chore(deps): update dependency eslint-plugin-svelte to ^3.13.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
eslint-plugin-svelte (source)	^3.3.2 -> ^3.13.0

---

Release Notes

sveltejs/eslint-plugin-svelte (eslint-plugin-svelte)

v3.13.0

Compare Source

Minor Changes

• #​1323 074af20 Thanks @​marekdedic! - feat(no-navigation-without-resolve): checking link shorthand attributes

Patch Changes

• #​1388 005e9fd Thanks @​marekdedic! - fix(no-navigation-without-resolve): allowing undefined and null in link hrefs

v3.12.5

Compare Source

Patch Changes

• #​1403 e4d788d Thanks @​baseballyama! - deps: update svelte-eslint-parser to 1.4.0 (It supports $state.eager)

• #​1365 57ccf95 Thanks @​marekdedic! - fix(no-navigation-without-resolve): Detecting asset() function as well

• #​1378 5ba5c3e Thanks @​baseballyama! - fix(no-unused-props): validate spread operator properly

• #​1377 27cf677 Thanks @​baseballyama! - fix(no-navigation-without-resolve): improve error messages

v3.12.4

Compare Source

Patch Changes

• #​1322 1e06290 Thanks @​marekdedic! - fix(no-navigation-without-resolve): properly detecting absolute and fragment URLs in variables

• #​1355 d8df1e8 Thanks @​InkedCat! - fix: properly support Windows in no-unused-props rule
  fix: properly support Windows in valid-style-parse rule
  fix: properly support Windows in no-unnecessary-condition rule

• #​1344 03a93f4 Thanks @​ota-meshi! - fix: preventing infinite loops in multiple rules

v3.12.3

Compare Source

Patch Changes

• #​1305 d92dde0 Thanks @​ota-meshi! - fix(no-top-level-browser-globals): false positives for compound logical expression guards

v3.12.2

Compare Source

Patch Changes

• #​1299 5c7cba3 Thanks @​marekdedic! - feat: disabling more rules in runes mode

• #​1299 5c7cba3 Thanks @​marekdedic! - feat: restricting SvelteKit rules to SvelteKit

• #​1306 7cb3660 Thanks @​ota-meshi! - fix(no-unused-props): false positives for ComponentProps<any>

v3.12.1

Compare Source

Patch Changes

• #​1313 27573f4 Thanks @​marekdedic! - fix: Not reporting mailto: and other unusual schema addresses in no-nmavigation-without-resolve (and its deprecated versions)

v3.12.0

Compare Source

Minor Changes

• #​1308 abbcfdd Thanks @​marekdedic! - feat(no-navigation-without-resolve): added to recommended rule set

• #​1289 e2e791f Thanks @​marekdedic! - feat: added the no-navigation-without-resolve rule

• #​1289 e2e791f Thanks @​marekdedic! - chore: deprecated the no-navigation-without-base rule

v3.11.0

Compare Source

Minor Changes

• #​1151 843730d Thanks @​marekdedic! - feat: added the prefer-svelte-reactivity rule

• #​1269 a444476 Thanks @​baseballyama! - feat: support asynchronous svelte

Patch Changes

• #​1268 4e33ba4 Thanks @​GauBen! - feat(valid-prop-names-in-kit-pages): add support for the new params page prop

v3.10.1

Compare Source

Patch Changes

• #​1260 a51363f Thanks @​tbashiyy! - fix(no-unused-class-name): detect duplicated class names

v3.10.0

Compare Source

Minor Changes

• #​1257 e94a3be Thanks @​tbashiyy! - feat(no-unused-class-name): support regex for allowedClassNames option

v3.9.3

Compare Source

Patch Changes

• #​1252 5db956e Thanks @​ota-meshi! - fix(no-top-level-browser-globals): false positive for {#if browser}

v3.9.2

Compare Source

Patch Changes

• #​1243 5df1121 Thanks @​zachstence! - fix false positives for regular components in valid-compile/custom_element_props_identifier

v3.9.1

Compare Source

Patch Changes

• #​1239 a3d4224 Thanks @​baseballyama! - fix(prefer-const): Use additionalProperties instead of ignoreReadonly to match the ESLint core rule option name.

v3.9.0

Compare Source

Minor Changes

• #​1235 6e86e30 Thanks @​43081j! - Improve performance of ignore comment extraction and add support for comma-separated ignore codes

v3.8.2

Compare Source

Patch Changes

• #​1231 0681f90 Thanks @​marekdedic! - fix(consistent-selector-style): Fixed detections of repeated elements such as in {#each}

v3.8.1

Compare Source

Patch Changes

• #​1227 c938185 Thanks @​ota-meshi! - fix(no-top-level-browser-globals): false positives for type annotations

v3.8.0

Compare Source

Minor Changes

• #​1210 9cffd3b Thanks @​ota-meshi! - feat: add svelte/no-top-level-browser-globals rule

v3.7.0

Compare Source

Minor Changes

• #​1221 534ad78 Thanks @​baseballyama! - feat(sort-attributes): support {@​attach}

v3.6.0

Compare Source

Minor Changes

• #​1170 3ddbd83 Thanks @​baseballyama! - feat: add prefer-writable-derived rule

• #​1069 73f23ae Thanks @​marekdedic! - feat: added the require-event-prefix rule

• #​1197 e9aec7f Thanks @​43081j! - Added no-add-event-listener rule to disallow usages of addEventListener

• #​1148 87c74fe Thanks @​marekdedic! - feat(consistent-selector-style): added support for dynamic classes and IDs

Patch Changes

• #​1208 78d0f78 Thanks @​ota-meshi! - fix(no-unused-svelte-ignore): ignore reactive-component warnings

v3.5.1

Compare Source

Patch Changes

• #​1188 9126f1f Thanks @​43081j! - Removed eslint-compat-utils from dependencies

v3.5.0

Compare Source

Minor Changes

• #​1171 842757f Thanks @​baseballyama! - feat(no-unused-props): add allowUnusedNestedProperties option

Patch Changes

• #​1178 7892f4c Thanks @​baseballyama! - fix(no-unused-props): handle alias props name properly

v3.4.1

Compare Source

Patch Changes

• #​1173 8e53e58 Thanks @​43081j! - chore: use context.sourceCode directly rather than a compatibility helper.

• #​1177 ec22fb4 Thanks @​43081j! - test: use ESLint and Linter directly from eslint in tests

• #​1174 b696ef3 Thanks @​43081j! - chore: use context.filename and context.physicalFilename instead of compat functions.

• #​1176 bafbf5f Thanks @​43081j! - chore: switch to context.cwd rather than using a compat helper.

v3.4.0

Compare Source

Minor Changes

• #​1165 2b7e164 Thanks @​43081j! - Adds a suggestion to the require-store-callbacks-use-set-param rule to automatically rename or add function parameters.

• #​1163 d9b8604 Thanks @​43081j! - Adds a suggestion to the derived-has-same-inputs-outputs rule which renames the outputs.

• #​1164 29b1315 Thanks @​43081j! - Added a suggestion for no-at-debug-tags rule which removes the tags

Patch Changes

• #​1167 db9202d Thanks @​baseballyama! - chore: update svelte-eslint-parser to 1.1.1

v3.3.3

Compare Source

Patch Changes

• #​1146 1233e46 Thanks @​baseballyama! - fix(no-unused-props): resolve false positives on props with default values or $bindable usage

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	typescript@​5.8.2
	eslint-plugin-svelte@​3.3.2 ⏵ 3.13.0	+1			+1
	playwright@​1.56.1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm safer-buffer is 94.0% likely obfuscated Confidence: 0.94 Location: Package overview From: pnpm-lock.yaml → npm/safer-buffer@2.1.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/safer-buffer@2.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report