chore(deps): update all dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@sveltejs/kit (source)	2.15.1 → 2.49.2			devDependencies	minor
@sveltejs/vite-plugin-svelte (source)	3.0.2 → 3.1.2			devDependencies	minor
@vite-pwa/sveltekit	0.6.6 → 0.6.8			devDependencies	patch
actions/checkout (changelog)	11bd719 → 34e1148			action	digest
prettier (source)	3.4.2 → 3.7.4			devDependencies	minor
prettier-plugin-svelte	3.3.2 → 3.4.1			devDependencies	minor
svelte (source)	4.2.19 → 4.2.20			devDependencies	patch
svelte (source)	4.2.19 → 4.2.20			dependencies	patch
svelte-migrate (source)	1.7.1 → 1.10.1			devDependencies	minor
typescript (source)	5.7.2 → 5.9.3			devDependencies	minor
vite (source)	5.4.11 → 5.4.21			devDependencies	patch
vite-plugin-pwa	0.21.1 → 0.21.2			devDependencies	patch
wrangler (source)	3.99.0 → 3.114.16			devDependencies	minor

---

Release Notes

sveltejs/kit (@​sveltejs/kit)

v2.49.2

Compare Source

Patch Changes

• fix: Stop re-loading already-loaded CSS during server-side route resolution (#​15014)

• fix: posixify the instrumentation file import on Windows (#​14993)

• fix: Correctly handle shared memory when decoding binary form data (#​15028)

v2.49.1

Compare Source

Patch Changes

• fix: suppress state_referenced_locally warnings in .svelte-kit/generated/root.svelte (#​15013)

• fix: TypeError when doing response.clone() in page load (#​15005)

v2.49.0

Compare Source

Minor Changes

• feat: stream file uploads inside form remote functions allowing form data to be accessed before large files finish uploading (#​14775)

v2.48.8

Compare Source

Patch Changes

• breaking: invalid now must be imported from @sveltejs/kit (#​14768)

• breaking: remove submitter option from experimental form validate() method, always provide default submitter (#​14762)

v2.48.7

Compare Source

Patch Changes

• fix: allow multiple server-timing headers (#​14700)

• fix: allow access to root-level issues in schema-less forms (#​14893)

• fix: allow hosting hash-based apps from non-index.html files (#​14825)

v2.48.6

Compare Source

Patch Changes

• fix: clear issues upon passing validation (#​14683)

• fix: don't use fork of unrelated route (#​14947)

• fix: prevent type errors when optional @opentelemetry/api dependency isn't installed (#​14949)

• fix: preserve this when invoking standard validator (#​14943)

• fix: treat client/universal hooks as entrypoints for illegal server import detection (#​14876)

• fix: correct query .set and .refresh behavior in commands (#​14877)

• fix: improved the accuracy of the types of the output of field.as('...') (#​14908)

v2.48.5

Compare Source

Patch Changes

• fix: wait an extra microtask in dev before calling $_init_$ (#​14799)

• fix: discard preload fork before creating a new one (#​14865)

• fix: delete RemoteFormAllIssue, add path to RemoteFormIssue (#​14864)

v2.48.4

Compare Source

Patch Changes

• fix: adjust query's promise implementation to properly allow chaining (#​14859)

• fix: make prerender cache work, including in development (#​14860)

v2.48.3

Compare Source

Patch Changes

• fix: include hash when using resolve with hash routing enabled (#​14786)

• fix: afterNavigate callback not running after hydration when experimental async is enabled (#​14644)
  fix: Snapshot restore method not called after reload when experimental async is enabled

• fix: expose issue.path in .allIssues() (#​14784)

v2.48.2

Compare Source

Patch Changes

• fix: update DOM before running navigate callbacks (#​14829)

v2.48.1

Compare Source

Patch Changes

• fix: wait for commit promise instead of settled (#​14818)

v2.48.0

Compare Source

Minor Changes

• feat: use experimental fork API when available (#​14793)

Patch Changes

• fix: await for settled instead of tick in navigate (#​14800)

v2.47.3

Compare Source

Patch Changes

• fix: avoid hanging when error() is used while streaming promises from a server load function (#​14722)

• chore: treeshake load function code if we know it's unused (#​14764)

• fix: RecursiveFormFields type for recursive or unknown schemas (#​14734)

• fix: rework internal representation of form value to be $state (#​14771)

v2.47.2

Compare Source

Patch Changes

• fix: streamed promise not resolving when another load function returns a fast resolving promise (#​14753)

• chore: allow to run preflight validation only (#​14744)

• fix: update overload to set invalid type to schema input (#​14748)

v2.47.1

Compare Source

Patch Changes

• fix: allow read to be used at the top-level of remote function files (#​14672)

• fix: more robust remote files generation (#​14682)

v2.47.0

Compare Source

Minor Changes

• feat: add signal property to request (#​14715)

Patch Changes

• fix: resolve remote module syntax errors with trailing expressions (#​14728)

v2.46.5

Compare Source

Patch Changes

• fix: ensure form remote functions' fields.set triggers reactivity (#​14661)

v2.46.4

Compare Source

Patch Changes

• fix: prevent access of Svelte 5-only untrack function (#​14658)

v2.46.3

Compare Source

Patch Changes

• fix: merge field.set(...) calls (#​14651)

• fix: don't automatically reset form after an enhanced submission (#​14626)

• fix: normalize path strings when updating field values (#​14649)

v2.46.2

Compare Source

Patch Changes

• fix: prevent code execution order issues around SvelteKit's env modules (#​14637)

v2.46.1

Compare Source

Patch Changes

• fix: use $derived for form fields (#​14621)

• docs: remove @example blocks to allow docs to deploy (#​14636)

• fix: require a value with submit and hidden fields (#​14635)

• fix: delete hydration cache on effect teardown (#​14611)

v2.46.0

Compare Source

Minor Changes

• feat: imperative form validation (#​14624)

Patch Changes

• fix: wait a tick before collecting form data for validation (#​14631)

• fix: prevent code execution order issues around SvelteKit's env modules (#​14632)

v2.45.0

Compare Source

Minor Changes

• feat: form.for(id) now implicitly sets id on form object (#​14623)

Patch Changes

• fix: allow fetch in remote function without emitting a warning (#​14610)

v2.44.0

Compare Source

Minor Changes

• feat: expose event.route and event.url to remote functions (#​14606)

• breaking: update experimental form API (#​14481)

Patch Changes

• fix: don't crawl error responses during prerendering (#​14596)

v2.43.8

Compare Source

Patch Changes

• fix: HMR for query (#​14587)

• fix: avoid client modules while traversing dependencies to prevent FOUC during dev (#​14577)

• fix: skip prebundling of .remote.js files (#​14583)

• fix: more robust remote file pattern matching (#​14578)

v2.43.7

Compare Source

Patch Changes

• fix: correctly type the result of form remote functions that do not accept data (#​14573)

• fix: force remote module chunks to isolate themselves (#​14571)

v2.43.6

Compare Source

Patch Changes

• fix: ensure cache key is consistent between client/server (#​14563)

• fix: keep resolve relative to initial base during prerender (#​14533)

• fix: avoid including HEAD twice when an unhandled HTTP method is used in a request to a +server handler that has both a GET handler and a HEAD handler (#​14564)

• fix: smoothscroll to deep link (#​14569)

v2.43.5

Compare Source

Patch Changes

• fix: fall back to non-relative resolution when calling resolve(...) outside an event context (#​14532)

v2.43.4

Compare Source

Patch Changes

• fix: Webcontainer AsyncLocalStorage workaround (#​14526)

v2.43.3

Compare Source

Patch Changes

• fix: Webcontainer AsyncLocalStorage workaround (#​14521)

• fix: include the value of form submitters on form remote functions (#​14475)

v2.43.2

Compare Source

Patch Changes

• fix: ensure rendering starts off synchronously (#​14517)

• fix: keep serialized remote data alive until navigation (#​14508)

v2.43.1

Compare Source

Patch Changes

• fix: consistently use bare import for internals (#​14506)

v2.43.0

Compare Source

Minor Changes

• feat: experimental async SSR (#​14447)

Patch Changes

• fix: ensure __SVELTEKIT_PAYLOAD__.data is accessed safely (#​14491)

• fix: create separate cache entries for non-exported remote function queries (#​14499)

v2.42.2

Compare Source

Patch Changes

• fix: prevent loops in postbuild analysis phase (#​14450)

• fix: handle nested object fields in form data (#​14469)

• fix: robustify form helper types (#​14463)

• fix: avoid running the init hook during builds if there's nothing to prerender (#​14464)

• fix: ensure SSR rendering gets request store context (#​14476)

v2.42.1

Compare Source

Patch Changes

• fix: ensure environment setup is in its own chunk (#​14441)

v2.42.0

Compare Source

Minor Changes

• feat: enhance remote form functions with schema support, input and issues properties (#​14383)

• breaking: remote form functions get passed a parsed POJO instead of a FormData object now (#​14383)

v2.41.0

Compare Source

Minor Changes

• feat: add %sveltekit.version% to app.html (#​12132)

Patch Changes

• fix: allow remote functions to return custom types serialized with transport hooks (#​14435)

• fix: fulfil beforeNavigate complete when redirected (#​12896)

v2.40.0

Compare Source

Minor Changes

• feat: include event property on popstate/link/form navigation (#​14307)

Patch Changes

• fix: respect replaceState/keepFocus/noScroll when a navigation results in a redirect (#​14424)

• fix: invalidate preload cache when invalidateAll is true (#​14420)

v2.39.1

Compare Source

Patch Changes

• fix: more robust remote function code transformation (#​14418)

v2.39.0

Compare Source

Minor Changes

• feat: lazy discovery of remote functions (#​14293)

Patch Changes

• fix: layout load data not serialized on error page (#​14395)

• fix: fail prerendering when remote function fails (#​14365)

• fix: treat handle hook redirect as part of remote function call as json redirect (#​14362)

v2.38.1

Compare Source

Patch Changes

• fix: enable redirects from queries (#​14400)

• fix: remove empty nodes from serialized server load data (#​14404)

• fix: allow commands from within endpoints (#​14343)

v2.38.0

Compare Source

Minor Changes

• feat: add new remote function query.batch (#​14272)

v2.37.1

Compare Source

Patch Changes

• fix: serialize server load data before passing to universal load, to handle mutations and promises (#​14298)

• fix: resolve_route prevent dropping a trailing slash of id (#​14294)

• fix: assign correct status code to form submission error on the client (#​14345)

• fix: un-proxy form.result (#​14346)

v2.37.0

Compare Source

Minor Changes

• feat: automatically resolve query.refresh() promises on the server (#​14332)

• feat: allow query.set() to be called on the server (#​14304)

Patch Changes

• fix: disable CSRF checks in dev (#​14335)

• fix: allow redirects to external URLs from within form functions (#​14329)

• fix: add type definitions for query.set() method to override the value of a remote query function (#​14303)

• fix: ensure uniqueness of form.for(...) across form functions (#​14327)

v2.36.3

Compare Source

Patch Changes

• fix: bump devalue (#​14323)

• chore: consolidate dev checks to use esm-env instead of a __SVELTEKIT_DEV__ global (#​14308)

• fix: reset form inputs by default when using remote form functions (#​14322)

v2.36.2

Compare Source

Patch Changes

• chore: make config deprecation warnings more visible (#​14281)

• chore: remove redundant Not Found error message (#​14289)

• chore: deprecate csrf.checkOrigin in favour of csrf.trustedOrigins: ['*'] (#​14281)

v2.36.1

Compare Source

Patch Changes

• fix: ensure importing from $app/navigation works in test files (#​14195)

v2.36.0

Compare Source

Minor Changes

• feat: add csrf.trustedOrigins configuration (#​14021)

Patch Changes

• fix: correctly decode custom types streamed from a server load function (#​14261)

• fix: add trailing slash pathname when generating typed routes (#​14065)

v2.35.0

Compare Source

Minor Changes

• feat: better server-side error logging (#​13990)

Patch Changes

• fix: ensure static error page is loaded correctly for custom user errors (#​13952)

v2.34.1

Compare Source

Patch Changes

• fix: support multiple cookies with the same name across different paths and domains (b2c5d02)

• fix: add link header when preloading font (#​14200)

• fix: cookies.get(...) returns undefined for a just-deleted cookie (b2c5d02)

• fix: load env before prerender (c5f7139)

v2.34.0

Compare Source

Minor Changes

• feat: allow dynamic env access during prerender (#​14243)

Patch Changes

• fix: clone fetch responses so that headers are mutable (#​13942)

• fix: serialize server load data before passing to universal load, to handle mutations (#​14268)

• fix: allow asset(...) to be used with imported assets (#​14270)

v2.33.1

Compare Source

Patch Changes

• fix: make paths in .css assets relative (#​14262)

• fix: avoid copying SSR stylesheets to client assets (#​13069)

v2.33.0

Compare Source

Minor Changes

• feat: configure error reporting when routes marked as prerendable were not prerendered (#​11702)

Patch Changes

• fix: use correct flag for server tracing (#​14250)

• fix: correct type names for new handleUnseenRoutes option (#​14254)

• chore: Better docs and error message for missing @opentelemetry/api dependency (#​14250)

v2.32.0

Compare Source

Minor Changes

• feat: inline load fetch response.body stream data as base64 in page (#​11473)

Patch Changes

• fix: better error when .remote.ts files are used without the experimental.remoteFunctions flag (#​14225)

v2.31.1

Compare Source

Patch Changes

• fix: pass options to resolve in resolveId hook (#​14223)

v2.31.0

Compare Source

Minor Changes

• feat: OpenTelemetry tracing for handle, sequence, form actions, remote functions, and load functions running on the server (#​13899)

• feat: add instrumentation.server.ts for tracing and observability setup (#​13899)

v2.30.1

Compare Source

Patch Changes

• chore: generate $app/types in a more Typescript-friendly way (#​14207)

v2.30.0

Compare Source

Minor Changes

• feat: allow to specify options for the service worker in svelte.config.js (#​13578)

Patch Changes

• fix: ensure buttonProps.enhance works on buttons with nested text (#​14199)

• fix: pass validation issues specifically to avoid non-enumerable spreading error (#​14197)

v2.29.1

Compare Source

Patch Changes

• chore: allow remote functions in all of the src directory (#​14198)

v2.29.0

Compare Source

Minor Changes

• feat: add a kit.files.src option (#​14152)

Patch Changes

• fix: don't treat $lib/server.ts or $lib/server_whatever.ts as server-only modules, only $lib/server/** (#​14191)

• fix: make illegal server-only import errors actually useful (#​14155)

• chore: deprecate config.kit.files options (#​14152)

• fix: avoid warning if page options in a Svelte file belongs to a comment (#​14180)

v2.28.0

Compare Source

Minor Changes

• feat: add RouteId and RouteParams to NavigationTarget interface (#​14167)

• feat: add pending property to forms and commands (#​14137)

Patch Changes

• fix: fetch imported assets during prerender (#​12201)

• chore: refactor redundant base64 encoding/decoding functions (#​14160)

• fix: use correct cache result when fetching same url multiple times (#​12355)

• fix: don't refresh queries automatically when running commands (#​14170)

• fix: avoid writing remote function bundle to disk when treeshaking prerendered queries (#​14161)

v2.27.3

Compare Source

Patch Changes

• chore: add .git to the end of package.json repository url (#​14134)

v2.27.2

Compare Source

Patch Changes

• fix: ensure form() remote functions work when the app is configured to a single output (#​14127)

• fix: use the configured base path when calling remote functions from the client (#​14106)

v2.27.1

Compare Source

Patch Changes

• fix: correctly type remote function input parameters from a schema (#​14098)

• fix: match URL-encoded newlines in rest route params (#​14102)

• fix: correctly spell server-side in error messages (#​14101)

v2.27.0

Compare Source

Minor Changes

• feat: remote functions (#​13986)

v2.26.1

Compare Source

Patch Changes

• fix: posixify internal app server path (#​14049)

• fix: ignore route groups when generating typed routes (#​14050)

v2.26.0

Compare Source

Minor Changes

• feat: better type-safety for page.route.id, page.params, page.url.pathname and various other places (#​13864)

• feat: resolve(...) and asset(...) helpers for resolving paths (#​13864)

• feat: Add $app/types module with Asset, RouteId, Pathname, ResolvedPathname RouteParams<T> and LayoutParams<T> (#​13864)

v2.25.2

Compare Source

Patch Changes

• fix: correctly set URL when navigating during an ongoing navigation (#​14004)

v2.25.1

Compare Source

Patch Changes

• fix: add missing params property (#​14012)

v2.25.0

Compare Source

Minor Changes

• feat: support asynchronous read implementations from adapters (#​13859)

Patch Changes

• fix: log when no Svelte config file has been found to avoid confusion (#​14001)

v2.24.0

Compare Source

Minor Changes

• feat: typed params prop for page/layout components (#​13999)

Patch Changes

• fix: treeshake internal storage.get helper (#​13998)

v2.23.0

Compare Source

Minor Changes

• feat: support svelte.config.ts (#​13935)

  NOTE

  Your runtime has to support importing TypeScript files for svelte.config.ts to work.
  In Node.js, the feature is supported with the --experimental-strip-types flag starting in Node 22.6.0 and supported without a flag starting in Node 23.6.0.

Patch Changes

• fix: extend vite-plugin-svelte's Config type instead of duplicating it (#​13982)

• fix: regression with rolldown-vite not bundling a single JS file for single and inline apps (#​13941)

v2.22.5

Compare Source

Patch Changes

• fix: re-add @sveltejs/kit to optimizeDeps.exclude (#​13983)

v2.22.4

Compare Source

Patch Changes

• fix: force $app/* modules to be bundled (#​13977)

v2.22.3

Compare Source

Patch Changes

• fix: don't bundle @sveltejs/kit (#​13971)

v2.22.2

Compare Source

Patch Changes

• fix: use fallback if untrack doesn't exist in svelte package (#​13933)

• fix: warning for chrome devtools requests now suggests sv instead of vite plugin (#​13905)

v2.22.1

Compare Source

Patch Changes

• fix: prevent infinite loop when calling pushState/replaceState in $effect (#​13914)

• chore: use manualChunks to bundle single and inline apps with Rolldown (#​13915)

v2.22.0

Compare Source

Minor Changes

• feat: add support for Vite 7 and Rolldown. See https://vite.dev/guide/rolldown.html#how-to-try-rolldown for details about how to try experimental Rolldown support. You will also need vite-plugin-svelte@^6.0.0-next.0 and vite@^7.0.0-beta.0. Compilation should be faster using Rolldown, but with larger bundle sizes until additional tree-shaking is implemented in Rolldown. See #​13738 for ongoing work. (#​13747)

v2.21.5

Compare Source

Patch Changes

• fix: correctly set the sequential focus navigation point when using hash routing (#​13884)

• fix: regression when resetting focus and the URL hash contains selector combinators or separators (#​13884)

v2.21.4

Compare Source

Patch Changes

• fix: correctly access transport decoders on the client when building for a single or inline output app (#​13871)

v2.21.3

Compare Source

Patch Changes

• fix: correctly invalidate static analysis cache of child nodes when modifying a universal +layout file during dev (#​13793)

• fix: correctly set sequential focus navigation starting point after navigation (#​10856)

• fix: suppress console spam for chrome devtools requests (#​13830)

• fix: avoid externalising packages that depend on @sveltejs/kit so that libraries can also use redirect and error helpers (#​13843)

• fix: correctly run deserialize on the server (#​13686)

• fix: correctly inline stylesheets of components dynamically imported in a universal load function if they are below the configured inlineStyleThreshold (#​13723)

v2.21.2

Compare Source

Patch Changes

• fix: omit stack when logging 404 errors (#​13848)

v2.21.1

Compare Source

Patch Changes

• chore: clarify which functions handleFetch affects (#​13788)

• fix: ensure $env and $app/environment are correctly set while analysing server nodes (#​13790)

v2.21.0

Compare Source

Minor Changes

• feat: allow running client-side code at the top-level of universal pages/layouts when SSR is disabled and page options are only boolean or string literals (#​13684)

Patch Changes

• chore: remove import-meta-resolve dependency (#​13629)

• fix: remove component code from server nodes that are never used for SSR (#​13684)

v2.20.8

Compare Source

Patch Changes

• fix: ensure that ssr and csr page options apply to error pages rendered as a result of a load function error on the server (#​13695)

v2.20.7

Compare Source

Patch Changes

• fix: regression when serializing server data (#​13709)

v2.20.6

Compare Source

Patch Changes

• fix: escape names of tracked search parameters (d3300c6a67908590266c363dba7b0835d9a194cf)

v2.20.5

Compare Source

Patch Changes

• allow HandleServerError hook to access getRequestEvent (#​13666)

• fix: prevent Rollup warnings for undefined hooks (#​13687)

v2.20.4

Compare Source

Patch Changes

• chore: remove internal class-replacement hack that isn't needed anymore (#​13664)

v2.20.3

[Compare Source](https://redi

---

Configuration

📅 Schedule: Branch creation - "on saturday" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 1a733fd

Command	Status	Duration	Result
nx affected --target build	✅ Succeeded	2s	View ↗
nx affected --target typecheck	✅ Succeeded	7s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-12-19 18:07:46 UTC