chore(deps): update dependency svelte to v4 [security]

[renovate[bot]]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
svelte (source)	3.46.4 -> 4.2.19

GitHub Vulnerability Alerts

CVE-2022-25875

The package svelte before 3.49.0 is vulnerable to Cross-site Scripting (XSS) due to improper input sanitization and to improper escape of attributes when using objects during SSR (Server-Side Rendering). Exploiting this vulnerability is possible via objects with a custom toString() function.

CVE-2024-45047

Summary

A potential XSS vulnerability exists in Svelte for versions prior to 4.2.19.

Details

Svelte improperly escapes HTML on server-side rendering. It converts strings according to the following rules:

• If the string is an attribute value:
  • " -> "
  • & -> &
  • Other characters -> No conversion
• Otherwise:
  • < -> <
  • & -> &
  • Other characters -> No conversion

The assumption is that attributes will always stay as such, but in some situation the final DOM tree rendered on browsers is different from what Svelte expects on server-side rendering. This may be leveraged to perform XSS attacks. More specifically, this can occur when injecting malicious content into an attribute within a <noscript> tag.

PoC

A vulnerable page (+page.svelte):

<script>
import { page } from "$app/stores"

// user input
let href = $page.url.searchParams.get("href") ?? "https://example.com";
</script>

<noscript>
  <a href={href}>test</a>
</noscript>

If a user accesses the following URL,

http://localhost:4173/?href=</noscript><script>alert(123)</script>

then, alert(123) will be executed.

Impact

XSS, when using an attribute within a noscript tag

---

Release Notes

sveltejs/svelte (svelte)

### [`v4.2.19`](https://redirect.github.com/sveltejs/svelte/releases/tag/svelte%404.2.19) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.18...svelte@4.2.19) ##### Patch Changes - fix: ensure typings for `` are picked up ([#​12902](https://redirect.github.com/sveltejs/svelte/pull/12902)) - fix: escape `<` in attribute strings ([#​12989](https://redirect.github.com/sveltejs/svelte/pull/12989)) ### [`v4.2.18`](https://redirect.github.com/sveltejs/svelte/releases/tag/svelte%404.2.18) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.17...svelte@4.2.18) ##### Patch Changes - chore: speed up regex ([#​11922](https://redirect.github.com/sveltejs/svelte/pull/11922)) ### [`v4.2.17`](https://redirect.github.com/sveltejs/svelte/releases/tag/svelte%404.2.17) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.16...svelte@4.2.17) ##### Patch Changes - fix: correctly handle falsy values of style directives in SSR mode ([#​11584](https://redirect.github.com/sveltejs/svelte/pull/11584)) ### [`v4.2.16`](https://redirect.github.com/sveltejs/svelte/releases/tag/svelte%404.2.16) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.15...svelte@4.2.16) ##### Patch Changes - fix: check if svelte component exists on custom element destroy ([#​11489](https://redirect.github.com/sveltejs/svelte/pull/11489)) ### [`v4.2.15`](https://redirect.github.com/sveltejs/svelte/releases/tag/svelte%404.2.15) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.14...svelte@4.2.15) ##### Patch Changes - support attribute selector inside :global() ([#​11135](https://redirect.github.com/sveltejs/svelte/pull/11135)) ### [`v4.2.14`](https://redirect.github.com/sveltejs/svelte/releases/tag/svelte%404.2.14) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.13...svelte@4.2.14) ##### Patch Changes - fix parsing camelcase container query name ([#​11131](https://redirect.github.com/sveltejs/svelte/pull/11131)) ### [`v4.2.13`](https://redirect.github.com/sveltejs/svelte/releases/tag/svelte%404.2.13) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.12...svelte@4.2.13) ##### Patch Changes - fix: applying :global for +,~ sibling combinator when slots are present ([#​9282](https://redirect.github.com/sveltejs/svelte/pull/9282)) ### [`v4.2.12`](https://redirect.github.com/sveltejs/svelte/releases/tag/svelte%404.2.12) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.11...svelte@4.2.12) ##### Patch Changes - fix: properly update `svelte:component` props when there are spread props ([#​10604](https://redirect.github.com/sveltejs/svelte/pull/10604)) ### [`v4.2.11`](https://redirect.github.com/sveltejs/svelte/releases/tag/svelte%404.2.11) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.10...svelte@4.2.11) ##### Patch Changes - fix: check that component wasn't instantiated in `connectedCallback` ([#​10466](https://redirect.github.com/sveltejs/svelte/pull/10466)) ### [`v4.2.10`](https://redirect.github.com/sveltejs/svelte/releases/tag/svelte%404.2.10) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.9...svelte@4.2.10) ##### Patch Changes - fix: add `scrollend` event type ([#​10336](https://redirect.github.com/sveltejs/svelte/pull/10336)) - fix: add `fetchpriority` attribute type ([#​10390](https://redirect.github.com/sveltejs/svelte/pull/10390)) - fix: Add `miter-clip` and `arcs` to `stroke-linejoin` attribute ([#​10377](https://redirect.github.com/sveltejs/svelte/pull/10377)) - fix: make inline doc links valid ([#​10366](https://redirect.github.com/sveltejs/svelte/pull/10366)) ### [`v4.2.9`](https://redirect.github.com/sveltejs/svelte/releases/tag/svelte%404.2.9) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.8...svelte@4.2.9) ##### Patch Changes - fix: add types for popover attributes and events ([#​10042](https://redirect.github.com/sveltejs/svelte/pull/10042)) - fix: add `gamepadconnected` and `gamepaddisconnected` events ([#​9864](https://redirect.github.com/sveltejs/svelte/pull/9864)) - fix: make `@types/estree` a dependency ([#​10149](https://redirect.github.com/sveltejs/svelte/pull/10149)) - fix: bump `axobject-query` ([#​10167](https://redirect.github.com/sveltejs/svelte/pull/10167)) ### [`v4.2.8`](https://redirect.github.com/sveltejs/svelte/releases/tag/svelte%404.2.8) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.7...svelte@4.2.8) ##### Patch Changes - fix: port over props that were set prior to initialization ([#​9701](https://redirect.github.com/sveltejs/svelte/pull/9701)) ### [`v4.2.7`](https://redirect.github.com/sveltejs/svelte/releases/tag/svelte%404.2.7) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.6...svelte@4.2.7) ##### Patch Changes - fix: handle spreads within static strings ([#​9554](https://redirect.github.com/sveltejs/svelte/pull/9554)) ### [`v4.2.6`](https://redirect.github.com/sveltejs/svelte/releases/tag/svelte%404.2.6) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.5...svelte@4.2.6) ##### Patch Changes - fix: adjust static attribute regex ([#​9551](https://redirect.github.com/sveltejs/svelte/pull/9551)) ### [`v4.2.5`](https://redirect.github.com/sveltejs/svelte/releases/tag/svelte%404.2.5) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.4...svelte@4.2.5) ##### Patch Changes - fix: ignore expressions in top level script/style tag attributes ([#​9498](https://redirect.github.com/sveltejs/svelte/pull/9498)) ### [`v4.2.4`](https://redirect.github.com/sveltejs/svelte/releases/tag/svelte%404.2.4) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.3...svelte@4.2.4) ##### Patch Changes - fix: handle closing tags inside attribute values ([#​9486](https://redirect.github.com/sveltejs/svelte/pull/9486)) ### [`v4.2.3`](https://redirect.github.com/sveltejs/svelte/releases/tag/svelte%404.2.3) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.2...svelte@4.2.3) ##### Patch Changes - fix: improve a11y-click-events-have-key-events message ([#​9358](https://redirect.github.com/sveltejs/svelte/pull/9358)) - fix: more robust hydration of html tag ([#​9184](https://redirect.github.com/sveltejs/svelte/pull/9184)) ### [`v4.2.2`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#422) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.1...svelte@4.2.2) ##### Patch Changes - fix: support camelCase properties on custom elements ([#​9328](https://redirect.github.com/sveltejs/svelte/pull/9328)) - fix: add missing plaintext-only value to contenteditable type ([#​9242](https://redirect.github.com/sveltejs/svelte/pull/9242)) - chore: upgrade magic-string to 0.30.4 ([#​9292](https://redirect.github.com/sveltejs/svelte/pull/9292)) - fix: ignore trailing comments when comparing nodes ([#​9197](https://redirect.github.com/sveltejs/svelte/pull/9197)) ### [`v4.2.1`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#421) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.2.0...svelte@4.2.1) ##### Patch Changes - fix: update style directive when style attribute is present and is updated via an object prop ([#​9187](https://redirect.github.com/sveltejs/svelte/pull/9187)) - fix: css sourcemap generation with unicode filenames ([#​9120](https://redirect.github.com/sveltejs/svelte/pull/9120)) - fix: do not add module declared variables as dependencies ([#​9122](https://redirect.github.com/sveltejs/svelte/pull/9122)) - fix: handle `svelte:element` with dynamic this and spread attributes ([#​9112](https://redirect.github.com/sveltejs/svelte/pull/9112)) - fix: silence false positive reactive component warning ([#​9094](https://redirect.github.com/sveltejs/svelte/pull/9094)) - fix: head duplication when binding is present ([#​9124](https://redirect.github.com/sveltejs/svelte/pull/9124)) - fix: take custom attribute name into account when reflecting property ([#​9140](https://redirect.github.com/sveltejs/svelte/pull/9140)) - fix: add `indeterminate` to the list of HTMLAttributes ([#​9180](https://redirect.github.com/sveltejs/svelte/pull/9180)) - fix: recognize option value on spread attribute ([#​9125](https://redirect.github.com/sveltejs/svelte/pull/9125)) ### [`v4.2.0`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#420) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.1.2...svelte@4.2.0) ##### Minor Changes - feat: move `svelteHTML` from language-tools into core to load the correct `svelte/element` types ([#​9070](https://redirect.github.com/sveltejs/svelte/pull/9070)) ### [`v4.1.2`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#412) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.1.1...svelte@4.1.2) ##### Patch Changes - fix: allow child element with slot attribute within svelte:element ([#​9038](https://redirect.github.com/sveltejs/svelte/pull/9038)) - fix: Add data-\* to svg attributes ([#​9036](https://redirect.github.com/sveltejs/svelte/pull/9036)) ### [`v4.1.1`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#411) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.1.0...svelte@4.1.1) ##### Patch Changes - fix: `svelte:component` spread props change not picked up ([#​9006](https://redirect.github.com/sveltejs/svelte/pull/9006)) ### [`v4.1.0`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#410) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.0.5...svelte@4.1.0) ##### Minor Changes - feat: add ability to extend custom element class ([#​8991](https://redirect.github.com/sveltejs/svelte/pull/8991)) ##### Patch Changes - fix: ensure `svelte:component` evaluates props once ([#​8946](https://redirect.github.com/sveltejs/svelte/pull/8946)) - fix: remove `let:variable` slot bindings from select binding dependencies ([#​8969](https://redirect.github.com/sveltejs/svelte/pull/8969)) - fix: handle destructured primitive literals ([#​8871](https://redirect.github.com/sveltejs/svelte/pull/8871)) - perf: optimize imports that are not mutated or reassigned ([#​8948](https://redirect.github.com/sveltejs/svelte/pull/8948)) - fix: don't add accessor twice ([#​8996](https://redirect.github.com/sveltejs/svelte/pull/8996)) ### [`v4.0.5`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#405) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.0.4...svelte@4.0.5) ##### Patch Changes - fix: generate type definition with nullable types ([#​8924](https://redirect.github.com/sveltejs/svelte/pull/8924)) ### [`v4.0.4`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#404) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.0.3...svelte@4.0.4) ##### Patch Changes - fix: claim svg tags in raw mustache tags correctly ([#​8910](https://redirect.github.com/sveltejs/svelte/pull/8910)) - fix: repair invalid raw html content during hydration ([#​8912](https://redirect.github.com/sveltejs/svelte/pull/8912)) ### [`v4.0.3`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#403) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.0.2...svelte@4.0.3) ##### Patch Changes - fix: handle falsy srcset values ([#​8901](https://redirect.github.com/sveltejs/svelte/pull/8901)) ### [`v4.0.2`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#402) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.0.1...svelte@4.0.2) ##### Patch Changes - fix: reflect all custom element prop updates back to attribute ([#​8898](https://redirect.github.com/sveltejs/svelte/pull/8898)) - fix: shrink custom element baseline a bit ([#​8858](https://redirect.github.com/sveltejs/svelte/pull/8858)) - fix: use non-destructive hydration for all `@html` tags ([#​8880](https://redirect.github.com/sveltejs/svelte/pull/8880)) - fix: align `disclose-version` exports specification ([#​8874](https://redirect.github.com/sveltejs/svelte/pull/8874)) - fix: check srcset when hydrating to prevent needless requests ([#​8868](https://redirect.github.com/sveltejs/svelte/pull/8868)) ### [`v4.0.1`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#401) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/svelte@4.0.0...svelte@4.0.1) ##### Patch Changes - fix: ensure identifiers in destructuring contexts don't clash with existing ones ([#​8840](https://redirect.github.com/sveltejs/svelte/pull/8840)) - fix: ensure `createEventDispatcher` and `ActionReturn` work with types from generic function parameters ([#​8872](https://redirect.github.com/sveltejs/svelte/pull/8872)) - fix: apply transition to `` with local transition ([#​8865](https://redirect.github.com/sveltejs/svelte/pull/8865)) - fix: relax a11y "no redundant role" rule for li, ul, ol ([#​8867](https://redirect.github.com/sveltejs/svelte/pull/8867)) - fix: remove tsconfig.json from published package ([#​8859](https://redirect.github.com/sveltejs/svelte/pull/8859)) ### [`v4.0.0`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#400) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.59.2...svelte@4.0.0) ##### Major Changes - breaking: Minimum supported Node version is now Node 16 ([#​8566](https://redirect.github.com/sveltejs/svelte/pull/8566)) - breaking: Minimum supported webpack version is now webpack 5 ([#​8515](https://redirect.github.com/sveltejs/svelte/pull/8515)) - breaking: Bundlers must specify the `browser` condition when building a frontend bundle for the browser ([#​8516](https://redirect.github.com/sveltejs/svelte/pull/8516)) - breaking: Minimum supported vite-plugin-svelte version is now 2.4.1. SvelteKit users can upgrade to 1.20.0 or newer to ensure a compatible version ([#​8516](https://redirect.github.com/sveltejs/svelte/pull/8516)) - breaking: Minimum supported `rollup-plugin-svelte` version is now 7.1.5 ([198dbcf](https://redirect.github.com/sveltejs/svelte/commit/198dbcf)) - breaking: Minimum supported `svelte-loader` is now 3.1.8 ([198dbcf](https://redirect.github.com/sveltejs/svelte/commit/198dbcf)) - breaking: Minimum supported TypeScript version is now TypeScript 5 (it will likely work with lower versions, but we make no guarantees about that) ([#​8488](https://redirect.github.com/sveltejs/svelte/pull/8488)) - breaking: Remove `svelte/register` hook, CJS runtime version and CJS compiler output ([#​8613](https://redirect.github.com/sveltejs/svelte/pull/8613)) - breaking: Stricter types for `createEventDispatcher` (see PR for migration instructions) ([#​7224](https://redirect.github.com/sveltejs/svelte/pull/7224)) - breaking: Stricter types for `Action` and `ActionReturn` (see PR for migration instructions) ([#​7442](https://redirect.github.com/sveltejs/svelte/pull/7442)) - breaking: Stricter types for `onMount` - now throws a type error when returning a function asynchronously to catch potential mistakes around callback functions (see PR for migration instructions) ([#​8136](https://redirect.github.com/sveltejs/svelte/pull/8136)) - breaking: Overhaul and drastically improve creating custom elements with Svelte (see PR for list of changes and migration instructions) ([#​8457](https://redirect.github.com/sveltejs/svelte/pull/8457)) - breaking: Deprecate `SvelteComponentTyped` in favor of `SvelteComponent` ([#​8512](https://redirect.github.com/sveltejs/svelte/pull/8512)) - breaking: Make transitions local by default to prevent confusion around page navigations ([#​6686](https://redirect.github.com/sveltejs/svelte/issues/6686)) - breaking: Error on falsy values instead of stores passed to `derived` ([#​7947](https://redirect.github.com/sveltejs/svelte/pull/7947)) - breaking: Custom store implementers now need to pass an `update` function additionally to the `set` function ([#​6750](https://redirect.github.com/sveltejs/svelte/pull/6750)) - breaking: Do not expose default slot bindings to named slots and vice versa ([#​6049](https://redirect.github.com/sveltejs/svelte/pull/6049)) - breaking: Change order in which preprocessors are applied ([#​8618](https://redirect.github.com/sveltejs/svelte/pull/8618)) - breaking: The runtime now makes use of `classList.toggle(name, boolean)` which does not work in very old browsers ([#​8629](https://redirect.github.com/sveltejs/svelte/pull/8629)) - breaking: apply `inert` to outroing elements ([#​8628](https://redirect.github.com/sveltejs/svelte/pull/8628)) - breaking: use `CustomEvent` constructor instead of deprecated `createEvent` method ([#​8775](https://redirect.github.com/sveltejs/svelte/pull/8775)) ##### Minor Changes - Add a way to modify attributes for script/style preprocessors ([#​8618](https://redirect.github.com/sveltejs/svelte/pull/8618)) - Improve hydration speed by adding `data-svelte-h` attribute to detect unchanged HTML elements ([#​7426](https://redirect.github.com/sveltejs/svelte/pull/7426)) - Add `a11y no-noninteractive-element-interactions` rule ([#​8391](https://redirect.github.com/sveltejs/svelte/pull/8391)) - Add `a11y-no-static-element-interactions`rule ([#​8251](https://redirect.github.com/sveltejs/svelte/pull/8251)) - Allow `#each` to iterate over iterables like `Set`, `Map` etc ([#​7425](https://redirect.github.com/sveltejs/svelte/issues/7425)) - Improve duplicate key error for keyed `each` blocks ([#​8411](https://redirect.github.com/sveltejs/svelte/pull/8411)) - Warn about `:` in attributes and props to prevent ambiguity with Svelte directives ([#​6823](https://redirect.github.com/sveltejs/svelte/issues/6823)) - feat: add version info to `window`. You can opt out by setting `discloseVersion` to `false` in the compiler options ([#​8761](https://redirect.github.com/sveltejs/svelte/pull/8761)) - feat: smaller minified output for destructor chunks ([#​8763](https://redirect.github.com/sveltejs/svelte/pull/8763)) ##### Patch Changes - Bind `null` option and input values consistently ([#​8312](https://redirect.github.com/sveltejs/svelte/issues/8312)) - Allow `$store` to be used with changing values including nullish values ([#​7555](https://redirect.github.com/sveltejs/svelte/issues/7555)) - Initialize stylesheet with `/* empty */` to enable setting CSP directive that also works in Safari ([#​7800](https://redirect.github.com/sveltejs/svelte/pull/7800)) - Treat slots as if they don't exist when using CSS adjacent and general sibling combinators ([#​8284](https://redirect.github.com/sveltejs/svelte/issues/8284)) - Fix transitions so that they don't require a `style-src 'unsafe-inline'` Content Security Policy (CSP) ([#​6662](https://redirect.github.com/sveltejs/svelte/issues/6662)). - Explicitly disallow `var` declarations extending the reactive statement scope ([#​6800](https://redirect.github.com/sveltejs/svelte/pull/6800)) - Improve error message when trying to use `animate:` directives on inline components ([#​8641](https://redirect.github.com/sveltejs/svelte/issues/8641)) - fix: export ComponentType from `svelte` entrypoint ([#​8578](https://redirect.github.com/sveltejs/svelte/pull/8578)) - fix: never use html optimization for mustache tags in hydration mode ([#​8744](https://redirect.github.com/sveltejs/svelte/pull/8744)) - fix: derived store types ([#​8578](https://redirect.github.com/sveltejs/svelte/pull/8578)) - Generate type declarations with dts-buddy ([#​8578](https://redirect.github.com/sveltejs/svelte/pull/8578)) - fix: ensure types are loaded with all TS settings ([#​8721](https://redirect.github.com/sveltejs/svelte/pull/8721)) - fix: account for preprocessor source maps when calculating meta info ([#​8778](https://redirect.github.com/sveltejs/svelte/pull/8778)) - chore: deindent cjs output for compiler ([#​8785](https://redirect.github.com/sveltejs/svelte/pull/8785)) - warn on boolean compilerOptions.css ([#​8710](https://redirect.github.com/sveltejs/svelte/pull/8710)) - fix: export correct SvelteComponent type ([#​8721](https://redirect.github.com/sveltejs/svelte/pull/8721)) ### [`v3.59.2`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#3592) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.59.1...v3.59.2) - Fix escaping `` values in SSR ### [`v3.59.1`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#3591) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.59.0...v3.59.1) - Handle dynamic values in `a11y-autocomplete-valid` ([#​8567](https://redirect.github.com/sveltejs/svelte/pull/8567)) ### [`v3.59.0`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#3590) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.58.0...v3.59.0) - Add `ResizeObserver` bindings `contentRect`/`contentBoxSize`/`borderBoxSize`/`devicePixelContentBoxSize` ([#​8022](https://redirect.github.com/sveltejs/svelte/pull/8022)) - Add `devicePixelRatio` binding for `<svelte:window>` ([#​8285](https://redirect.github.com/sveltejs/svelte/issues/8285)) - Add `fullscreenElement` and `visibilityState` bindings for `<svelte:document>` ([#​8507](https://redirect.github.com/sveltejs/svelte/pull/8507)) - Add `a11y-autocomplete-valid` warning ([#​8520](https://redirect.github.com/sveltejs/svelte/pull/8520)) - Fix handling of `width`/`height` attributes when spreading ([#​6752](https://redirect.github.com/sveltejs/svelte/issues/6752)) - Fix updating of interpolated `style:` directive when using spread ([#​8438](https://redirect.github.com/sveltejs/svelte/issues/8438)) - Remove `style:` directive property when value is `undefined` ([#​8462](https://redirect.github.com/sveltejs/svelte/issues/8462)) - Fix type of `VERSION` compiler export ([#​8498](https://redirect.github.com/sveltejs/svelte/issues/8498)) - Relax `a11y-no-redundant-roles` warning ([#​8536](https://redirect.github.com/sveltejs/svelte/pull/8536)) - Handle nested array rest destructuring ([#​8552](https://redirect.github.com/sveltejs/svelte/issues/8552), [#​8554](https://redirect.github.com/sveltejs/svelte/issues/8554)) ### [`v3.58.0`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#3580) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.57.0...v3.58.0) - Add `bind:innerText` for `contenteditable` elements ([#​3311](https://redirect.github.com/sveltejs/svelte/issues/3311)) - Add support for CSS `@container` queries ([#​6969](https://redirect.github.com/sveltejs/svelte/issues/6969)) - Respect `preserveComments` in DOM output ([#​7182](https://redirect.github.com/sveltejs/svelte/pull/7182)) - Allow use of `document` for `target` in typings ([#​7554](https://redirect.github.com/sveltejs/svelte/pull/7554)) - Add `a11y-interactive-supports-focus` warning ([#​8392](https://redirect.github.com/sveltejs/svelte/pull/8392)) - Fix equality check when updating dynamic text ([#​5931](https://redirect.github.com/sveltejs/svelte/issues/5931)) - Relax `a11y-no-noninteractive-element-to-interactive-role` warning ([#​8402](https://redirect.github.com/sveltejs/svelte/pull/8402)) - Properly handle microdata attributes ([#​8413](https://redirect.github.com/sveltejs/svelte/issues/8413)) - Prevent name collision when using computed destructuring variables ([#​8417](https://redirect.github.com/sveltejs/svelte/issues/8417)) - Fix escaping `<textarea value={...}>` values in SSR ([#​8429](https://redirect.github.com/sveltejs/svelte/issues/8429)) ### [`v3.57.0`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#3570) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.56.0...v3.57.0) - Add `<svelte:document>` ([#​3310](https://redirect.github.com/sveltejs/svelte/issues/3310)) - Add a11y `no-noninteractive-element-to-interactive-role` ([#​8167](https://redirect.github.com/sveltejs/svelte/pull/8167)) - Stop intro transition from triggering incorrectly ([#​6152](https://redirect.github.com/sveltejs/svelte/issues/6152), [#​6812](https://redirect.github.com/sveltejs/svelte/issues/6812)) - Support computed and literal properties when destructuring objects in the template ([#​6609](https://redirect.github.com/sveltejs/svelte/issues/6609)) - Give `style:` directive precedence over `style=` attribute ([#​7475](https://redirect.github.com/sveltejs/svelte/issues/7475)) - Select `<option>` with `selected` attribute when initial state is `undefined` ([#​8361](https://redirect.github.com/sveltejs/svelte/issues/8361)) - Prevent derived store callbacks after store is unsubscribed from ([#​8364](https://redirect.github.com/sveltejs/svelte/issues/8364)) - Account for `bind:group` members being spread across multiple control flow blocks ([#​8372](https://redirect.github.com/sveltejs/svelte/issues/8372)) - Revert buggy reactive statement optimization ([#​8374](https://redirect.github.com/sveltejs/svelte/issues/8374)) - Support CSS units in the `fly` and `blur` transitions ([#​7623](https://redirect.github.com/sveltejs/svelte/pull/7623)) ### [`v3.56.0`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#3560) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.55.1...v3.56.0) - Add `|stopImmediatePropagation` event modifier ([#​5085](https://redirect.github.com/sveltejs/svelte/issues/5085)) - Add `axis` parameter to `slide` transition ([#​6182](https://redirect.github.com/sveltejs/svelte/issues/6182)) - Add `readonly` utility to convert `writable` store to readonly ([#​6518](https://redirect.github.com/sveltejs/svelte/pull/6518)) - Add `readyState` binding for media elements ([#​6666](https://redirect.github.com/sveltejs/svelte/issues/6666)) - Generate valid automatic component names when the filename contains only special characters ([#​7143](https://redirect.github.com/sveltejs/svelte/issues/7143)) - Add `naturalWidth` and `naturalHeight` bindings ([#​7771](https://redirect.github.com/sveltejs/svelte/issues/7771)) - Support `<!-- svelte-ignore ... -->` on components ([#​8082](https://redirect.github.com/sveltejs/svelte/issues/8082)) - Add a11y warnings: - `aria-activedescendant-has-tabindex`: checks that elements with `aria-activedescendant` have a `tabindex` ([#​8172](https://redirect.github.com/sveltejs/svelte/pull/8172)) - `role-supports-aria-props`: checks that the (implicit) element role supports the given aria attributes ([#​8195](https://redirect.github.com/sveltejs/svelte/pull/8195)) - Add `data-sveltekit-replacestate` and `data-sveltekit-keepfocus` attribute typings ([#​8281](https://redirect.github.com/sveltejs/svelte/issues/8281)) - Compute node dimensions immediately before crossfading ([#​4111](https://redirect.github.com/sveltejs/svelte/issues/4111)) - Fix potential infinite invalidate loop with `<svelte:component>` ([#​4129](https://redirect.github.com/sveltejs/svelte/issues/4129)) - Ensure `bind:offsetHeight` updates initially ([#​4233](https://redirect.github.com/sveltejs/svelte/issues/4233)) - Don't set selected options if value is unbound or not passed ([#​5644](https://redirect.github.com/sveltejs/svelte/issues/5644)) - Validate component `:global()` selectors ([#​6272](https://redirect.github.com/sveltejs/svelte/issues/6272)) - Improve warnings: - Make `noreferrer` warning less zealous ([#​6289](https://redirect.github.com/sveltejs/svelte/issues/6289)) - Omit a11y warnings on `<video aria-hidden="true">` ([#​7874](https://redirect.github.com/sveltejs/svelte/issues/7874)) - Omit a11y warnings on `<svelte:element>` ([#​7939](https://redirect.github.com/sveltejs/svelte/issues/7939)) - Detect unused empty attribute CSS selectors ([#​8042](https://redirect.github.com/sveltejs/svelte/issues/8042)) - Omit "no child content" warning on elements with `aria-label` ([#​8296](https://redirect.github.com/sveltejs/svelte/issues/8296)) - Check value equality for `<input type="search">` and `<input type="url">` ([#​7027](https://redirect.github.com/sveltejs/svelte/issues/7027)) - Do not select a disabled `<option>` by default when the initial bound value is undefined ([#​7041](https://redirect.github.com/sveltejs/svelte/issues/7041)) - Handle `{@​html}` tags inside `<template>` tags ([#​7364](https://redirect.github.com/sveltejs/svelte/pull/7364)) - Ensure `afterUpdate` is not called after `onDestroy` ([#​7476](https://redirect.github.com/sveltejs/svelte/issues/7476)) - Improve handling of `inert` attribute ([#​7500](https://redirect.github.com/sveltejs/svelte/issues/7500)) - Reduce use of template literals in SSR output for better performance ([#​7539](https://redirect.github.com/sveltejs/svelte/pull/7539)) - Ensure `<input>` value persists when swapping elements with spread attributes in an `{#each}` block ([#​7578](https://redirect.github.com/sveltejs/svelte/issues/7578)) - Simplify generated code for reactive statements if dependencies are all static ([#​7942](https://redirect.github.com/sveltejs/svelte/pull/7942)) - Fix race condition on `<svelte:element>` with transitions ([#​7948](https://redirect.github.com/sveltejs/svelte/issues/7948)) - Allow assigning to a property of a `const` when destructuring ([#​7964](https://redirect.github.com/sveltejs/svelte/issues/7964)) - Match browser behavior for decoding malformed HTML entities ([#​8026](https://redirect.github.com/sveltejs/svelte/issues/8026)) - Ensure `trusted-types` CSP compatibility for Web Components ([#​8134](https://redirect.github.com/sveltejs/svelte/issues/8134)) - Optimise `<svelte:element>` output code for static tag and static attribute ([#​8161](https://redirect.github.com/sveltejs/svelte/pull/8161)) - Don't throw when calling unsubscribing from a store twice ([#​8186](https://redirect.github.com/sveltejs/svelte/pull/8186)) - Clear inputs when `bind:group` value is set to `undefined` ([#​8214](https://redirect.github.com/sveltejs/svelte/issues/8214)) - Fix handling of nested arrays with keyed `{#each}` containing a non-keyed `{#each}` ([#​8282](https://redirect.github.com/sveltejs/svelte/issues/8282)) ### [`v3.55.1`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#3551) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.55.0...v3.55.1) - Fix `draw` transition with delay showing a dot at the beginning of the path ([#​6816](https://redirect.github.com/sveltejs/svelte/issues/6816)) - Fix infinity runtime call stack when propagating bindings ([#​7032](https://redirect.github.com/sveltejs/svelte/issues/7032)) - Fix static `<svelte:element>` optimization in production mode ([#​7937](https://redirect.github.com/sveltejs/svelte/issues/7937)) - Fix `svelte-ignore` comment breaking named slot ([#​8075](https://redirect.github.com/sveltejs/svelte/issues/8075)) - Revert change to prevent running init binding unnecessarily ([#​8103](https://redirect.github.com/sveltejs/svelte/issues/8103)) - Fix adding duplicate event listeners with `<svelte:element on:event>` ([#​8129](https://redirect.github.com/sveltejs/svelte/issues/8129)) - Improve detection of promises that are also functions ([#​8162](https://redirect.github.com/sveltejs/svelte/pull/8162)) - Avoid mutating spread component props during SSR ([#​8171](https://redirect.github.com/sveltejs/svelte/issues/8171)) - Add missing typing for global `part` attribute ([#​8181](https://redirect.github.com/sveltejs/svelte/issues/8181)) - Add missing `submitter` property to `on:submit` event type ### [`v3.55.0`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#3550) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.54.0...v3.55.0) - Add `svelte/elements` for HTML/Svelte typings ([#​7649](https://redirect.github.com/sveltejs/svelte/pull/7649)) ### [`v3.54.0`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#3540) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.53.1...v3.54.0) - Pass `options.direction` argument to custom transition functions ([#​3918](https://redirect.github.com/sveltejs/svelte/issues/3918)) - Support fallback a11y WAI-ARIA roles ([#​8044](https://redirect.github.com/sveltejs/svelte/issues/8044)) - Prevent running init binding unnecessarily ([#​5689](https://redirect.github.com/sveltejs/svelte/issues/5689), [#​6298](https://redirect.github.com/sveltejs/svelte/issues/6298)) - Allow updating variables from `@const` declared function ([#​7843](https://redirect.github.com/sveltejs/svelte/issues/7843)) - Do not emit `a11y-no-noninteractive-tabindex` warning if element has a `tabpanel` ([#​8025](https://redirect.github.com/sveltejs/svelte/pull/8025)) - Fix escaping SSR'd values in `style:` directive ([#​8085](https://redirect.github.com/sveltejs/svelte/issues/8085)) ### [`v3.53.1`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#3531) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.53.0...v3.53.1) - Fix exception in `rel=` attribute check with dynamic values ([#​7994](https://redirect.github.com/sveltejs/svelte/issues/7994)) - Do not emit deprecation warnings for `css` compiler options for now ([#​8009](https://redirect.github.com/sveltejs/svelte/issues/8009)) - Make compiler run in browser again ([#​8010](https://redirect.github.com/sveltejs/svelte/issues/8010)) - Upgrade `tslib` ([#​8013](https://redirect.github.com/sveltejs/svelte/issues/8013)) ### [`v3.53.0`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#3530) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.52.0...v3.53.0) - Check whether `parentNode` exists before removing child ([#​6037](https://redirect.github.com/sveltejs/svelte/issues/6037)) - Upgrade various dependencies, notably `css-tree` to `2.2.1` ([#​7572](https://redirect.github.com/sveltejs/svelte/pull/7572), [#​7982](https://redirect.github.com/sveltejs/svelte/pull/7982)) - Extend `css` compiler option with `'external' | 'injected' | 'none'` settings and deprecate old `true | false` values ([#​7914](https://redirect.github.com/sveltejs/svelte/pull/7914)) ### [`v3.52.0`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#3520) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.51.0...v3.52.0) - Throw compile-time error when attempting to update `const` variable ([#​4895](https://redirect.github.com/sveltejs/svelte/issues/4895)) - Warn when using `<a target="_blank">` without `rel="noreferrer"` ([#​6188](https://redirect.github.com/sveltejs/svelte/issues/6188)) - Support `style:foo|important` modifier ([#​7365](https://redirect.github.com/sveltejs/svelte/issues/7365)) - Fix hydration regression with `{@​html}` and components in `<svelte:head>` ([#​7941](https://redirect.github.com/sveltejs/svelte/pull/7941)) ### [`v3.51.0`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#3510) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.50.1...v3.51.0) - Add a11y warnings: - `a11y-click-events-have-key-events`: check if click event is accompanied by key events ([#​5073](https://redirect.github.com/sveltejs/svelte/pull/5073)) - `a11y-no-noninteractive-tabindex`: check for tabindex on non-interactive elements ([#​6693](https://redirect.github.com/sveltejs/svelte/pull/6693)) - Warn when two-way binding to `{...rest}` object in `{#each}` block ([#​6860](https://redirect.github.com/sveltejs/svelte/issues/6860)) - Support `--style-props` on `<svelte:component>` ([#​7461](https://redirect.github.com/sveltejs/svelte/issues/7461)) - Supports nullish values for component event handlers ([#​7568](https://redirect.github.com/sveltejs/svelte/issues/7568)) - Supports SVG elements with `<svelte:element>`([#​7613](https://redirect.github.com/sveltejs/svelte/issues/7613)) - Treat `inert` as boolean attribute ([#​7785](https://redirect.github.com/sveltejs/svelte/pull/7785)) - Support `--style-props` for SVG components ([#​7808](https://redirect.github.com/sveltejs/svelte/issues/7808)) - Fix false positive dev warnings about unset props when they are bound ([#​4457](https://redirect.github.com/sveltejs/svelte/issues/4457)) - Fix hydration with `{@​html}` and components in `<svelte:head>` ([#​4533](https://redirect.github.com/sveltejs/svelte/issues/4533), [#​6463](https://redirect.github.com/sveltejs/svelte/issues/6463), [#​7444](https://redirect.github.com/sveltejs/svelte/issues/7444)) - Support scoped style for `<svelte:element>` ([#​7443](https://redirect.github.com/sveltejs/svelte/issues/7443)) - Improve error message for invalid value for `<svelte:component this={...}>` ([#​7550](https://redirect.github.com/sveltejs/svelte/issues/7550)) - Improve error message when using logic blocks or tags at invalid location ([#​7552](https://redirect.github.com/sveltejs/svelte/issues/7552)) - Warn instead of throwing error if `<svelte:element>` is a void tag ([#​7566](https://redirect.github.com/sveltejs/svelte/issues/7566)) - Supports custom elements in `<svelte:element>` ([#​7733](https://redirect.github.com/sveltejs/svelte/issues/7733)) - Fix calling component unmount if a component is mounted and then immediately unmounted ([#​7817](https://redirect.github.com/sveltejs/svelte/issues/7817)) - Do not generate `a11y-role-has-required-aria-props` warning when elements match their semantic role ([#​7837](https://redirect.github.com/sveltejs/svelte/issues/7837)) - Improve performance of custom element data setting in `<svelte:element>` ([#​7869](https://redirect.github.com/sveltejs/svelte/pull/7869)) ### [`v3.50.1`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#3501) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.50.0...v3.50.1) - Add all global objects and functions as known globals ([#​3805](https://redirect.github.com/sveltejs/svelte/issues/3805), [#​7223](https://redirect.github.com/sveltejs/svelte/issues/7223)) - Fix regression with style manager ([#​7828](https://redirect.github.com/sveltejs/svelte/issues/7828)) ### [`v3.50.0`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#3500) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.49.0...v3.50.0) - Add a11y warnings: - `a11y-incorrect-aria-attribute-type`: check ARIA state and property values ([#​6978](https://redirect.github.com/sveltejs/svelte/pull/6978)) - `a11y-no-abstract-role`: check that ARIA roles are non-abstract ([#​6241](https://redirect.github.com/sveltejs/svelte/pull/6241)) - `a11y-no-interactive-element-to-noninteractive-role`: check for non-interactive roles used on interactive elements ([#​5955](https://redirect.github.com/sveltejs/svelte/pull/5955)) - `a11y-role-has-required-aria-props`: check that elements with `role` attribute have all required attributes for that role ([#​5852](https://redirect.github.com/sveltejs/svelte/pull/5852)) - Add `ComponentEvents` convenience type ([#​7702](https://redirect.github.com/sveltejs/svelte/pull/7702)) - Add `SveltePreprocessor` utility type ([#​7742](https://redirect.github.com/sveltejs/svelte/pull/7742)) - Enhance action typings ([#​7805](https://redirect.github.com/sveltejs/svelte/pull/7805)) - Remove empty stylesheets created from transitions ([#​4801](https://redirect.github.com/sveltejs/svelte/issues/4801), [#​7164](https://redirect.github.com/sveltejs/svelte/issues/7164)) - Make `a11y-label-has-associated-control` warning check all descendants for input control ([#​5528](https://redirect.github.com/sveltejs/svelte/issues/5528)) - Only show lowercase component name warnings for non-HTML/SVG elements ([#​5712](https://redirect.github.com/sveltejs/svelte/issues/5712)) - Disallow invalid CSS selectors starting with a combinator ([#​7643](https://redirect.github.com/sveltejs/svelte/issues/7643)) - Use `Node.parentNode` instead of `Node.parentElement` for legacy browser support ([#​7723](https://redirect.github.com/sveltejs/svelte/issues/7723)) - Handle arrow function on `<slot>` inside `<svelte:fragment>` ([#​7485](https://redirect.github.com/sveltejs/svelte/issues/7485)) - Improve parsing speed when encountering large blocks of whitespace ([#​7675](https://redirect.github.com/sveltejs/svelte/issues/7675)) - Fix `class:` directive updates in aborted/restarted transitions ([#​7764](https://redirect.github.com/sveltejs/svelte/issues/7764)) ### [`v3.49.0`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#3490) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.48.0...v3.49.0) - Improve performance of string escaping during SSR ([#​5701](https://redirect.github.com/sveltejs/svelte/pull/5701)) - Add `ComponentType` and `ComponentProps` convenience types ([#​6770](https://redirect.github.com/sveltejs/svelte/pull/6770)) - Add support for CSS `@layer` ([#​7504](https://redirect.github.com/sveltejs/svelte/issues/7504)) - Export `CompileOptions` from `svelte/compiler` ([#​7658](https://redirect.github.com/sveltejs/svelte/pull/7658)) - Fix DOM-less components not being properly destroyed ([#​7488](https://redirect.github.com/sveltejs/svelte/issues/7488)) - Fix `class:` directive updates with `<svelte:element>` ([#​7521](https://redirect.github.com/sveltejs/svelte/issues/7521), [#​7571](https://redirect.github.com/sveltejs/svelte/issues/7571)) - Harden attribute escaping during SSR ([#​7530](https://redirect.github.com/sveltejs/svelte/pull/7530)) ### [`v3.48.0`](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#3480) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.47.0...v3.48.0) - Allow creating cancelable custom events with `createEventDispatcher` ([#​4623](https://redirect.github.com/sveltejs/svelte/issues/4623)) - Support `{@​const}` tag in `{#if}` blocks [#​7241](https://redirect.github.com/sveltejs/svelte/issues/7241) - Return the context object in `setContext` [#​7427](https://redirect.github.com/sveltejs/svelte/issues/7427) - Allow comments inside `{#each}` blocks when using `animate:` ([#​3999](https://redirect.github.com/sveltejs/svelte/issues/3999)) - Fix `|local` transitions in `{#key}` blocks ([#​5950](https://redirect.github.com/sveltejs/svelte/issues/5950)) - Support svg namespace for `{@​html}` ([#​7002](https://redirect.github.com/sveltejs/svelte/issues/7002), [#​7450](https://redirect.github.com/sveltejs/svelte/issues/7450)) - Fix `{@​const}` tag not working inside a component when there's no `let:` [#​7189](https://redirect.github.com/sveltejs/svelte/issues/7189) - Remove extraneous leading newline inside `<pre>` and `<textarea>` ([#​7264](https://redirect.github.com/sveltejs/svelte/issues/7264)) - Fix erroneous setting of `textContent` for `<template>` elements ([#​7297](https://redirect.github.com/sveltejs/svelte/pull/7297)) - Fix value of `let:` bindings not updating in certain cases ([#​7440](https://redirect.github.com/sveltejs/svelte/issues/7440)) - Fix handling of void tags in `<svelte:element>` ([#​7449](https://redirect.github.com/sveltejs/svelte/issues/7449)) - Fix handling of boolean attributes in `<svelte:element>` ([#​7478](https://redirect.github.com/sveltejs/svelte/issues/7478)) - Add special style scoping handling of `[open]` selectors on `<dialog>` elements ([#​7495](https://redirect.github.com/sveltejs/svelte/issues/7494)) ### [`v3.47.0`](https://redirect.github.com/sveltejs/svelte/compare/v3.46.6...v3.47.0) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.46.6...v3.47.0) ### [`v3.46.6`](https://redirect.github.com/sveltejs/svelte/compare/v3.46.5...v3.46.6) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.46.5...v3.46.6) ### [`v3.46.5`](https://redirect.github.com/sveltejs/svelte/compare/v3.46.4...v3.46.5) [Compare Source](https://redirect.github.com/sveltejs/svelte/compare/v3.46.4...v3.46.5) </details> <hr /> <h3>Configuration</h3> <p>📅 <strong>Schedule</strong>: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).</p> <p>🚦 <strong>Automerge</strong>: Disabled by config. Please merge this manually once you are satisfied.</p> <p>♻ <strong>Rebasing</strong>: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.</p> <p>🔕 <strong>Ignore</strong>: Close this PR and you won't be reminded about this update again.</p> <hr /> <ul> <li>[ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box</li> </ul> <hr /> <p>This PR was generated by <a rel="noreferrer nofollow" target="_blank" href="https://mend.io/renovate/">Mend Renovate</a>. View the <a rel="noreferrer nofollow" target="_blank" href="https://developer.mend.io/github/CloudNativeEntrepreneur/sveltekit-web3auth">repository job log</a>.</p> <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzMi4yMDIuNCIsInVwZGF0ZWRJblZlciI6IjM4LjE0Mi43IiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=--> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/renovate[bot]"><img src="https://avatars.githubusercontent.com/in/2740?v=4" />renovate[bot]</a> commented <strong> 2 months ago</strong> </div> <div class="markdown-body"> <h3>⚠️ Artifact update problem</h3> <p>Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.</p> <p>♻ Renovate will retry this branch, including artifacts, only when one of the following happens:</p> <ul> <li>any of the package files in this branch needs updating, or </li> <li>the branch becomes conflicted, or</li> <li>you click the rebase/retry checkbox if found above, or</li> <li>you rename this PR's title to start with "rebase!" to trigger it manually</li> </ul> <p>The artifact failure details are included below:</p> <h5>File name: package-lock.json</h5> <pre><code>npm ERR! code ERESOLVE npm ERR! ERESOLVE could not resolve npm ERR! npm ERR! While resolving: @sveltejs/kit@1.0.0-next.287 npm ERR! Found: svelte@4.2.19 npm ERR! node_modules/svelte npm ERR! dev svelte@"4.2.19" from the root project npm ERR! peer svelte@">=3.19.0" from svelte-hmr@0.14.9 npm ERR! node_modules/svelte-hmr npm ERR! svelte-hmr@"^0.14.9" from @sveltejs/vite-plugin-svelte@1.0.0-next.38 npm ERR! node_modules/@sveltejs/vite-plugin-svelte npm ERR! @sveltejs/vite-plugin-svelte@"^1.0.0-next.32" from @sveltejs/kit@1.0.0-next.287 npm ERR! node_modules/@sveltejs/kit npm ERR! dev @sveltejs/kit@"1.0.0-next.287" from the root project npm ERR! npm ERR! Could not resolve dependency: npm ERR! peer svelte@"^3.44.0" from @sveltejs/kit@1.0.0-next.287 npm ERR! node_modules/@sveltejs/kit npm ERR! dev @sveltejs/kit@"1.0.0-next.287" from the root project npm ERR! npm ERR! Conflicting peer dependency: svelte@3.59.2 npm ERR! node_modules/svelte npm ERR! peer svelte@"^3.44.0" from @sveltejs/kit@1.0.0-next.287 npm ERR! node_modules/@sveltejs/kit npm ERR! dev @sveltejs/kit@"1.0.0-next.287" from the root project npm ERR! npm ERR! Fix the upstream dependency conflict, or retry npm ERR! this command with --force, or --legacy-peer-deps npm ERR! to accept an incorrect (and potentially broken) dependency resolution. npm ERR! npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report. npm ERR! A complete log of this run can be found in: npm ERR! /tmp/renovate/cache/others/npm/_logs/2024-08-30T18_42_50_001Z-debug-0.log </code></pre> </div> </div> <div class="page-bar-simple"> </div> <div class="footer"> <ul class="body"> <li>© <script> document.write(new Date().getFullYear()) </script> Githubissues.</li> <li>Githubissues is a development platform for aggregating issues.</li> </ul> </div> <script src="https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js"></script> <script src="/githubissues/assets/js.js"></script> <script src="/githubissues/assets/markdown.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/highlight.min.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/go.min.js"></script> <script> hljs.highlightAll(); </script> </body> </html>