fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@changesets/cli (source)	^2.27.12 -> ^2.28.1
@eslint/js (source)	^9.19.0 -> ^9.20.0
@stylistic/eslint-plugin-js (source)	^3.0.1 -> ^3.1.0
@sveltejs/kit (source)	^2.17.1 -> ^2.17.2
@types/node (source)	^22.13.1 -> ^22.13.4
@types/node@<=20.12.0 (source)	20.17.17 -> 20.17.19
carbon-components-svelte	^0.87.4 -> ^0.87.5
carbon-icons-svelte (source)	^13.1.0 -> ^13.2.0
compression	^1.7.5 -> ^1.8.0
eslint (source)	^9.19.0 -> ^9.20.1
globals	^15.14.0 -> ^15.15.0
pnpm (source)	10.2.0 -> 10.4.1
postcss (source)	^8.5.1 -> ^8.5.3
prettier (source)	^3.4.2 -> ^3.5.1
publint (source)	^0.3.2 -> ^0.3.6
sass	^1.83.4 -> ^1.85.0
sirv	^3.0.0 -> ^3.0.1
svelte (source)	^5.19.7 -> ^5.20.2
typescript-eslint (source)	^8.23.0 -> ^8.24.1
vite (source)	^6.0.11 -> ^6.1.1
vitest (source)	^3.0.5 -> ^3.0.6

---

Release Notes

changesets/changesets (@​changesets/cli)

v2.28.1

Compare Source

Patch Changes

• Updated dependencies [b9df596]:
  • @​changesets/config@​3.1.1
  • @​changesets/apply-release-plan@​7.0.10
  • @​changesets/get-release-plan@​4.0.8

v2.28.0

Compare Source

eslint/eslint (@​eslint/js)

v9.20.0

Compare Source

eslint-stylistic/eslint-stylistic (@​stylistic/eslint-plugin-js)

v3.1.0

Compare Source

Features

• generic-spacing: remove spaces in type param instantiation (#​677) (2a29e28)

sveltejs/kit (@​sveltejs/kit)

v2.17.2

Compare Source

Patch Changes

• fix: add promise return type to the enhance action callback (#​13420)

• fix: change server-side route resolution endpoint (#​13461)

carbon-design-system/carbon-components-svelte (carbon-components-svelte)

v0.87.5

Compare Source

carbon-design-system/carbon-icons-svelte (carbon-icons-svelte)

v13.2.0

Compare Source

Features

• upgrade @carbon/icons to v11.55.0 (net +18 icons)

expressjs/compression (compression)

v1.8.0

Compare Source

==================

• Use res.headersSent when available
• Replace _implicitHeader with writeHead property
• add brotli support for versions of node that support it
• Add the enforceEncoding option for requests without Accept-Encoding header

eslint/eslint (eslint)

v9.20.1

Compare Source

v9.20.0

Compare Source

sindresorhus/globals (globals)

v15.15.0

Compare Source

• Regenerate vitest globals (#​279) 445df81

---

pnpm/pnpm (pnpm)

v10.4.1

Compare Source

Patch Changes

• Throws an error when the value provided by the --allow-build option overlaps with the pnpm.ignoredBuildDependencies list #​9105.
• Print pnpm's version after the execution time at the end of the console output.
• Print warning about ignored builds of dependencies on repeat install #​9106.
• Setting init-package-manager should work.

v10.4.0

Compare Source

Minor Changes

• pnpm approve-builds --global works now for allowing dependencies of globally installed packages to run postinstall scripts.

• The pnpm add command now supports a new flag, --allow-build, which allows building the specified dependencies. For instance, if you want to install a package called bundle that has esbuild as a dependency and want to allow esbuild to run postinstall scripts, you can run:

  pnpm --allow-build=esbuild add bundle
  

  This will run esbuild's postinstall script and also add it to the pnpm.onlyBuiltDependencies field of package.json. So, esbuild will always be allowed to run its scripts in the future.

  Related PR: #​9086.

• The pnpm init command adds a packageManager field with the current version of pnpm CLI #​9069. To disable this behaviour, set the init-package-manager setting to false.

Patch Changes

• pnpm approve-builds should work after two consecutive pnpm install runs #​9083.
• Fix instruction for updating pnpm with corepack #​9101.
• The pnpm version specified by packageManager cannot start with v.

v10.3.0

Compare Source

Minor Changes

• Added a new setting called strict-dep-builds. When enabled, the installation will exit with a non-zero exit code if any dependencies have unreviewed build scripts (aka postinstall scripts) #​9071.

Patch Changes

• Fix a false negative of verify-deps-before-run after pnpm install --production|--no-optional #​9019.
• Print the warning about blocked installation scripts at the end of the installation output and make it more prominent.

v10.2.1

Compare Source

Patch Changes

• Don't read a package from side-effects cache if it isn't allowed to be built #​9042.
• pnpm approve-builds should work, when executed from a subdirectory of a workspace #​9042.
• pnpm deploy --legacy should work without injected dependencies.
• Add information about how to deploy without "injected dependencies" to the "pnpm deploy" error message.

postcss/postcss (postcss)

v8.5.3

Compare Source

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

v8.5.2

Compare Source

• Fixed end position of rules with semicolon (by @​romainmenke).

prettier/prettier (prettier)

v3.5.1

Compare Source

diff

Fix CLI crash when cache for old version exists (#​17100 by @​sosukesuzuki)

Prettier 3.5 uses a different cache format than previous versions, Prettier 3.5.0 crashes when reading existing cache file, Prettier 3.5.1 fixed the problem.

Support dockercompose and github-actions-workflow in VSCode (#​17101 by @​remcohaszing)

Prettier now supports the dockercompose and github-actions-workflow languages in Visual Studio Code.

v3.5.0

Compare Source

diff

🔗 Release Notes

publint/publint (publint)

v0.3.6

Compare Source

Patch Changes

• Fix checking bin field file path that omits .js or /index.js (04f289e)

v0.3.5

Compare Source

Patch Changes

• Check the "bin" field if the referenced file exists, has the correct JS format, and can be executed (#​150)

• Deprecate the deps command. The command has been tricky to maintain and incomplete (e.g. doesn't lint recursively). A separate tool can be used to run publint on dependencies instead, e.g. npx renoma --filter-rules "publint". (#​149)

v0.3.4

Compare Source

Patch Changes

• When globbing "exports" values that contains *, also respect "exports" keys that mark paths as null. For example: (b9605ae)

  {
    "exports": {
      "./*": "./dist/*",
      "./browser/*": null
    }
  }

  The glob in "./*": "./dist/*" will no longer match and lint files in "./browser/*" as it's marked null (internal).

• Update logs when running the publint CLI: (58d96a2)

  • The publint version is now displayed.
  • The packing command is also displayed.
  • Messages are now logged in the order of errors, warnings, and suggestions, instead of the other way round, to prioritize errors.
  • The publint deps command no longer logs passing dependencies. Only failing dependencies are logged.

  Examples:

  $ npx publint
  $ Running publint v0.X.X for my-library...
  $ Packing files with `npm pack`...
  $ All good!

  $ npx publint deps
  $ Running publint v0.X.X for my-library deps...
  $ x my-dependency
  $ Errors:
  $ 1. ...

• Fix detecting shorthand repository URLs with the . character (09d8cbb)

• Clarify message when "types" is not the first condition in the "exports" field (5a6ba00)

• Correctly detect if a "types" value in "exports" is used for dual publishing (3f3d8b2)

v0.3.3

Compare Source

Patch Changes

• Rename EXPORT_TYPES_INVALID_FORMAT message to EXPORTS_TYPES_INVALID_FORMAT (#​139)

• Allow versioned types conditions (e.g. "types@>=5.2") in "exports" when checking for "types" condition ordering (#​138)

sass/dart-sass (sass)

v1.85.0

Compare Source

• No longer fully trim redundant selectors generated by @extend. This caused
  unacceptable performance issues for certain heavy users of @extend. We'll
  try to find a more performant way to accomplish it in the future.

v1.84.0

Compare Source

• Allow newlines in whitespace in the indented syntax.

• Potentially breaking bug fix: Selectors with unmatched brackets now always
  produce a parser error. Previously, some edge cases like [foo#{"]:is(bar"}) {a: b} would compile without error, but this was an unintentional bug.

• Fix a bug in which various Color Level 4 functions weren't allowed in plain
  CSS.

• Fix the error message for @extend without a selector and possibly other
  parsing edge-cases in contexts that allow interpolation.

Embedded Host

• Fixed the implementation of the SassBoolean type to adhere to the spec,
  now using a class instead of an interface.

lukeed/sirv (sirv)

v3.0.1

Compare Source

Patches

• (sirv): ensure "types" field points to real file (#​169)
  Thank you @​bluwy

• (sirv-cli): ensure PORT is used if available (#​165, #​164)
  When string, always chose a random port.
  Thank you @​pixeldrew

---

Full Changelog: lukeed/sirv@v3.0.0...v3.0.1

sveltejs/svelte (svelte)

v5.20.2

Compare Source

Patch Changes

• chore: remove unused options.uid in render (#​15302)

• fix: do not warn for binding_property_non_reactive if binding is a store in an each (#​15318)

• fix: prevent writable store value from becoming a proxy when reassigning using $-prefix (#​15283)

• fix: muted reactive without bind and select/autofocus attributes working with function calls (#​15326)

• fix: ensure input elements and elements with dir attribute are marked as non-static (#​15259)

• fix: fire delegated events on target even it was disabled in the meantime (#​15319)

v5.20.1

Compare Source

Patch Changes

• fix: ensure AST analysis on svelte.js modules succeeds (#​15297)

• fix: ignore typescript abstract methods (#​15267)

• fix: correctly ssr component in svelte:head with $props.id() or css='injected' (#​15291)

v5.20.0

Compare Source

Minor Changes

• feat: SSR-safe ID generation with $props.id() (#​15185)

Patch Changes

• fix: take private and public into account for constant_assignment of derived state (#​15276)

• fix: value/checked not correctly set using spread (#​15239)

• chore: tweak effect self invalidation logic, run transition dispatches without reactive context (#​15275)

• fix: use importNode to clone templates for Firefox (#​15272)

• fix: recurse into $derived for ownership validation (#​15166)

v5.19.10

Compare Source

Patch Changes

• fix: when re-connecting unowned deriveds, remove their unowned flag (#​15255)

• fix: allow mutation of private derived state (#​15228)

v5.19.9

Compare Source

Patch Changes

• fix: ensure unowned derived dependencies are not duplicated when reactions are skipped (#​15232)

• fix: hydrate href that is part of spread attributes (#​15226)

v5.19.8

Compare Source

Patch Changes

• fix: properly set value property of custom elements (#​15206)

• fix: ensure custom element updates don't run in hydration mode (#​15217)

• fix: ensure tracking returns true, even if in unowned (#​15214)

typescript-eslint/typescript-eslint (typescript-eslint)

v8.24.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.24.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

vitejs/vite (vite)

v6.1.1

Compare Source

• fix: ensure .[cm]?[tj]sx? static assets are JS mime (#​19453) (e7ba55e), closes #​19453
• fix: ignore *.ipv4 address in cert (#​19416) (973283b), closes #​19416
• fix(css): run rewrite plugin if postcss plugin exists (#​19371) (bcdb51a), closes #​19371
• fix(deps): bump tsconfck (#​19375) (746a583), closes #​19375
• fix(deps): update all non-major dependencies (#​19392) (60456a5), closes #​19392
• fix(deps): update all non-major dependencies (#​19440) (ccac73d), closes #​19440
• fix(html): ignore malformed src attrs (#​19397) (aff7812), closes #​19397
• fix(worker): fix web worker type detection (#​19462) (edc65ea), closes #​19462
• refactor: remove custom .jxl mime (#​19457) (0c85464), closes #​19457
• feat: add support for injecting debug IDs (#​18763) (0ff556a), closes #​18763
• chore: update 6.1.0 changelog (#​19363) (fa7c211), closes #​19363

v6.1.0

Compare Source

• refactor: deprecate vite optimize command (#​19348) (6e0e3c0), closes #​19348
• feat: show hosts in cert in CLI (#​19317) (a5e306f), closes #​19317
• feat: support for env var for defining allowed hosts (#​19325) (4d88f6c), closes #​19325
• feat: use native runtime to import the config (#​19178) (7c2a794), closes #​19178
• fix: avoid builtStart during vite optimize (#​19356) (fdb36e0), closes #​19356
• fix(build): fix stale build manifest on watch rebuild (#​19361) (fcd5785), closes #​19361

vitest-dev/vitest (vitest)

v3.0.6

Compare Source

   🐞 Bug Fixes

• Fix getMockedSystemTime for useFakeTimer  -  by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/7405 (03912)
• Compat for jest-image-snapshot  -  by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/7390 (9542b)
• Ensure project names are readable in dark terminals  -  by @​rgrove in https://github.com/vitest-dev/vitest/issues/7371 (bb94c)
• Exclude queueMicrotask from default fake timers to not break node fetch  -  by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/7505 (167a9)
• browser:
  • Fix mocking modules out of root  -  by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/7415 (d3acb)
  • Fix toHaveClass typing  -  by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/7383 (7ef23)
  • Relax locator selectors methods  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/7422 (1b8c5)
  • Resolve thread count from maxWorkers  -  by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/7483 (adbb2)
  • Cleanup timeout on resolve and give more information in the error  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/7487 (5a45a)
• coverage:
  • vite-node to pass correct execution wrapper offset  -  by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/7417 (1f2e5)
  • Preserve moduleExecutionInfo in non-isolated runs  -  by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/7486 (f31a0)
• deps:
  • Update all non-major dependencies  -  by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/7363 (e348b)
  • Update all non-major dependencies  -  by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/7507 (6cc40)
• init:
  • Invalid browser config  -  by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/7475 (8fe64)
• reporters:
  • Render tasks in tree when in TTY  -  by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/7503 (027ce)
• vite-node:
  • Remove fake first line mapping on Vite 6  -  by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/7124 (b9973)
• watch:
  • Properly remove cache after removing existing test files  -  by @​soc221b in https://github.com/vitest-dev/vitest/issues/7399 (01a59)
• workspace:
  • Forward inspect related cli options  -  by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/7373 (ed15b)

    View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.