Skip to content

chore(deps): update npm #107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 21, 2025
Merged

chore(deps): update npm #107

merged 1 commit into from
Sep 21, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Sep 11, 2025
edited
Loading

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package Change Age Confidence
@eslint/js (source) ^9.35.0 -> ^9.36.0 age confidence
@fontsource/dm-serif-display (source) ^5.2.6 -> ^5.2.8 age confidence
@lucide/svelte (source) ^0.543.0 -> ^0.544.0 age confidence
@shikijs/langs (source) ^3.12.2 -> ^3.13.0 age confidence
@shikijs/rehype (source) ^3.12.2 -> ^3.13.0 age confidence
@shikijs/themes (source) ^3.12.2 -> ^3.13.0 age confidence
@sveltejs/kit (source) ^2.38.1 -> ^2.42.2 age confidence
@tailwindcss/typography ^0.5.16 -> ^0.5.18 age confidence
@types/node (source) ^24.3.1 -> ^24.5.2 age confidence
@upstash/redis ^1.35.3 -> ^1.35.4 age confidence
bits-ui ^2.9.6 -> ^2.11.0 age confidence
eslint (source) ^9.35.0 -> ^9.36.0 age confidence
eslint-plugin-svelte (source) ^3.12.3 -> ^3.12.4 age confidence
marked (source) ^16.2.1 -> ^16.3.0 age confidence
pnpm (source) 10.15.1 -> 10.17.0 age confidence
posthog-js (source) ^1.262.0 -> ^1.266.3 age confidence
posthog-node (source) ^5.8.3 -> ^5.8.6 age confidence
runed (source) ^0.31.1 -> ^0.32.0 age confidence
shiki (source) ^3.12.2 -> ^3.13.0 age confidence
svelte (source) ^5.38.9 -> ^5.39.3 age confidence
typescript-eslint (source) ^8.43.0 -> ^8.44.0 age confidence
vite (source) ^7.1.5 -> ^7.1.6 age confidence
vite-plugin-lucide-preprocess ^1.4.3 -> ^1.4.4 age confidence

Release Notes

eslint/eslint (@​eslint/js)

v9.36.0

Compare Source

fontsource/font-files (@​fontsource/dm-serif-display)

v5.2.8

Compare Source

v5.2.7

Compare Source

lucide-icons/lucide (@​lucide/svelte)

v0.544.0: Version 0.544.0

Compare Source

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@0.543.0...0.544.0

shikijs/shiki (@​shikijs/langs)

v3.13.0

Compare Source

   🚀 Features
    View changes on GitHub

v3.12.3

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
sveltejs/kit (@​sveltejs/kit)

v2.42.2

Compare Source

Patch Changes

  • fix: prevent loops in postbuild analysis phase (#​14450)

  • fix: handle nested object fields in form data (#​14469)

  • fix: robustify form helper types (#​14463)

  • fix: avoid running the init hook during builds if there's nothing to prerender (#​14464)

  • fix: ensure SSR rendering gets request store context (#​14476)

v2.42.1

Compare Source

Patch Changes
  • fix: ensure environment setup is in its own chunk (#​14441)

v2.42.0

Compare Source

Minor Changes

  • feat: enhance remote form functions with schema support, input and issues properties (#​14383)

  • breaking: remote form functions get passed a parsed POJO instead of a FormData object now (#​14383)

v2.41.0

Compare Source

Minor Changes
  • feat: add %sveltekit.version% to app.html (#​12132)
Patch Changes

  • fix: allow remote functions to return custom types serialized with transport hooks (#​14435)

  • fix: fulfil beforeNavigate complete when redirected (#​12896)

v2.40.0

Compare Source

Minor Changes
  • feat: include event property on popstate/link/form navigation (#​14307)
Patch Changes

  • fix: respect replaceState/keepFocus/noScroll when a navigation results in a redirect (#​14424)

  • fix: invalidate preload cache when invalidateAll is true (#​14420)

v2.39.1

Compare Source

Patch Changes
  • fix: more robust remote function code transformation (#​14418)

v2.39.0

Compare Source

Minor Changes
  • feat: lazy discovery of remote functions (#​14293)
Patch Changes

  • fix: layout load data not serialized on error page (#​14395)

  • fix: fail prerendering when remote function fails (#​14365)

  • fix: treat handle hook redirect as part of remote function call as json redirect (#​14362)

tailwindlabs/tailwindcss-typography (@​tailwindcss/typography)

v0.5.18

Compare Source

Fixed
  • Fixed undefined variable error (#​403)

v0.5.17

Compare Source

Added
  • Add modifiers for description list elements (#​357)
  • Add prose-picture modifier (#​367)
Fixed
  • Include unit in hr border-width value (#​379)
  • Ensure <kbd> styles work with Tailwind CSS v4 (#​387)
Changed
  • Remove lodash dependencies (#​402)
upstash/upstash-redis (@​upstash/redis)

v1.35.4

Compare Source

What's Changed

New Contributors

Full Changelog: upstash/redis-js@v1.35.3...v1.35.4

huntabyte/bits-ui (bits-ui)

v2.11.0

Compare Source

Minor Changes

  • feat(Collapsible): add hiddenUntilFound prop to expand collapsible when the content matches a browser search (#​1782)

  • feat(Accordion): hiddenUntilFound to expand on browser search match (#​1782)

Patch Changes

v2.10.0

Compare Source

Minor Changes
  • feat(Rating Group): remove unstable_ prefix. RatingGroup now considered stable. (#​1767)
Patch Changes

  • fix(Select): selected item should be in view on open (#​1765)

  • fix(Combobox): selected item should be in view on open (#​1765)

v2.9.9

Compare Source

Patch Changes
  • fix(Dropdown Menu): ensure menu can open on V0+Space when using VoiceOver on Safari/Firefox (#​1761)

v2.9.8

Compare Source

Patch Changes
  • fix(DateField): ensure attribute reassignment doesn't create invalid state (#​1751)

v2.9.7

Compare Source

Patch Changes

  • fix(Checkbox): ensure focus does not go to hidden input on invalid form submission (#​1750)

  • fix(RadioGroup): ensure focus does not go to hidden input on invalid form submission (#​1750)

  • fix(Command): ensure value is properly registered when using textContent instead of value prop (#​1748)

  • fix(TimeField): include 'timeZoneName' in TimeSegmentPart type (#​1744)

eslint/eslint (eslint)

v9.36.0

Compare Source

sveltejs/eslint-plugin-svelte (eslint-plugin-svelte)

v3.12.4

Compare Source

Patch Changes

  • #​1322 1e06290 Thanks @​marekdedic! - fix(no-navigation-without-resolve): properly detecting absolute and fragment URLs in variables

  • #​1355 d8df1e8 Thanks @​InkedCat! - fix: properly support Windows in no-unused-props rule
    fix: properly support Windows in valid-style-parse rule
    fix: properly support Windows in no-unnecessary-condition rule

  • #​1344 03a93f4 Thanks @​ota-meshi! - fix: preventing infinite loops in multiple rules

markedjs/marked (marked)

v16.3.0

Compare Source

Features
pnpm/pnpm (pnpm)

v10.17.0

Compare Source

Minor Changes

  • The minimumReleaseAgeExclude setting now supports patterns. For instance:

    minimumReleaseAge: 1440
minimumReleaseAgeExclude:
  - "@&#8203;eslint/*"

    Related PR: #​9984.

Patch Changes
  • Don't ignore the minimumReleaseAge check, when the package is requested by exact version and the packument is loaded from cache #​9978.
  • When minimumReleaseAge is set and the active version under a dist-tag is not mature enough, do not downgrade to a prerelease version in case the original version wasn't a prerelease one #​9979.

v10.16.1

Compare Source

Patch Changes
  • The full metadata cache should be stored not at the same location as the abbreviated metadata. This fixes a bug where pnpm was loading the abbreviated metadata from cache and couldn't find the "time" field as a result #​9963.
  • Forcibly disable ANSI color codes when generating patch diff #​9914.

v10.16.0

Compare Source

Minor Changes

  • There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour.

    The new setting is called minimumReleaseAge. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting minimumReleaseAge: 1440 ensures that only packages released at least one day ago can be installed.

    If you set minimumReleaseAge but need to disable this restriction for certain dependencies, you can list them under the minimumReleaseAgeExclude setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time:

    minimumReleaseAgeExclude:
  - webpack

    Related issue: #​9921.

  • Added support for finders #​9946.

    In the past, pnpm list and pnpm why could only search for dependencies by name (and optionally version). For example:

    pnpm why minimist

    prints the chain of dependencies to any installed instance of minimist:

    verdaccio 5.20.1
├─┬ handlebars 4.7.7
│ └── minimist 1.2.8
└─┬ mv 2.1.1
  └─┬ mkdirp 0.5.6
    └── minimist 1.2.8

    What if we want to search by other properties of a dependency, not just its name? For instance, find all packages that have react@17 in their peer dependencies?

    This is now possible with "finder functions". Finder functions can be declared in .pnpmfile.cjs and invoked with the --find-by=<function name> flag when running pnpm list or pnpm why.

    Let's say we want to find any dependencies that have React 17 in peer dependencies. We can add this finder to our .pnpmfile.cjs:

    module.exports = {
  finders: {
    react17: (ctx) => {
      return ctx.readManifest().peerDependencies?.react === "^17.0.0";
    },
  },
};

    Now we can use this finder function by running:

    pnpm why --find-by=react17

    pnpm will find all dependencies that have this React in peer dependencies and print their exact locations in the dependency graph.

    @&#8203;apollo/client 4.0.4
├── @&#8203;graphql-typed-document-node/core 3.2.0
└── graphql-tag 2.12.6

    It is also possible to print out some additional information in the output by returning a string from the finder. For example, with the following finder:

    module.exports = {
  finders: {
    react17: (ctx) => {
      const manifest = ctx.readManifest();
      if (manifest.peerDependencies?.react === "^17.0.0") {
        return `license: ${manifest.license}`;
      }
      return false;
    },
  },
};

    Every matched package will also print out the license from its package.json:

    @&#8203;apollo/client 4.0.4
├── @&#8203;graphql-typed-document-node/core 3.2.0
│   license: MIT
└── graphql-tag 2.12.6
    license: MIT
Patch Changes
  • Fix deprecation warning printed when executing pnpm with Node.js 24 #​9529.
  • Throw an error if nodeVersion is not set to an exact semver version #​9934.
  • pnpm publish should be able to publish a .tar.gz file #​9927.
  • Canceling a running process with Ctrl-C should make pnpm run return a non-zero exit code #​9626.
PostHog/posthog-js (posthog-js)

v1.266.3

Compare Source

1.266.3

Patch Changes

v1.266.2

Compare Source

1.266.2

Patch Changes

v1.266.1

Compare Source

1.266.1
Patch Changes

v1.266.0

Compare Source

1.266.0
Minor Changes
  • #​2321 b81e152 Thanks @​pauldambra! - feat: expose rrweb custom events on the public interface of the recorder. not intended for arbitrary public use but useful for internal purposes

v1.265.1

Compare Source

1.265.1
Patch Changes

v1.265.0

Compare Source

1.265.0

Minor Changes

v1.264.2

Compare Source

1.264.2

Patch Changes
  • #​2314 5836a2f Thanks @​ordehi! - Fixed a bug that prevented surveys from loading in cookieless mode using the on_reject option. Surveys now correctly initialize when consent is given.

v1.264.1

Compare Source

1.264.1
Patch Changes

v1.264.0

Compare Source

1.264.0

Minor Changes

v1.263.0

Compare Source

1.263.0
Minor Changes

v1.262.1

Compare Source

1.262.1

Patch Changes
PostHog/posthog-js (posthog-node)

v5.8.6

Compare Source

Patch Changes

v5.8.5

Compare Source

Patch Changes

v5.8.4

Compare Source

Patch Changes
svecosystem/runed (runed)

v0.32.0

Compare Source

Minor Changes

  • New Utility: useSearchParams (#​266)

  • feat(StateHistory): add clear method to reset the stack
    (#​293)

  • New Utility: boolAttr (#​251)

Patch Changes

  • fix(IsIdle): use reactive events (#​317)

  • fix: use a $derived in Previous (#​314)

  • fix: type of event.currentTarget for useEventListener
    (#​311)

sveltejs/svelte (svelte)

v5.39.3

Compare Source

Patch Changes

v5.39.2

Compare Source

Patch Changes

  • fix: preserve SSR context when block expressions contain await (#​16791)

  • chore: bump some devDependencies (#​16787)

v5.39.1

Compare Source

Patch Changes

  • fix: issue state_proxy_unmount warning when unmounting a state proxy (#​16747)

  • fix: add then to class component render output (#​16783)

v5.39.0

Compare Source

Minor Changes
Patch Changes
  • fix: correctly SSR hidden="until-found" (#​16773)

v5.38.10

Compare Source

Patch Changes
  • fix: flush effects scheduled during boundary's pending phase (#​16738)
typescript-eslint/typescript-eslint (typescript-eslint)

v8.44.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

vitejs/vite (vite)

v7.1.6

Compare Source

Bug Fixes
  • deps: update all non-major dependencies (#​20773) (88af2ae)
  • esbuild: inject esbuild helper functions with minified $ variables correctly (#​20761) (7e8e004)
  • fallback terser to main thread when nameCache is provided (#​20750) (a679a64)
  • types: strict env typings fail when skipLibCheck is false (#​20755) (cc54e29)
Miscellaneous Chores
WarningImHack3r/vite-plugin-lucide-preprocess (vite-plugin-lucide-preprocess)

v1.4.4

Compare Source

  • Add support for newly renamed components in Lucide v0.543.0
  • Explicitly add the dependency on magic-string
  • Fix a typo in the docs

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@vercel
Copy link

vercel bot commented Sep 11, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
svelte-changelog Ready Ready Preview Comment Sep 21, 2025 4:57am

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 11, 2025
edited
Loading

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@renovate renovate bot changed the title chore(deps): update dependency @lucide/svelte to ^0.544.0 chore(deps): update npm Sep 11, 2025
@WarningImHack3r WarningImHack3r merged commit 580f3bb into main Sep 21, 2025
4 checks passed
@WarningImHack3r WarningImHack3r deleted the renovate/npm branch September 21, 2025 17:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies npm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@WarningImHack3r