chore(deps-dev): bump the all-pnpm-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the all-pnpm-dependencies group with 7 updates in the / directory:

Package	From	To
@sveltejs/kit	2.49.5	2.53.1
devalue	5.6.2	5.6.3
prettier	3.8.0	3.8.1
prettier-plugin-svelte	3.4.1	3.5.0
rollup	4.55.1	4.59.0
svelte	5.46.4	5.53.3
svelte-check	4.3.5	4.4.3

Updates @sveltejs/kit from 2.49.5 to 2.53.1

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.53.1

Patch Changes

• fix: address warning about inlineDynamicImports when using Vite 8 (#15403)

@​sveltejs/kit@​2.53.0

Minor Changes

• feat: support Vite 8 (#15024)

Patch Changes

• fix: remove event listeners on form attachment cleanup (#15286)

• fix: apply queries refreshed in a form remote function when a redirect is thrown (#15362)

@​sveltejs/kit@​2.52.2

Patch Changes

• fix: validate form file information to prevent amplification attacks (3e607b3)

• chore: upgrade devalue and svelte (#15339)

• fix: parse file offset table more strictly (f47c01b)

@​sveltejs/kit@​2.52.0

Minor Changes

• feat: match function to map a path back to a route id and params (#14997)

Patch Changes

• fix: respect scroll-margin when navigating to a url-supplied anchor (#15246)

• fix: resolve will narrow types to follow trailing slash page settings (#15027)

@​sveltejs/kit@​2.51.0

Minor Changes

• feat: add scroll property to NavigationTarget in navigation callbacks (#15248)

  Navigation callbacks (beforeNavigate, onNavigate, and afterNavigate) now include scroll position information via the scroll property on from and to targets:

  • from.scroll: The scroll position at the moment navigation was triggered
  • to.scroll: In beforeNavigate and onNavigate, this is populated for popstate navigations (back/forward) with the scroll position that will be restored, and null for other navigation types. In afterNavigate, this is always the final scroll position after navigation completed.

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.53.1

Patch Changes

• fix: address warning about inlineDynamicImports when using Vite 8 (#15403)

2.53.0

Minor Changes

• feat: support Vite 8 (#15024)

Patch Changes

• fix: remove event listeners on form attachment cleanup (#15286)

• fix: apply queries refreshed in a form remote function when a redirect is thrown (#15362)

2.52.2

Patch Changes

• fix: validate form file information to prevent amplification attacks (3e607b3)

• chore: upgrade devalue and svelte (#15339)

• fix: parse file offset table more strictly (f47c01b)

2.52.1

Patch Changes

• fix: clear stale preflight issues on subsequent valid form submissions (#15281)

• chore: remove dependency on sade (#15272)

• fix: include .txt files in precompression (#15259)

• fix: escape backticks and dollar signs when creating inlined css (#15320)

• fix: increment form.pending count before preflight validation (#15279)

... (truncated)

Commits

• 4c80e06 Version Packages (#15405)
• a1b7154 fix: address warning about inlineDynamicImports when using Vite 8 (#15403)
• f80c327 Version Packages (#15342)
• 1471694 chore: upgrade to eslint 10 (#15359)
• 3e0189d fix: apply queries refreshed in a form remote function when a redirect is thr...
• 6df9d33 fix: remove event listeners on form attachment cleanup (#15286)
• 800d904 feat: support Vite 8 (#15024)
• 9c4a737 Version Packages (#15338)
• 3e607b3 Merge commit from fork
• 62991c8 chore: upgrade devalue and svelte (#15339)
• Additional commits viewable in compare view

Updates devalue from 5.6.2 to 5.6.3

Release notes

Sourced from devalue's releases.

v5.6.3

Patch Changes

• 0f04d4d: fix: Properly handle __proto__
• 819f1ac: fix: better encoding for sparse arrays

Changelog

Sourced from devalue's changelog.

5.6.3

Patch Changes

• 0f04d4d: fix: Properly handle __proto__
• 819f1ac: fix: better encoding for sparse arrays

Commits

• a4a37d2 Version Packages (#132)
• 819f1ac Merge commit from fork
• 0f04d4d Merge commit from fork
• See full diff in compare view

Updates prettier from 3.8.0 to 3.8.1

Release notes

Sourced from prettier's releases.

3.8.1

• Include available printers in plugin type declarations (#18706 by @​porada)

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.1

diff

Include available printers in plugin type declarations (#18706 by @​porada)

// Input
import * as prettierPluginEstree from "prettier/plugins/estree";
// Prettier 3.8.0
// Property 'printers' does not exist on type 'typeof import("prettier/plugins/estree")'. ts(2339)
prettierPluginEstree.printers.estree; //=> any
// Prettier 3.8.1
prettierPluginEstree.printers.estree; //=> Printer
prettierPluginEstree.printers["estree-json"]; //=> Printer

Commits

• 90983f4 Release 3.8.1
• 57f702f Include available printers in plugin type declarations (#18706)
• bece827 Revert change in release script
• 82a4ab2 Bump Prettier dependency to 3.8.0
• 5213ee4 Clean changelog_unreleased
• f95ad0f Comment out finished steps
• b2034e8 Fix release script
• 5824b15 Release 3.8.0
• 0433601 Add blog post for v3.8.0 (#18639)
• c45fef1 Fix LWC attribute with --embedded-language-formatting off (#18383)
• See full diff in compare view

Updates prettier-plugin-svelte from 3.4.1 to 3.5.0

Changelog

Sourced from prettier-plugin-svelte's changelog.

3.5.0

• (feat) Svelte 5: print attribute comments

Commits

• fa0fc94 feat: print attribute comments (Svelte 5) (#510)
• See full diff in compare view

Updates rollup from 4.55.1 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

• Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

• #6275: Validate bundle stays within output dir (@​lukastaegert)

v4.58.0

4.58.0

2026-02-20

Features

• Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

• #6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@​njg7194, @​lukastaegert)
• #6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@​millerick, @​lukastaegert)
• #6260: fix(deps): update rust crate swc_compiler_base to v47 (@​renovate[bot], @​lukastaegert)
• #6261: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6262: Avoid unnecessary cloning of the code string (@​lukastaegert)
• #6263: fix(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6265: chore(deps): lock file maintenance (@​renovate[bot])
• #6267: fix(deps): update minor/patch updates (@​renovate[bot])
• #6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@​renovate[bot], @​lukastaegert)
• #6269: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #6270: chore(deps): lock file maintenance (@​renovate[bot])
• #6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@​lukastaegert)

v4.57.1

4.57.1

2026-01-30

Bug Fixes

• Fix heap corruption issue in Windows (#6251)
• Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

• #6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@​alan-agius4, @​lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

• Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

• #6275: Validate bundle stays within output dir (@​lukastaegert)

4.58.0

2026-02-20

Features

• Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

• #6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@​njg7194, @​lukastaegert)
• #6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@​millerick, @​lukastaegert)
• #6260: fix(deps): update rust crate swc_compiler_base to v47 (@​renovate[bot], @​lukastaegert)
• #6261: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6262: Avoid unnecessary cloning of the code string (@​lukastaegert)
• #6263: fix(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6265: chore(deps): lock file maintenance (@​renovate[bot])
• #6267: fix(deps): update minor/patch updates (@​renovate[bot])
• #6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@​renovate[bot], @​lukastaegert)
• #6269: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #6270: chore(deps): lock file maintenance (@​renovate[bot])
• #6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@​lukastaegert)

4.57.1

2026-01-30

Bug Fixes

• Fix heap corruption issue in Windows (#6251)
• Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

• #6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@​alan-agius4, @​lukastaegert)
• #6252: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #6253: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6254: Fully include dynamic imports in a try-catch (@​lukastaegert)

... (truncated)

Commits

• ae84695 4.59.0
• b39616e Update audit-resolve
• c60770d Validate bundle stays within output dir (#6275)
• 33f39c1 4.58.0
• b61c408 forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...
• 7f00689 Extend agent instructions
• e7b2b85 chore(deps): lock file maintenance (#6270)
• 2aa5da9 fix(deps): update minor/patch updates (#6267)
• 4319837 chore(deps): update dependency lru-cache to v11 (#6269)
• c3b6b4b chore(deps): update dependency eslint-plugin-unicorn to v63 (#6268)
• Additional commits viewable in compare view

Updates svelte from 5.46.4 to 5.53.3

Release notes

Sourced from svelte's releases.

svelte@5.53.3

Patch Changes

• fix: render :catch of #await block with correct key (#17769)

• chore: pin aria-query@5.3.1 (#17772)

• fix: make string coercion consistent to toString (#17774)

svelte@5.53.2

Patch Changes

• fix: update expressions on server deriveds (#17767)

• fix: further obfuscate node:crypto import from overzealous static analysis (#17763)

svelte@5.53.1

Patch Changes

• fix: handle shadowed function names correctly (#17753)

svelte@5.53.0

Minor Changes

• feat: allow comments in tags (#17671)

• feat: allow error boundaries to work on the server (#17672)

Patch Changes

• fix: use TrustedHTML to test for customizable support, where necessary (#17743)

• fix: ensure head effects are kept in the effect tree (#17746)

• chore: deactivate current_batch by default in unset_context (#17738)

svelte@5.52.0

Minor Changes

• feat: support TrustedHTML in {@html} expressions (#17701)

Patch Changes

• fix: repair dynamic component truthy/falsy hydration mismatches (#17737)

• fix: re-run non-render-bound deriveds on the server (#17674)

svelte@5.51.5

Patch Changes

... (truncated)

Changelog

Sourced from svelte's changelog.

5.53.3

Patch Changes

• fix: render :catch of #await block with correct key (#17769)

• chore: pin aria-query@5.3.1 (#17772)

• fix: make string coercion consistent to toString (#17774)

5.53.2

Patch Changes

• fix: update expressions on server deriveds (#17767)

• fix: further obfuscate node:crypto import from overzealous static analysis (#17763)

5.53.1

Patch Changes

• fix: handle shadowed function names correctly (#17753)

5.53.0

Minor Changes

• feat: allow comments in tags (#17671)

• feat: allow error boundaries to work on the server (#17672)

Patch Changes

• fix: use TrustedHTML to test for customizable <select> support, where necessary (#17743)

• fix: ensure head effects are kept in the effect tree (#17746)

• chore: deactivate current_batch by default in unset_context (#17738)

5.52.0

Minor Changes

• feat: support TrustedHTML in {@html} expressions (#17701)

Patch Changes

• fix: repair dynamic component truthy/falsy hydration mismatches (#17737)

... (truncated)

Commits

• 97f3ac5 Version Packages (#17775)
• 7deedc5 fix: render :catch of #await block with correct key (#17769)
• f67d03d fix: make string coercion consistent to toString (#17774)
• 4e29eee chore: pin aria-query@5.3.1 (#17772)
• 69e6c4c Version Packages (#17768)
• d75d1f7 fix: further obfuscate node:crypto import from overzealous static analysis ...
• 6aa7b9c fix: update expressions on server deriveds (#17767)
• d258f85 Version Packages (#17755)
• 0c7f815 fix: handle shadowed function names correctly (#17753)
• 7106da4 chore: fix changelog (#17754)
• Additional commits viewable in compare view

Updates svelte-check from 4.3.5 to 4.4.3

Release notes

Sourced from svelte-check's releases.

svelte-check@4.4.3

Patch Changes

• fix: respect @ts-ignore etc comments within tags (#2950)

svelte-check@4.4.2

Patch Changes

• fix: resolve shims correctly in --incremental/tsgo mode (cd1ff2f)

• fix: include references in generated tsconfig.json in --incremental/tsgo mode (1990f74)

svelte-check@4.4.1

Patch Changes

• fix: handle relative imports reaching outside working directory when using --incremental/--tsgo flags (#2942)

• fix: support SvelteKit zero types in svelte-check --incremental (#2939)

svelte-check@4.4.0

Minor Changes

• feat: provide --incremental and --tsgo flags (#2932)

Patch Changes

• fix: ignore Unix domain sockets in file watcher to prevent crashes (#2931)

• fix: properly use machine output by default for Claude Code (e9f58d2)

svelte-check@4.3.6

Patch Changes

• fix: don't hoist type/snippet referencing $store (#2926)

Commits

• abf0c20 Version Packages (#2951)
• 3a3d6e3 fix: respect @ts-ignore etc comments within tags (#2950)
• 27b7eb8 Version Packages (#2949)
• d69eb72 fix: detect existing JSDoc @​satisfies to prevent duplicate injection (#2946)
• 1990f74 fix: include references in generated tsconfig.json in `--incremental/tsgo...
• cd1ff2f fix: resolve shims correctly in --incremental/tsgo mode
• 8625343 fix: support toggle-comment-key in start tags
• d13f08d Version Packages (#2945)
• 32bd44e feat: support for comments in tags (#2944)
• c14bf1d Version Packages (#2940)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions