Routine dep-update-scan (2026-05-24) flagged outdated dependencies on this repo. npm audit is clean.
Outdated packages
@e4a/pg-js: 1.8.0 → 1.10.0
@sveltejs/kit: 2.60.1 → 2.61.1
libphonenumber-js: 1.13.2 → 1.13.3
prettier-plugin-svelte: 4.0.0 → 4.0.1
sass: 1.99.0 → 1.100.0
svelte-preprocess: 6.0.3 → 6.0.4
vite: 8.0.13 → 8.0.14
All patch/minor bumps. Note: install currently requires --legacy-peer-deps because of a svelte-preprocess 6.0.3 peerOptional conflict with typescript 5.9.3 — the 6.0.4 bump may or may not resolve this; verify and adjust install commands accordingly.
Coordination: existing issue #235 covers a follow-up from the prettier-plugin-svelte major bump (PR #234) — keep this PR separate from that work unless the worker concludes consolidation is cleaner.
Worker instructions
Before bumping anything:
- Pull the repo and check the lockfile + recent
git log on main — many of these may have already been resolved.
- For each package in the list below, grep the source tree (excluding manifest/lockfile) to confirm the package is actually imported. If a package is unused, open a removal PR for it instead of a bump.
- Apply bumps in this order: security advisories → patch/minor → majors. Use one branch per coherent area.
- Build and run the full test suite. If there's no test suite, note "no tests to verify" in the PR body.
- Open a draft PR with title
chore: update dependencies (or chore(security): ... if security-driven). PR body should use Closes #<this-issue>.
- After CI passes:
gh pr ready <num>. If the repo has no CI workflow, open ready from the start.
- Add reviewer:
--add-reviewer rubenhensen.
Conventions:
- Conventional-commit PR title (
chore:, fix:, feat:).
- If a bump turns out to be a no-op (already on
main), close the issue with evidence (commit/PR hash) — do not ship an empty PR.
/dobby
Routine
dep-update-scan(2026-05-24) flagged outdated dependencies on this repo.npm auditis clean.Outdated packages
@e4a/pg-js: 1.8.0 → 1.10.0@sveltejs/kit: 2.60.1 → 2.61.1libphonenumber-js: 1.13.2 → 1.13.3prettier-plugin-svelte: 4.0.0 → 4.0.1sass: 1.99.0 → 1.100.0svelte-preprocess: 6.0.3 → 6.0.4vite: 8.0.13 → 8.0.14All patch/minor bumps. Note: install currently requires
--legacy-peer-depsbecause of asvelte-preprocess6.0.3 peerOptional conflict withtypescript5.9.3 — the 6.0.4 bump may or may not resolve this; verify and adjust install commands accordingly.Coordination: existing issue #235 covers a follow-up from the
prettier-plugin-sveltemajor bump (PR #234) — keep this PR separate from that work unless the worker concludes consolidation is cleaner.Worker instructions
Before bumping anything:
git logonmain— many of these may have already been resolved.chore: update dependencies(orchore(security): ...if security-driven). PR body should useCloses #<this-issue>.gh pr ready <num>. If the repo has no CI workflow, open ready from the start.--add-reviewer rubenhensen.Conventions:
chore:,fix:,feat:).main), close the issue with evidence (commit/PR hash) — do not ship an empty PR./dobby