chore(deps): update dependency svelte to v4 [security]

[renovate[bot]]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
svelte (source)	3.59.2 -> 4.2.19

GitHub Vulnerability Alerts

CVE-2024-45047

Summary

A potential XSS vulnerability exists in Svelte for versions prior to 4.2.19.

Details

Svelte improperly escapes HTML on server-side rendering. It converts strings according to the following rules:

• If the string is an attribute value:
  • " -> "
  • & -> &
  • Other characters -> No conversion
• Otherwise:
  • < -> <
  • & -> &
  • Other characters -> No conversion

The assumption is that attributes will always stay as such, but in some situation the final DOM tree rendered on browsers is different from what Svelte expects on server-side rendering. This may be leveraged to perform XSS attacks. More specifically, this can occur when injecting malicious content into an attribute within a <noscript> tag.

PoC

A vulnerable page (+page.svelte):

<script>
import { page } from "$app/stores"

// user input
let href = $page.url.searchParams.get("href") ?? "https://example.com";
</script>

<noscript>
  <a href={href}>test</a>
</noscript>

If a user accesses the following URL,

http://localhost:4173/?href=</noscript><script>alert(123)</script>

then, alert(123) will be executed.

Impact

XSS, when using an attribute within a noscript tag

---

Release Notes

sveltejs/svelte (svelte)

### [`v4.2.19`](https://togithub.com/sveltejs/svelte/releases/tag/svelte%404.2.19) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.18...svelte@4.2.19) ##### Patch Changes - fix: ensure typings for `` are picked up ([#​12902](https://togithub.com/sveltejs/svelte/pull/12902)) - fix: escape `<` in attribute strings ([#​12989](https://togithub.com/sveltejs/svelte/pull/12989)) ### [`v4.2.18`](https://togithub.com/sveltejs/svelte/releases/tag/svelte%404.2.18) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.17...svelte@4.2.18) ##### Patch Changes - chore: speed up regex ([#​11922](https://togithub.com/sveltejs/svelte/pull/11922)) ### [`v4.2.17`](https://togithub.com/sveltejs/svelte/releases/tag/svelte%404.2.17) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.16...svelte@4.2.17) ##### Patch Changes - fix: correctly handle falsy values of style directives in SSR mode ([#​11584](https://togithub.com/sveltejs/svelte/pull/11584)) ### [`v4.2.16`](https://togithub.com/sveltejs/svelte/releases/tag/svelte%404.2.16) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.15...svelte@4.2.16) ##### Patch Changes - fix: check if svelte component exists on custom element destroy ([#​11489](https://togithub.com/sveltejs/svelte/pull/11489)) ### [`v4.2.15`](https://togithub.com/sveltejs/svelte/releases/tag/svelte%404.2.15) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.14...svelte@4.2.15) ##### Patch Changes - support attribute selector inside :global() ([#​11135](https://togithub.com/sveltejs/svelte/pull/11135)) ### [`v4.2.14`](https://togithub.com/sveltejs/svelte/releases/tag/svelte%404.2.14) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.13...svelte@4.2.14) ##### Patch Changes - fix parsing camelcase container query name ([#​11131](https://togithub.com/sveltejs/svelte/pull/11131)) ### [`v4.2.13`](https://togithub.com/sveltejs/svelte/releases/tag/svelte%404.2.13) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.12...svelte@4.2.13) ##### Patch Changes - fix: applying :global for +,~ sibling combinator when slots are present ([#​9282](https://togithub.com/sveltejs/svelte/pull/9282)) ### [`v4.2.12`](https://togithub.com/sveltejs/svelte/releases/tag/svelte%404.2.12) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.11...svelte@4.2.12) ##### Patch Changes - fix: properly update `svelte:component` props when there are spread props ([#​10604](https://togithub.com/sveltejs/svelte/pull/10604)) ### [`v4.2.11`](https://togithub.com/sveltejs/svelte/releases/tag/svelte%404.2.11) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.10...svelte@4.2.11) ##### Patch Changes - fix: check that component wasn't instantiated in `connectedCallback` ([#​10466](https://togithub.com/sveltejs/svelte/pull/10466)) ### [`v4.2.10`](https://togithub.com/sveltejs/svelte/releases/tag/svelte%404.2.10) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.9...svelte@4.2.10) ##### Patch Changes - fix: add `scrollend` event type ([#​10336](https://togithub.com/sveltejs/svelte/pull/10336)) - fix: add `fetchpriority` attribute type ([#​10390](https://togithub.com/sveltejs/svelte/pull/10390)) - fix: Add `miter-clip` and `arcs` to `stroke-linejoin` attribute ([#​10377](https://togithub.com/sveltejs/svelte/pull/10377)) - fix: make inline doc links valid ([#​10366](https://togithub.com/sveltejs/svelte/pull/10366)) ### [`v4.2.9`](https://togithub.com/sveltejs/svelte/releases/tag/svelte%404.2.9) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.8...svelte@4.2.9) ##### Patch Changes - fix: add types for popover attributes and events ([#​10042](https://togithub.com/sveltejs/svelte/pull/10042)) - fix: add `gamepadconnected` and `gamepaddisconnected` events ([#​9864](https://togithub.com/sveltejs/svelte/pull/9864)) - fix: make `@types/estree` a dependency ([#​10149](https://togithub.com/sveltejs/svelte/pull/10149)) - fix: bump `axobject-query` ([#​10167](https://togithub.com/sveltejs/svelte/pull/10167)) ### [`v4.2.8`](https://togithub.com/sveltejs/svelte/releases/tag/svelte%404.2.8) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.7...svelte@4.2.8) ##### Patch Changes - fix: port over props that were set prior to initialization ([#​9701](https://togithub.com/sveltejs/svelte/pull/9701)) ### [`v4.2.7`](https://togithub.com/sveltejs/svelte/releases/tag/svelte%404.2.7) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.6...svelte@4.2.7) ##### Patch Changes - fix: handle spreads within static strings ([#​9554](https://togithub.com/sveltejs/svelte/pull/9554)) ### [`v4.2.6`](https://togithub.com/sveltejs/svelte/releases/tag/svelte%404.2.6) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.5...svelte@4.2.6) ##### Patch Changes - fix: adjust static attribute regex ([#​9551](https://togithub.com/sveltejs/svelte/pull/9551)) ### [`v4.2.5`](https://togithub.com/sveltejs/svelte/releases/tag/svelte%404.2.5) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.4...svelte@4.2.5) ##### Patch Changes - fix: ignore expressions in top level script/style tag attributes ([#​9498](https://togithub.com/sveltejs/svelte/pull/9498)) ### [`v4.2.4`](https://togithub.com/sveltejs/svelte/releases/tag/svelte%404.2.4) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.3...svelte@4.2.4) ##### Patch Changes - fix: handle closing tags inside attribute values ([#​9486](https://togithub.com/sveltejs/svelte/pull/9486)) ### [`v4.2.3`](https://togithub.com/sveltejs/svelte/releases/tag/svelte%404.2.3) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.2...svelte@4.2.3) ##### Patch Changes - fix: improve a11y-click-events-have-key-events message ([#​9358](https://togithub.com/sveltejs/svelte/pull/9358)) - fix: more robust hydration of html tag ([#​9184](https://togithub.com/sveltejs/svelte/pull/9184)) ### [`v4.2.2`](https://togithub.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#422) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.1...svelte@4.2.2) ##### Patch Changes - fix: support camelCase properties on custom elements ([#​9328](https://togithub.com/sveltejs/svelte/pull/9328)) - fix: add missing plaintext-only value to contenteditable type ([#​9242](https://togithub.com/sveltejs/svelte/pull/9242)) - chore: upgrade magic-string to 0.30.4 ([#​9292](https://togithub.com/sveltejs/svelte/pull/9292)) - fix: ignore trailing comments when comparing nodes ([#​9197](https://togithub.com/sveltejs/svelte/pull/9197)) ### [`v4.2.1`](https://togithub.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#421) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.2.0...svelte@4.2.1) ##### Patch Changes - fix: update style directive when style attribute is present and is updated via an object prop ([#​9187](https://togithub.com/sveltejs/svelte/pull/9187)) - fix: css sourcemap generation with unicode filenames ([#​9120](https://togithub.com/sveltejs/svelte/pull/9120)) - fix: do not add module declared variables as dependencies ([#​9122](https://togithub.com/sveltejs/svelte/pull/9122)) - fix: handle `svelte:element` with dynamic this and spread attributes ([#​9112](https://togithub.com/sveltejs/svelte/pull/9112)) - fix: silence false positive reactive component warning ([#​9094](https://togithub.com/sveltejs/svelte/pull/9094)) - fix: head duplication when binding is present ([#​9124](https://togithub.com/sveltejs/svelte/pull/9124)) - fix: take custom attribute name into account when reflecting property ([#​9140](https://togithub.com/sveltejs/svelte/pull/9140)) - fix: add `indeterminate` to the list of HTMLAttributes ([#​9180](https://togithub.com/sveltejs/svelte/pull/9180)) - fix: recognize option value on spread attribute ([#​9125](https://togithub.com/sveltejs/svelte/pull/9125)) ### [`v4.2.0`](https://togithub.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#420) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.1.2...svelte@4.2.0) ##### Minor Changes - feat: move `svelteHTML` from language-tools into core to load the correct `svelte/element` types ([#​9070](https://togithub.com/sveltejs/svelte/pull/9070)) ### [`v4.1.2`](https://togithub.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#412) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.1.1...svelte@4.1.2) ##### Patch Changes - fix: allow child element with slot attribute within svelte:element ([#​9038](https://togithub.com/sveltejs/svelte/pull/9038)) - fix: Add data-\* to svg attributes ([#​9036](https://togithub.com/sveltejs/svelte/pull/9036)) ### [`v4.1.1`](https://togithub.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#411) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.1.0...svelte@4.1.1) ##### Patch Changes - fix: `svelte:component` spread props change not picked up ([#​9006](https://togithub.com/sveltejs/svelte/pull/9006)) ### [`v4.1.0`](https://togithub.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#410) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.0.5...svelte@4.1.0) ##### Minor Changes - feat: add ability to extend custom element class ([#​8991](https://togithub.com/sveltejs/svelte/pull/8991)) ##### Patch Changes - fix: ensure `svelte:component` evaluates props once ([#​8946](https://togithub.com/sveltejs/svelte/pull/8946)) - fix: remove `let:variable` slot bindings from select binding dependencies ([#​8969](https://togithub.com/sveltejs/svelte/pull/8969)) - fix: handle destructured primitive literals ([#​8871](https://togithub.com/sveltejs/svelte/pull/8871)) - perf: optimize imports that are not mutated or reassigned ([#​8948](https://togithub.com/sveltejs/svelte/pull/8948)) - fix: don't add accessor twice ([#​8996](https://togithub.com/sveltejs/svelte/pull/8996)) ### [`v4.0.5`](https://togithub.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#405) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.0.4...svelte@4.0.5) ##### Patch Changes - fix: generate type definition with nullable types ([#​8924](https://togithub.com/sveltejs/svelte/pull/8924)) ### [`v4.0.4`](https://togithub.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#404) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.0.3...svelte@4.0.4) ##### Patch Changes - fix: claim svg tags in raw mustache tags correctly ([#​8910](https://togithub.com/sveltejs/svelte/pull/8910)) - fix: repair invalid raw html content during hydration ([#​8912](https://togithub.com/sveltejs/svelte/pull/8912)) ### [`v4.0.3`](https://togithub.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#403) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.0.2...svelte@4.0.3) ##### Patch Changes - fix: handle falsy srcset values ([#​8901](https://togithub.com/sveltejs/svelte/pull/8901)) ### [`v4.0.2`](https://togithub.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#402) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.0.1...svelte@4.0.2) ##### Patch Changes - fix: reflect all custom element prop updates back to attribute ([#​8898](https://togithub.com/sveltejs/svelte/pull/8898)) - fix: shrink custom element baseline a bit ([#​8858](https://togithub.com/sveltejs/svelte/pull/8858)) - fix: use non-destructive hydration for all `@html` tags ([#​8880](https://togithub.com/sveltejs/svelte/pull/8880)) - fix: align `disclose-version` exports specification ([#​8874](https://togithub.com/sveltejs/svelte/pull/8874)) - fix: check srcset when hydrating to prevent needless requests ([#​8868](https://togithub.com/sveltejs/svelte/pull/8868)) ### [`v4.0.1`](https://togithub.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#401) [Compare Source](https://togithub.com/sveltejs/svelte/compare/svelte@4.0.0...svelte@4.0.1) ##### Patch Changes - fix: ensure identifiers in destructuring contexts don't clash with existing ones ([#​8840](https://togithub.com/sveltejs/svelte/pull/8840)) - fix: ensure `createEventDispatcher` and `ActionReturn` work with types from generic function parameters ([#​8872](https://togithub.com/sveltejs/svelte/pull/8872)) - fix: apply transition to `` with local transition ([#​8865](https://togithub.com/sveltejs/svelte/pull/8865)) - fix: relax a11y "no redundant role" rule for li, ul, ol ([#​8867](https://togithub.com/sveltejs/svelte/pull/8867)) - fix: remove tsconfig.json from published package ([#​8859](https://togithub.com/sveltejs/svelte/pull/8859)) ### [`v4.0.0`](https://togithub.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELOG.md#400) [Compare Source](https://togithub.com/sveltejs/svelte/compare/v3.59.2...svelte@4.0.0) ##### Major Changes - breaking: Minimum supported Node version is now Node 16 ([#​8566](https://togithub.com/sveltejs/svelte/pull/8566)) - breaking: Minimum supported webpack version is now webpack 5 ([#​8515](https://togithub.com/sveltejs/svelte/pull/8515)) - breaking: Bundlers must specify the `browser` condition when building a frontend bundle for the browser ([#​8516](https://togithub.com/sveltejs/svelte/pull/8516)) - breaking: Minimum supported vite-plugin-svelte version is now 2.4.1. SvelteKit users can upgrade to 1.20.0 or newer to ensure a compatible version ([#​8516](https://togithub.com/sveltejs/svelte/pull/8516)) - breaking: Minimum supported `rollup-plugin-svelte` version is now 7.1.5 ([198dbcf](https://togithub.com/sveltejs/svelte/commit/198dbcf)) - breaking: Minimum supported `svelte-loader` is now 3.1.8 ([198dbcf](https://togithub.com/sveltejs/svelte/commit/198dbcf)) - breaking: Minimum supported TypeScript version is now TypeScript 5 (it will likely work with lower versions, but we make no guarantees about that) ([#​8488](https://togithub.com/sveltejs/svelte/pull/8488)) - breaking: Remove `svelte/register` hook, CJS runtime version and CJS compiler output ([#​8613](https://togithub.com/sveltejs/svelte/pull/8613)) - breaking: Stricter types for `createEventDispatcher` (see PR for migration instructions) ([#​7224](https://togithub.com/sveltejs/svelte/pull/7224)) - breaking: Stricter types for `Action` and `ActionReturn` (see PR for migration instructions) ([#​7442](https://togithub.com/sveltejs/svelte/pull/7442)) - breaking: Stricter types for `onMount` - now throws a type error when returning a function asynchronously to catch potential mistakes around callback functions (see PR for migration instructions) ([#​8136](https://togithub.com/sveltejs/svelte/pull/8136)) - breaking: Overhaul and drastically improve creating custom elements with Svelte (see PR for list of changes and migration instructions) ([#​8457](https://togithub.com/sveltejs/svelte/pull/8457)) - breaking: Deprecate `SvelteComponentTyped` in favor of `SvelteComponent` ([#​8512](https://togithub.com/sveltejs/svelte/pull/8512)) - breaking: Make transitions local by default to prevent confusion around page navigations ([#​6686](https://togithub.com/sveltejs/svelte/issues/6686)) - breaking: Error on falsy values instead of stores passed to `derived` ([#​7947](https://togithub.com/sveltejs/svelte/pull/7947)) - breaking: Custom store implementers now need to pass an `update` function additionally to the `set` function ([#​6750](https://togithub.com/sveltejs/svelte/pull/6750)) - breaking: Do not expose default slot bindings to named slots and vice versa ([#​6049](https://togithub.com/sveltejs/svelte/pull/6049)) - breaking: Change order in which preprocessors are applied ([#​8618](https://togithub.com/sveltejs/svelte/pull/8618)) - breaking: The runtime now makes use of `classList.toggle(name, boolean)` which does not work in very old browsers ([#​8629](https://togithub.com/sveltejs/svelte/pull/8629)) - breaking: apply `inert` to outroing elements ([#​8628](https://togithub.com/sveltejs/svelte/pull/8628)) - breaking: use `CustomEvent` constructor instead of deprecated `createEvent` method ([#​8775](https://togithub.com/sveltejs/svelte/pull/8775)) ##### Minor Changes - Add a way to modify attributes for script/style preprocessors ([#​8618](https://togithub.com/sveltejs/svelte/pull/8618)) - Improve hydration speed by adding `data-svelte-h` attribute to detect unchanged HTML elements ([#​7426](https://togithub.com/sveltejs/svelte/pull/7426)) - Add `a11y no-noninteractive-element-interactions` rule ([#​8391](https://togithub.com/sveltejs/svelte/pull/8391)) - Add `a11y-no-static-element-interactions`rule ([#​8251](https://togithub.com/sveltejs/svelte/pull/8251)) - Allow `#each` to iterate over iterables like `Set`, `Map` etc ([#​7425](https://togithub.com/sveltejs/svelte/issues/7425)) - Improve duplicate key error for keyed `each` blocks ([#​8411](https://togithub.com/sveltejs/svelte/pull/8411)) - Warn about `:` in attributes and props to prevent ambiguity with Svelte directives ([#​6823](https://togithub.com/sveltejs/svelte/issues/6823)) - feat: add version info to `window`. You can opt out by setting `discloseVersion` to `false` in the compiler options ([#​8761](https://togithub.com/sveltejs/svelte/pull/8761)) - feat: smaller minified output for destructor chunks ([#​8763](https://togithub.com/sveltejs/svelte/pull/8763)) ##### Patch Changes - Bind `null` option and input values consistently ([#​8312](https://togithub.com/sveltejs/svelte/issues/8312)) - Allow `$store` to be used with changing values including nullish values ([#​7555](https://togithub.com/sveltejs/svelte/issues/7555)) - Initialize stylesheet with `/* empty */` to enable setting CSP directive that also works in Safari ([#​7800](https://togithub.com/sveltejs/svelte/pull/7800)) - Treat slots as if they don't exist when using CSS adjacent and general sibling combinators ([#​8284](https://togithub.com/sveltejs/svelte/issues/8284)) - Fix transitions so that they don't require a `style-src 'unsafe-inline'` Content Security Policy (CSP) ([#​6662](https://togithub.com/sveltejs/svelte/issues/6662)). - Explicitly disallow `var` declarations extending the reactive statement scope ([#​6800](https://togithub.com/sveltejs/svelte/pull/6800)) - Improve error message when trying to use `animate:` directives on inline components ([#​8641](https://togithub.com/sveltejs/svelte/issues/8641)) - fix: export ComponentType from `svelte` entrypoint ([#​8578](https://togithub.com/sveltejs/svelte/pull/8578)) - fix: never use html optimization for mustache tags in hydration mode ([#​8744](https://togithub.com/sveltejs/svelte/pull/8744)) - fix: derived store types ([#​8578](https://togithub.com/sveltejs/svelte/pull/8578)) - Generate type declarations with dts-buddy ([#​8578](https://togithub.com/sveltejs/svelte/pull/8578)) - fix: ensure types are loaded with all TS settings ([#​8721](https://togithub.com/sveltejs/svelte/pull/8721)) - fix: account for preprocessor source maps when calculating meta info ([#​8778](https://togithub.com/sveltejs/svelte/pull/8778)) - chore: deindent cjs output for compiler ([#​8785](https://togithub.com/sveltejs/svelte/pull/8785)) - warn on boolean compilerOptions.css ([#​8710](https://togithub.com/sveltejs/svelte/pull/8710)) - fix: export correct SvelteComponent type ([#​8721](https://togithub.com/sveltejs/svelte/pull/8721))

---

Configuration

📅 Schedule: Branch creation - "" in timezone America/Denver, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate[bot]]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: @poppanator/sveltekit-svg@3.0.1
npm error Found: svelte@4.2.19
npm error node_modules/svelte
npm error   dev svelte@"4.2.19" from the root project
npm error   peer svelte@"^3.54.0 || ^4.0.0-next.0" from @sveltejs/kit@1.27.2
npm error   node_modules/@sveltejs/kit
npm error     dev @sveltejs/kit@"1.27.2" from the root project
npm error     peer @sveltejs/kit@"^1.5.0" from @sveltejs/adapter-vercel@3.0.3
npm error     node_modules/@sveltejs/adapter-vercel
npm error       dev @sveltejs/adapter-vercel@"3.0.3" from the root project
npm error   7 more (@sveltejs/vite-plugin-svelte, ...)
npm error
npm error Could not resolve dependency:
npm error peer svelte@"3.x" from @poppanator/sveltekit-svg@3.0.1
npm error node_modules/@poppanator/sveltekit-svg
npm error   dev @poppanator/sveltekit-svg@"3.0.1" from the root project
npm error
npm error Conflicting peer dependency: svelte@3.59.2
npm error node_modules/svelte
npm error   peer svelte@"3.x" from @poppanator/sveltekit-svg@3.0.1
npm error   node_modules/@poppanator/sveltekit-svg
npm error     dev @poppanator/sveltekit-svg@"3.0.1" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /tmp/renovate/cache/others/npm/_logs/2024-08-30T17_21_57_736Z-eresolve-report.txt
npm error A complete log of this run can be found in: /tmp/renovate/cache/others/npm/_logs/2024-08-30T17_21_57_736Z-debug-0.log

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
privacy-protect-68pv	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Aug 30, 2024 5:22pm

[renovate[bot]]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 4.x releases. But if you manually upgrade to 4.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.