on our website.

Commits

• 79af426 chore(release): publish 8.21.0
• 609a78f test(eslint-plugin): adjust tests to verify no-unnecessary-type-assertion d...
• fb4ca72 fix(eslint-plugin): [no-duplicate-enum-values] handle template literal (#10675)
• 1895948 fix(eslint-plugin): [no-base-to-string] don't crash for recursive array or tu...
• 74f1c5a fix(eslint-plugin): [no-for-in-array] report on any type which may be an arra...
• 916b989 fix(eslint-plugin): check JSX spread elements for misused spread usage (#10653)
• 31be053 chore: fix failing test on master
• 70f3092 docs: [no-misused-spread] fix sample code (#10659)
• a157fd4 chore: standardized on inline named exports (mostly) (#10596)
• 3dbcc19 fix(eslint-plugin): [no-unnecessary-type-arguments] handle type args on jsx (...
• See full diff in compare view

Updates @typescript-eslint/parser from 8.20.0 to 8.21.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.21.0

8.21.0 (2025-01-20)

🚀 Features

• ast-spec: support import attributes in TSImportType (#10640)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-arguments] handle type args on jsx (#10630)
• eslint-plugin: check JSX spread elements for misused spread usage (#10653)
• eslint-plugin: [no-for-in-array] report on any type which may be an array or array-like (#10535)
• eslint-plugin: [no-base-to-string] don't crash for recursive array or tuple types (#10633)
• eslint-plugin: [no-duplicate-enum-values] handle template literal (#10675)
• eslint-plugin-internal: [debug-namespace] on windows (#10661)
• rule-tester: handle window root path (#10654)
• scope-manager: add a reference for JSX closing element if it exists (#10614)

❤️ Thank You

• Arya Emami @​aryaemami59
• Ronen Amiel
• YeonJuan @​yeonjuan

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.21.0 (2025-01-20)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

• 79af426 chore(release): publish 8.21.0
• a157fd4 chore: standardized on inline named exports (mostly) (#10596)
• See full diff in compare view

Updates svelte from 5.19.0 to 5.19.3

Release notes

Sourced from svelte's releases.

[email protected]

Patch Changes

• fix: don't throw for undefined non delegated event handlers (#15087)

• fix: consistently set value to blank string when value attribute is undefined (#15057)

• fix: optimise || expressions in template (#15092)

• fix: correctly handle novalidate attribute casing (#15083)

• fix: expand boolean attribute support (#15095)

• fix: avoid double deriveds in component props (#15089)

• fix: add check for is attribute to correctly detect custom elements (#15086)

[email protected]

Patch Changes

• fix: address regression with untrack (#15079)

[email protected]

Patch Changes

• fix: omit unnecessary nullish coallescing in template expressions (#15056)

• fix: more efficient template effect grouping (#15050)

• fix: ensure untrack correctly retains the active reaction (#15065)

• fix: initialize files bind on hydration (#15059)

Changelog

Sourced from svelte's changelog.

5.19.3

Patch Changes

• fix: don't throw for undefined non delegated event handlers (#15087)

• fix: consistently set value to blank string when value attribute is undefined (#15057)

• fix: optimise || expressions in template (#15092)

• fix: correctly handle novalidate attribute casing (#15083)

• fix: expand boolean attribute support (#15095)

• fix: avoid double deriveds in component props (#15089)

• fix: add check for is attribute to correctly detect custom elements (#15086)

5.19.2

Patch Changes

• fix: address regression with untrack (#15079)

5.19.1

Patch Changes

• fix: omit unnecessary nullish coallescing in template expressions (#15056)

• fix: more efficient template effect grouping (#15050)

• fix: ensure untrack correctly retains the active reaction (#15065)

• fix: initialize files bind on hydration (#15059)

Commits

• 357e1a7 Version Packages (#15088)
• e3d4a0f chore: tweak render tag logic (#15109)
• 24b6fab chore: construct analysis before module walk (#15108)
• e9cc7dc chore: tweak each block code (#15094)
• d47f4f5 fix: expand boolean attribute support (#15095)
• d17f5c7 fix: add check for is attribute (#15086)
• 7740d45 fix: optimise || expressions in template (#15092)
• c2e805f fix: consistently set value to blank string when value attribute is undefined...
• 8bba70b fix: avoid double deriveds in component props (#15089)
• eee808f fix: correctly handle novalidate attribute casing (#15083)
• Additional commits viewable in compare view

Updates vite from 6.0.7 to 6.0.11

Release notes

Sourced from vite's releases.

v6.0.11

Please refer to CHANGELOG.md for details.

v6.0.10

Please refer to CHANGELOG.md for details.

v6.0.9

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

v6.0.8

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.0.11 (2025-01-21)

• fix: preview.allowedHosts with specific values was not respected (#19246) (aeb3ec8), closes #19246
• fix: allow CORS from loopback addresses by default (#19249) (3d03899), closes #19249

6.0.10 (2025-01-20)

• fix: try parse server.origin URL (#19241) (2495022), closes #19241

6.0.9 (2025-01-20)

• fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (bd896fb)
• fix!: default server.cors: false to disallow fetching from untrusted origins (b09572a)
• fix: verify token for HMR WebSocket connection (029dcd6)

6.0.8 (2025-01-20)

• fix: avoid SSR HMR for HTML files (#19193) (3bd55bc), closes #19193
• fix: build time display 7m 60s (#19108) (cf0d2c8), closes #19108
• fix: don't resolve URL starting with double slash (#19059) (35942cd), closes #19059
• fix: ensure server.close() only called once (#19204) (db81c2d), closes #19204
• fix: resolve.conditions in ResolvedConfig was defaultServerConditions (#19174) (ad75c56), closes #19174
• fix: tree shake stringified JSON imports (#19189) (f2aed62), closes #19189
• fix: use shared sigterm callback (#19203) (47039f4), closes #19203
• fix(deps): update all non-major dependencies (#19098) (8639538), closes #19098
• fix(optimizer): use correct default install state path for yarn PnP (#19119) (e690d8b), closes #19119
• fix(types): improve ESBuildOptions.include / exclude type to allow readonly (string | RegExp)[] (ea53e70), closes #19146
• chore(deps): update dependency pathe to v2 (#19139) (71506f0), closes #19139

Commits

• a0ed405 release: v6.0.11
• 3d03899 fix: allow CORS from loopback addresses by default (#19249)
• aeb3ec8 fix: preview.allowedHosts with specific values was not respected (#19246)
• 9654348 release: v6.0.10
• 2495022 fix: try parse server.origin URL (#19241)
• a55f8ba release: v6.0.9
• bd896fb fix!: check host header to prevent DNS rebinding attacks and introduce `serve...
• 029dcd6 fix: verify token for HMR WebSocket connection
• b09572a fix!: default server.cors: false to disallow fetching from untrusted origins
• c0f72a6 release: v6.0.8
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
giscus-component	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jan 25, 2025 9:48am