deps(example): Bump the dependencies group across 1 directory with 12 updates

[dependabot]

Bumps the dependencies group with 12 updates in the /examples/sveltekit directory:

Package	From	To
@sveltejs/adapter-auto	3.2.0	3.2.1
@sveltejs/kit	2.5.9	2.5.10
@sveltejs/vite-plugin-svelte	3.1.0	3.1.1
@typescript-eslint/eslint-plugin	7.9.0	7.12.0
@typescript-eslint/parser	7.9.0	7.12.0
eslint-plugin-svelte	2.39.0	2.39.2
prettier	3.2.5	3.3.1
prettier-plugin-svelte	3.2.3	3.2.4
svelte	4.2.17	4.2.18
svelte-check	3.7.1	3.8.0
tslib	2.6.2	2.6.3
vite	5.2.11	5.2.13

Updates @sveltejs/adapter-auto from 3.2.0 to 3.2.1

Release notes

Sourced from @​sveltejs/adapter-auto's releases.

@​sveltejs/adapter-auto@​3.2.1

Patch Changes

• fix: bump import-meta-resolve to remove deprecation warnings (#12240)

• Updated dependencies [460d4526c80358958e58a2451fe1b663fdc656e9, 16cd900c304e0cf0f16b484aa61a5ba0531d8751]:

  • @​sveltejs/kit@​2.5.10

Changelog

Sourced from @​sveltejs/adapter-auto's changelog.

3.2.1

Patch Changes

• fix: bump import-meta-resolve to remove deprecation warnings (#12240)

• Updated dependencies [460d4526c80358958e58a2451fe1b663fdc656e9, 16cd900c304e0cf0f16b484aa61a5ba0531d8751]:

  • @​sveltejs/kit@​2.5.10

Commits

• b0116ff Version Packages (#12230)
• 16cd900 fix: bump import-meta-resolve (#12240)
• See full diff in compare view

Updates @sveltejs/kit from 2.5.9 to 2.5.10

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.5.10

Patch Changes

• fix: exclude server files from optimizeDeps.entries (#12242)

• fix: bump import-meta-resolve to remove deprecation warnings (#12240)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.5.10

Patch Changes

• fix: exclude server files from optimizeDeps.entries (#12242)

• fix: bump import-meta-resolve to remove deprecation warnings (#12240)

Commits

• b0116ff Version Packages (#12230)
• 16cd900 fix: bump import-meta-resolve (#12240)
• 460d452 fix: exclude server files from optimizeDeps.entries (#12242)
• See full diff in compare view

Updates @sveltejs/vite-plugin-svelte from 3.1.0 to 3.1.1

Release notes

Sourced from @​sveltejs/vite-plugin-svelte's releases.

@​sveltejs/vite-plugin-svelte@​3.1.1

Patch Changes

• fix: ensure vite config is only resolved once during lazy init of vitePreprocess (#917)

• fix: disable hmr when vite config server.hmr is false (#917)

Changelog

Sourced from @​sveltejs/vite-plugin-svelte's changelog.

3.1.1

Patch Changes

• fix: ensure vite config is only resolved once during lazy init of vitePreprocess (#917)

• fix: disable hmr when vite config server.hmr is false (#917)

Commits

• 9515421 Version Packages (#923)
• 722f8ff chore: backport fixes (#917)
• 6c59572 chore(deps): update all non-major dependencies (#885)
• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 7.9.0 to 7.12.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v7.12.0

7.12.0 (2024-06-03)

🚀 Features

• eslint-plugin: [no-useless-template-literals] rename to no-useless-template-expression (deprecate no-useless-template-literals) (#8821)
• eslint-plugin: [no-floating-promises] add option 'allowForKnownSafePromises' (#9186)
• rule-tester: check for parsing errors in suggestion fixes (#9052)
• rule-tester: port checkDuplicateTestCases from ESLint (#9026)

🩹 Fixes

• no-useless-template-expression -> no-unnecessary-template-expression (#9174)
• eslint-plugin: [no-unnecessary-type-assertion] combine template literal check with const variable check (#8820)
• eslint-plugin: [dot-notation] fix false positive when accessing private/protected property with optional chaining (#8851)
• eslint-plugin: [explicit-member-accessibility] refine report locations (#8869)
• eslint-plugin: [no-unnecessary-type-assertion] declares are always defined, so always check declares (#8901)
• eslint-plugin: [prefer-literal-enum-member] allow using member it self on allowBitwiseExpressions (#9114)
• eslint-plugin: [return-await] clean up in-try-catch detection and make autofixes safe (#9031)
• eslint-plugin: [member-ordering] also TSMethodSignature can be get/set (#9193)
• types: correct typing ParserOptions (#9202)

❤️ Thank You

• Abraham Guo
• Han Yeong-woo @​nix6839
• Joshua Chen
• Kim Sang Du @​developer-bandi
• Kirk Waiblinger
• YeonJuan @​yeonjuan

You can read about our versioning strategy and releases on our website.

v7.11.0

7.11.0 (2024-05-27)

🚀 Features

• eslint-plugin: deprecate prefer-ts-expect-error in favor of ban-ts-comment (#9081)

🩹 Fixes

• ast-spec: add EmptyStatement to Statement (#8892)
• eslint-plugin: [consistent-type-assertions] prevent syntax errors on arrow functions (#8826)
• typescript-estree: truncate number of files printed by the maximum file error (#9127)

❤️ Thank You

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

7.12.0 (2024-06-03)

🚀 Features

• eslint-plugin: [no-useless-template-literals] rename to no-useless-template-expression (deprecate no-useless-template-literals)

• rule-tester: check for parsing errors in suggestion fixes

• rule-tester: port checkDuplicateTestCases from ESLint

• eslint-plugin: [no-floating-promises] add option 'allowForKnownSafePromises'

🩹 Fixes

• no-useless-template-expression -> no-unnecessary-template-expression

• eslint-plugin: [no-unnecessary-type-assertion] combine template literal check with const variable check

• eslint-plugin: [dot-notation] fix false positive when accessing private/protected property with optional chaining

• eslint-plugin: [explicit-member-accessibility] refine report locations

• eslint-plugin: [no-unnecessary-type-assertion] declares are always defined, so always check declares

• eslint-plugin: [prefer-literal-enum-member] allow using member it self on allowBitwiseExpressions

• eslint-plugin: [return-await] clean up in-try-catch detection and make autofixes safe

• eslint-plugin: [member-ordering] also TSMethodSignature can be get/set

❤️ Thank You

• Abraham Guo
• Han Yeong-woo
• Joshua Chen
• Kim Sang Du
• Kirk Waiblinger
• YeonJuan

You can read about our versioning strategy and releases on our website.

7.11.0 (2024-05-27)

🚀 Features

• eslint-plugin: deprecate prefer-ts-expect-error in favor of ban-ts-comment

... (truncated)

Commits

• 7e93b28 chore(release): publish 7.12.0
• d0adcf1 docs: clarify what require-await does (#9200)
• 04990d5 feat(eslint-plugin): [no-floating-promises] add option 'allowForKnownSafeProm...
• ad85249 docs: mention related ESLint rules in no-unused-vars page (#9198)
• e80a8d6 docs: improve description for no-dynamic-delete (#9195)
• 9f92b30 docs: explicitly mention unbound-method limitation with thisArg (#9197)
• 08a9448 docs: add example with PascalCase function components (#9196)
• 5ca7f6e feat(rule-tester): port checkDuplicateTestCases from ESLint (#9026)
• a9dd526 fix(eslint-plugin): [member-ordering] also TSMethodSignature can be get/set (...
• 2619c3b fix(eslint-plugin): [return-await] clean up in-try-catch detection and make a...
• Additional commits viewable in compare view

Updates @typescript-eslint/parser from 7.9.0 to 7.12.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v7.12.0

7.12.0 (2024-06-03)

🚀 Features

• eslint-plugin: [no-useless-template-literals] rename to no-useless-template-expression (deprecate no-useless-template-literals) (#8821)
• eslint-plugin: [no-floating-promises] add option 'allowForKnownSafePromises' (#9186)
• rule-tester: check for parsing errors in suggestion fixes (#9052)
• rule-tester: port checkDuplicateTestCases from ESLint (#9026)

🩹 Fixes

• no-useless-template-expression -> no-unnecessary-template-expression (#9174)
• eslint-plugin: [no-unnecessary-type-assertion] combine template literal check with const variable check (#8820)
• eslint-plugin: [dot-notation] fix false positive when accessing private/protected property with optional chaining (#8851)
• eslint-plugin: [explicit-member-accessibility] refine report locations (#8869)
• eslint-plugin: [no-unnecessary-type-assertion] declares are always defined, so always check declares (#8901)
• eslint-plugin: [prefer-literal-enum-member] allow using member it self on allowBitwiseExpressions (#9114)
• eslint-plugin: [return-await] clean up in-try-catch detection and make autofixes safe (#9031)
• eslint-plugin: [member-ordering] also TSMethodSignature can be get/set (#9193)
• types: correct typing ParserOptions (#9202)

❤️ Thank You

• Abraham Guo
• Han Yeong-woo @​nix6839
• Joshua Chen
• Kim Sang Du @​developer-bandi
• Kirk Waiblinger
• YeonJuan @​yeonjuan

You can read about our versioning strategy and releases on our website.

v7.11.0

7.11.0 (2024-05-27)

🚀 Features

• eslint-plugin: deprecate prefer-ts-expect-error in favor of ban-ts-comment (#9081)

🩹 Fixes

• ast-spec: add EmptyStatement to Statement (#8892)
• eslint-plugin: [consistent-type-assertions] prevent syntax errors on arrow functions (#8826)
• typescript-estree: truncate number of files printed by the maximum file error (#9127)

❤️ Thank You

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

7.12.0 (2024-06-03)

🩹 Fixes

• types: correct typing ParserOptions

❤️ Thank You

• Abraham Guo
• Han Yeong-woo
• Joshua Chen
• Kim Sang Du
• Kirk Waiblinger
• YeonJuan

You can read about our versioning strategy and releases on our website.

7.11.0 (2024-05-27)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

7.10.0 (2024-05-20)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

• 7e93b28 chore(release): publish 7.12.0
• 2bbf656 fix(types): correct typing ParserOptions (#9202)
• e360541 chore(release): publish 7.11.0
• c18226e chore(release): publish 7.10.0
• See full diff in compare view

Updates eslint-plugin-svelte from 2.39.0 to 2.39.2

Release notes

Sourced from eslint-plugin-svelte's releases.

[email protected]

Patch Changes

• #775 0e85eba Thanks @​ota-meshi! - fix: README is not publish

[email protected]

Patch Changes

• #772 0ecab95 Thanks @​ota-meshi! - fix: false positive for kebab-case with svelte v5 in svelte/no-unused-svelte-ignore

Commits

• d3b36f2 chore: release eslint-plugin-svelte (#776)
• 0e85eba fix: README is not publish (#775)
• 2a92602 chore: release eslint-plugin-svelte (#774)
• 8e568c4 chore: fix packages/eslint-plugin-svelte/tools/lib/changesets-util.ts
• c9f361e chore: fix version script
• 0ecab95 fix: false positive for kebab-case with svelte v5 in `svelte/no-unused-svelte...
• 13cf65c chore(deps): update dependency svelte to v5.0.0-next.152
• d11f282 fix: GHPages workflow
• bcc658e chore(deps): update dependency svelte to v5.0.0-next.151 (#769)
• eeacb5c chore(deps): update dependency markdown-it-anchor to v9 (#760)
• Additional commits viewable in compare view

Updates prettier from 3.2.5 to 3.3.1

Release notes

Sourced from prettier's releases.

3.3.1

🔗 Changelog

3.3.0

diff

🔗 Release note

Changelog

Sourced from prettier's changelog.

3.3.1

diff

Preserve empty lines in front matter (#16347 by @​fisker)

<!-- Input -->
---
foo:
  - bar1


bar2


bar3



Markdown
<!-- Prettier 3.3.0 -->

foo:

bar1
bar2
bar3


Markdown
<!-- Prettier 3.3.1 -->
foo:


bar1


bar2


bar3



Markdown

Preserve explicit language in front matter (#16348 by @​fisker)

<!-- Input -->
---yaml
</tr></table> 

... (truncated)

Commits

• 92cbd33 Release 3.3.1
• 446a86e Update execa to v9
• efc3d05 Avoid line breaks in import attributes (#16349)
• 4a5b26f Use while (true) instead of for (;;) (#16354)
• 1c43973 Only add version to .git-blame-ignore-revs when files changed (#16352)
• ab65eb4 chore(deps): update dependency eslint-plugin-react to v7.34.2 (#16353)
• 86268eb chore(deps): update eslint related dependencies (major) (#16208)
• ddce4fb Move import attribute unquote test to a separate directory (#16350)
• 450b178 Print AtHead node from glimmer via print() (#16346)
• b94811f Fix stripTrailingHardline (#16347)
• Additional commits viewable in compare view

Updates prettier-plugin-svelte from 3.2.3 to 3.2.4

Changelog

Sourced from prettier-plugin-svelte's changelog.

3.2.4

• (fix) speed up regex

Commits

• f57f888 chore: release 3.2.4
• 268c26d fix: adjust regex
• 5516102 chore: check types in ci (#437)
• See full diff in compare view

Updates svelte from 4.2.17 to 4.2.18

Release notes

Sourced from svelte's releases.

[email protected]

Patch Changes

• chore: speed up regex (#11922)

Changelog

Sourced from svelte's changelog.

4.2.18

Patch Changes

• chore: speed up regex (#11922)

Commits

• 230916f Version Packages (#11925)
• dbe6057 chore: speed up regex (#11922)
• See full diff in compare view

Updates svelte-check from 3.7.1 to 3.8.0

Release notes

Sourced from svelte-check's releases.

svelte-check-3.8.0

• fix: allow for whitespace in snippets declaration (#2366)
• fix: allow as expressions for bindable props (#2372)
• fix: force correct semantic tokens for $props types (#2379)
• feat: Svelte 5 component class/function interop (#2380)

Commits

• 2478212 feat: Svelte 5 component class/function interop (#2380)
• 15a4aab fix: don't debounce document symbol request (#2382)
• 6e57bce feat: syntax highlight for svelte code block in mdx (#2381)
• cf00f03 fix: use correct semantic tokens for $props types (#2379)
• 7409890 fix: component import quick-fix with "did you mean" diagnostics (#2373)
• 3147c81 feat: allow as expressions for bindable props (#2372)
• 80622df fix: allow for whitespace in snippets declaration (#2366)
• See full diff in compare view

Updates tslib from 2.6.2 to 2.6.3

Release notes

Sourced from tslib's releases.

v2.6.3

What's Changed

• 'await using' normative changes by @​rbuckton in microsoft/tslib#258

Full Changelog: microsoft/tslib@v2.6.2...v2.6.3

Commits

• a280d4b 2.6.3
• 983d81b 'await using' normative changes (#258)
• 54cd71c Bump the github-actions group with 3 updates (#253)
• 298efd9 Bump the github-actions group with 1 update (#242)
• e8b4418 Bump the github-actions group with 1 update (#241)
• ae8c5c3 Bump the github-actions group with 2 updates (#240)
• 2b38d87 JSDoc typo on __exportStar. (#221)
• 8466326 Bump the github-actions group with 1 update (#233)
• a57d986 Bump the github-actions group with 1 update (#230)
• 2bf5a06 Bump the github-actions group with 2 updates (#228)
• Additional commits viewable in compare view

Updates vite from 5.2.11 to 5.2.13

Changelog

Sourced from vite's changelog.

5.2.13 (2024-06-07)

• fix: backport to 5.2 (#17411) (e6913d1), closes #17411

5.2.12 (2024-05-28)

• chore: move to eslint flat config (#16743) (8f16765), closes #16743
• chore(deps): remove unused deps (#17329) (5a45745), closes #17329
• chore(deps): update all non-major dependencies (#16722) (b45922a), closes #16722
• fix: mention build.rollupOptions.output.manualChunks instead of build.rollupOutput.manualChunks (89378c0), closes #16721
• fix(build): make SystemJSWrapRE match lazy (#16633) (6583ad2), closes #16633
• fix(css): avoid generating empty JS files when JS files becomes empty but has CSS files imported (#1 (95fe5a7), closes #16078
• fix(css): handle lightningcss compiled css in Deno (#17301) (8e4e932), closes #17301
• fix(css): only use files the current bundle contains (#16684) (15a6ebb), closes #16684
• fix(css): page reload was not happening with .css?raw (#16455) (8041846), closes #16455
• fix(deps): update all non-major dependencies (#16603) (6711553), closes #16603
• fix(deps): update all non-major dependencies (#16660) (bf2f014), closes #16660
• fix(deps): update all non-major dependencies (#17321) (4a89766), closes #17321
• fix(error-logging): rollup errors weren't displaying id and codeframe (#16540) (22dc196), closes #16540
• fix(hmr): normalize the path info (#14255) (6a085d0), closes #14255
• fix(hmr): trigger page reload when calling invalidate on root module (#16636) (2b61cc3), closes #16636
• fix(logger): truncate log over 5000 characters long (#16581) (b0b839a), closes #16581
• fix(optimizer): log dependencies added by plugins (#16729) (f0fb987), closes #16729
• fix(sourcemap): improve sourcemap compatibility for vue2 (#16594) (913c040), closes #16594
• docs: correct proxy shorthand example (#15938) (abf766e), closes #15938
• docs: deprecate server.hot (#16741) (e7d38ab), closes #16741

Commits

• 51bf7ea release: v5.2.13
• e6913d1 fix: backport to 5.2 (#17411)
• bed3faa release: v5.2.12
• 5a45745 chore(deps): remove unused deps (#17329)
• 15a6ebb fix(css): only use files the current bundle contains (#16684)
• f0fb987 fix(optimizer): log dependencies added by plugins (#16729)
• 8f16765 chore: move to eslint flat config (#16743)
• 8e4e932 fix(css): handle lightningcss compiled css in Deno (#17301)
• 4a89766 fix(deps): update all non-major dependencies (#17321)
• 6a085d0 fix(hmr): normalize the path info (#14255)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[trunk-io]

Merging to main in this repository is managed by Trunk.

• To merge this pull request, check the box to the left or comment /trunk merge below.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@sveltejs/[email protected]	environment	+1	84.6 kB	svelte-admin
npm/@sveltejs/[email protected]	environment, eval Transitive: filesystem	+15	1.47 MB	svelte-admin
npm/@sveltejs/[email protected]	None	+5	719 kB	svelte-admin
npm/@typescript-eslint/[email protected]	None	+6	0 B
npm/@typescript-eslint/[email protected]	None	+4	0 B
npm/[email protected]	Transitive: environment, filesystem, unsafe	+8	1.43 MB
npm/[email protected]	environment	0	1.5 MB	dummdidumm
npm/[email protected]	environment, filesystem, unsafe	0	8.25 MB	prettier-bot
npm/[email protected]	Transitive: environment, eval, filesystem, shell, unsafe	+70	21.5 MB	svelte-language-tools-deploy
npm/[email protected]	Transitive: unsafe	+11	5.7 MB	svelte-admin
npm/[email protected]	None	0	84.9 kB	typescript-bot
npm/[email protected]	Transitive: environment, filesystem, network, shell	+41	271 MB

🚮 Removed packages: npm/@sveltejs/[email protected], npm/@sveltejs/[email protected], npm/@sveltejs/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/@sveltejs/[email protected]	Install script: postinstall Source: node postinstall.js	examples/sveltekit/package-lock.json examples/sveltekit/package.json
Shell access	npm/[email protected]	Module: child_process Location: Package overview	Source
Network access	npm/[email protected]	Module: https Location: Package overview	Source
Network access	npm/[email protected]	Module: tls Location: Package overview	Source
Network access	npm/[email protected]	Module: net Location: Package overview	Source
Network access	npm/[email protected]	Module: http Location: Package overview	Source
Install scripts	npm/@sveltejs/[email protected]	Install script: postinstall Source: node postinstall.js	Source

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

What is shell access?

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

What is network access?

This module accesses the network.

Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/@sveltejs/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/@sveltejs/[email protected]

[blaine-arcjet]

@SocketSecurity ignore npm/@sveltejs/[email protected]
@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/@sveltejs/[email protected]

[dependabot]

Superseded by #921.