Skip to content

Bump svelte, @skeletonlabs/skeleton, @sveltejs/kit, eslint-plugin-svelte, prettier-plugin-svelte and sveltekit-superforms in /app#47

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/app/multi-16279fa414
Closed

Bump svelte, @skeletonlabs/skeleton, @sveltejs/kit, eslint-plugin-svelte, prettier-plugin-svelte and sveltekit-superforms in /app#47
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/app/multi-16279fa414

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Feb 20, 2026

Bumps svelte, @skeletonlabs/skeleton, @sveltejs/kit, eslint-plugin-svelte, prettier-plugin-svelte and sveltekit-superforms. These dependencies needed to be updated together.
Updates svelte from 4.2.20 to 5.53.0

Release notes

Sourced from svelte's releases.

svelte@5.53.0

Minor Changes

  • feat: allow comments in tags (#17671)

  • feat: allow error boundaries to work on the server (#17672)

Patch Changes

  • fix: use TrustedHTML to test for customizable support, where necessary (#17743)

  • fix: ensure head effects are kept in the effect tree (#17746)

  • chore: deactivate current_batch by default in unset_context (#17738)

svelte@5.52.0

Minor Changes

  • feat: support TrustedHTML in {@html} expressions (#17701)

Patch Changes

  • fix: repair dynamic component truthy/falsy hydration mismatches (#17737)

  • fix: re-run non-render-bound deriveds on the server (#17674)

svelte@5.51.5

Patch Changes

svelte@5.51.4

Patch Changes

  • chore: proactively defer effects in pending boundary (#17734)

  • fix: detect and error on non-idempotent each block keys in dev mode (#17732)

svelte@5.51.3

Patch Changes

... (truncated)

Changelog

Sourced from svelte's changelog.

5.53.0

Minor Changes

  • feat: allow comments in tags (#17671)

  • feat: allow error boundaries to work on the server (#17672)

Patch Changes

  • fix: use TrustedHTML to test for customizable <select> support, where necessary (#17743)

  • fix: ensure head effects are kept in the effect tree (#17746)

  • chore: deactivate current_batch by default in unset_context (#17738)

5.52.0

Minor Changes

  • feat: support TrustedHTML in {@html} expressions (#17701)

Patch Changes

  • fix: repair dynamic component truthy/falsy hydration mismatches (#17737)

  • fix: re-run non-render-bound deriveds on the server (#17674)

5.51.5

Patch Changes

5.51.4

Patch Changes

  • chore: proactively defer effects in pending boundary (#17734)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for svelte since your current version.


Updates @skeletonlabs/skeleton from 2.0.0 to 2.11.0

Changelog

Sourced from @​skeletonlabs/skeleton's changelog.

2.11.0

Minor Changes

  • Fix CloseQuery has no effect and popup disappear on click (#3076)

2.10.4

Patch Changes

  • bugfix: fix popup disappearing when dragging mouse out of the input box (#2937)

2.10.3

Patch Changes

  • chore: update peer dependencies to support Svelte 5 (#2902)

2.10.2

Patch Changes

  • bugfix: Added restProps to InputChip (#2739)

  • chore: Resolve missing onclick events for AppRailTile and AppRailAnchor. (#2751)

2.10.1

Patch Changes

  • bugfix: InputChip issue resolved to support Svelte 5 (#2715)

  • bugfix: Removed invalid role and forward events on AppRailAnchor component (#2716)

2.10.0

Minor Changes

  • Chore: resolved various accessibility issues and warnings. (#2643)

Patch Changes

  • bugfix: Changed Autocomplete's input prop type to unknown (#2648)

2.9.2

Patch Changes

  • bugfix: Resolved a timing issue that could cause Toasts to animate incorrectly on close. (#2622)

... (truncated)

Commits

Updates @sveltejs/kit from 2.5.1 to 2.52.2

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.52.2

Patch Changes

  • fix: validate form file information to prevent amplification attacks (3e607b3)

  • chore: upgrade devalue and svelte (#15339)

  • fix: parse file offset table more strictly (f47c01b)

@​sveltejs/kit@​2.52.0

Minor Changes

  • feat: match function to map a path back to a route id and params (#14997)

Patch Changes

  • fix: respect scroll-margin when navigating to a url-supplied anchor (#15246)

  • fix: resolve will narrow types to follow trailing slash page settings (#15027)

@​sveltejs/kit@​2.51.0

Minor Changes

  • feat: add scroll property to NavigationTarget in navigation callbacks (#15248)

    Navigation callbacks (beforeNavigate, onNavigate, and afterNavigate) now include scroll position information via the scroll property on from and to targets:

    • from.scroll: The scroll position at the moment navigation was triggered
    • to.scroll: In beforeNavigate and onNavigate, this is populated for popstate navigations (back/forward) with the scroll position that will be restored, and null for other navigation types. In afterNavigate, this is always the final scroll position after navigation completed.

    This enables use cases like animating transitions based on the target scroll position when using browser back/forward navigation.

  • feat: hydratable's injected script now works with CSP (#15048)

Patch Changes

  • fix: put preloads before styles (#15232)

  • fix: suppress false-positive inner content warning when children prop is forwarded to a child component (#15269)

  • fix: fetch not working when URL is same host but different than paths.base (#15291)

  • fix: navigate to hash link when base element is present (#15236)

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.52.2

Patch Changes

  • fix: validate form file information to prevent amplification attacks (3e607b3)

  • chore: upgrade devalue and svelte (#15339)

  • fix: parse file offset table more strictly (f47c01b)

2.52.1

Patch Changes

  • fix: clear stale preflight issues on subsequent valid form submissions (#15281)

  • chore: remove dependency on sade (#15272)

  • fix: include .txt files in precompression (#15259)

  • fix: escape backticks and dollar signs when creating inlined css (#15320)

  • fix: increment form.pending count before preflight validation (#15279)

2.52.0

Minor Changes

  • feat: match function to map a path back to a route id and params (#14997)

Patch Changes

  • fix: respect scroll-margin when navigating to a url-supplied anchor (#15246)

  • fix: resolve will narrow types to follow trailing slash page settings (#15027)

2.51.0

Minor Changes

  • feat: add scroll property to NavigationTarget in navigation callbacks (#15248)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​sveltejs/kit since your current version.


Updates eslint-plugin-svelte from 2.35.1 to 2.46.1

Release notes

Sourced from eslint-plugin-svelte's releases.

eslint-plugin-svelte@2.46.0

Minor Changes

eslint-plugin-svelte@2.45.1

Patch Changes

eslint-plugin-svelte@2.45.0

Minor Changes

Patch Changes

eslint-plugin-svelte@2.44.1

Patch Changes

eslint-plugin-svelte@2.44.0

Minor Changes

  • #841 85053a1 Thanks @​jrmajor! - feat: add config option for foreign elements in svelte/html-self-closing rule

Patch Changes

eslint-plugin-svelte@2.43.0

Minor Changes

eslint-plugin-svelte@2.42.0

Minor Changes

eslint-plugin-svelte@2.41.0

Minor Changes

... (truncated)

Changelog

Sourced from eslint-plugin-svelte's changelog.

eslint-plugin-svelte

3.15.0

Minor Changes

3.14.0

Minor Changes

3.13.1

Patch Changes

3.13.0

Minor Changes

Patch Changes

3.12.5

Patch Changes

3.12.4

... (truncated)

Commits
  • 85487c8 2.46.1
  • e35ca8f chore: fix eslint config
  • 2989df5 chore: fix eslint config
  • a6b19c0 fix: crash with eslint v9.16.0 in svelte/no-inner-declarations
  • 85a055a chore: release eslint-plugin-svelte (#882)
  • bbc3e07 fix(deps): update dependency svelte-eslint-parser to ^0.43.0 (#884)
  • 051925c feat: update svelte to v5.0.0 (#881)
  • ad83f29 chore(deps): update dependency stylus to ^0.64.0
  • 960d437 fix(deps): update dependency known-css-properties to ^0.35.0
  • e57a1b5 chore: release eslint-plugin-svelte (#875)
  • Additional commits viewable in compare view

Updates prettier-plugin-svelte from 2.10.1 to 3.5.0

Changelog

Sourced from prettier-plugin-svelte's changelog.

3.5.0

  • (feat) Svelte 5: print attribute comments

3.4.1

  • (fix) externalize all prettier imports
  • (fix) don't remove parantheses of bind:ings with as type casts

3.4.0

  • (feat) Svelte 5: support attachments ({@attach ...})

3.3.3

  • (fix) Svelte 5: ensure bind get/set is broken up correctly when too long

3.3.2

  • (fix) Svelte 5: handle type annotations on Svelte control flow blocks
  • (fix) preserve style/script tags at the end of the file when using svelteSortOrder: "none"

3.3.1

  • (feat) Svelte 5: support upcoming bind:value={get, set}

3.3.0

  • (feat) Svelte 5: support upcoming <svelte:boundary>
  • (feat) Svelte 5: support upcoming <svelte:html>
  • (feat) Svelte 5: support upcoming #each without as

3.2.8

  • (chore) provide IDE tooling a way to pass Svelte compiler path

3.2.7

  • (fix) force quote style inside style directives
  • (fix) preserve commas in array expressions
  • (fix) Svelte 5: properly determine end of snippet parameters with TS annotations

3.2.6

  • (feat) Svelte 5: never quote single-expression-attributes

3.2.5

  • (fix) Svelte 5: format TypeScript in the template

... (truncated)

Commits

Updates sveltekit-superforms from 1.13.4 to 2.29.1

Release notes

Sourced from sveltekit-superforms's releases.

v2.29.1

Fixed

  • Fixed TypeScript type inference for discriminated unions in ValidationErrors. #653
  • Fixed FormData parsing for discriminated unions, so they work properly without requiring dataType: 'json'. #655
  • reset() function didn't preserve tainted state for fields that are not being reset when using partial data. #656
  • Fixed FormData parsing incorrectly coercing empty strings to literal values (e.g., z.literal("bar")). Empty strings now properly fail validation instead of being replaced with the literal value. #664
  • Fixed ReferenceError when using customValidity with validateForm({ update: true }). #669

Changed

  • Replaced deprecated @finom/zod-to-json-schema with zod-v3-to-json-schema. #660
  • Migrated Valibot adapter to use the official @valibot/to-json-schema package. #668

v2.28.1

Fixed

  • Zod 4 adapter: Allow top-level .transform() and .refine() in schemas. #646.
  • Zod 4 adapter now respects global customError configuration when no explicit error map is provided. The adapter prioritizes customError over localeError. #618.
  • Zod 4 adapter: Fixed Default Date values in nested objects. #650.

v2.28.0

Changed

  • TypeBox adapter has been bumped to 1.0! Check the migration guide to upgrade. Note that if you must stay on 0.x for a while, you cannot upgrade to this version of Superforms.

Added

  • Added support for Zod 4 stringbools. #610
  • booleanProxy now supports the empty option.

Fixed

  • Fixed loading timers when the timeoutMS setting is triggered and a redirect response is returned. #622
  • filesStore initialValue now matches fileStore. #637
  • Fixed JSON Schema for some non-representable types in Zod 4 adapter, it now handles set and map properly. #617
  • Possibly fixed the SuperDebug broken import on Svelte 5 in enforced runes mode #599
  • Zod 4 error messages should now take the current locale into account as default. #618, #639
  • Zod 3 fix for URL parsing - A default boolean value of true returned false when parsing a URL with superValidate. #633

v2.27.4

Security

  • Fixed prototype pollution when using dataType: 'json'.

v2.27.2

Security

... (truncated)

Changelog

Sourced from sveltekit-superforms's changelog.

[2.29.1] - 2025-12-16

Fixed

  • Fixed TypeScript type inference for discriminated unions in ValidationErrors. #653
  • Fixed FormData parsing for discriminated unions, so they work properly without requiring dataType: 'json'. #655
  • reset() function didn't preserve tainted state for fields that are not being reset when using partial data. #656
  • Fixed FormData parsing incorrectly coercing empty strings to literal values (e.g., z.literal("bar")). Empty strings now properly fail validation instead of being replaced with the literal value. #664
  • Fixed ReferenceError when using customValidity with validateForm({ update: true }). #669

Changed

  • Replaced deprecated @finom/zod-to-json-schema with zod-v3-to-json-schema. #660
  • Migrated Valibot adapter to use the official @valibot/to-json-schema package. #668

[2.28.1] - 2025-10-19

Fixed

  • Zod 4 adapter: Allow top-level .transform() and .refine() in schemas. #646.
  • Zod 4 adapter now respects global customError configuration when no explicit error map is provided. The adapter prioritizes customError over localeError. #618.
  • Zod 4 adapter: Fixed Default Date values in nested objects. #650.

[2.28.0] - 2025-10-19

Changed

  • TypeBox adapter has been bumped to 1.0! Check the migration guide to upgrade. Note that if you must stay on 0.x for a while, you cannot upgrade to this version of Superforms.

Added

  • Added support for Zod 4 stringbools. #610
  • booleanProxy now supports the empty option.

Fixed

  • Fixed loading timers when the timeoutMS setting is triggered and a redirect response is returned. #622
  • filesStore initialValue now matches fileStore. #637
  • Fixed JSON Schema for some non-representable types in Zod 4 adapter, it now handles set and map properly. #617
  • Possibly fixed the SuperDebug broken import on Svelte 5 in enforced runes mode #599
  • Zod 4 error messages should now take the current locale into account as default. #618, #639
  • Zod 3 fix for URL parsing - A default boolean value of true returned false when parsing a URL with superValidate. #633

[2.27.4] - 2025-10-14

Security

  • Fixed prototype pollution when using dataType: 'json'.

[2.27.2] - 2025-10-03

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump svelte, @skeletonlabs/skeleton, @sveltejs/kit, eslint-plugin-sve…
cf83eeb 
…lte, prettier-plugin-svelte and sveltekit-superforms

Bumps [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte), [@skeletonlabs/skeleton](https://github.com/skeletonlabs/skeleton/tree/HEAD/packages/skeleton), [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit), [eslint-plugin-svelte](https://github.com/sveltejs/eslint-plugin-svelte/tree/HEAD/packages/eslint-plugin-svelte), [prettier-plugin-svelte](https://github.com/sveltejs/prettier-plugin-svelte) and [sveltekit-superforms](https://github.com/ciscoheat/sveltekit-superforms). These dependencies needed to be updated together.

Updates `svelte` from 4.2.20 to 5.53.0
- [Release notes](https://github.com/sveltejs/svelte/releases)
- [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.53.0/packages/svelte)

Updates `@skeletonlabs/skeleton` from 2.0.0 to 2.11.0
- [Release notes](https://github.com/skeletonlabs/skeleton/releases)
- [Changelog](https://github.com/skeletonlabs/skeleton/blob/@skeletonlabs/skeleton@2.11.0/packages/skeleton/CHANGELOG.md)
- [Commits](https://github.com/skeletonlabs/skeleton/commits/@skeletonlabs/skeleton@2.11.0/packages/skeleton)

Updates `@sveltejs/kit` from 2.5.1 to 2.52.2
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.52.2/packages/kit)

Updates `eslint-plugin-svelte` from 2.35.1 to 2.46.1
- [Release notes](https://github.com/sveltejs/eslint-plugin-svelte/releases)
- [Changelog](https://github.com/sveltejs/eslint-plugin-svelte/blob/main/packages/eslint-plugin-svelte/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/eslint-plugin-svelte/commits/v2.46.1/packages/eslint-plugin-svelte)

Updates `prettier-plugin-svelte` from 2.10.1 to 3.5.0
- [Changelog](https://github.com/sveltejs/prettier-plugin-svelte/blob/v3.5.0/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/prettier-plugin-svelte/commits/v3.5.0)

Updates `sveltekit-superforms` from 1.13.4 to 2.29.1
- [Release notes](https://github.com/ciscoheat/sveltekit-superforms/releases)
- [Changelog](https://github.com/ciscoheat/sveltekit-superforms/blob/main/CHANGELOG.md)
- [Commits](ciscoheat/sveltekit-superforms@v1.13.4...v2.29.1)

---
updated-dependencies:
- dependency-name: svelte
  dependency-version: 5.53.0
  dependency-type: direct:development
- dependency-name: "@skeletonlabs/skeleton"
  dependency-version: 2.11.0
  dependency-type: direct:development
- dependency-name: "@sveltejs/kit"
  dependency-version: 2.52.2
  dependency-type: direct:development
- dependency-name: eslint-plugin-svelte
  dependency-version: 2.46.1
  dependency-type: direct:development
- dependency-name: prettier-plugin-svelte
  dependency-version: 3.5.0
  dependency-type: direct:development
- dependency-name: sveltekit-superforms
  dependency-version: 2.29.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 20, 2026
@dependabot dependabot bot mentioned this pull request Feb 20, 2026
Closed
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Feb 28, 2026

Superseded by #50.

@dependabot dependabot bot closed this Feb 28, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/app/multi-16279fa414 branch February 28, 2026 18:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants