Skip to content

build(deps-dev): bump the dev-dependencies group across 1 directory with 8 updates#112

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/resolution-frontend/dev-dependencies-291eedab22
Open

build(deps-dev): bump the dev-dependencies group across 1 directory with 8 updates#112
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/resolution-frontend/dev-dependencies-291eedab22

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps the dev-dependencies group with 8 updates in the /resolution-frontend directory:

Package From To
@sveltejs/adapter-vercel 6.3.3 6.3.4
@sveltejs/kit 2.59.1 2.67.0
@testing-library/svelte 5.3.1 5.4.2
@vitest/coverage-v8 4.1.6 4.1.9
svelte 5.55.5 5.56.3
svelte-check 4.4.8 4.6.0
vite 8.0.12 8.1.0
vitest 4.1.6 4.1.9

Updates @sveltejs/adapter-vercel from 6.3.3 to 6.3.4

Release notes

Sourced from @​sveltejs/adapter-vercel's releases.

@​sveltejs/adapter-vercel@​6.3.4

Patch Changes

Changelog

Sourced from @​sveltejs/adapter-vercel's changelog.

6.3.4

Patch Changes

Commits

Updates @sveltejs/kit from 2.59.1 to 2.67.0

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.67.0

Minor Changes

  • feat: add prerender.handleInvalidUrl option for invalid URLs discovered while crawling (#16088)

Patch Changes

  • fix: support exactOptionalPropertyTypes for optional form schema fields (#15866)

  • fix: avoid unnecessarily overriding a user's Vite 8 codeSplitting setting (#16118)

@​sveltejs/kit@​2.66.0

Minor Changes

  • feat: precompress prerendered .md and .mdx files (#15893)

  • feat: warn the user when they forget to make boolean inputs optional in their form schemas (#15804)

Patch Changes

  • fix: blur active element before component update during navigation so that blur/focusout handlers fire while old component data is still valid (#15452)

  • fix: ensure base is available from $service-worker during development (#15882)

  • fix: use correct relative asset paths when rendering an error page for a missing __data.json request (#15884)

  • fix: preserve active for await consumers across query.live reconnects (#16022)

  • fix: settle query.live reconnect promise on all exit paths, preventing invalidateAll() from deadlocking when a live query is offline or interrupted (#16022)

  • fix: preserve last value when a query.live stream completes without yielding on reconnect (#16022)

  • fix: remove types: ['node'] from generated tsconfig to avoid errors when @types/node is not installed (#15709)

  • fix: prefer pages over endpoints when prerendering (#16076)

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.67.0

Minor Changes

  • feat: add prerender.handleInvalidUrl option for invalid URLs discovered while crawling (#16088)

Patch Changes

  • fix: support exactOptionalPropertyTypes for optional form schema fields (#15866)

  • fix: avoid unnecessarily overriding a user's Vite 8 codeSplitting setting (#16118)

2.66.0

Minor Changes

  • feat: precompress prerendered .md and .mdx files (#15893)

  • feat: warn the user when they forget to make boolean inputs optional in their form schemas (#15804)

Patch Changes

  • fix: blur active element before component update during navigation so that blur/focusout handlers fire while old component data is still valid (#15452)

  • fix: ensure base is available from $service-worker during development (#15882)

  • fix: use correct relative asset paths when rendering an error page for a missing __data.json request (#15884)

  • fix: preserve active for await consumers across query.live reconnects (#16022)

  • fix: settle query.live reconnect promise on all exit paths, preventing invalidateAll() from deadlocking when a live query is offline or interrupted (#16022)

  • fix: preserve last value when a query.live stream completes without yielding on reconnect (#16022)

  • fix: remove types: ['node'] from generated tsconfig to avoid errors when @types/node is not installed (#15709)

  • fix: prefer pages over endpoints when prerendering (#16076)

... (truncated)

Commits
  • c5d0e83 Version Packages (#16086)
  • cf15fa0 fix: add handleInvalidUrl prerender option for non-HTTP URL schemes (#16088)
  • 2992e17 fix: avoid overwriting codeSplitting for split apps (#16118)
  • d71dabb chore: fix internal types export target (#16113)
  • 7b43b29 chore: fix more flaky tests (#16061)
  • 5c76121 fix: allow optional remote form schema fields under `{exactOptionalPropertyTy...
  • 4c9b8f1 Version Packages (#16062)
  • 276744d fix: preflight schemas apply correctly when chained before for (#15863)
  • e8c8d84 chore: DRY out __sveltekit_xyz123 stuff (#16085)
  • 4eabadc fix: fail early if a route with +page and +server is marked as prerendera...
  • Additional commits viewable in compare view

Updates @testing-library/svelte from 5.3.1 to 5.4.2

Release notes

Sourced from @​testing-library/svelte's releases.

@​testing-library/svelte@​5.4.2

@​testing-library/svelte 5.4.2 (2026-06-23)

Bug Fixes

  • core: separate runes and non-runes wrapper scaffold (#497) (514a9c5), closes #496

Dependencies

  • @​testing-library/svelte-core: upgraded to 1.1.3

@​testing-library/svelte@​5.4.1

@​testing-library/svelte 5.4.1 (2026-06-21)

Dependencies

  • @​testing-library/svelte-core: upgraded to 1.1.2

@​testing-library/svelte@​5.4.0

@​testing-library/svelte 5.4.0 (2026-06-20)

Features

Dependencies

  • @​testing-library/svelte-core: upgraded to 1.1.0
Commits
  • 514a9c5 fix(core): separate runes and non-runes wrapper scaffold (#497)
  • 959f8c5 feat: add wrapper option (#492)
  • bc9cab5 chore(deps-dev): bump the development group across 1 directory with 11 update...
  • See full diff in compare view

Updates @vitest/coverage-v8 from 4.1.6 to 4.1.9

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.9

🐞 Bug Fixes

View changes on GitHub

v4.1.8

   🐞 Bug Fixes

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates svelte from 5.55.5 to 5.56.3

Release notes

Sourced from svelte's releases.

svelte@5.56.3

Patch Changes

  • fix: ignore errors that occur in destroyed effects (#18384)

  • fix: type BigInts in $state.snapshot(...) return values (#18388)

svelte@5.56.2

Patch Changes

  • fix: properly track effect end node for async sibling component (#18371)

  • fix: prevent false-positive reactivity loss warning (#18373)

  • chore: bump esrap dependency (#18372)

  • fix: ignore declaration tags for animation directive (#18366)

  • fix: reject pending async deriveds on discard (#18308)

svelte@5.56.1

Patch Changes

  • fix: error at compile time on duplicate snippet/declaration tag definitions (#18351)

  • fix: parse declaration tag contents more robustly (#18353)

  • fix: correctly transform references to earlier declarators in a declaration tag (e.g. {let a = $state(0), b = $derived(a * 2)}) (#18348)

  • fix: avoid spurious state_referenced_locally warnings for $derived declarations in declaration tags (#18348)

  • fix: tolerate whitespace before let/const in declaration tags (#18348)

  • fix: prevent infinite loop when a tag's expression ends with a trailing / at the end of the input (#18350)

  • fix: more robust parsing of declaration tags with regards to type (#18330)

  • fix: preserve newlines in spread input values when the type attribute is applied after value (#18345)

  • fix: update SvelteURLSearchParams when setting duplicate keys to the same joined value (#18336)

  • fix: check references for blockers on server, too (#18352)

svelte@5.56.0

Minor Changes

  • feat: allow declarations in the template (#18282)

Patch Changes

... (truncated)

Changelog

Sourced from svelte's changelog.

5.56.3

Patch Changes

  • fix: ignore errors that occur in destroyed effects (#18384)

  • fix: type BigInts in $state.snapshot(...) return values (#18388)

5.56.2

Patch Changes

  • fix: properly track effect end node for async sibling component (#18371)

  • fix: prevent false-positive reactivity loss warning (#18373)

  • chore: bump esrap dependency (#18372)

  • fix: ignore declaration tags for animation directive (#18366)

  • fix: reject pending async deriveds on discard (#18308)

5.56.1

Patch Changes

  • fix: error at compile time on duplicate snippet/declaration tag definitions (#18351)

  • fix: parse declaration tag contents more robustly (#18353)

  • fix: correctly transform references to earlier declarators in a declaration tag (e.g. {let a = $state(0), b = $derived(a * 2)}) (#18348)

  • fix: avoid spurious state_referenced_locally warnings for $derived declarations in declaration tags (#18348)

  • fix: tolerate whitespace before let/const in declaration tags (#18348)

  • fix: prevent infinite loop when a tag's expression ends with a trailing / at the end of the input (#18350)

  • fix: more robust parsing of declaration tags with regards to type (#18330)

  • fix: preserve newlines in spread input values when the type attribute is applied after value (#18345)

  • fix: update SvelteURLSearchParams when setting duplicate keys to the same joined value (#18336)

  • fix: check references for blockers on server, too (#18352)

5.56.0

Minor Changes

... (truncated)

Commits

Updates svelte-check from 4.4.8 to 4.6.0

Release notes

Sourced from svelte-check's releases.

svelte-check@4.6.0

Minor Changes

  • feat: support reading Svelte config from vite.config.js/ts (#3031)

Patch Changes

  • Updated dependencies [151cf45]:
    • @​sveltejs/load-config@​0.1.1

svelte-check@4.5.0

Minor Changes

  • feat: support Svelte 5 declaration tags (#3033)

Patch Changes

  • fix: properly handle props with the name slot inside Svelte 5 snippets (#3030)

  • feat: add support for svelte config ts/mts files (#3009)

Commits

Updates vite from 8.0.12 to 8.1.0

Release notes

Sourced from vite's releases.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

v8.0.14

Please refer to CHANGELOG.md for details.

v8.0.13

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.0 (2026-06-23)

Features

Bug Fixes

  • bundled-dev: errors should be kept when incremental build fails (#22617) (9a0dd48)
  • cache falsy values in perEnvironmentState (#22715) (0e91e79)
  • glob: respect caseSensitive option in hmr matcher (#22711) (65f525e)
  • html: omit nonce on import map when cspNonce is unset (#22713) (8340bb5)
  • optimizer: skip null-valued exports in expandGlobIds glob resolution (#22611) (8b9f5cd)
  • resolved build options should be kept as a getter (#22691) (3527191)
  • server: handle malformed URI in memory files middleware (#22714) (df9e0a5)
  • use literal envPrefix queries for Vite Task (#22706) (da72733)
  • warn on deprecated envFile (#22555) (ed7b283)

Code Refactoring

8.1.0-beta.0 (2026-06-15)

Features

  • import.meta.glob support caseSensitive option (#21707) (2ad6737)
  • add warning to discourage Vite with yarn pnp (#21906) (3fbb55a)
  • build: chunk importmap (#21580) (e180312)
  • css: support lightningcss plugin dependency (#21748) (0b7aaed)
  • deps: bump @​vitejs/devtools peer dependency version (#22542) (d2c2bc0)
  • html: add html.additionalAssetSources option (#21412) (a41404b)
  • integrate with Vite Task for zero-config build caching (#22453) (f8d75f7)
  • rename server.hmr options to server.ws options (#21357) (9ce3036)
  • server: support multiple hosts in __VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS (#21501) (735f9a1)
  • track dependencies when loading config with native (#22602) (a7e2da8)
  • types: add more precise typing for known query types to match known as types (#21863) (cc39e55)
  • update rolldown to 1.1.1 (#22593) (8a13d63)
  • wasm: direct .wasm imports (WASM ESM Integration) (#21779) (c23d85b)

Bug Fixes

  • apply correct fs restrictions for pnpm gvs (#22415) (092320b)
  • css: support external CSS with lightningcss (#18389) (d64a1a5)
  • deps: update all non-major dependencies (#22637) (44bb9d9)
  • deps: update all non-major dependencies (#22681) (f4f0633)
  • html: insert import map before modulepreload that is not self-close tag (#21409) (e399c89)
  • optimizer: preserve sourcemaps for transformed optimized deps with follow-up transforms (#22428) (1298951)

... (truncated)

Commits

Updates vitest from 4.1.6 to 4.1.9

Release notes

Sourced from vitest's releases.

v4.1.9

🐞 Bug Fixes

View changes on GitHub

v4.1.8

   🐞 Bug Fixes

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub
Commits
  • a7a61e7 chore: release v4.1.9 (#10598)
  • 934b0f5 fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...
  • 7fb2965 fix(browser): wait for orchestrator readiness before resolving browser sessio...
  • a518019 fix: fix importOriginal with optimizer and query import [backport to v4] (#...
  • e61f2dd chore: release v4.1.8
  • e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
  • a09d472 chore: release v4.1.7
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…ith 8 updates

Bumps the dev-dependencies group with 8 updates in the /resolution-frontend directory:

| Package | From | To |
| --- | --- | --- |
| [@sveltejs/adapter-vercel](https://github.com/sveltejs/kit/tree/HEAD/packages/adapter-vercel) | `6.3.3` | `6.3.4` |
| [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `2.59.1` | `2.67.0` |
| [@testing-library/svelte](https://github.com/testing-library/svelte-testing-library/tree/HEAD/packages/svelte) | `5.3.1` | `5.4.2` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.6` | `4.1.9` |
| [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `5.55.5` | `5.56.3` |
| [svelte-check](https://github.com/sveltejs/language-tools) | `4.4.8` | `4.6.0` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.12` | `8.1.0` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.6` | `4.1.9` |



Updates `@sveltejs/adapter-vercel` from 6.3.3 to 6.3.4
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/adapter-vercel/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/adapter-vercel@6.3.4/packages/adapter-vercel)

Updates `@sveltejs/kit` from 2.59.1 to 2.67.0
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.67.0/packages/kit)

Updates `@testing-library/svelte` from 5.3.1 to 5.4.2
- [Release notes](https://github.com/testing-library/svelte-testing-library/releases)
- [Changelog](https://github.com/testing-library/svelte-testing-library/blob/main/CHANGELOG.md)
- [Commits](https://github.com/testing-library/svelte-testing-library/commits/@testing-library/svelte@5.4.2/packages/svelte)

Updates `@vitest/coverage-v8` from 4.1.6 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/coverage-v8)

Updates `svelte` from 5.55.5 to 5.56.3
- [Release notes](https://github.com/sveltejs/svelte/releases)
- [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.56.3/packages/svelte)

Updates `svelte-check` from 4.4.8 to 4.6.0
- [Release notes](https://github.com/sveltejs/language-tools/releases)
- [Commits](https://github.com/sveltejs/language-tools/compare/svelte-check@4.4.8...svelte-check@4.6.0)

Updates `vite` from 8.0.12 to 8.1.0
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.1.0/packages/vite)

Updates `vitest` from 4.1.6 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/vitest)

---
updated-dependencies:
- dependency-name: "@sveltejs/adapter-vercel"
  dependency-version: 6.3.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: "@sveltejs/kit"
  dependency-version: 2.67.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: "@testing-library/svelte"
  dependency-version: 5.4.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: svelte
  dependency-version: 5.56.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: svelte-check
  dependency-version: 4.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: vite
  dependency-version: 8.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: vitest
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 23, 2026
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updated@​sveltejs/​adapter-vercel@​6.3.3 ⏵ 6.3.4100 +110075 +195100
Updatedvitest@​4.1.6 ⏵ 4.1.998 +110079 +198100
Updated@​vitest/​coverage-v8@​4.1.6 ⏵ 4.1.9991007998100
Updated@​sveltejs/​kit@​2.59.1 ⏵ 2.67.099 +1100 +281 +198 +1100
Updatedvite@​8.0.12 ⏵ 8.1.097 -1100 +1882 +198100
Updatedsvelte@​5.55.5 ⏵ 5.56.388 +1100 +688 +197100
Updatedsvelte-check@​4.4.8 ⏵ 4.6.010010010094100
Updated@​testing-library/​svelte@​5.3.1 ⏵ 5.4.2100 +110010097 +8100

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/vite@8.1.0npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants