chore(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@sveltejs/adapter-static (source)	2.0.3 -> 3.0.8					devDependencies	major
@sveltejs/kit (source)	1.25.0 -> 2.16.0					devDependencies	major
@sveltejs/package (source)	2.2.2 -> 2.3.7					devDependencies	minor
@typescript-eslint/eslint-plugin (source)	6.7.0 -> 8.20.0					devDependencies	major
@typescript-eslint/parser (source)	6.7.0 -> 8.20.0					devDependencies	major
actions/configure-pages	v3 -> v5					action	major
actions/deploy-pages	v2 -> v4					action	major
actions/setup-node	v3 -> v4					action	major
actions/upload-pages-artifact	v2 -> v3					action	major
eslint (source)	8.49.0 -> 9.18.0					devDependencies	major
eslint-config-prettier	9.0.0 -> 10.0.1					devDependencies	major
eslint-plugin-svelte (source)	2.33.1 -> 2.46.1					devDependencies	minor
prettier (source)	3.0.3 -> 3.4.2					devDependencies	minor
prettier-plugin-svelte	3.0.3 -> 3.3.3					devDependencies	minor
publint (source)	0.2.2 -> 0.3.2					devDependencies	minor
svelte (source)	^3.54.0 || ^4.0.0 -> ^3.54.0 || ^4.0.0 || ^5.0.0					peerDependencies	major
svelte (source)	4.2.0 -> 5.19.0					devDependencies	major
svelte-check	3.5.1 -> 4.1.4					devDependencies	major
tslib (source)	2.6.2 -> 2.8.1					devDependencies	minor
typescript (source)	5.2.2 -> 5.7.3					devDependencies	minor
vite (source)	4.4.9 -> 6.0.7					devDependencies	major
vitest (source)	0.34.4 -> 3.0.2					devDependencies	major

---

Release Notes

sveltejs/kit (@​sveltejs/adapter-static)

v3.0.8

Compare Source

Patch Changes

• fix: use optional chaining when checking router type (#​13218)

v3.0.7

Compare Source

Patch Changes

• fix: allow dynamic routes with missing fallback in hash mode (#​13213)

v3.0.6

Compare Source

Patch Changes

• docs: update URLs for new svelte.dev site (#​12857)

• Updated dependencies [dcbe4222a194c5f90cfc0fc020cf065f7a4e4c46, 4cdbf76fbbf0c0ce7f574ef69c8daddcf954d39d, 3a9b78f04786898ca93f6d4b75ab18d26bc45192, 723eb8b31e6a22c82f730c30e485386c8676b746, 8ec471c875345b751344e67580ff1b772ef2735b]:

  • @​sveltejs/kit@​2.7.3

v3.0.5

Compare Source

Patch Changes

• fix: import node:process instead of using globals (#​12641)

• Updated dependencies [e798ef718f163bed4f93e1918bd8294f765376ad]:

  • @​sveltejs/kit@​2.5.28

v3.0.4

Compare Source

Patch Changes

• chore: configure provenance in a simpler manner (#​12570)

• Updated dependencies [087a43d391fc38b8c008fb39a804dc6988974101]:

  • @​sveltejs/kit@​2.5.22

v3.0.3

Compare Source

Patch Changes

• chore: package provenance (#​12567)

• Updated dependencies [4930a8443caa53bcecee7b690cd28e429b1c8a20]:

  • @​sveltejs/kit@​2.5.21

v3.0.2

Compare Source

Patch Changes

• chore: add keywords for discovery in npm search (#​12330)

• Updated dependencies [25acb1d9fce998dccd8050b93cf4142c2b082611, 642c4a4aff4351b786fe6274aa2f0bf7d905faf9, 0a0e9aa897123ebec50af08e9385b2ca4fc5bb28]:

  • @​sveltejs/kit@​2.5.11

v3.0.1

Compare Source

Patch Changes

• chore: update primary branch from master to main (47779436c5f6c4d50011d0ef8b2709a07c0fec5d)

• Updated dependencies [47779436c5f6c4d50011d0ef8b2709a07c0fec5d, 16961e8cd3fa6a7f382153b1ff056bc2aae9b31b, 197e01f95652f511160f38b37b9da73a124ecd48, 102e4a5ae5b29624302163faf5a20c94a64a5b2c, f8e3d8b9728c9f1ab63389342c31d7246b6f9db6]:

  • @​sveltejs/kit@​2.0.4

v3.0.0

Compare Source

Major Changes

• breaking: update SvelteKit peer dependency to version 2 (#​11277)

sveltejs/kit (@​sveltejs/kit)

v2.16.0

Compare Source

Minor Changes

• feat: add ability to invalidate a custom identifier on goto() (#​13256)

• feat: remove the postinstall script to support pnpm 10 (#​13304)

  NOTE: users should add "prepare": "svelte-kit sync" to their package.json in order to avoid the following warning upon first running Vite:

  ▲ [WARNING] Cannot find base config file "./.svelte-kit/tsconfig.json" [tsconfig.json]
  
      tsconfig.json:2:12:
        2 │   "extends": "./.svelte-kit/tsconfig.json",
          ╵              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

• feat: provide PageProps and LayoutProps types (#​13308)

Patch Changes

• perf: shorten chunk file names (#​13003)

• fix: strip internal data before passing URL to reroute (#​13092)

• fix: support absolute URLs and reroutes with data-sveltekit-preload-code="viewport" (#​12217)

• fix: use current window.fetch for server load fetch requests (#​13315)

• fix: resolve symlinks when handling routes (#​12740)

• fix: prevent infinite reload when using the hash router and previewing /index.html (#​13296)

• fix: service worker base path in dev mode (#​12577)

• chore: error during development when using use:enhance with +server (#​13197)

• chore: add most common status codes to redirect() JS documentation (#​13301)

• fix: correctly link to assets inlined by the inlineStyleThreshold option (#​13068)

• fix: fall back to importing dynamic dependencies relative to SvelteKit package (#​12532)

• fix: use arrow function types over bound funcs (#​12955)

• fix: correctly navigate when hash router is enabled and the browser encodes extra hashes (#​13321)

v2.15.3

Compare Source

Patch Changes

• fix: fix race-condition when not using SSR when pressing back before initial load (#​12925)

• fix: remove ":$" from virtual module ids to allow dev server to work with proxies (#​12157)

• fix: upgrade esm-env to remove warning when NODE_ENV is not set (#​13291)

• fix: handle Redirect thrown from root layout load function when client-side navigating to a non-existent page (#​12005)

• fix: make param matchers generated type import end with .js (#​13286)

v2.15.2

Compare Source

Patch Changes

• fix: correctly notify page store subscribers (#​13205)

• fix: prerender data when there is no server load but the trailingSlash option is set from the server (#​13262)

• fix: correctly remove navigation callbacks when returning function in onNavigate (#​13241)

v2.15.1

Compare Source

Patch Changes

• fix: add CSP hashes/nonces to inline styles when using bundleStrategy: 'inline' (#​13232)

• fix: silence dev/prod warning during sync (#​13244)

v2.15.0

Compare Source

Minor Changes

• feat: add bundleStrategy: 'inline' option (#​13193)

v2.14.1

Compare Source

Patch Changes

• fix: do not mutate URL during reroute logic (#​13222)

v2.14.0

Compare Source

Minor Changes

• feat: add hash-based routing option (#​13191)

Patch Changes

• fix: create new URL when calling goto(...), to handle case where URL is mutated (#​13196)

v2.13.0

Compare Source

Minor Changes

• feat: add bundleStrategy: 'split' | 'single' option (#​13173)

v2.12.2

Compare Source

Patch Changes

• fix: correctly resolve no hooks file when a similarly named directory exists (#​13188)

• fix: correctly resolve $app/state on the server with Vite 5 (#​13192)

v2.12.1

Compare Source

Patch Changes

• fix: replace navigating.current.<x> with navigating.<x> (#​13174)

v2.12.0

Compare Source

Minor Changes

• feat: add $app/state module (#​13140)

Patch Changes

• chore: specify the route ID in the error message during development when making a form action request to a route without form actions (#​13167)

v2.11.1

Compare Source

Patch Changes

• fix: adhere to Vite build.minify setting when building the service worker (#​13143)

v2.11.0

Compare Source

Minor Changes

• feat: transport custom types across the server/client boundary (#​13149)

Patch Changes

• fix: correctly resolve hooks file when a similarly named directory exists (#​13144)

v2.10.1

Compare Source

Patch Changes

• fix: export init hook from get_hooks (#​13136)

v2.10.0

Compare Source

Minor Changes

• feat: server and client init hook (#​13103)

Patch Changes

• fix: prevent hooks exported from hooks.js from overwriting hooks from hooks.server.js (#​13104)

v2.9.1

Compare Source

Patch Changes

• fix: correctly match route groups preceding optional parameters (#​13099)

v2.9.0

Compare Source

Minor Changes

• feat: Vite 6 support (#​12270)

Patch Changes

• fix: transform link[rel='shortcut icon'] and link[rel='apple-touch-icon'] to be absolute to avoid console error when navigating (#​13077)

v2.8.5

Compare Source

Patch Changes

• fix: don't hydrate when falling back to error page (#​13056)

v2.8.4

Compare Source

Patch Changes

• fix: update inline css url generation for FOUC prevention in dev (#​13007)

v2.8.3

Compare Source

Patch Changes

• fix: ensure error messages are escaped (#​13050)

• fix: escape values included in dev 404 page (#​13039)

v2.8.2

Compare Source

Patch Changes

• fix: prevent duplicate fetch request when using Request with load function's fetch (#​13023)

• fix: do not override default cookie decoder to allow users to override the cookie library version (#​13037)

v2.8.1

Compare Source

Patch Changes

• fix: only add nonce to script-src-elem, style-src-attr and style-src-elem CSP directives when unsafe-inline is not present (#​11613)

• fix: support HTTP/2 in dev and production. Revert the changes from #​12907 to downgrade HTTP/2 to TLS as now being unnecessary (#​12989)

v2.8.0

Compare Source

Minor Changes

• feat: add helper to identify ActionFailure objects (#​12878)

v2.7.7

Compare Source

Patch Changes

• fix: update link in JSDoc (#​12963)

v2.7.6

Compare Source

Patch Changes

• fix: update broken links in JSDoc (#​12960)

v2.7.5

Compare Source

Patch Changes

• fix: warn on invalid cookie name characters (#​12806)

• fix: when using @vitejs/plugin-basic-ssl, set a no-op proxy config to downgrade from HTTP/2 to TLS since undici does not yet enable HTTP/2 by default (#​12907)

v2.7.4

Compare Source

Patch Changes

• fix: ensure element is focused after subsequent clicks of the same hash link (#​12866)

• fix: avoid preload if event default was prevented for touchstart and mousedown events (#​12887)

• fix: avoid reloading behaviour for hash links with data-sveltekit-reload if the hash is on the same page (#​12866)

v2.7.3

Compare Source

Patch Changes

• fix: include importer in illegal import error message (#​12820)

• fix: don't try reading assets directly that aren't present (#​12876)

• fix: decode non-latin characters when previewing prerendered pages (#​12874)

• fix: better error message when a Result is returned from a form action (#​12829)

• docs: update URLs for new svelte.dev site (#​12857)

v2.7.2

Compare Source

Patch Changes

• fix: use absolute links in JSDoc comments (#​12718)

v2.7.1

Compare Source

Patch Changes

• chore: upgrade to sirv 3.0 (#​12796)

• fix: warn when form action responses are lost because SSR is off (#​12063)

v2.7.0

Compare Source

Minor Changes

• feat: update service worker when new version is detected (#​12448)

Patch Changes

• fix: correctly handle relative paths when fetching assets on the server (#​12113)

• fix: decode non ASCII anchor hashes when scrolling into view (#​12699)

• fix: page response missing CSP and Link headers when return promise in load (#​12418)

v2.6.4

Compare Source

Patch Changes

• fix: only preload links that have a different URL than the current page (#​12773)

• fix: revert change to replace version in generateBundle (#​12779)

• fix: catch stack trace fixing errors thrown in web containers (#​12775)

• fix: use absolute links in JSDoc comments (#​12772)

v2.6.3

Compare Source

Patch Changes

• fix: ensure a changing version doesn't affect the hashes for chunks without any actual code changes (#​12700)

• fix: prevent crash when logging URL search params in a server load function (#​12763)

• chore: revert update dependency cookie to ^0.7.0 (#​12767)

v2.6.2

Compare Source

Patch Changes

• chore(deps): update dependency cookie to ^0.7.0 (#​12746)

v2.6.1

Compare Source

Patch Changes

• fix: better error message when calling push/replaceState before router is initialized (#​11968)

v2.6.0

Compare Source

Minor Changes

• feat: support typed arrays in load functions (#​12716)

Patch Changes

• fix: open a new tab for <form target="_blank"> and ` submissions (#​11936)

v2.5.28

Compare Source

Patch Changes

• fix: import node:process instead of using globals (#​12641)

v2.5.27

Compare Source

Patch Changes

• fix: asynchronously instantiate components when using Svelte 5 (#​12613)

• fix: use {@​render ...} tag when generating default fallback page for svelte 5 apps (#​12653)

• fix: emulate event.platform even when the route does not exist (#​12513)

v2.5.26

Compare Source

Patch Changes

• fix: exclude service worker directory from tsconfig (#​12196)

v2.5.25

Compare Source

Patch Changes

• chore: upgrade dts-buddy to 0.5.3 (6056ba30e29ac5747c356fbf1a42dd71f2c4aa1f)

v2.5.24

Compare Source

Patch Changes

• extend peer dependency range for @​sveltejs/vite-plugin-svelte to include 4.0.0-next for improved svelte5 support (#​12593)

v2.5.23

Compare Source

Patch Changes

• fix: use dynamic components in root.svelte instead of svelte:component for svelte 5 (#​12584)

v2.5.22

Compare Source

Patch Changes

• chore: configure provenance in a simpler manner (#​12570)

v2.5.21

Compare Source

Patch Changes

• chore: package provenance (#​12567)

v2.5.20

Compare Source

Patch Changes

• fix: set revalidate cache header on 404'd static assets (#​12530)

v2.5.19

Compare Source

Patch Changes

• fix: Svelte 5 - ignore binding_non_reactive warning in generated root component (you also need to update to [email protected]) (#​12524)

v2.5.18

Compare Source

Patch Changes

• fix: respect HTML attributes enctype and formenctype for forms with use:enhance (#​12198)

• fix: prevent client import error when a hooks.server file imports a private environment variable (#​12195)

• fix: set default Content-Type header to application/x-www-form-urlencoded for POST form submissions with use:enhance to align with native form behaviour (#​12198)

v2.5.17

Compare Source

Patch Changes

• chore: update package description (#​11846)

v2.5.16

Compare Source

Patch Changes

• fix: determine local Svelte version more reliably (#​12350)

v2.5.15

Compare Source

Patch Changes

• fix: always decode asset URLs (#​12352)

v2.5.14

Compare Source

Patch Changes

• fix: read non-encoded data URIs (#​12347)

v2.5.13

Compare Source

Patch Changes

• fix: decode asset URLs in dev when reading them, but for real this time (#​12344)

v2.5.12

Compare Source

Patch Changes

• fix: decode asset URLs in dev when reading them (#​12341)

v2.5.11

Compare Source

Patch Changes

• fix: hrefs that start with config.prerender.origin are now crawled (#​12277)

• chore: add keywords for discovery in npm search (#​12330)

• fix: handle whitespace in HTTP Accept header (#​12292)

v2.5.10

Compare Source

Patch Changes

• fix: exclude server files from optimizeDeps.entries (#​12242)

• fix: bump import-meta-resolve to remove deprecation warnings (#​12240)

v2.5.9

Compare Source

Patch Changes

• fix: yield main thread before navigating (#​12225)

• fix: correctly handle aliases to files in the .svelte-kit directory (#​12220)

v2.5.8

Compare Source

Patch Changes

• fix: prevent excessive Vite dependency optimizations on navigation (#​12182)

v2.5.7

Compare Source

Patch Changes

• chore(deps): update devalue to v5 ignore non-enumerable symbols during serialization (#​12141)

v2.5.6

Compare Source

Patch Changes

• fix: avoid incorrectly un- and re-escaping cookies collected during a server-side fetch (#​11904)

v2.5.5

Compare Source

Patch Changes

• fix: only hydrate when page is server-rendered (#​12050)

v2.5.4

Compare Source

Patch Changes

• fix: prevent navigation when data-sveltekit-preload-data fails to fetch due to network error (#​11944)

v2.5.3

Compare Source

Patch Changes

• fix: revert tsconfig change that includes svelte.config.js (#​11908)

• fix: exclude server worker from tsconfig again (#​11727)

v2.5.2

Compare Source

Patch Changes

• fix: tsconfig includes should cover svelte.config.js (#​11886)

v2.5.1

Compare Source

Patch Changes

• fix: prevent stale values after invalidation (#​11870)

• fix: prevent false positive history.pushState and history.replaceState warnings (#​11858)

• fix: relax status code types (#​11781)

• fix: popstate navigations take pushState navigations into account (#​11765)

v2.5.0

Compare Source

Minor Changes

• feat: dev/preview/prerender platform emulation (#​11730)

Patch Changes

• fix: strip /@​fs prefix correctly on Windows when invoking read() in dev mode (#​11728)

v2.4.3

[Compare Source](https://redirect.github.com/sveltejs

---

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone Europe/Oslo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.