chore(deps): update non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@noble/ed25519 (source)	3.0.0 → 3.1.0			dependencies	minor
@playwright/test (source)	1.58.1 → 1.59.1			devDependencies	minor
@sveltejs/kit (source)	2.50.1 → 2.59.1			devDependencies	minor
@tanstack/react-store (source)	0.8.0 → 0.11.0			dependencies	minor
@tanstack/solid-store (source)	0.8.0 → 0.11.0			dependencies	minor
@tanstack/store (source)	0.8.0 → 0.11.0			dependencies	minor
@tanstack/svelte-store (source)	0.9.0 → 0.12.0			dependencies	minor
@tanstack/vue-store (source)	0.8.0 → 0.11.0			dependencies	minor
@types/react (source)	18.3.27 → 18.3.28			devDependencies	patch
@typescript-eslint/eslint-plugin (source)	8.54.0 → 8.59.2			devDependencies	minor
@typescript-eslint/parser (source)	8.54.0 → 8.59.2			devDependencies	minor
@vitejs/plugin-vue (source)	6.0.3 → 6.0.6			devDependencies	patch
@vitejs/plugin-vue-jsx (source)	5.1.3 → 5.1.5			devDependencies	patch
@vue/test-utils	2.4.6 → 2.4.10			devDependencies	patch
SethCohen/github-releases-to-discord	v1.19.0 → v1.20			action	minor
eslint-plugin-react-refresh	0.4.26 → 0.5.2			devDependencies	minor
nuxt (source)	3.21.0 → 3.21.4			dependencies	patch
prettier (source)	3.8.1 → 3.8.3			devDependencies	patch
solid-js (source)	1.9.11 → 1.9.12			devDependencies	patch
solid-js (source)	1.9.11 → 1.9.12			dependencies	patch
svelte (source)	5.49.1 → 5.55.5			devDependencies	minor
svelte (source)	5.49.1 → 5.55.5			dependencies	minor
svelte-check	4.3.6 → 4.4.8			devDependencies	minor
vite (source)	6.4.1 → 6.4.2			devDependencies	patch
vite-plugin-node-polyfills	0.25.0 → 0.26.0			devDependencies	minor
vite-plugin-solid	2.11.10 → 2.11.12			devDependencies	patch
vue (source)	3.5.27 → 3.5.33			devDependencies	patch	3.5.34
vue (source)	3.5.27 → 3.5.33			dependencies	patch	3.5.34

---

Release Notes

paulmillr/noble-ed25519 (@​noble/ed25519)

v3.1.0

Compare Source

• March 2026 self-audit (all files): no major issues found
  • Audited for spec compliance and security
  • Minor code hardening in different places
• Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+
  • TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>
  • This creates incompatibility of code between versions
  • Previously, it was hard to use and constantly emitted errors similar to TS2345
  • See typescript#62240 for more context
• Fix sign() in Firefox WebExtension context. Closes gh-120
• Fix compilation issues on TypeScript v6
• Improve tree-shaking, reduce bundle sizes
• Add massive amounts of documentation everywhere

Full Changelog: paulmillr/noble-ed25519@3.0.1...3.1.0

v3.0.1

Compare Source

• Fix a low-severity issue affecting verify
  • An attacker with an access to secret key was able to produce signatures, which were valid for all messages for their secret key
  • Impact: low, primarily systems which rely on non-repudiation
  • Special thanks to folks who've reported the issue: Yituo He (a.k.a. @​HaveYouTall) and @​sunyxedu
• Speed-up everything 1.5x using new modP with HAC 14.47, HAC 14.50.
  • Contributed by @​georg95 in #​117.
  • keygen x 10,594 ops/sec @​ 94μs/op => 14,610 ops/sec @​ 68μs/op
  • sign x 5,267 ops/sec @​ 189μs/op => 7,225 ops/sec @​ 138μs/op
  • verify x 1,203 ops/sec @​ 830μs/op => 1,972 ops/sec @​ 506μs/op

Full Changelog: paulmillr/noble-ed25519@3.0.0...3.0.1

microsoft/playwright (@​playwright/test)

v1.59.1

Compare Source

v1.59.0

Compare Source

v1.58.2

Compare Source

sveltejs/kit (@​sveltejs/kit)

v2.59.1

Compare Source

Patch Changes

• fix: resolve paths to route files with the letter drive on Windows (#​15793)

v2.59.0

Compare Source

Minor Changes

• feat: support query.batch in requested(...) (#​15751)

• breaking: on the server, make the promise returned from refresh represent adding the refresh to the map, not the time it takes to run the remote function (#​15705)

• feat: experimental query.live function (#​15705)

Patch Changes

• fix: unwrap Promise in RemoteCommand output type (#​15771)

• fix: empty call to .updates() on a command/form invocation means "don't update anything" (#​15705)

• fix: form.fields.foo.as('checkbox', default_value) now works (#​15752)

• fix: remote forms with default values defined by field.as('text', defaultValue) now correctly reset to the provided default values once submitted (#​15753)

• fix: make sure queries always get started correctly (#​15705)

• fix: allow plain functions as overrides in updates (#​15705)

v2.58.0

Compare Source

Minor Changes

• breaking: require limit in requested (as originally intended) (#​15739)

• feat: RemoteQueryFunction gains an optional third generic parameter Validated (defaulting to Input) that represents the argument type after schema validation/transformation (#​15739)

• breaking: requested now yields { arg, query } entries instead of the validated argument (#​15739)

Patch Changes

• fix: allow query().current, .error, .loading, and .ready to work in non-reactive contexts (#​15699)

• fix: prevent deep_set crash on nullish nested values (#​15600)

• fix: restore correct RemoteFormFields typing for nullable array fields (e.g. when a schema uses .default([])), so .as('checkbox') and friends work again (#​15723)

• fix: don't warn about removed SSI comments in transformPageChunk (#​15695)

  Server-side include (SSI) directives like <!--#include virtual="..." --> are HTML comments that are replaced by servers such as nginx. Previously, removing them in transformPageChunk would trigger a false positive warning about breaking Svelte's hydration. Since SSI comments always start with <!--# and Svelte's hydration comments never do, they can be safely excluded from the check.

• Change enhance function return type from void to MaybePromise. (#​15710)

• fix: throw an error when resolve is called with an external URL (#​15733)

• fix: avoid FOUC for CSR-only pages by loading styles and fonts before CSR starts (#​15718)

• fix: reset form result on redirect (#​15724)

v2.57.1

Compare Source

Patch Changes

• fix: better validation for redirect inputs (10d7b44)

• fix: enforce BODY_SIZE_LIMIT on chunked requests (3202ed6)

• fix: use default values as fallbacks (#​15680)

• fix: relax form typings for union types (#​15687)

v2.57.0

Compare Source

Minor Changes

• feat: return boolean from submit to indicate submission validity for enhanced form remote functions (#​15530)

Patch Changes

• fix: use array type for select fields that accept multiple values (#​15591)

• fix: silently 404 Chrome DevTools workspaces request in dev and preview (#​15656)

• fix: config.kit.csp.directives['trusted-types'] requires 'svelte-trusted-html' (and 'sveltekit-trusted-url' when a service worker is automatically registered) if it is configured (#​15323)

• fix: avoid inlineDynamicImports ignored with codeSplitting warning when using Vite 8 (#​15647)

• fix: reimplement treeshaking non-dynamic prerendered remote functions (#​15447)

v2.56.1

Compare Source

Patch Changes

• chore: update JSDoc (#​15640)

v2.56.0

Compare Source

Minor Changes

• breaking: rework client-driven refreshes (#​15562)

• breaking: stabilize remote function caching by sorting object keys (#​15570)

• breaking: add run() method to queries, disallow awaiting queries outside render (#​15533)

• feat: support TypeScript 6.0 (#​15595)

• breaking: isolate command-triggered query refresh failures per-query (#​15562)

• feat: use hydratable for remote function transport (#​15533)

• feat: allow form fields to specify a default value (field.as(type, value)) (#​15577)

Patch Changes

• fix: don't request new data when .refresh is called on a query with no cache entry (#​15533)

• fix: allow using multiple remote functions within one async derived (#​15561)

• fix: avoid false-positive overridden Vite base setting warning when setting a paths.base in svelte.config.js (#​15623)

• fix: manage queries in their own $effect.root (#​15533)

• fix: avoid inlineDynamicImports deprecation warning when building the service worker with Vite 8 (#​15550)

• fix: correctly escape backticks when precomputing CSS (#​15593)

• fix: discard obsolete forks before finishing navigation (#​15634)

• chore: tighten up override implementation (#​15562)

• fix: ensure the default Svelte 5 error.svelte file uses runes mode (#​15609)

• fix: deduplicate same-cache-key batch calls during SSR (#​15533)

• fix: decrement pending_count when form callback doesn't call submit() (#​15520)

v2.55.0

Compare Source

Minor Changes

• feat: page and layout params with matchers are now type narrowed in $app/types, leading to better type safety when working with params in $app/types, $app/state, and hooks. (#​15502)

v2.54.0

Compare Source

Minor Changes

• feat: allow error boundaries to catch errors on the server (#​15308)

Patch Changes

• chore: upgrade devalue (#​15535)

• fix: don't wait for remote functions that are not awaited in the template (#​15280)

• feat: allow resolve() to accept pathnames with a search string and/or hash (#​15458)

• chore: remove deprecation warnings for config.kit.files.* options when validating the Svelte config file (#​15482)

• fix: handles form target attribute in remote form redirects (#​15457)

v2.53.4

Compare Source

Patch Changes

• fix: avoid Vite warning about unknown codeSplitting option (#​15451)

v2.53.3

Compare Source

Patch Changes

• fix: prevent overlapping file metadata in remote functions form (faba869)

v2.53.2

Compare Source

Patch Changes

• fix: server-render nested form value sets (#​15378)

• fix: use deep partial types for form remote functions .value() and .set(...) (#​14837)

• fix: provide correct url info to remote functions (#​15418)

• fix: allow optional types for remote query/command/prerender functions (#​15293)

• fix: allow commands in more places (#​15288)

v2.53.1

Compare Source

Patch Changes

• fix: address warning about inlineDynamicImports when using Vite 8 (#​15403)

v2.53.0

Compare Source

Minor Changes

• feat: support Vite 8 (#​15024)

Patch Changes

• fix: remove event listeners on form attachment cleanup (#​15286)

• fix: apply queries refreshed in a form remote function when a redirect is thrown (#​15362)

v2.52.2

Compare Source

Patch Changes

• fix: validate form file information to prevent amplification attacks (3e607b3)

• chore: upgrade devalue and svelte (#​15339)

• fix: parse file offset table more strictly (f47c01b)

v2.52.0

Compare Source

Minor Changes

• feat: match function to map a path back to a route id and params (#​14997)

Patch Changes

• fix: respect scroll-margin when navigating to a url-supplied anchor (#​15246)

• fix: resolve will narrow types to follow trailing slash page settings (#​15027)

v2.51.0

Compare Source

Minor Changes

• feat: add scroll property to NavigationTarget in navigation callbacks (#​15248)

  Navigation callbacks (beforeNavigate, onNavigate, and afterNavigate) now include scroll position information via the scroll property on from and to targets:

  • from.scroll: The scroll position at the moment navigation was triggered
  • to.scroll: In beforeNavigate and onNavigate, this is populated for popstate navigations (back/forward) with the scroll position that will be restored, and null for other navigation types. In afterNavigate, this is always the final scroll position after navigation completed.

  This enables use cases like animating transitions based on the target scroll position when using browser back/forward navigation.

• feat: hydratable's injected script now works with CSP (#​15048)

Patch Changes

• fix: put preloads before styles (#​15232)

• fix: suppress false-positive inner content warning when children prop is forwarded to a child component (#​15269)

• fix: fetch not working when URL is same host but different than paths.base (#​15291)

• fix: navigate to hash link when base element is present (#​15236)

• fix: avoid triggering handleError when redirecting in a remote function (#​15222)

• fix: include test directory in generated tsconfig.json alongside existing tests entry (#​15254)

• fix: generate tsconfig.json using the value of kit.files.src (#​15253)

v2.50.2

Compare Source

Patch Changes

• fix: ensure inlined CSS follows paths.assets and paths.relative settings (#​15153)

• fix: emit script CSP nonces when unsafe-inline is present if strict-dynamic is also present (#​15221)

• fix: re-export browser/dev from esm-env (#​15206)

• fix: use validated args in batch resolver in both csr and ssr (#​15215)

• fix: ensure CSS inlining includes components that are conditionally rendered (#​15153)

• fix: only match rest params with matchers when the matcher matches (#​15216)

• fix: properly handle percent-encoded anchors (e.g. <a href="#sparkles-%E2%9C%A8">) during prerendering. (#​15231)

TanStack/store (@​tanstack/react-store)

v0.11.0

Compare Source

Minor Changes

• Hooks included in this release: (#​306)
  • useAtom
  • useSelector
  • useStore (deprecated, replaced by useSelector)
  • createStoreContext (provides StoreProvider and useStoreContext for context-based consumption)

Patch Changes

• Updated dependencies [4d87a83]:
  • @​tanstack/store@​0.11.0

v0.10.0

Compare Source

Minor Changes

• chore: update deps and change build process to tsdown (#​304)

Patch Changes

• Updated dependencies [66e3010]:
  • @​tanstack/store@​0.10.0

v0.9.3

Compare Source

Patch Changes

• Updated dependencies [d8b51a7]:
  • @​tanstack/store@​0.9.3

v0.9.2

Compare Source

Patch Changes

• Updated dependencies [84dc3eb]:
  • @​tanstack/store@​0.9.2

v0.9.1

Compare Source

Patch Changes

• Updated dependencies [77c872f]:
  • @​tanstack/store@​0.9.1

v0.9.0

Compare Source

Minor Changes

• Breaking changes (#​265)

  • new Store() is now createStore()
  • new Derived() is now a derived createStore():

    const derived = createStore(() => store.state * 2)

  • new Effect() removed in favor of store.subscribe():

    const { unsubscribe } = store.subscribe(() => {
      console.log(store.state)
    })

  • Uses alien-signals under the hood for efficient reactivity

Patch Changes

• Updated dependencies [dace25f]:
  • @​tanstack/store@​0.9.0

v0.8.1

Compare Source

Patch Changes

• Updated dependencies [3096bf2]:
  • @​tanstack/store@​0.8.1

TanStack/store (@​tanstack/solid-store)

v0.11.0

Compare Source

Minor Changes

• Hooks included in this release: (#​306)
  • useAtom
  • useSelector
  • useStore (deprecated, replaced by useSelector)
  • createStoreContext (provides StoreProvider and useStoreContext for context-based consumption)

Patch Changes

• Updated dependencies [4d87a83]:
  • @​tanstack/store@​0.11.0

v0.10.0

Compare Source

Minor Changes

• chore: update deps and change build process to tsdown (#​304)

Patch Changes

• Updated dependencies [66e3010]:
  • @​tanstack/store@​0.10.0

v0.9.3

Compare Source

Patch Changes

• Updated dependencies [d8b51a7]:
  • @​tanstack/store@​0.9.3

v0.9.2

Compare Source

Patch Changes

• Updated dependencies [84dc3eb]:
  • @​tanstack/store@​0.9.2

v0.9.1

Compare Source

Patch Changes

• Updated dependencies [77c872f]:
  • @​tanstack/store@​0.9.1

v0.9.0

Compare Source

Minor Changes

• Breaking changes (#​265)

  • new Store() is now createStore()
  • new Derived() is now a derived createStore():

    const derived = createStore(() => store.state * 2)

  • new Effect() removed in favor of store.subscribe():

    const { unsubscribe } = store.subscribe(() => {
      console.log(store.state)
    })

  • Uses alien-signals under the hood for efficient reactivity

Patch Changes

• Updated dependencies [dace25f]:
  • @​tanstack/store@​0.9.0

v0.8.1

Compare Source

Patch Changes

• Updated dependencies [3096bf2]:
  • @​tanstack/store@​0.8.1

TanStack/store (@​tanstack/store)

v0.11.0

Compare Source

Minor Changes

• Hooks included in this release: (#​306)
  • useAtom
  • useSelector
  • useStore (deprecated, replaced by useSelector)
  • createStoreContext (provides StoreProvider and useStoreContext for context-based consumption)

v0.10.0

Compare Source

Minor Changes

• chore: update deps and change build process to tsdown (#​304)

v0.9.3

Compare Source

Patch Changes

• Improve tree-shaking of alien-signals (#​297)

v0.9.2

Compare Source

Patch Changes

• Fix a regression where mutable atoms could be updated internally with no updater and have their snapshot replaced with undefined. (#​289)

  Mutable atoms now ignore internal no-argument _update() calls, while computed atoms keep existing recomputation behavior. This prevents external-store state from disappearing during reactive graph cleanup.

v0.9.1

Compare Source

Patch Changes

• derived createStore now returns readonly store (#​278)

v0.9.0

Compare Source

Minor Changes

• Breaking changes (#​265)

  • new Store() is now createStore()
  • new Derived() is now a derived createStore():

    const derived = createStore(() => store.state * 2)

  • new Effect() removed in favor of store.subscribe():

    const { unsubscribe } = store.subscribe(() => {
      console.log(store.state)
    })

  • Uses alien-signals under the hood for efficient reactivity

v0.8.1

Compare Source

Patch Changes

• Fix Issues with Derived Fields not Retriggering (#​274)

TanStack/store (@​tanstack/svelte-store)

v0.12.0

Compare Source

Minor Changes

• Hooks included in this release: (#​306)
  • useAtom
  • useSelector
  • useStore (deprecated, replaced by useSelector)
  • createStoreContext (provides StoreProvider and useStoreContext for context-based consumption)

Patch Changes

• Updated dependencies [4d87a83]:
  • @​tanstack/store@​0.11.0

v0.11.0

Compare Source

Minor Changes

• chore: update deps and change build process to tsdown (#​304)

Patch Changes

• Updated dependencies [66e3010]:
  • @​tanstack/store@​0.10.0

v0.10.3

Compare Source

Patch Changes

• Updated dependencies [d8b51a7]:
  • @​tanstack/store@​0.9.3

v0.10.2

Compare Source

Patch Changes

• Updated dependencies [84dc3eb]:
  • @​tanstack/store@​0.9.2

v0.10.1

Compare Source

Patch Changes

• Updated dependencies [77c872f]:
  • @​tanstack/store@​0.9.1

v0.10.0

Compare Source

Minor Changes

• Breaking changes (#​265)

  • new Store() is now createStore()
  • new Derived() is now a derived createStore():

    const derived = createStore(() => store.state * 2)

  • new Effect() removed in favor of store.subscribe():

    const { unsubscribe } = store.subscribe(() => {
      console.log(store.state)
    })

  • Uses alien-signals under the hood for efficient reactivity

Patch Changes

• Updated dependencies [dace25f]:
  • @​tanstack/store@​0.9.0

v0.9.1

Compare Source

Patch Changes

• Updated dependencies [3096bf2]:
  • @​tanstack/store@​0.8.1

TanStack/store (@​tanstack/vue-store)

v0.11.0

Compare Source

Minor Changes

• Hooks included in this release: (#​306)
  • useAtom
  • useSelector
  • useStore (deprecated, replaced by useSelector)
  • createStoreContext (provides StoreProvider and useStoreContext for context-based consumption)

Patch Changes

• Updated dependencies [4d87a83]:
  • @​tanstack/store@​0.11.0

v0.10.0

Compare Source

Minor Changes

• chore: update deps and change build process to tsdown (#​304)

Patch Changes

• Updated dependencies [66e3010]:
  • @​tanstack/store@​0.10.0

v0.9.3

Compare Source

Patch Changes

• Updated dependencies [d8b51a7]:
  • @​tanstack/store@​0.9.3

v0.9.2

Compare Source

Patch Changes

• Updated dependencies [84dc3eb]:
  • @​tanstack/store@​0.9.2

v0.9.1

Compare Source

Patch Changes

• Updated dependencies [77c872f]:
  • @​tanstack/store@​0.9.1

v0.9.0

Compare Source

Minor Changes

• Breaking changes (#​265)

  • new Store() is now createStore()
  • new Derived() is now a derived createStore():

    const derived = createStore(() => store.state * 2)

  • new Effect() removed in favor of store.subscribe():

    const { unsubscribe } = store.subscribe(() => {
      console.log(store.state)
    })

  • Uses alien-signals under the hood for efficient reactivity

Patch Changes

• Updated dependencies [dace25f]:
  • @​tanstack/store@​0.9.0

v0.8.1

Compare Source

Patch Changes

• Updated dependencies [3096bf2]:
  • @​tanstack/store@​0.8.1

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.59.2

Compare Source

🩹 Fixes

• eslint-plugin: [no-deprecated] object destructuring values should be treated as declarations (#​12292)
• eslint-plugin: [no-unsafe-type-assertion] handle crash on recursive template literal types (#​12150)

❤️ Thank You

• Dima Barabash
• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

[v8.59.1](https://redirect.github.com/typescript-es

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone America/New_York)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.