deps: bump the svelte group across 1 directory with 6 updates

[dependabot]

Bumps the svelte group with 6 updates in the / directory:

Package	From	To
@sveltejs/adapter-node	5.5.1	5.5.2
@sveltejs/adapter-cloudflare	7.2.5	7.2.6
bits-ui	2.15.4	2.15.5
@sveltejs/kit	2.49.5	2.50.1
svelte-check	4.3.5	4.3.6
svelte	5.46.4	5.49.1

Updates @sveltejs/adapter-node from 5.5.1 to 5.5.2

Release notes

Sourced from @​sveltejs/adapter-node's releases.

@​sveltejs/adapter-node@​5.5.2

Patch Changes

• fix: disable gzip and brotli when precompress=false (#15182)

• Updated dependencies [46c1ebd, 2dd74c8, 8871b54]:

  • @​sveltejs/kit@​2.50.1

Changelog

Sourced from @​sveltejs/adapter-node's changelog.

5.5.2

Patch Changes

• fix: disable gzip and brotli when precompress=false (#15182)

• Updated dependencies [46c1ebd, 2dd74c8, 8871b54]:

  • @​sveltejs/kit@​2.50.1

Commits

• 3b2ea1b Version Packages (#15186)
• ed82a9f fix: don't send "Vary: Accept-Encoding" header when precompress=false (#15182)
• 8a82859 chore: fix lint errors (#15174)
• See full diff in compare view

Updates @sveltejs/adapter-cloudflare from 7.2.5 to 7.2.6

Release notes

Sourced from @​sveltejs/adapter-cloudflare's releases.

@​sveltejs/adapter-cloudflare@​7.2.6

Patch Changes

• fix: ensure manifest paths are relative when building worker (#15163)

• Updated dependencies [46c1ebd, 2dd74c8, 8871b54]:

  • @​sveltejs/kit@​2.50.1

Changelog

Sourced from @​sveltejs/adapter-cloudflare's changelog.

7.2.6

Patch Changes

• fix: ensure manifest paths are relative when building worker (#15163)

• Updated dependencies [46c1ebd, 2dd74c8, 8871b54]:

  • @​sveltejs/kit@​2.50.1

Commits

• 3b2ea1b Version Packages (#15186)
• 4fc3257 fix: ensure injected paths are prefixed with ./ (#15163)
• 0027dfd docs: update cloudflare adapter package description and misc (#15164)
• See full diff in compare view

Updates bits-ui from 2.15.4 to 2.15.5

Release notes

Sourced from bits-ui's releases.

bits-ui@2.15.5

Patch Changes

• fix(Tooltip): allow overriding trigger tabindex (#1932)

• fix(Pin Input): keyboard navigation (#1872)

• fix(ScrollArea): cleanup when pointercapture is lost (#1935)

• fix(Accordion): allow overriding trigger tabindex (#1932)

• fix(Presence): optimize animation detection for large DOMs (#1924)

• fix: floating components should respect style prop (#1934)

• fix(FocusScope): ensure focus scopes works with only 1 tabbable item (#1933)

Commits

• 7dba301 Version Packages (#1931)
• db9d917 fix(PinInput): keyboard nav/replacement (#1872)
• 2d96579 fix(ScrollArea): restore webkitUserSelect on lost pointer capture (#1935)
• baef86f fix: floating components should respect style prop (#1934)
• a893114 fix(FocusScope): improve focus management for single tabbable item (#1933)
• 32df06c fix(Tooltip): customizable tabindex for trigger component (#1932)
• d0a3e18 fix(Presence): optimize animation detection for large DOMs (#1924)
• 4789141 chore: update deps (#1925)
• See full diff in compare view

Updates @sveltejs/kit from 2.49.5 to 2.50.1

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.50.1

Patch Changes

• fix: include hooks.server and hooks.universal as explicit Vite build inputs to ensure assets imported by hooks files are correctly discovered (#15178)

• fix: improves fields type for generic components (#14974)

• fix: preload links if href changes (#15191)

@​sveltejs/kit@​2.50.0

Minor Changes

• breaking: remove buttonProps from experimental remote form functions; use e.g. <button {...myForm.fields.action.as('submit', 'register')}>Register</button> button instead (#15144)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.50.1

Patch Changes

• fix: include hooks.server and hooks.universal as explicit Vite build inputs to ensure assets imported by hooks files are correctly discovered (#15178)

• fix: improves fields type for generic components (#14974)

• fix: preload links if href changes (#15191)

2.50.0

Minor Changes

• breaking: remove buttonProps from experimental remote form functions; use e.g. <button {...myForm.fields.action.as('submit', 'register')}>Register</button> button instead (#15144)

Commits

• 3b2ea1b Version Packages (#15186)
• 2dd74c8 fix: improve fields type for generic components (#14974)
• 8871b54 fix: preload links if href changes (#15191)
• e5627ef fix: Skip failing tests on async (#15189)
• 46c1ebd fix: include hooks.server and hooks.universal as entrypoints to give them...
• 391c6f7 Version Packages (#15177)
• 36cb864 Revert "Revert "breaking: remove buttonProps from experimental remote form ...
• 8a82859 chore: fix lint errors (#15174)
• See full diff in compare view

Updates svelte-check from 4.3.5 to 4.3.6

Release notes

Sourced from svelte-check's releases.

svelte-check@4.3.6

Patch Changes

• fix: don't hoist type/snippet referencing $store (#2926)

Commits

• 6b83202 Version Packages (#2919)
• 9c05c1a fix: compatibility with prettier-plugin-tailwindcss in monorepo (#2925)
• e2f09eb fix: don't hoist type/snippet referencing $store (#2926)
• e891ace perf: only parse html once in a batch update (#2923)
• 8c11665 fix: remove outdated documentation with --ignore (#2920)
• fb00777 feat: support emmet.extensionsPath config (#2918)
• eb2fa2a feat: Use custom element's JSDoc as doc for completion/hover (#2879)
• f8f40c5 fix: add tokenTypes config for JSDoc completion (#2916)
• See full diff in compare view

Updates svelte from 5.46.4 to 5.49.1

Release notes

Sourced from svelte's releases.

svelte@5.49.1

Patch Changes

• fix: merge consecutive large text nodes (#17587)

• fix: only create async functions in SSR output when necessary (#17593)

• fix: properly separate multiline html blocks from each other in print() (#17319)

• fix: prevent unhandled exceptions arising from dangling promises in (#17591)

svelte@5.49.0

Minor Changes

• feat: allow passing ShadowRootInit object to custom element shadow option (#17088)

Patch Changes

• fix: throw for unset createContext get on the server (#17580)

• fix: reset effects inside skipped branches (#17581)

• fix: preserve old dependencies when updating reaction inside fork (#17579)

• fix: more conservative assignment_value_stale warnings (#17574)

• fix: disregard popover elements when determining whether an element has content (#17367)

• fix: fire introstart/outrostart events after delay, if specified (#17567)

• fix: increment signal versions when discarding forks (#17577)

svelte@5.48.5

Patch Changes

• fix: run boundary onerror callbacks in a microtask, in case they result in the boundary's destruction (#17561)

• fix: prevent unintended exports from namespaces (#17562)

• fix: each block breaking with effects interspersed among items (#17550)

svelte@5.48.4

Patch Changes

• fix: avoid duplicating escaped characters in CSS AST (#17554)

svelte@5.48.3

Patch Changes

• fix: hydration failing with settled async blocks (#17539)

... (truncated)

Changelog

Sourced from svelte's changelog.

5.49.1

Patch Changes

• fix: merge consecutive large text nodes (#17587)

• fix: only create async functions in SSR output when necessary (#17593)

• fix: properly separate multiline html blocks from each other in print() (#17319)

• fix: prevent unhandled exceptions arising from dangling promises in (#17591)

5.49.0

Minor Changes

• feat: allow passing ShadowRootInit object to custom element shadow option (#17088)

Patch Changes

• fix: throw for unset createContext get on the server (#17580)

• fix: reset effects inside skipped branches (#17581)

• fix: preserve old dependencies when updating reaction inside fork (#17579)

• fix: more conservative assignment_value_stale warnings (#17574)

• fix: disregard popover elements when determining whether an element has content (#17367)

• fix: fire introstart/outrostart events after delay, if specified (#17567)

• fix: increment signal versions when discarding forks (#17577)

5.48.5

Patch Changes

• fix: run boundary onerror callbacks in a microtask, in case they result in the boundary's destruction (#17561)

• fix: prevent unintended exports from namespaces (#17562)

• fix: each block breaking with effects interspersed among items (#17550)

5.48.4

Patch Changes

• fix: avoid duplicating escaped characters in CSS AST (#17554)

... (truncated)

Commits

• 92e6721 Version Packages (#17585)
• 8933653 fix: merge consecutive text nodes during hydration for large text content (#1...
• ebe583f fix: only create async functions in SSR output when necessary (#17593)
• 5656dd5 fix: handle renderer.run rejections (#17591)
• 704d0cd chore: allow testing in production env 2 (#17590)
• 26b09ec chore: bump playwright (#17565)
• ffd65e9 chore: allow testing in production env (#16840)
• 82fde88 fix: print() multiline behaviour (#17319)
• 9d1dd2e Version Packages (#17564)
• 2d62ffe fix: throw for unset createContext get on the server (#17580)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	colibri-docs	aceb658	Commit Preview URL Branch Preview URL	Feb 02 2026, 05:12 AM

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@sveltejs/adapter-node	^5.5.2	Unknown	Unknown
npm/@sveltejs/adapter-cloudflare	^7.2.6	Unknown	Unknown
npm/bits-ui	^2.15.5	Unknown	Unknown
npm/@floating-ui/core	1.7.4	Unknown	Unknown
npm/@floating-ui/dom	1.7.5	Unknown	Unknown
npm/@rollup/rollup-android-arm-eabi	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-android-arm64	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-darwin-arm64	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-darwin-x64	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-freebsd-arm64	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-freebsd-x64	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-linux-arm-gnueabihf	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-linux-arm-musleabihf	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-linux-arm64-gnu	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-linux-arm64-musl	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-linux-loong64-gnu	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-linux-loong64-musl	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-linux-ppc64-gnu	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-linux-ppc64-musl	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-linux-riscv64-gnu	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-linux-riscv64-musl	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-linux-s390x-gnu	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-linux-x64-gnu	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-linux-x64-musl	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-openbsd-x64	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-openharmony-arm64	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-win32-arm64-msvc	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-win32-ia32-msvc	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-win32-x64-gnu	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@rollup/rollup-win32-x64-msvc	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@sveltejs/adapter-cloudflare	7.2.6	Unknown	Unknown
npm/@sveltejs/adapter-node	5.5.2	Unknown	Unknown
npm/@sveltejs/kit	2.50.1	Unknown	Unknown
npm/bits-ui	2.15.5	Unknown	Unknown
npm/diff	4.0.4	🟢 3.3	Details Check Score Reason Code-Review ⚠️ 1 Found 4/27 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 9 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow ⚠️ -1 no workflows found Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ -1 No tokens found Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ -1 no dependencies found Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/esrap	2.2.2	Unknown	Unknown
npm/rollup	4.57.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/svelte	5.49.1	🟢 7.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 21/25 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7 Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/svelte-check	4.3.6	🟢 5.7	Details Check Score Reason Maintained 🟢 10 29 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 4 Found 12/27 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 15 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• apps/app/package.json
• apps/docs/package.json
• packages/ui/package.json
• pnpm-lock.yaml

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.