Dependency Dashboard

[renovate[bot]]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

[!WARNING] These dependencies are deprecated:

Datasource	Name	Replacement PR?
npm	querystring

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• [ ] chore(deps): update dependency svelte to v4.2.19 [security]
• [ ] chore(deps): update actions/checkout action to v4
• [ ] chore(deps): update dependency jsdom to v25
• [ ] chore(deps): update docker/build-push-action action to v6
• [ ] fix(deps): update dependency svelte-check to v4
• [ ] Click on this checkbox to rebase all open PRs at once

Detected dependencies

dockerfile

Dockerfile

github-actions

.github/workflows/alpha.yml

- `actions/checkout v4` - `docker/login-action v3.3.0` - `docker/setup-qemu-action v3` - `docker/setup-buildx-action v3` - `docker/metadata-action v5.5.1` - `docker/build-push-action v5.4.0`

.github/workflows/docker.yml

- `actions/checkout v4` - `docker/login-action v3.3.0` - `docker/setup-qemu-action v3` - `docker/setup-buildx-action v3` - `docker/build-push-action v5`

.github/workflows/linux.yml

- `actions/checkout v3` - `actions/setup-node v4` - `actions/checkout v3`

npm

package.json

- `svelte-check ^3.5.2` - `@fortawesome/fontawesome-free 6.6.0` - `@sveltejs/vite-plugin-svelte ^3.0.0` - `eslint ^9.0.0` - `eslint-plugin-svelte ^2.34.0` - `highlight.js ^11.9.0` - `js-cookie ^3.0.5` - `jsdoc ^4.0.2` - `jsdom ^24.0.0` - `jsonhtmlify ^0.1.0` - `lodash ^4.17.21` - `qs ^6.11.2` - `querystring ^0.2.1` - `sass ^1.69.3` - `svelte ^4.2.1` - `svelte-preprocess ^6.0.0` - `vite ^5.0.12` - `vitest ^2.0.0`

---

• [ ] Check this box to trigger a request for Renovate to run again on this repository

[jhthorsen]

I don't understand this change. What's the point of pinning package.json when you have a lock file? Same goes for

• 769

• 770

• 772

• 779

• 780

[marcusramberg]

I don't understand this change. What's the point of pinning package.json when you have a lock file? Same goes for

So, there's a discussion here on the pros/cons https://docs.renovatebot.com/dependency-pinning/ - i actually wanted to discuss with you if we should configure renovate to not do this but suddenly busy at work which is why they were left open. If you're opposed to pinning we can turn it off in the config and close related prs