chore(deps-dev): bump the npm group across 1 directory with 4 updates

[dependabot]

Bumps the npm group with 4 updates in the /.github/frontend directory: @sveltejs/kit, @sveltejs/vite-plugin-svelte, svelte-check and vite.

Updates @sveltejs/kit from 2.58.0 to 2.59.1

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.59.1

Patch Changes

• fix: resolve paths to route files with the letter drive on Windows (#15793)

@​sveltejs/kit@​2.59.0

Minor Changes

• feat: support query.batch in requested(...) (#15751)

• breaking: on the server, make the promise returned from refresh represent adding the refresh to the map, not the time it takes to run the remote function (#15705)

• feat: experimental query.live function (#15705)

Patch Changes

• fix: unwrap Promise in RemoteCommand output type (#15771)

• fix: empty call to .updates() on a command/form invocation means "don't update anything" (#15705)

• fix: form.fields.foo.as('checkbox', default_value) now works (#15752)

• fix: remote forms with default values defined by field.as('text', defaultValue) now correctly reset to the provided default values once submitted (#15753)

• fix: make sure queries always get started correctly (#15705)

• fix: allow plain functions as overrides in updates (#15705)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.59.1

Patch Changes

• fix: resolve paths to route files with the letter drive on Windows (#15793)

2.59.0

Minor Changes

• feat: support query.batch in requested(...) (#15751)

• breaking: on the server, make the promise returned from refresh represent adding the refresh to the map, not the time it takes to run the remote function (#15705)

• feat: experimental query.live function (#15705)

Patch Changes

• fix: unwrap Promise in RemoteCommand output type (#15771)

• fix: empty call to .updates() on a command/form invocation means "don't update anything" (#15705)

• fix: form.fields.foo.as('checkbox', default_value) now works (#15752)

• fix: remote forms with default values defined by field.as('text', defaultValue) now correctly reset to the provided default values once submitted (#15753)

• fix: make sure queries always get started correctly (#15705)

• fix: allow plain functions as overrides in updates (#15705)

Commits

• 9cfa07d Version Packages (#15795)
• e547ec1 fix: resolve user files with drive letter on Windows (#15793)
• 522ac32 Version Packages (#15769)
• a416bb0 docs: improve description for read config parameter (#15673)
• af248a7 fix: unwrap Promise in RemoteCommand output type (#15771)
• 1c8e573 fix: remote forms with default values defined by `field.as('text', defaultVal...
• 5b28e23 feat: support query.batch in requested (#15751)
• a074dc1 fix: .as('checkbox', value) was completely broken (#15752)
• 055ac24 feat: experimental query.live remote function (#15705)
• c1d3633 chore: fix IDE typescript errors (#15756)
• See full diff in compare view

Updates @sveltejs/vite-plugin-svelte from 7.0.0 to 7.1.2

Release notes

Sourced from @​sveltejs/vite-plugin-svelte's releases.

@​sveltejs/vite-plugin-svelte@​7.1.2

Patch Changes

• fix: correctly resolve compiled CSS on the server for dependencies with Svelte files (#1342)

@​sveltejs/vite-plugin-svelte@​7.1.1

Patch Changes

• fix: pass typescript.onlyRemoveTypeImports to transformWithOxc in vitePreprocess so that value imports are not dropped when they are only referenced in Svelte template markup (#1326)

• fix: correctly resolve compiled CSS for optimised Svelte dependencies on the server (#1336)

@​sveltejs/vite-plugin-svelte@​7.1.0

Minor Changes

• feat: enable optimizer for server environments during dev (#1328)

Changelog

Sourced from @​sveltejs/vite-plugin-svelte's changelog.

7.1.2

Patch Changes

• fix: correctly resolve compiled CSS on the server for dependencies with Svelte files (#1342)

7.1.1

Patch Changes

• fix: pass typescript.onlyRemoveTypeImports to transformWithOxc in vitePreprocess so that value imports are not dropped when they are only referenced in Svelte template markup (#1326)

• fix: correctly resolve compiled CSS for optimised Svelte dependencies on the server (#1336)

7.1.0

Minor Changes

• feat: enable optimizer for server environments during dev (#1328)

Commits

• 471f822 Version Packages (#1344)
• 1a9bc08 fix: always retrieve CSS using component filename first (#1342)
• 508d91b Version Packages (#1339)
• 990e58c fix: correctly resolve Svelte CSS on the server during development (#1336)
• d5458a9 fix: restore value imports stripped by oxc in script preprocessing (#1326)
• 1c85126 Version Packages (#1331)
• 1a4d225 feat: enable optimizer for server environments during dev (#1328)
• d91be5f fix: use correct pnpm catalog syntax
• 4d3afb4 chore: fix audit CI (#1327)
• 8b3687b use modern JSDoc imports (#1309)
• See full diff in compare view

Updates svelte-check from 4.4.6 to 4.4.8

Release notes

Sourced from svelte-check's releases.

svelte-check@4.4.8

Patch Changes

• feat: typescript 6.0 support (#2985)

svelte-check@4.4.7

Patch Changes

• fix: flush stdout/stderr before exit (#3014)

• fix: report diagnostics in tsconfig.json (#3005)

Commits

• 0070c6f Version Packages (#3015)
• 29e2894 feat: typescript 6.0 support (#2985)
• d99bb34 Version Packages (#2999)
• 35428ae fix: flush stdout/stderr before exit in svelte-check (#3014)
• a553963 fix: report diagnostics in tsconfig.json (#3005)
• 4c306eb fix: prevent incorrect $types imports being injected in update import (#3010)
• 31488f9 fix: properly place svelte-ignore comment in quickfix when \<script module> ...
• 5be821d fix: prevent duplicate diagnostics (#3000)
• 8b103ba fix: hoist self-referenced props interface (#2998)
• See full diff in compare view

Updates vite from 8.0.10 to 8.0.12

Release notes

Sourced from vite's releases.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.12 (2026-05-11)

Features

• update rolldown to 1.0.0 (#22401) (cf0ff41)

Bug Fixes

• deps: update all non-major dependencies (#22420) (2be6000)
• module-runner: prevent partial-exports race on concurrent imports of in-flight invalidated re-export chains (#22369) (f5a22e6)
• refer to rolldownOptions instead of deprecated rollupOptions in messages (#22400) (b675c7b)
• worker: apply build.target to worker bundle (#22404) (3c93fde)
• worker: forward define to worker bundle transform (#22408) (d4838a0)

Miscellaneous Chores

• deps: update dependency eslint-plugin-n to v18 (#22423) (2fe7bd2)
• deps: update rolldown-related dependencies (#22421) (66b9eb3)

8.0.11 (2026-05-07)

Features

• update rolldown to 1.0.0-rc.18 (#22360) (3f80524)

Bug Fixes

• deps: update all non-major dependencies (#22334) (672c962)
• deps: update all non-major dependencies (#22382) (5c0cfcb)
• glob: align hmr matcher options with glob enumeration (#22306) (30028f9)
• make separate object instance for each environment (#22276) (7c2aa3b)

Documentation

• create-vite: list react-compiler templates in README (#22347) (7c3a61f)
• explain mergeConfig skips null/undefined (#22325) (2151f70)
• mention native config loader in CLI options (#22348) (0420c5d)
• update evan's x handle (640202a)

Miscellaneous Chores

• deps: update dependency tsdown to ^0.21.10 (#22333) (3b51e05)
• deps: update rolldown-related dependencies (#22383) (555ff36)
• deps: update transitive packages to fix npm audit alerts (#22316) (86aee62)

Code Refactoring

• devtools integration (#22312) (3c8bf06)
• remove unnecessary async (#22296) (b31fd35)
• show direct path type in bad character warning (#22339) (0c162e9)

Tests

... (truncated)

Commits

• 4dce8b4 release: v8.0.12
• b675c7b fix: refer to rolldownOptions instead of deprecated rollupOptions in mess...
• 66b9eb3 chore(deps): update rolldown-related dependencies (#22421)
• 2fe7bd2 chore(deps): update dependency eslint-plugin-n to v18 (#22423)
• 2be6000 fix(deps): update all non-major dependencies (#22420)
• d4838a0 fix(worker): forward define to worker bundle transform (#22408)
• cf0ff41 feat: update rolldown to 1.0.0 (#22401)
• 3c93fde fix(worker): apply build.target to worker bundle (#22404)
• f5a22e6 fix(module-runner): prevent partial-exports race on concurrent imports of in-...
• 66f3194 release: v8.0.11
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codeant-ai]

Skipping PR review because a bot author is detected.

If you want to trigger CodeAnt AI, comment @codeant-ai review to trigger a manual review.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​sveltejs/​kit@​2.59.1
	npm/​@​sveltejs/​vite-plugin-svelte@​7.1.2
	npm/​vite@​8.0.12
	npm/​svelte-check@​4.4.8

View full report

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

This is a standard Dependabot PR bumping 4 npm devDependencies in .github/frontend/:

• @sveltejs/kit: 2.55.0 → 2.59.1
• @sveltejs/vite-plugin-svelte: 7.0.0 → 7.1.2
• svelte-check: 4.0.0 → 4.4.8
• vite: 8.0.10 → 8.0.12

Both package.json and package-lock.json are updated consistently. The package-lock.json also picks up the transitive postcss 8.5.14 dependency (previously nested under vite/node_modules/postcss at 8.5.10, now hoisted) and bumps @rolldown/* packages from 1.0.0-rc.17 to 1.0.0.

Files Reviewed (2 files)

• .github/frontend/package.json
• .github/frontend/package-lock.json

---

_{Reviewed by ring-2.6-1t-20260508:free · 252,460 tokens}

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.