Skip to content

Bump svelte, @skeletonlabs/skeleton, @sveltejs/kit, eslint-plugin-svelte, prettier-plugin-svelte and sveltekit-superforms in /app#50

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/app/multi-d84b35e67b
Open

Bump svelte, @skeletonlabs/skeleton, @sveltejs/kit, eslint-plugin-svelte, prettier-plugin-svelte and sveltekit-superforms in /app#50
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/app/multi-d84b35e67b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Feb 28, 2026

Bumps svelte, @skeletonlabs/skeleton, @sveltejs/kit, eslint-plugin-svelte, prettier-plugin-svelte and sveltekit-superforms. These dependencies needed to be updated together.
Updates svelte from 4.2.20 to 5.53.6

Release notes

Sourced from svelte's releases.

svelte@5.53.6

Patch Changes

  • perf: optimize parser hot paths for faster compilation (#17811)

  • fix: SvelteMap incorrectly handles keys with undefined values (#17826)

  • fix: SvelteURL search setter now returns the normalized value, matching native URL behavior (#17828)

  • fix: visit synthetic value node during ssr (#17824)

  • fix: always case insensitive event handlers during ssr (#17822)

  • chore: more efficient effect scheduling (#17808)

  • perf: optimize compiler analysis phase (#17823)

  • fix: skip redundant batch.apply (#17816)

  • chore: null out current_batch before committing branches (#17809)

svelte@5.53.5

Patch Changes

svelte@5.53.4

Patch Changes

  • fix: set server context after async transformError (#17799)

  • fix: hydrate if blocks correctly (#17784)

  • fix: handle default parameters scope leaks (#17788)

  • fix: prevent flushed effects from running again (#17787)

svelte@5.53.3

Patch Changes

  • fix: render :catch of #await block with correct key (#17769)

  • chore: pin aria-query@5.3.1 (#17772)

  • fix: make string coercion consistent to toString (#17774)

svelte@5.53.2

Patch Changes

... (truncated)

Changelog

Sourced from svelte's changelog.

5.53.6

Patch Changes

  • perf: optimize parser hot paths for faster compilation (#17811)

  • fix: SvelteMap incorrectly handles keys with undefined values (#17826)

  • fix: SvelteURL search setter now returns the normalized value, matching native URL behavior (#17828)

  • fix: visit synthetic value node during ssr (#17824)

  • fix: always case insensitive event handlers during ssr (#17822)

  • chore: more efficient effect scheduling (#17808)

  • perf: optimize compiler analysis phase (#17823)

  • fix: skip redundant batch.apply (#17816)

  • chore: null out current_batch before committing branches (#17809)

5.53.5

Patch Changes

5.53.4

Patch Changes

  • fix: set server context after async transformError (#17799)

  • fix: hydrate if blocks correctly (#17784)

  • fix: handle default parameters scope leaks (#17788)

  • fix: prevent flushed effects from running again (#17787)

5.53.3

Patch Changes

  • fix: render :catch of #await block with correct key (#17769)

  • chore: pin aria-query@5.3.1 (#17772)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for svelte since your current version.


Updates @skeletonlabs/skeleton from 2.0.0 to 2.11.0

Changelog

Sourced from @​skeletonlabs/skeleton's changelog.

2.11.0

Minor Changes

  • Fix CloseQuery has no effect and popup disappear on click (#3076)

2.10.4

Patch Changes

  • bugfix: fix popup disappearing when dragging mouse out of the input box (#2937)

2.10.3

Patch Changes

  • chore: update peer dependencies to support Svelte 5 (#2902)

2.10.2

Patch Changes

  • bugfix: Added restProps to InputChip (#2739)

  • chore: Resolve missing onclick events for AppRailTile and AppRailAnchor. (#2751)

2.10.1

Patch Changes

  • bugfix: InputChip issue resolved to support Svelte 5 (#2715)

  • bugfix: Removed invalid role and forward events on AppRailAnchor component (#2716)

2.10.0

Minor Changes

  • Chore: resolved various accessibility issues and warnings. (#2643)

Patch Changes

  • bugfix: Changed Autocomplete's input prop type to unknown (#2648)

2.9.2

Patch Changes

  • bugfix: Resolved a timing issue that could cause Toasts to animate incorrectly on close. (#2622)

... (truncated)

Commits

Updates @sveltejs/kit from 2.5.1 to 2.53.4

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.53.4

Patch Changes

  • fix: avoid Vite warning about unknown codeSplitting option (#15451)

@​sveltejs/kit@​2.53.3

Patch Changes

  • fix: prevent overlapping file metadata in remote functions form (faba869)

@​sveltejs/kit@​2.53.2

Patch Changes

  • fix: server-render nested form value sets (#15378)

  • fix: use deep partial types for form remote functions .value() and .set(...) (#14837)

  • fix: provide correct url info to remote functions (#15418)

  • fix: allow optional types for remote query/command/prerender functions (#15293)

  • fix: allow commands in more places (#15288)

@​sveltejs/kit@​2.53.1

Patch Changes

  • fix: address warning about inlineDynamicImports when using Vite 8 (#15403)

@​sveltejs/kit@​2.53.0

Minor Changes

  • feat: support Vite 8 (#15024)

Patch Changes

  • fix: remove event listeners on form attachment cleanup (#15286)

  • fix: apply queries refreshed in a form remote function when a redirect is thrown (#15362)

@​sveltejs/kit@​2.52.2

Patch Changes

  • fix: validate form file information to prevent amplification attacks (3e607b3)

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.53.4

Patch Changes

  • fix: avoid Vite warning about unknown codeSplitting option (#15451)

2.53.3

Patch Changes

  • fix: prevent overlapping file metadata in remote functions form (faba869)

2.53.2

Patch Changes

  • fix: server-render nested form value sets (#15378)

  • fix: use deep partial types for form remote functions .value() and .set(...) (#14837)

  • fix: provide correct url info to remote functions (#15418)

  • fix: allow optional types for remote query/command/prerender functions (#15293)

  • fix: allow commands in more places (#15288)

2.53.1

Patch Changes

  • fix: address warning about inlineDynamicImports when using Vite 8 (#15403)

2.53.0

Minor Changes

  • feat: support Vite 8 (#15024)

Patch Changes

  • fix: remove event listeners on form attachment cleanup (#15286)

  • fix: apply queries refreshed in a form remote function when a redirect is thrown (#15362)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​sveltejs/kit since your current version.


Updates eslint-plugin-svelte from 2.35.1 to 2.46.1

Release notes

Sourced from eslint-plugin-svelte's releases.

eslint-plugin-svelte@2.46.0

Minor Changes

eslint-plugin-svelte@2.45.1

Patch Changes

eslint-plugin-svelte@2.45.0

Minor Changes

Patch Changes

eslint-plugin-svelte@2.44.1

Patch Changes

eslint-plugin-svelte@2.44.0

Minor Changes

  • #841 85053a1 Thanks @​jrmajor! - feat: add config option for foreign elements in svelte/html-self-closing rule

Patch Changes

eslint-plugin-svelte@2.43.0

Minor Changes

eslint-plugin-svelte@2.42.0

Minor Changes

eslint-plugin-svelte@2.41.0

Minor Changes

... (truncated)

Changelog

Sourced from eslint-plugin-svelte's changelog.

eslint-plugin-svelte

3.15.0

Minor Changes

3.14.0

Minor Changes

3.13.1

Patch Changes

3.13.0

Minor Changes

Patch Changes

3.12.5

Patch Changes

3.12.4

... (truncated)

Commits
  • 85487c8 2.46.1
  • e35ca8f chore: fix eslint config
  • 2989df5 chore: fix eslint config
  • a6b19c0 fix: crash with eslint v9.16.0 in svelte/no-inner-declarations
  • 85a055a chore: release eslint-plugin-svelte (#882)
  • bbc3e07 fix(deps): update dependency svelte-eslint-parser to ^0.43.0 (#884)
  • 051925c feat: update svelte to v5.0.0 (#881)
  • ad83f29 chore(deps): update dependency stylus to ^0.64.0
  • 960d437 fix(deps): update dependency known-css-properties to ^0.35.0
  • e57a1b5 chore: release eslint-plugin-svelte (#875)
  • Additional commits viewable in compare view

Updates prettier-plugin-svelte from 2.10.1 to 3.5.0

Changelog

Sourced from prettier-plugin-svelte's changelog.

3.5.0

  • (feat) Svelte 5: print attribute comments

3.4.1

  • (fix) externalize all prettier imports
  • (fix) don't remove parantheses of bind:ings with as type casts

3.4.0

  • (feat) Svelte 5: support attachments ({@attach ...})

3.3.3

  • (fix) Svelte 5: ensure bind get/set is broken up correctly when too long

3.3.2

  • (fix) Svelte 5: handle type annotations on Svelte control flow blocks
  • (fix) preserve style/script tags at the end of the file when using svelteSortOrder: "none"

3.3.1

  • (feat) Svelte 5: support upcoming bind:value={get, set}

3.3.0

  • (feat) Svelte 5: support upcoming <svelte:boundary>
  • (feat) Svelte 5: support upcoming <svelte:html>
  • (feat) Svelte 5: support upcoming #each without as

3.2.8

  • (chore) provide IDE tooling a way to pass Svelte compiler path

3.2.7

  • (fix) force quote style inside style directives
  • (fix) preserve commas in array expressions
  • (fix) Svelte 5: properly determine end of snippet parameters with TS annotations

3.2.6

  • (feat) Svelte 5: never quote single-expression-attributes

3.2.5

  • (fix) Svelte 5: format TypeScript in the template

... (truncated)

Commits

Updates sveltekit-superforms from 1.13.4 to 2.30.0

Release notes

Sourced from sveltekit-superforms's releases.

v2.30.0

Security

  • Devalue dependency version updated to prevent CVE-2026-22774 and two other minor vulnerabilities.

Added

  • Added adapter to support Standard Schema, now any validation library implementing that interface can be used with Superforms! Big thanks to sillvva for this contribution! Note however that the defaults option is required when using this adapter, as for default values to be inferred automatically, a more specialized adapter for the validation library (handling JSON Schema) needs to be used.

Fixed

  • Improved error message for "No shape could be created for schema" to suggest using zod4 adapter when applicable. #594
  • Added runtime detection warning when Zod v4 schema is passed to Zod v3 adapter, helping users identify adapter version mismatch. #594
  • Valibot adapter now handles transformation actions (trim, transform, etc.) properly by using typeMode: 'input' and errorMode: 'ignore' as defaults. This prevents errors when schemas contain transformations. Users can override these settings by passing typeMode and errorMode options to the adapter. #668

v2.29.1

Fixed

  • Fixed TypeScript type inference for discriminated unions in ValidationErrors. #653
  • Fixed FormData parsing for discriminated unions, so they work properly without requiring dataType: 'json'. #655
  • reset() function didn't preserve tainted state for fields that are not being reset when using partial data. #656
  • Fixed FormData parsing incorrectly coercing empty strings to literal values (e.g., z.literal("bar")). Empty strings now properly fail validation instead of being replaced with the literal value. #664
  • Fixed ReferenceError when using customValidity with validateForm({ update: true }). #669

Changed

  • Replaced deprecated @finom/zod-to-json-schema with zod-v3-to-json-schema. #660
  • Migrated Valibot adapter to use the official @valibot/to-json-schema package. #668

v2.28.1

Fixed

  • Zod 4 adapter: Allow top-level .transform() and .refine() in schemas. #646.
  • Zod 4 adapter now respects global customError configuration when no explicit error map is provided. The adapter prioritizes customError over localeError. #618.
  • Zod 4 adapter: Fixed Default Date values in nested objects. #650.

v2.28.0

Changed

  • TypeBox adapter has been bumped to 1.0! Check the migration guide to upgrade. Note that if you must stay on 0.x for a while, you cannot upgrade to this version of Superforms.

Added

  • Added support for Zod 4 stringbools. #610
  • booleanProxy now supports the empty option.

Fixed

  • Fixed loading timers when the timeoutMS setting is triggered and a redirect response is returned. #622
  • filesStore initialValue now matches fileStore. #637

... (truncated)

Changelog

Sourced from sveltekit-superforms's changelog.

[2.30.0] - 2026-02-22

Security

  • Devalue dependency version updated to prevent CVE-2026-22774 and two other minor vulnerabilities.

Added

  • Added adapter to support Standard Schema, now any validation library implementing that interface can be used with Superforms! Big thanks to sillvva for this contribution! Note however that the defaults option is required when using this adapter, as for default values to be inferred automatically, a more specialized adapter for the validation library (handling JSON Schema) needs to be used.

Fixed

  • Improved error message for "No shape could be created for schema" to suggest using zod4 adapter when applicable. #594
  • Added runtime detection warning when Zod v4 schema is passed to Zod v3 adapter, helping users identify adapter version mismatch. #594
  • Valibot adapter now handles transformation actions (trim, transform, etc.) properly by using typeMode: 'input' and errorMode: 'ignore' as defaults. This prevents errors when schemas contain transformations. Users can override these settings by passing typeMode and errorMode options to the adapter. #668

[2.29.1] - 2025-12-16

Fixed

  • Fixed TypeScript type inference for discriminated unions in ValidationErrors. #653
  • Fixed FormData parsing for discriminated unions, so they work properly without requiring dataType: 'json'. #655
  • reset() function didn't preserve tainted state for fields that are not being reset when using partial data. #656
  • Fixed FormData parsing incorrectly coercing empty strings to literal values (e.g., z.literal("bar")). Empty strings now properly fail validation instead of being replaced with the literal value. #664
  • Fixed ReferenceError when using customValidity with validateForm({ update: true }). #669

Changed

  • Replaced deprecated @finom/zod-to-json-schema with zod-v3-to-json-schema. #660
  • Migrated Valibot adapter to use the official @valibot/to-json-schema package. #668

[2.28.1] - 2025-10-19

Fixed

  • Zod 4 adapter: Allow top-level .transform() and .refine() in schemas. #646.
  • Zod 4 adapter now respects global customError configuration when no explicit error map is provided. The adapter prioritizes customError over localeError. #618.
  • Zod 4 adapter: Fixed Default Date values in nested objects. #650.

[2.28.0] - 2025-10-19

Changed

  • TypeBox adapter has been bumped to 1.0! Check the migration guide to upgrade. Note that if you must stay on 0.x for a while, you cannot upgrade to this version of Superforms.

Added

  • Added support for Zod 4 stringbools. #610
  • booleanProxy now supports the empty option.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump svelte, @skeletonlabs/skeleton, @sveltejs/kit, eslint-plugin-sve…
3aa6dd7 
…lte, prettier-plugin-svelte and sveltekit-superforms

Bumps [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte), [@skeletonlabs/skeleton](https://github.com/skeletonlabs/skeleton/tree/HEAD/packages/skeleton), [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit), [eslint-plugin-svelte](https://github.com/sveltejs/eslint-plugin-svelte/tree/HEAD/packages/eslint-plugin-svelte), [prettier-plugin-svelte](https://github.com/sveltejs/prettier-plugin-svelte) and [sveltekit-superforms](https://github.com/ciscoheat/sveltekit-superforms). These dependencies needed to be updated together.

Updates `svelte` from 4.2.20 to 5.53.6
- [Release notes](https://github.com/sveltejs/svelte/releases)
- [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.53.6/packages/svelte)

Updates `@skeletonlabs/skeleton` from 2.0.0 to 2.11.0
- [Release notes](https://github.com/skeletonlabs/skeleton/releases)
- [Changelog](https://github.com/skeletonlabs/skeleton/blob/@skeletonlabs/skeleton@2.11.0/packages/skeleton/CHANGELOG.md)
- [Commits](https://github.com/skeletonlabs/skeleton/commits/@skeletonlabs/skeleton@2.11.0/packages/skeleton)

Updates `@sveltejs/kit` from 2.5.1 to 2.53.4
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.53.4/packages/kit)

Updates `eslint-plugin-svelte` from 2.35.1 to 2.46.1
- [Release notes](https://github.com/sveltejs/eslint-plugin-svelte/releases)
- [Changelog](https://github.com/sveltejs/eslint-plugin-svelte/blob/main/packages/eslint-plugin-svelte/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/eslint-plugin-svelte/commits/v2.46.1/packages/eslint-plugin-svelte)

Updates `prettier-plugin-svelte` from 2.10.1 to 3.5.0
- [Changelog](https://github.com/sveltejs/prettier-plugin-svelte/blob/v3.5.0/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/prettier-plugin-svelte/commits/v3.5.0)

Updates `sveltekit-superforms` from 1.13.4 to 2.30.0
- [Release notes](https://github.com/ciscoheat/sveltekit-superforms/releases)
- [Changelog](https://github.com/ciscoheat/sveltekit-superforms/blob/main/CHANGELOG.md)
- [Commits](ciscoheat/sveltekit-superforms@v1.13.4...v2.30.0)

---
updated-dependencies:
- dependency-name: svelte
  dependency-version: 5.53.6
  dependency-type: direct:development
- dependency-name: "@skeletonlabs/skeleton"
  dependency-version: 2.11.0
  dependency-type: direct:development
- dependency-name: "@sveltejs/kit"
  dependency-version: 2.53.4
  dependency-type: direct:development
- dependency-name: eslint-plugin-svelte
  dependency-version: 2.46.1
  dependency-type: direct:development
- dependency-name: prettier-plugin-svelte
  dependency-version: 3.5.0
  dependency-type: direct:development
- dependency-name: sveltekit-superforms
  dependency-version: 2.30.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 28, 2026
@dependabot dependabot bot mentioned this pull request Feb 28, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants