Skip to content

chore(deps): update dependency @sveltejs/kit to v2.69.2#201

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/sveltejs-kit-2.x-lockfile
Open

chore(deps): update dependency @sveltejs/kit to v2.69.2#201
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/sveltejs-kit-2.x-lockfile

Conversation

@renovate

@renovate renovate Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@sveltejs/kit (source) 2.58.02.69.2 age confidence

Release Notes

sveltejs/kit (@​sveltejs/kit)

v2.69.2

Compare Source

Patch Changes
  • fix: set define values on globalThis when running Vitest (#​16246)

v2.69.1

Compare Source

Patch Changes
  • fix: prevent prototype pollution when deleting file inputs (#​16218)

  • fix: prevent unhandled promise rejection (#​16219)

v2.69.0

Compare Source

Minor Changes
  • feat: expose submitted property of remote forms (#​14811)
Patch Changes
  • fix: clear issues and touched states on form reset (#​16163)

  • fix: return undefined from fields.branch.issues() when only fields.branch.leaf has issues (#​16187)

v2.68.0

Compare Source

Minor Changes
  • feat: expose RemoteFormEnhanceInstance and RemoteFormEnhanceCallback types (#​15816)

  • feat: set value of submit fields when form is submitted (#​15979)

Patch Changes
  • fix: skip native_navigation when __data.json returns 404 on a static fallback page (#​16135)

  • fix: ignore third-party monkeypatches in pushState/replaceState warning detection (#​15267)

  • fix: snapshot form fields on read (#​16150)

  • fix: strip field prefix before erroring on duplicates (#​16151)

  • fix: call reset function via prototype (#​16138)

  • chore: fix navigation type hover info (#​16147)

v2.67.0

Compare Source

Minor Changes
  • feat: add prerender.handleInvalidUrl option for invalid URLs discovered while crawling (#​16088)
Patch Changes
  • fix: support exactOptionalPropertyTypes for optional form schema fields (#​15866)

  • fix: avoid unnecessarily overriding a user's Vite 8 codeSplitting setting (#​16118)

v2.66.0

Compare Source

Minor Changes
  • feat: precompress prerendered .md and .mdx files (#​15893)

  • feat: warn the user when they forget to make boolean inputs optional in their form schemas (#​15804)

Patch Changes
  • fix: blur active element before component update during navigation so that blur/focusout handlers fire while old component data is still valid (#​15452)

  • fix: ensure base is available from $service-worker during development (#​15882)

  • fix: use correct relative asset paths when rendering an error page for a missing __data.json request (#​15884)

  • fix: preserve active for await consumers across query.live reconnects (#​16022)

  • fix: settle query.live reconnect promise on all exit paths, preventing invalidateAll() from deadlocking when a live query is offline or interrupted (#​16022)

  • fix: preserve last value when a query.live stream completes without yielding on reconnect (#​16022)

  • fix: remove types: ['node'] from generated tsconfig to avoid errors when @types/node is not installed (#​15709)

  • fix: prefer pages over endpoints when prerendering (#​16076)

  • fix: restore snapshots after afterNavigate callbacks (#​16066)

  • fix: support ws:/wss: and trusted-types-eval for CSP sources (#​15938)

  • fix: omit empty file inputs from remote form data (#​15898)

  • fix: fail early if a route with +page and +server is marked as prerenderable (#​16075)

  • fix: wait a tick before resetting forms (#​15805)

  • fix: preflight schemas apply correctly when chained before for (#​15863)

  • fix: blank page in SPA mode when root layout load() throws (#​15798)

  • fix: pass all unknown options from the sveltekit Vite plugin through to vite-plugin-svelte (#​16010)

v2.65.2

Compare Source

Patch Changes
  • fix: throw an error when prerendering a root +server.js that returns a non-HTML response (#​15994)

  • fix: decode base64-serialized fetch bodies before caching them for client-side replay (#​16034)

  • fix: correctly access explicit dynamic public environment variables from prerendered pages and service workers (#​16024)

  • fix: allow preloadCode to be called during initial page load (#​16028)

  • fix: send cache-control: private, no-store on remote function responses so personalized query results can never be cached by shared caches (#​16020)

  • fix: preserve the HTTP status and error body when a remote function request fails in transport (e.g. a 401/403 from a handle hook), instead of reporting a generic 500 (#​16021)

  • fix: avoid loading universal nodes during build analysis when the app uses a hash router (#​16042)

  • fix: correctly serve client entry during development when using the pnpm global virtual store (#​16045)

  • fix: normalize path separators when comparing config (#​16037)

  • fix: ensure building resolves correctly to allow avoiding build-time explicit environment variable validation (#​16058)

  • fix: prevent unhandled promise rejections when remote function failures are consumed via current/error instead of await (#​16018)

v2.65.1

Compare Source

Patch Changes
  • fix: avoid importing the Vite development client code into builds with a non-standard NODE_ENV (#​16023)

  • fix: don't emit the unused bundle and stylesheet files when using bundleStrategy: 'inline' (#​16025)

  • fix: reset queries before navigating when invalidateAll is set (#​16014)

  • fix: regression in loading assets for absolute path apps (#​16026)

v2.65.0

Compare Source

Minor Changes
  • feat: allow queries to refresh other queries (#​16012)
Patch Changes
  • fix: dedupe remote data (#​15991)

  • fix: skip client build if all routes have CSR disabled (#​15936)

v2.64.0

Compare Source

Minor Changes
  • feat: allow commands to receive File objects (#​15978)
Patch Changes
  • fix: avoid server components from being bundled if SSR is turned off for a route (#​15982)

v2.63.1

Compare Source

Patch Changes
  • fix: use SSE for query.live (#​15957)

  • fix: use forward slashes in the generated env.d.ts import path on Windows (#​15977)

  • fix: allow $app/environment with a warning when explicitEnvironmentVariables is enabled (#​15980)

  • fix: avoid importing Vite while validating explicit environment variables (#​15953)

  • docs: adjust the release version of explicit env vars (#​15968)

  • fix: ensure version is defined when importing from $app/env with explicit environment variables (#​15971)

v2.63.0

Compare Source

Minor Changes
Patch Changes
  • fix: remove check for svelte.config.js before running sync (#​15946)

  • fix: generate a placeholder tsconfig.json to squelch sync-time warnings (#​15948)

  • fix: allow use of $app/env/public in service workers (#​15950)

v2.62.0

Compare Source

Minor Changes
  • feat: support passing Svelte(Kit) config via Vite plugin (#​15944)
Patch Changes
  • fix: preserve multiple Set-Cookie headers on 304 responses (#​15902)

  • fix: preload for anchor elements that were just previously preloaded (#​15915)

  • fix: catch load function streaming errors on the client (#​15929)

  • fix: avoid generating the _app/env.js module if public dynamic environment variables are not used by the app (#​15940)

v2.61.1

Compare Source

Patch Changes
  • fix: regression where routes starting and ending with a route group are not matched correctly (#​15903)

v2.61.0

Compare Source

Minor Changes
  • breaking: the .run() method has been removed from remote queries on both the client and the server. Use await query() directly instead — it now works everywhere (#​15779)

  • feat: remote queries can now be awaited in any context (event handlers, module scope, async callbacks), not just inside reactive contexts. The cache is shared across reactive and non-reactive subscribers, so awaiting a query in an event handler will dedupe with components that have already subscribed to the same query. (#​15779)

  • feat: live query instances are now themselves async-iterable (#​15878)

  • feat: add programmatic submit method to form remote function instances (#​15657)

  • feat: pass form remote function instance into enhance callback (#​15657)

Patch Changes
  • fix: resolve the app payload without using process.env.NODE_ENV (#​15852)

  • fix: support exactOptionalPropertyTypes for optional route params (#​15825)

  • fix: correctly send true value to the server for 'submit' and 'hidden' form fields (#​15858)

  • fix: avoid build warnings about undefined universal hooks (#​15895)

  • fix: prefer default error page when failing to decode the URL pathname (#​15744)

  • fix: disable link prefetching on slow internet connections (#​15885)

  • fix: allow routes ending with optional parameters next to more specific routes (#​15861)

  • fix: remove reliance on Content-Length header in deserialize_binary_form, which caused failures when proxies (e.g. Vercel, Azure) strip the header and use chunked transfer encoding (#​15796)

v2.60.1

Compare Source

Patch Changes
  • chore: bump svelte and devalue (#​15836)

  • fix: prevent query.batch cross-talk (dadaefc)

v2.60.0

Compare Source

Minor Changes
  • feat: allow 'submit' and 'hidden' form fields to accept numbers and booleans (#​15802)

  • feat: warn on unread form remote function validation issues (#​15653)

Patch Changes
  • fix: abort navigation after async rendering if obsolete (#​15811)

  • fix: skip refreshing queries on full-page reload form submissions (#​15803)

v2.59.1

Compare Source

Patch Changes
  • fix: resolve paths to route files with the letter drive on Windows (#​15793)

v2.59.0

Compare Source

Minor Changes
  • feat: support query.batch in requested(...) (#​15751)

  • breaking: on the server, make the promise returned from refresh represent adding the refresh to the map, not the time it takes to run the remote function (#​15705)

  • feat: experimental query.live function (#​15705)

Patch Changes
  • fix: unwrap Promise in RemoteCommand output type (#​15771)

  • fix: empty call to .updates() on a command/form invocation means "don't update anything" (#​15705)

  • fix: form.fields.foo.as('checkbox', default_value) now works (#​15752)

  • fix: remote forms with default values defined by field.as('text', defaultValue) now correctly reset to the provided default values once submitted (#​15753)

  • fix: make sure queries always get started correctly (#​15705)

  • fix: allow plain functions as overrides in updates (#​15705)


Configuration

📅 Schedule: (in timezone Europe/Zurich)

  • Branch creation
    • "before 6am on monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies label Jul 6, 2026
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

cargo audit found vulnerabilities:

  • RUSTSEC-2023-0071 rsa@0.9.10: Marvin Attack: potential key recovery through timing sidechannels

@renovate renovate Bot changed the title chore(deps): update dependency @sveltejs/kit to v2.69.1 chore(deps): update dependency @sveltejs/kit to v2.69.2 Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants