Update dependency @sveltejs/kit to v2.69.2#5
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
a61ca69 to
8a19481
Compare
8a19481 to
b33a758
Compare
b33a758 to
c47c8a9
Compare
c47c8a9 to
3436771
Compare
3436771 to
eeccdcc
Compare
eeccdcc to
7106c4b
Compare
Comment on lines
3065
to
3071
| "node_modules/minimatch": { | ||
| "version": "3.1.2", | ||
| "version": "3.1.5", | ||
| "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz", | ||
| "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==", | ||
| "dev": true, | ||
| "license": "ISC", | ||
| "dependencies": { |
There was a problem hiding this comment.
security (license/minimatch): BlueOak-1.0.0: Open-source license could not be identified
The obligations of the BlueOak-1.0.0 license for this code could not be determined automatically. Unknown licenses may carry obligations or restrictions and should be reviewed manually to ensure compliance
Source: trivy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.43.2→2.69.2Release Notes
sveltejs/kit (@sveltejs/kit)
v2.69.2Compare Source
Patch Changes
definevalues onglobalThiswhen running Vitest (#16246)v2.69.1Compare Source
Patch Changes
fix: prevent prototype pollution when deleting file inputs (#16218)
fix: prevent unhandled promise rejection (#16219)
v2.69.0Compare Source
Minor Changes
submittedproperty of remote forms (#14811)Patch Changes
fix: clear issues and touched states on form reset (#16163)
fix: return
undefinedfromfields.branch.issues()when onlyfields.branch.leafhas issues (#16187)v2.68.0Compare Source
Minor Changes
feat: expose
RemoteFormEnhanceInstanceandRemoteFormEnhanceCallbacktypes (#15816)feat: set value of
submitfields when form is submitted (#15979)Patch Changes
fix: skip
native_navigationwhen__data.jsonreturns 404 on a static fallback page (#16135)fix: ignore third-party monkeypatches in
pushState/replaceStatewarning detection (#15267)fix: snapshot form fields on read (#16150)
fix: strip field prefix before erroring on duplicates (#16151)
fix: call reset function via prototype (#16138)
chore: fix navigation
typehover info (#16147)v2.67.0Compare Source
Minor Changes
prerender.handleInvalidUrloption for invalid URLs discovered while crawling (#16088)Patch Changes
fix: support
exactOptionalPropertyTypesfor optional form schema fields (#15866)fix: avoid unnecessarily overriding a user's Vite 8
codeSplittingsetting (#16118)v2.66.0Compare Source
Minor Changes
feat: precompress prerendered
.mdand.mdxfiles (#15893)feat: warn the user when they forget to make boolean inputs optional in their form schemas (#15804)
Patch Changes
fix: blur active element before component update during navigation so that blur/focusout handlers fire while old component data is still valid (#15452)
fix: ensure
baseis available from$service-workerduring development (#15882)fix: use correct relative asset paths when rendering an error page for a missing
__data.jsonrequest (#15884)fix: preserve active
for awaitconsumers acrossquery.livereconnects (#16022)fix: settle
query.livereconnect promise on all exit paths, preventinginvalidateAll()from deadlocking when a live query is offline or interrupted (#16022)fix: preserve last value when a
query.livestream completes without yielding on reconnect (#16022)fix: remove
types: ['node']from generated tsconfig to avoid errors when@types/nodeis not installed (#15709)fix: prefer pages over endpoints when prerendering (#16076)
fix: restore snapshots after afterNavigate callbacks (#16066)
fix: support
ws:/wss:andtrusted-types-evalfor CSP sources (#15938)fix: omit empty
fileinputs from remote form data (#15898)fix: fail early if a route with
+pageand+serveris marked as prerenderable (#16075)fix: wait a tick before resetting forms (#15805)
fix:
preflightschemas apply correctly when chained beforefor(#15863)fix: blank page in SPA mode when root layout
load()throws (#15798)fix: pass all unknown options from the
sveltekitVite plugin through tovite-plugin-svelte(#16010)v2.65.2Compare Source
Patch Changes
fix: throw an error when prerendering a root +server.js that returns a non-HTML response (#15994)
fix: decode base64-serialized fetch bodies before caching them for client-side replay (#16034)
fix: correctly access explicit dynamic public environment variables from prerendered pages and service workers (#16024)
fix: allow
preloadCodeto be called during initial page load (#16028)fix: send
cache-control: private, no-storeon remote function responses so personalized query results can never be cached by shared caches (#16020)fix: preserve the HTTP status and error body when a remote function request fails in transport (e.g. a 401/403 from a
handlehook), instead of reporting a generic 500 (#16021)fix: avoid loading universal nodes during build analysis when the app uses a hash router (#16042)
fix: correctly serve client entry during development when using the pnpm global virtual store (#16045)
fix: normalize path separators when comparing config (#16037)
fix: ensure
buildingresolves correctly to allow avoiding build-time explicit environment variable validation (#16058)fix: prevent unhandled promise rejections when remote function failures are consumed via
current/errorinstead ofawait(#16018)v2.65.1Compare Source
Patch Changes
fix: avoid importing the Vite development client code into builds with a non-standard
NODE_ENV(#16023)fix: don't emit the unused bundle and stylesheet files when using
bundleStrategy: 'inline'(#16025)fix: reset queries before navigating when
invalidateAllis set (#16014)fix: regression in loading assets for absolute path apps (#16026)
v2.65.0Compare Source
Minor Changes
Patch Changes
fix: dedupe remote data (#15991)
fix: skip client build if all routes have CSR disabled (#15936)
v2.64.0Compare Source
Minor Changes
Fileobjects (#15978)Patch Changes
v2.63.1Compare Source
Patch Changes
fix: use SSE for
query.live(#15957)fix: use forward slashes in the generated
env.d.tsimport path on Windows (#15977)fix: allow
$app/environmentwith a warning whenexplicitEnvironmentVariablesis enabled (#15980)fix: avoid importing Vite while validating explicit environment variables (#15953)
docs: adjust the release version of explicit env vars (#15968)
fix: ensure
versionis defined when importing from$app/envwith explicit environment variables (#15971)v2.63.0Compare Source
Minor Changes
Patch Changes
fix: remove check for svelte.config.js before running
sync(#15946)fix: generate a placeholder tsconfig.json to squelch sync-time warnings (#15948)
fix: allow use of
$app/env/publicin service workers (#15950)v2.62.0Compare Source
Minor Changes
Patch Changes
fix: preserve multiple
Set-Cookieheaders on 304 responses (#15902)fix: preload for anchor elements that were just previously preloaded (#15915)
fix: catch load function streaming errors on the client (#15929)
fix: avoid generating the
_app/env.jsmodule if public dynamic environment variables are not used by the app (#15940)v2.61.1Compare Source
Patch Changes
v2.61.0Compare Source
Minor Changes
breaking: the
.run()method has been removed from remote queries on both the client and the server. Useawait query()directly instead — it now works everywhere (#15779)feat: remote queries can now be awaited in any context (event handlers, module scope, async callbacks), not just inside reactive contexts. The cache is shared across reactive and non-reactive subscribers, so awaiting a query in an event handler will dedupe with components that have already subscribed to the same query. (#15779)
feat: live query instances are now themselves async-iterable (#15878)
feat: add programmatic
submitmethod toformremote function instances (#15657)feat: pass
formremote function instance intoenhancecallback (#15657)Patch Changes
fix: resolve the app payload without using
process.env.NODE_ENV(#15852)fix: support
exactOptionalPropertyTypesfor optional route params (#15825)fix: correctly send
truevalue to the server for 'submit' and 'hidden' form fields (#15858)fix: avoid build warnings about undefined universal hooks (#15895)
fix: prefer default error page when failing to decode the URL pathname (#15744)
fix: disable link prefetching on slow internet connections (#15885)
fix: allow routes ending with optional parameters next to more specific routes (#15861)
fix: remove reliance on Content-Length header in deserialize_binary_form, which caused failures when proxies (e.g. Vercel, Azure) strip the header and use chunked transfer encoding (#15796)
v2.60.1Compare Source
Patch Changes
chore: bump
svelteanddevalue(#15836)fix: prevent
query.batchcross-talk (dadaefc)v2.60.0Compare Source
Minor Changes
feat: allow 'submit' and 'hidden' form fields to accept numbers and booleans (#15802)
feat: warn on unread
formremote function validation issues (#15653)Patch Changes
fix: abort navigation after async rendering if obsolete (#15811)
fix: skip refreshing queries on full-page reload form submissions (#15803)
v2.59.1Compare Source
Patch Changes
v2.59.0Compare Source
Minor Changes
feat: support
query.batchinrequested(...)(#15751)breaking: on the server, make the promise returned from
refreshrepresent adding the refresh to the map, not the time it takes to run the remote function (#15705)feat: experimental
query.livefunction (#15705)Patch Changes
fix: unwrap
PromiseinRemoteCommandoutput type (#15771)fix: empty call to
.updates()on a command/form invocation means "don't update anything" (#15705)fix:
form.fields.foo.as('checkbox', default_value)now works (#15752)fix: remote forms with default values defined by
field.as('text', defaultValue)now correctly reset to the provided default values once submitted (#15753)fix: make sure queries always get started correctly (#15705)
fix: allow plain functions as overrides in
updates(#15705)v2.58.0Compare Source
Minor Changes
breaking: require
limitinrequested(as originally intended) (#15739)feat:
RemoteQueryFunctiongains an optional third generic parameterValidated(defaulting toInput) that represents the argument type after schema validation/transformation (#15739)breaking:
requestednow yields{ arg, query }entries instead of the validated argument (#15739)Patch Changes
fix: allow
query().current,.error,.loading, and.readyto work in non-reactive contexts (#15699)fix: prevent
deep_setcrash on nullish nested values (#15600)fix: restore correct
RemoteFormFieldstyping for nullable array fields (e.g. when a schema uses.default([])), so.as('checkbox')and friends work again (#15723)fix: don't warn about removed SSI comments in
transformPageChunk(#15695)Server-side include (SSI) directives like
<!--#include virtual="..." -->are HTML comments that are replaced by servers such as nginx. Previously, removing them intransformPageChunkwould trigger a false positive warning about breaking Svelte's hydration. Since SSI comments always start with<!--#and Svelte's hydration comments never do, they can be safely excluded from the check.Change enhance function return type from void to MaybePromise. (#15710)
fix: throw an error when
resolveis called with an external URL (#15733)fix: avoid FOUC for CSR-only pages by loading styles and fonts before CSR starts (#15718)
fix: reset form result on redirect (#15724)
v2.57.1Compare Source
Patch Changes
fix: better validation for
redirectinputs (10d7b44)fix: enforce
BODY_SIZE_LIMITon chunked requests (3202ed6)fix: use default values as fallbacks (#15680)
fix: relax form typings for union types (#15687)
v2.57.0Compare Source
Minor Changes
submitto indicate submission validity for enhancedformremote functions (#15530)Patch Changes
fix: use array type for select fields that accept multiple values (#15591)
fix: silently 404 Chrome DevTools workspaces request in dev and preview (#15656)
fix:
config.kit.csp.directives['trusted-types']requires'svelte-trusted-html'(and'sveltekit-trusted-url'when a service worker is automatically registered) if it is configured (#15323)fix: avoid inlineDynamicImports ignored with codeSplitting warning when using Vite 8 (#15647)
fix: reimplement treeshaking non-dynamic prerendered remote functions (#15447)
v2.56.1Compare Source
Patch Changes
v2.56.0Compare Source
Minor Changes
breaking: rework client-driven refreshes (#15562)
breaking: stabilize remote function caching by sorting object keys (#15570)
breaking: add
run()method to queries, disallow awaiting queries outside render (#15533)feat: support TypeScript 6.0 (#15595)
breaking: isolate command-triggered query refresh failures per-query (#15562)
feat: use
hydratablefor remote function transport (#15533)feat: allow
formfields to specify a default value (field.as(type, value)) (#15577)Patch Changes
fix: don't request new data when
.refreshis called on a query with no cache entry (#15533)fix: allow using multiple remote functions within one async derived (#15561)
fix: avoid false-positive overridden Vite
basesetting warning when setting apaths.baseinsvelte.config.js(#15623)fix: manage queries in their own
$effect.root(#15533)fix: avoid
inlineDynamicImportsdeprecation warning when building the service worker with Vite 8 (#15550)fix: correctly escape backticks when precomputing CSS (#15593)
fix: discard obsolete forks before finishing navigation (#15634)
chore: tighten up override implementation (#15562)
fix: ensure the default Svelte 5
error.sveltefile uses runes mode (#15609)fix: deduplicate same-cache-key
batchcalls during SSR (#15533)fix: decrement pending_count when form callback doesn't call submit() (#15520)
v2.55.0Compare Source
Minor Changes
$app/types, leading to better type safety when working with params in$app/types,$app/state, and hooks. (#15502)v2.54.0Compare Source
Minor Changes
Patch Changes
chore: upgrade
devalue(#15535)fix: don't wait for remote functions that are not awaited in the template (#15280)
feat: allow
resolve()to accept pathnames with a search string and/or hash (#15458)chore: remove deprecation warnings for
config.kit.files.*options when validating the Svelte config file (#15482)fix: handles form target attribute in remote form redirects (#15457)
v2.53.4Compare Source
Patch Changes
codeSplittingoption (#15451)v2.53.3Compare Source
Patch Changes
form(faba869)v2.53.2Compare Source
Patch Changes
fix: server-render nested form value sets (#15378)
fix: use deep partial types for form remote functions
.value()and.set(...)(#14837)fix: provide correct url info to remote functions (#15418)
fix: allow optional types for remote query/command/prerender functions (#15293)
fix: allow commands in more places (#15288)
v2.53.1Compare Source
Patch Changes
inlineDynamicImportswhen using Vite 8 (#15403)v2.53.0Compare Source
Minor Changes
Patch Changes
fix: remove event listeners on form attachment cleanup (#15286)
fix: apply queries refreshed in a form remote function when a redirect is thrown (#15362)
v2.52.2Compare Source
Patch Changes
fix: validate
formfile information to prevent amplification attacks (3e607b3)chore: upgrade
devalueandsvelte(#15339)fix: parse file offset table more strictly (
f47c01b)v2.52.0Compare Source
Minor Changes
matchfunction to map a path back to a route id and params (#14997)Patch Changes
fix: respect scroll-margin when navigating to a url-supplied anchor (#15246)
fix:
resolvewill narrow types to follow trailing slash page settings (#15027)v2.51.0Compare Source
Minor Changes
feat: add
scrollproperty toNavigationTargetin navigation callbacks (#15248)Navigation callbacks (
beforeNavigate,onNavigate, andafterNavigate) now include scroll position information via thescrollproperty onfromandtotargets:from.scroll: The scroll position at the moment navigation was triggeredto.scroll: InbeforeNavigateandonNavigate, this is populated forpopstatenavigations (back/forward) with the scroll position that will be restored, andnullfor other navigation types. InafterNavigate, this is always the final scroll position after navigation completed.This enables use cases like animating transitions based on the target scroll position when using browser back/forward navigation.
feat:
hydratable's injected script now works with CSP (#15048)Patch Changes
fix: put preloads before styles (#15232)
fix: suppress false-positive inner content warning when children prop is forwarded to a child component (#15269)
fix:
fetchnot working when URL is same host but different thanpaths.base(#15291)fix: navigate to hash link when base element is present (#15236)
fix: avoid triggering
handleErrorwhen redirecting in a remote function (#15222)fix: include
testdirectory in generatedtsconfig.jsonalongside existingtestsentry (#15254)fix: generate
tsconfig.jsonusing the value ofkit.files.src(#15253)v2.50.2Compare Source
Patch Changes
fix: ensure inlined CSS follows
paths.assetsandpaths.relativesettings (#15153)fix: emit script CSP nonces when
unsafe-inlineis present ifstrict-dynamicis also present (#15221)fix: re-export browser/dev from esm-env (#15206)
fix: use validated args in batch resolver in both csr and ssr (#15215)
fix: ensure CSS inlining includes components that are conditionally rendered (#15153)
fix: only match rest params with matchers when the matcher matches (#15216)
fix: properly handle percent-encoded anchors (e.g.
<a href="#sparkles-%E2%9C%A8">) during prerendering. (#15231)v2.50.1Compare Source
Patch Changes
fix: include
hooks.serverandhooks.universalas explicit Vite build inputs to ensure assets imported by hooks files are correctly discovered (#15178)fix: improves fields type for generic components (#14974)
fix: preload links if href changes (#15191)
v2.50.0Compare Source
Minor Changes
buttonPropsfrom experimental remote form functions; use e.g.<button {...myForm.fields.action.as('submit', 'register')}>Register</button>button instead (#15144)v2.49.5Compare Source
Patch Changes
fix: avoid overriding Vite default
basewhen running Vitest 4 (#14866)fix: ensure url decoded pathnames are not mistaken as rerouted requests (
d9ae9b0)fix: add length checks to remote forms (
8ed8155)v2.49.4Compare Source
Patch Changes
fix: support instrumentation for
vite preview(#15105)fix: support for
URLSearchParams.has(name, value)overload (#15076)fix: put forking behind
experimental.forkPreloads(#15135)v2.49.3Compare Source
Patch Changes
fix: avoid false-positive Vite config overridden warning when using Vitest 4 (#15121)
fix: add
typescriptas an optional peer dependency (#15074)fix: use hasOwn check when deep-setting object properties (#15127)
v2.49.2Compare Source
Patch Changes
fix: Stop re-loading already-loaded CSS during server-side route resolution (#15014)
fix: posixify the instrumentation file import on Windows (#14993)
fix: Correctly handle shared memory when decoding binary form data (#15028)
v2.49.1Compare Source
Patch Changes
fix: suppress
state_referenced_locallywarnings in.svelte-kit/generated/root.svelte(#15013)fix: TypeError when doing response.clone() in page load (#15005)
v2.49.0Compare Source
Minor Changes
formremote functions allowing form data to be accessed before large files finish uploading (#14775)v2.48.8Compare Source
Patch Changes
breaking:
invalidnow must be imported from@sveltejs/kit(#14768)breaking: remove
submitteroption from experimental formvalidate()method, always provide default submitter (#14762)v2.48.7Compare Source
Patch Changes
fix: allow multiple
server-timingheaders (#14700)fix: allow access to root-level issues in schema-less forms (#14893)
fix: allow hosting hash-based apps from non-index.html files (#14825)
v2.48.6Compare Source
Patch Changes
fix: clear issues upon passing validation (#14683)
fix: don't use fork of unrelated route (#14947)
fix: prevent type errors when optional
@opentelemetry/apidependency isn't installed (#14949)fix: preserve
thiswhen invoking standard validator (#14943)fix: treat client/universal hooks as entrypoints for illegal server import detection (#14876)
fix: correct query
.setand.refreshbehavior in commands (#14877)fix: improved the accuracy of the types of the output of
field.as('...')(#14908)v2.48.5Compare Source
Patch Changes
fix: wait an extra microtask in dev before calling
$_init_$(#14799)fix: discard preload fork before creating a new one (#14865)
fix: delete
RemoteFormAllIssue, addpathtoRemoteFormIssue(#14864)v2.48.4Compare Source
Patch Changes
fix: adjust query's promise implementation to properly allow chaining (#14859)
fix: make prerender cache work, including in development (#14860)
v2.48.3Compare Source
Patch Changes
fix: include hash when using
resolvewith hash routing enabled (#14786)fix:
afterNavigatecallback not running after hydration when experimental async is enabled (#14644)fix: Snapshot
restoremethod not called after reload when experimental async is enabledfix: expose
issue.pathin.allIssues()(#14784)v2.48.2Compare Source
Patch Changes
v2.48.1Compare Source
Patch Changes
settled(#14818)v2.48.0Compare Source
Minor Changes
forkAPI when available (#14793)Patch Changes
settledinstead oftickin navigate (#14800)v2.47.3Compare Source
Patch Changes
fix: avoid hanging when
error()is used while streaming promises from a serverloadfunction (#14722)chore: treeshake load function code if we know it's unused (#14764)
fix:
RecursiveFormFieldstype for recursive or unknown schemas (#14734)fix: rework internal representation of form value to be
$state(#14771)v2.47.2Compare Source
Patch Changes
fix: streamed promise not resolving when another load function returns a fast resolving promise (#14753)
chore: allow to run preflight validation only (#14744)
fix: update overload to set
invalidtype to schema input (#14748)v2.47.1Compare Source
Patch Changes
fix: allow
readto be used at the top-level of remote function files (#14672)fix: more robust remote files generation (#14682)
v2.47.0Compare Source
Minor Changes
signalproperty to request (#14715)Patch Changes
v2.46.5Compare Source
Patch Changes
formremote functions'fields.settriggers reactivity (#14661)v2.46.4Compare Source
Patch Changes
untrackfunction (#14658)v2.46.3Compare Source
Patch Changes
fix: merge
field.set(...)calls (#14651)fix: don't automatically reset form after an enhanced submission (#14626)
fix: normalize path strings when updating field values (#14649)
v2.46.2Compare Source
Patch Changes
envmodules (#14637)v2.46.1Compare Source
Patch Changes
fix: use
$derivedfor form fields (#14621)docs: remove
@exampleblocks to allow docs to deploy (#14636)fix: require a value with
submitandhiddenfields (#14635)fix: delete hydration cache on effect teardown (#14611)
v2.46.0Compare Source
Minor Changes
Patch Changes
fix: wait a tick before collecting form data for validation (#14631)
fix: prevent code execution order issues around SvelteKit's
envmodules (#14632)v2.45.0Compare Source
Minor Changes
form.for(id)now implicitly sets id on form object (#14623)Patch Changes
fetchin remote function without emitting a warning (#14610)v2.44.0Compare Source
Minor Changes
feat: expose
event.routeandevent.urlto remote functions (#14606)breaking: update experimental
formAPI (#14481)Patch Changes
v2.43.8Compare Source
Patch Changes
fix: HMR for
query(#14587)fix: avoid client modules while traversing dependencies to prevent FOUC during dev (#14577)
fix: skip prebundling of .remote.js files (#14583)
fix: more robust remote file pattern matching (#14578)
v2.43.7Compare Source
Patch Changes
fix: correctly type the
resultofformremote functions that do not accept data (#14573)fix: force remote module chunks to isolate themselves (#14571)
v2.43.6Compare Source
Patch Changes
fix: ensure cache key is consistent between client/server (#14563)
fix: keep resolve relative to initial base during prerender (#14533)
fix: avoid including
HEADtwice when an unhandled HTTP method is used in a request to a+serverhandler that has both aGEThandler and aHEADhandler (#14564)fix: smoothscroll to deep link (#14569)
v2.43.5Compare Source
Patch Changes
resolve(...)outside an event context (#14532)v2.43.4Compare Source
Patch Changes
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.