Skip to content

fix(deps): bump the all-minor-patch group with 9 updates#36

Merged
SkeLLLa merged 1 commit into
masterfrom
dependabot/npm_and_yarn/all-minor-patch-41bcf883f6
Jun 8, 2026
Merged

fix(deps): bump the all-minor-patch group with 9 updates#36
SkeLLLa merged 1 commit into
masterfrom
dependabot/npm_and_yarn/all-minor-patch-41bcf883f6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 7, 2026

Copy link
Copy Markdown
Contributor

Bumps the all-minor-patch group with 9 updates:

Package From To
svelte 5.56.0 5.56.3
@inlang/paraglide-js 2.18.1 2.18.2
@sveltejs/kit 2.61.1 2.63.0
@types/node 25.9.1 25.9.2
svelte-check 4.4.8 4.6.0
svelte-eslint-parser 1.7.0 1.8.0
typescript-eslint 8.60.0 8.60.1
vite 8.0.14 8.0.16
vite-plugin-mkcert 2.0.0 2.1.0

Updates svelte from 5.56.0 to 5.56.3

Release notes

Sourced from svelte's releases.

svelte@5.56.3

Patch Changes

  • fix: ignore errors that occur in destroyed effects (#18384)

  • fix: type BigInts in $state.snapshot(...) return values (#18388)

svelte@5.56.2

Patch Changes

  • fix: properly track effect end node for async sibling component (#18371)

  • fix: prevent false-positive reactivity loss warning (#18373)

  • chore: bump esrap dependency (#18372)

  • fix: ignore declaration tags for animation directive (#18366)

  • fix: reject pending async deriveds on discard (#18308)

svelte@5.56.1

Patch Changes

  • fix: error at compile time on duplicate snippet/declaration tag definitions (#18351)

  • fix: parse declaration tag contents more robustly (#18353)

  • fix: correctly transform references to earlier declarators in a declaration tag (e.g. {let a = $state(0), b = $derived(a * 2)}) (#18348)

  • fix: avoid spurious state_referenced_locally warnings for $derived declarations in declaration tags (#18348)

  • fix: tolerate whitespace before let/const in declaration tags (#18348)

  • fix: prevent infinite loop when a tag's expression ends with a trailing / at the end of the input (#18350)

  • fix: more robust parsing of declaration tags with regards to type (#18330)

  • fix: preserve newlines in spread input values when the type attribute is applied after value (#18345)

  • fix: update SvelteURLSearchParams when setting duplicate keys to the same joined value (#18336)

  • fix: check references for blockers on server, too (#18352)

Changelog

Sourced from svelte's changelog.

5.56.3

Patch Changes

  • fix: ignore errors that occur in destroyed effects (#18384)

  • fix: type BigInts in $state.snapshot(...) return values (#18388)

5.56.2

Patch Changes

  • fix: properly track effect end node for async sibling component (#18371)

  • fix: prevent false-positive reactivity loss warning (#18373)

  • chore: bump esrap dependency (#18372)

  • fix: ignore declaration tags for animation directive (#18366)

  • fix: reject pending async deriveds on discard (#18308)

5.56.1

Patch Changes

  • fix: error at compile time on duplicate snippet/declaration tag definitions (#18351)

  • fix: parse declaration tag contents more robustly (#18353)

  • fix: correctly transform references to earlier declarators in a declaration tag (e.g. {let a = $state(0), b = $derived(a * 2)}) (#18348)

  • fix: avoid spurious state_referenced_locally warnings for $derived declarations in declaration tags (#18348)

  • fix: tolerate whitespace before let/const in declaration tags (#18348)

  • fix: prevent infinite loop when a tag's expression ends with a trailing / at the end of the input (#18350)

  • fix: more robust parsing of declaration tags with regards to type (#18330)

  • fix: preserve newlines in spread input values when the type attribute is applied after value (#18345)

  • fix: update SvelteURLSearchParams when setting duplicate keys to the same joined value (#18336)

  • fix: check references for blockers on server, too (#18352)

Commits

Updates @inlang/paraglide-js from 2.18.1 to 2.18.2

Changelog

Sourced from @​inlang/paraglide-js's changelog.

2.18.2

Patch Changes

  • 4bea31a: Prevent paraglide-js compile --watch from cleaning the output directory on the initial compile.

  • 4dfa099: Fix emitted TypeScript declarations for message keys that require quoted export aliases, such as dotted nested keys.

    emitTsDeclarations now preserves quoted aliases from the generated JavaScript so .d.ts output remains valid for keys like greeting.hello. The optional TypeScript peer dependency now requires TypeScript 5.6 or newer, which supports arbitrary quoted module export names.

Commits

Updates @sveltejs/kit from 2.61.1 to 2.63.0

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.63.0

Minor Changes

  • feat: explicit env vars (#15934)

Patch Changes

  • fix: remove check for svelte.config.js before running sync (#15946)

  • fix: generate a placeholder tsconfig.json to squelch sync-time warnings (#15948)

  • fix: allow use of $app/env/public in service workers (#15950)

@​sveltejs/kit@​2.62.0

Minor Changes

  • feat: support passing Svelte(Kit) config via Vite plugin (#15944)

Patch Changes

  • fix: preserve multiple Set-Cookie headers on 304 responses (#15902)

  • fix: preload for anchor elements that were just previously preloaded (#15915)

  • fix: catch load function streaming errors on the client (#15929)

  • fix: avoid generating the _app/env.js module if public dynamic environment variables are not used by the app (#15940)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.63.0

Minor Changes

  • feat: explicit env vars (#15934)

Patch Changes

  • fix: remove check for svelte.config.js before running sync (#15946)

  • fix: generate a placeholder tsconfig.json to squelch sync-time warnings (#15948)

  • fix: allow use of $app/env/public in service workers (#15950)

2.62.0

Minor Changes

  • feat: support passing Svelte(Kit) config via Vite plugin (#15944)

Patch Changes

  • fix: preserve multiple Set-Cookie headers on 304 responses (#15902)

  • fix: preload for anchor elements that were just previously preloaded (#15915)

  • fix: catch load function streaming errors on the client (#15929)

  • fix: avoid generating the _app/env.js module if public dynamic environment variables are not used by the app (#15940)

Commits

Updates @types/node from 25.9.1 to 25.9.2

Commits

Updates svelte-check from 4.4.8 to 4.6.0

Release notes

Sourced from svelte-check's releases.

svelte-check@4.6.0

Minor Changes

  • feat: support reading Svelte config from vite.config.js/ts (#3031)

Patch Changes

  • Updated dependencies [151cf45]:
    • @​sveltejs/load-config@​0.1.1

svelte-check@4.5.0

Minor Changes

  • feat: support Svelte 5 declaration tags (#3033)

Patch Changes

  • fix: properly handle props with the name slot inside Svelte 5 snippets (#3030)

  • feat: add support for svelte config ts/mts files (#3009)

Commits

Updates svelte-eslint-parser from 1.7.0 to 1.8.0

Release notes

Sourced from svelte-eslint-parser's releases.

v1.8.0

Minor Changes

  • #895 fe36e97 Thanks @​baseballyama! - Add an experimental ts.sys.readFile hook that speeds up type-aware lint of .svelte files. Opt in with SVELTE_ESLINT_PARSER_EXPERIMENTAL_TS_SYS_HOOK=1. See the Experimental section in the README for details.

v1.7.1

Patch Changes

Changelog

Sourced from svelte-eslint-parser's changelog.

1.8.0

Minor Changes

  • #895 fe36e97 Thanks @​baseballyama! - Add an experimental ts.sys.readFile hook that speeds up type-aware lint of .svelte files. Opt in with SVELTE_ESLINT_PARSER_EXPERIMENTAL_TS_SYS_HOOK=1. See the Experimental section in the README for details.

1.7.1

Patch Changes

Commits
  • a23304c chore: release svelte-eslint-parser (#903)
  • 044cf45 chore(deps): update actions/checkout action to v6.0.3 (#904)
  • fe36e97 feat: experimental ts.sys.readFile hook for type-aware Svelte lint (#895)
  • 018f350 chore(deps): update changesets/action action to v1.9.0 (#902)
  • 0dcc228 chore(deps): update actions/checkout action to v6.0.3 (#901)
  • 4a4bb35 chore: release svelte-eslint-parser (#900)
  • 009dd55 fix: parse $derived declaration tags in top-level snippets (#899)
  • See full diff in compare view

Updates typescript-eslint from 8.60.0 to 8.60.1

Release notes

Sourced from typescript-eslint's releases.

v8.60.1

8.60.1 (2026-06-01)

🩹 Fixes

  • eslint-plugin: respect ECMAScript line terminators in ts-comment rules (#12352)
  • eslint-plugin: [no-shadow] correct rule to match ESLint v10 handling (#12182)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.60.1 (2026-06-01)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates vite from 8.0.14 to 8.0.16

Release notes

Sourced from vite's releases.

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.16 (2026-06-01)

Bug Fixes

8.0.15 (2026-06-01)

Features

Bug Fixes

  • capitalize error messages and remove spurious space in parse error (#22488) (85a0eff)
  • deps: update all non-major dependencies (#22511) (2686d7d)
  • dev: fix html-proxy cache key mismatch for /@fs/ HTML paths (#21762) (47c4213)
  • glob: error on relative glob in virtual module when no files match (#22497) (5c8e98f)
  • optimizer: close the rolldown bundle when write() rejects (#22528) (e3cfb9d)
  • resolve: provide onWarn for viteResolvePlugin in JS plugin containers (#22509) (40985f1)

Miscellaneous Chores

Code Refactoring

Commits

Updates vite-plugin-mkcert from 2.0.0 to 2.1.0

Release notes

Sourced from vite-plugin-mkcert's releases.

v2.1.0

2.1.0 (2026-06-03)

Features

  • Avoid shell execution for mkcert hosts (#124) (b7541de)
Changelog

Sourced from vite-plugin-mkcert's changelog.

2.1.0 (2026-06-03)

Features

  • Avoid shell execution for mkcert hosts (#124) (b7541de)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all-minor-patch group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `5.56.0` | `5.56.3` |
| [@inlang/paraglide-js](https://github.com/opral/paraglide-js) | `2.18.1` | `2.18.2` |
| [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `2.61.1` | `2.63.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.9.1` | `25.9.2` |
| [svelte-check](https://github.com/sveltejs/language-tools) | `4.4.8` | `4.6.0` |
| [svelte-eslint-parser](https://github.com/sveltejs/svelte-eslint-parser) | `1.7.0` | `1.8.0` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.60.0` | `8.60.1` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.14` | `8.0.16` |
| [vite-plugin-mkcert](https://github.com/liuweiGL/vite-plugin-mkcert) | `2.0.0` | `2.1.0` |


Updates `svelte` from 5.56.0 to 5.56.3
- [Release notes](https://github.com/sveltejs/svelte/releases)
- [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.56.3/packages/svelte)

Updates `@inlang/paraglide-js` from 2.18.1 to 2.18.2
- [Changelog](https://github.com/opral/paraglide-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/opral/paraglide-js/commits)

Updates `@sveltejs/kit` from 2.61.1 to 2.63.0
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.63.0/packages/kit)

Updates `@types/node` from 25.9.1 to 25.9.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `svelte-check` from 4.4.8 to 4.6.0
- [Release notes](https://github.com/sveltejs/language-tools/releases)
- [Commits](https://github.com/sveltejs/language-tools/compare/svelte-check@4.4.8...svelte-check@4.6.0)

Updates `svelte-eslint-parser` from 1.7.0 to 1.8.0
- [Release notes](https://github.com/sveltejs/svelte-eslint-parser/releases)
- [Changelog](https://github.com/sveltejs/svelte-eslint-parser/blob/main/CHANGELOG.md)
- [Commits](sveltejs/svelte-eslint-parser@v1.7.0...v1.8.0)

Updates `typescript-eslint` from 8.60.0 to 8.60.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.1/packages/typescript-eslint)

Updates `vite` from 8.0.14 to 8.0.16
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.16/packages/vite)

Updates `vite-plugin-mkcert` from 2.0.0 to 2.1.0
- [Release notes](https://github.com/liuweiGL/vite-plugin-mkcert/releases)
- [Changelog](https://github.com/liuweiGL/vite-plugin-mkcert/blob/main/CHANGELOG.md)
- [Commits](liuweiGL/vite-plugin-mkcert@v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: svelte
  dependency-version: 5.56.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-minor-patch
- dependency-name: "@inlang/paraglide-js"
  dependency-version: 2.18.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-minor-patch
- dependency-name: "@sveltejs/kit"
  dependency-version: 2.63.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-minor-patch
- dependency-name: "@types/node"
  dependency-version: 25.9.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-minor-patch
- dependency-name: svelte-check
  dependency-version: 4.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-minor-patch
- dependency-name: svelte-eslint-parser
  dependency-version: 1.8.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-minor-patch
- dependency-name: typescript-eslint
  dependency-version: 8.60.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-minor-patch
- dependency-name: vite
  dependency-version: 8.0.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-minor-patch
- dependency-name: vite-plugin-mkcert
  dependency-version: 2.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 7, 2026
@dependabot dependabot Bot requested a review from SkeLLLa as a code owner June 7, 2026 22:07
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 7, 2026
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedtypescript-eslint@​8.60.11001007498100
Added@​types/​node@​25.9.21001008196100
Added@​sveltejs/​kit@​2.63.0991008198100
Addedvite@​8.0.16991008298100
Addedvite-plugin-mkcert@​2.1.09910010090100
Addedsvelte-check@​4.6.09910010095100
Addedsvelte-eslint-parser@​1.8.09910010096100
Added@​inlang/​paraglide-js@​2.18.210010010097100
Addedsvelte@​5.56.3100100100100100

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @typescript-eslint/eslint-plugin is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/typescript-eslint@8.60.1npm/@typescript-eslint/eslint-plugin@8.60.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/eslint-plugin@8.60.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@codecov

codecov Bot commented Jun 7, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.47%. Comparing base (9838f8a) to head (5f9746d).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files
@@           Coverage Diff           @@
##           master      #36   +/-   ##
=======================================
  Coverage   91.47%   91.47%           
=======================================
  Files          42       42           
  Lines        6173     6173           
  Branches      481      481           
=======================================
  Hits         5647     5647           
  Misses        504      504           
  Partials       22       22           
Flag Coverage Δ
js_open_source 91.47% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@SkeLLLa SkeLLLa merged commit f7e5cc4 into master Jun 8, 2026
11 checks passed
@SkeLLLa SkeLLLa deleted the dependabot/npm_and_yarn/all-minor-patch-41bcf883f6 branch June 8, 2026 07:37
@github-actions

Copy link
Copy Markdown

🎉 This PR is included in version 1.25.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code released

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant