chore(deps): update dependency @sveltejs/kit to v2.48.3

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@sveltejs/kit (source)	2.48.2 -> 2.48.3

---

Release Notes

sveltejs/kit (@​sveltejs/kit)

v2.48.3

Compare Source

Patch Changes

• fix: include hash when using resolve with hash routing enabled (#​14786)

• fix: afterNavigate callback not running after hydration when experimental async is enabled (#​14644)
  fix: Snapshot restore method not called after reload when experimental async is enabled

• fix: expose issue.path in .allIssues() (#​14784)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

Pull Request Review - SvelteKit v2.48.3 Update

Summary

This PR updates @sveltejs/kit from 2.48.2 to 2.48.3, a minor patch release. The update is automated by Renovate and includes only dependency lockfile changes.

Code Quality & Best Practices ✅

Positive aspects:

• Clean dependency update with no source code changes required
• Follows semantic versioning (patch update)
• Automated dependency management via Renovate is a good practice
• Changes are isolated to lockfiles (package-lock.json and yarn.lock)

Note: The repository appears to be using both npm (package-lock.json) and Yarn (yarn.lock). Consider standardizing on one package manager to avoid potential inconsistencies.

Changes Analysis

SvelteKit 2.48.3 includes three bug fixes:

1. Hash routing fix - Includes hash when using resolve with hash routing enabled (#14786)
2. Async navigation fix - afterNavigate callback now runs correctly after hydration when experimental async is enabled (#14644)
3. Schema validation fix - Properly exposes issue.path in .allIssues() (#14784)

Additional dependency updates:

• devalue: 5.3.2 → 5.4.2
• esrap: 2.1.1 → 2.1.0 (appears to be a revert)
• set-cookie-parser: 2.7.1 → 2.7.2
• sirv: 3.0.1 → 3.0.2
• Various registry URL changes (npmjs.org ↔ yarnpkg.com) - cosmetic, no functional impact

Potential Issues 🔍

Low risk items:

1. Dual package managers - Both npm and yarn lockfiles are present. This could lead to dependency drift if not managed carefully.
2. Esrap version rollback - The esrap package appears to roll back from 2.1.1 to 2.1.0. This is likely intentional (perhaps 2.1.1 had issues), but worth noting.

Performance Considerations ⚡

No performance concerns:

• Patch updates typically don't introduce performance regressions
• The bug fixes may actually improve performance in edge cases (especially the async navigation fix)
• Bundle size impact should be negligible

Security Concerns 🔒

No security issues identified:

• ✅ GitGuardian security checks passed
• All updated packages are from trusted sources (Svelte team, etc.)
• No known vulnerabilities in the updated versions
• Patch updates typically focus on stability rather than security, but no red flags

Test Coverage 📊

CI Status:

• ✅ Frontend build passed successfully
• ✅ Rustfmt passed
• ⏳ Other checks still in progress (Check, Test Suite, Clippy)

Recommendation: Wait for all CI checks to complete before merging, particularly the Test Suite checks.

Test considerations:

• Since this is a framework update, integration tests should verify navigation flows
• If your app uses hash routing, the experimental async feature, or form validation with detailed error paths, manual testing of those features would be beneficial
• The changes are in dev dependencies, so production runtime is unaffected

Recommendation 👍

APPROVE with minor notes:

This is a safe, low-risk patch update that fixes several bugs in SvelteKit. The changes are automatically managed and follow best practices.

Before merging:

1. ✅ Wait for all CI checks to complete
2. 📋 Consider standardizing on a single package manager (npm or yarn)
3. 🧪 Optional: Manually test any features using hash routing or experimental async navigation if applicable

Confidence Level: High - This is a routine patch update from the official Svelte team with clear bug fixes and no breaking changes.

---

Review generated with assistance from Claude Code

[claude]

Pull Request Review: Update @sveltejs/kit to v2.48.3

Summary

This PR updates @sveltejs/kit from version 2.48.2 to 2.48.3, a patch release containing bug fixes.

Code Quality & Best Practices ✅

• Automated dependency management: Renovate is properly configured and working as expected
• Semantic versioning: This is a patch update (2.48.2 → 2.48.3), indicating backward-compatible bug fixes
• Lock file updates: Both package-lock.json and yarn.lock are properly updated

Changes Analysis

What's Fixed in v2.48.3:

1. Hash routing fix: Includes hash when using resolve with hash routing enabled (#14786)
2. afterNavigate callback: Fixed callback not running after hydration when experimental async is enabled (#14644)
3. Snapshot restore: Fixed restore method not called after reload with experimental async enabled
4. Issue path exposure: Fixed exposing issue.path in .allIssues() (#14784)

Potential Bugs & Issues ✅

No issues identified. These are all bug fixes from the upstream library. The changes:

• Fix navigation-related bugs
• Improve developer experience with better error reporting
• Are isolated to the SvelteKit framework layer

Performance Considerations ⚡

Positive impact:

• The afterNavigate callback fix should improve application behavior during hydration
• Snapshot restore fixes may improve page reload performance
• No performance regressions expected from these bug fixes

Security Concerns 🔒

No security concerns identified:

• This is a patch release with bug fixes only
• No security advisories associated with this update
• Dependencies are properly scoped as devDependencies and peer dependencies
• Renovate bot is from a trusted source (Mend.io)

Test Coverage

Note: This is a dependency update of a peer dependency. Testing considerations:

• The package specifies @sveltejs/kit@^2.17.1 in package.json, which allows for this minor version update
• Recommend running existing test suite and manual testing focused on:
  • Navigation flows (especially with hash routing if used)
  • Page hydration behavior
  • Snapshot restoration on page reloads
  • Any areas using .allIssues() error handling

Additional Observations

1. Multiple lock files: The project uses both package-lock.json and yarn.lock. Consider standardizing on one package manager to avoid potential inconsistencies.
2. Automerge enabled: This PR has automerge enabled, which is appropriate for patch-level dependency updates with proper CI checks.

Recommendation

✅ APPROVE - This is a safe, beneficial update that:

• Fixes multiple bugs in SvelteKit
• Follows proper semantic versioning
• Has no breaking changes or security concerns
• Is automatically managed by Renovate

The PR can be merged once CI checks pass. If you're using hash routing, the afterNavigate callback, or snapshot functionality, this update is particularly beneficial.