chore(deps): update dependency @sveltejs/kit to ^2.5.10

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@sveltejs/kit (source)	^2.0.0 -> ^2.5.10

---

Release Notes

sveltejs/kit (@​sveltejs/kit)

v2.5.10

Compare Source

Patch Changes

• fix: exclude server files from optimizeDeps.entries (#​12242)

• fix: bump import-meta-resolve to remove deprecation warnings (#​12240)

v2.5.9

Compare Source

Patch Changes

• fix: yield main thread before navigating (#​12225)

• fix: correctly handle aliases to files in the .svelte-kit directory (#​12220)

v2.5.8

Compare Source

Patch Changes

• fix: prevent excessive Vite dependency optimizations on navigation (#​12182)

v2.5.7

Compare Source

Patch Changes

• chore(deps): update devalue to v5 ignore non-enumerable symbols during serialization (#​12141)

v2.5.6

Compare Source

Patch Changes

• fix: avoid incorrectly un- and re-escaping cookies collected during a server-side fetch (#​11904)

v2.5.5

Compare Source

Patch Changes

• fix: only hydrate when page is server-rendered (#​12050)

v2.5.4

Compare Source

Patch Changes

• fix: prevent navigation when data-sveltekit-preload-data fails to fetch due to network error (#​11944)

v2.5.3

Compare Source

Patch Changes

• fix: revert tsconfig change that includes svelte.config.js (#​11908)

• fix: exclude server worker from tsconfig again (#​11727)

v2.5.2

Compare Source

Patch Changes

• fix: tsconfig includes should cover svelte.config.js (#​11886)

v2.5.1

Compare Source

Patch Changes

• fix: prevent stale values after invalidation (#​11870)

• fix: prevent false positive history.pushState and history.replaceState warnings (#​11858)

• fix: relax status code types (#​11781)

• fix: popstate navigations take pushState navigations into account (#​11765)

v2.5.0

Compare Source

Minor Changes

• feat: dev/preview/prerender platform emulation (#​11730)

Patch Changes

• fix: strip /@​fs prefix correctly on Windows when invoking read() in dev mode (#​11728)

v2.4.3

Compare Source

Patch Changes

• fix: only disallow body with GET/HEAD (#​11710)

v2.4.2

Compare Source

Patch Changes

• fix: ignore bodies sent with non-PUT/PATCH/POST requests (#​11708)

v2.4.1

Compare Source

Patch Changes

• fix: use Vite's default value for build.target and respect override supplied by user (#​11688)

• fix: properly decode base64 strings inside read (#​11682)

• fix: default route config to {} for feature checking (#​11685)

• fix: handle onNavigate callbacks correctly (#​11678)

v2.4.0

Compare Source

Minor Changes

• feat: add $app/server module with read function for reading assets from filesystem (#​11649)

v2.3.5

Compare Source

Patch Changes

• fix: log a warning if fallback page overwrites prerendered page (#​11661)

v2.3.4

Compare Source

Patch Changes

• fix: don't stash away original history methods so other libs can monkeypatch it (#​11657)

v2.3.3

Compare Source

Patch Changes

• fix: remove internal __sveltekit/ module declarations from types (#​11620)

v2.3.2

Compare Source

Patch Changes

• fix: return plaintext 404 for anything under appDir (#​11597)

• fix: populate dynamic public env without using top-level await, which fails in Safari (#​11601)

v2.3.1

Compare Source

Patch Changes

• fix: amend onNavigate type (#​11599)

• fix: better error message when peer dependency cannot be found (#​11598)

v2.3.0

Compare Source

Minor Changes

• feat: add reroute hook (#​11537)

v2.2.2

Compare Source

Patch Changes

• fix: only add nonce to style-src CSP directive when unsafe-inline is not present (#​11575)

v2.2.1

Compare Source

Patch Changes

• feat: add CSP support for style-src-elem (#​11562)

• fix: address CSP conflicts with sha/nonce during dev (#​11562)

v2.2.0

Compare Source

Minor Changes

• feat: expose $env/static/public in service workers (#​10994)

Patch Changes

• fix: reload page on startup if document.URL contains credentials (#​11179)

v2.1.2

Compare Source

Patch Changes

• fix: restore invalid route error message during build process (#​11559)

v2.1.1

Compare Source

Patch Changes

• fix: respect the trailing slash option when navigating from the basepath root page (#​11388)

• chore: shrink error messages shipped to client (#​11551)

v2.1.0

Compare Source

Minor Changes

• feat: make client router treeshakeable (#​11340)

Patch Changes

• chore: reduce client bundle size (#​11547)

v2.0.8

Compare Source

Patch Changes

• fix: always scroll to top when clicking a # or #top link (099608c428a49504785eab3afe3b2e76a9317bdf)

• fix: add nonce or hash to "script-src-elem", "style-src-attr" and "style-src-elem" if defined in CSP config (#​11485)

• fix: decode server data with stream: true during client-side navigation (#​11409)

• fix: capture scroll position when using pushState (#​11540)

• chore: use peer dependencies when linked (#​11433)

v2.0.7

Compare Source

Patch Changes

• chore: removed deprecated config.package type (#​11462)

v2.0.6

Compare Source

Patch Changes

• fix: allow dynamic env access when building but not prerendering (#​11436)

v2.0.5

Compare Source

Patch Changes

• fix: render SPA shell when SSR is turned off and there is no server data (#​11405)

• fix: upgrade sirv and mrmime to modernize javascript mime type (#​11419)

v2.0.4

Compare Source

Patch Changes

• chore: update primary branch from master to main (47779436c5f6c4d50011d0ef8b2709a07c0fec5d)

• fix: adjust missing inner content warning (#​11394)

• fix: prevent esbuild adding phantom exports to service worker (#​11400)

• fix: goto type include state (#​11398)

• fix: ensure assets are served gzip in preview (#​11377)

v2.0.3

Compare Source

Patch Changes

• fix: reinstantiate state parameter for goto (#​11342)

v2.0.2

Compare Source

Patch Changes

• fix: prevent endless SPA 404 loop (#​11354)

v2.0.1

Compare Source

Patch Changes

• fix: correctly handle trailing slash redirect when navigating from the root page (#​11357)

---

Configuration

📅 Schedule: Branch creation - "before 2pm on Monday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 8 hours (more than 100, code: "api-deployments-free-per-day").

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
unplugin-typia-nextjs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 6, 2024 10:54am

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 49 minutes (more than 100, code: "api-deployments-free-per-day").

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 41 minutes (more than 100, code: "api-deployments-free-per-day").

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 2 hours (more than 100, code: "api-deployments-free-per-day").

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 1 hour (more than 100, code: "api-deployments-free-per-day").

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/[email protected]	Install script: postinstall Source: echo "[svelte-preprocess] Don't forget to install the preprocessors packages that will be used: sass, stylus, less, postcss & postcss-load-config, coffeescript, pug, etc..."	examples/sveltekit/package.json
Install scripts	npm/@sveltejs/[email protected]	Install script: postinstall Source: node postinstall.js	examples/sveltekit/package.json

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/@sveltejs/[email protected]

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 57 minutes (more than 100, code: "api-deployments-free-per-day").

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 5 minutes (more than 100, code: "api-deployments-free-per-day").

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 2 minutes (more than 100, code: "api-deployments-free-per-day").

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 9 hours (more than 100, code: "api-deployments-free-per-day").

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 7 hours (more than 100, code: "api-deployments-free-per-day").

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@sveltejs/[email protected]	environment	+1	84.6 kB	svelte-admin
npm/@sveltejs/[email protected]	Transitive: environment, filesystem, network, shell, unsafe	+28	40.1 MB	svelte-admin
npm/@sveltejs/[email protected]	environment, eval Transitive: filesystem	+13	1.44 MB	svelte-admin
npm/@sveltejs/[email protected]	Transitive: unsafe	+21	5.94 MB	svelte-admin
npm/[email protected]	Transitive: environment, eval, filesystem, unsafe	+51	11.1 MB	svelte-language-tools-deploy
npm/[email protected]	None	+14	3.82 MB	svelte-admin

🚮 Removed packages: npm/@antfu/[email protected], npm/@types/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (^2.5.10). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.