Skip to content

chore(deps): update dependency @sveltejs/kit to v2.37.1 - autoclosed

Renovate Botrequested to merge
renovate/sveltejs-kit-2.x-lockfile into main

This MR contains the following updates:

Package Change Age Confidence
@sveltejs/kit (source) 2.5.24 -> 2.37.1 age confidence

Release Notes

sveltejs/kit (@​sveltejs/kit)

v2.37.1

Compare Source

Patch Changes

  • fix: serialize server load data before passing to universal load, to handle mutations and promises (#​14298)

  • fix: resolve_route prevent dropping a trailing slash of id (#​14294)

  • fix: assign correct status code to form submission error on the client (#​14345)

  • fix: un-proxy form.result (#​14346)

v2.37.0

Compare Source

Minor Changes

  • feat: automatically resolve query.refresh() promises on the server (#​14332)

  • feat: allow query.set() to be called on the server (#​14304)

Patch Changes

  • fix: disable CSRF checks in dev (#​14335)

  • fix: allow redirects to external URLs from within form functions (#​14329)

  • fix: add type definitions for query.set() method to override the value of a remote query function (#​14303)

  • fix: ensure uniqueness of form.for(...) across form functions (#​14327)

v2.36.3

Compare Source

Patch Changes

  • fix: bump devalue (#​14323)

  • chore: consolidate dev checks to use esm-env instead of a __SVELTEKIT_DEV__ global (#​14308)

  • fix: reset form inputs by default when using remote form functions (#​14322)

v2.36.2

Compare Source

Patch Changes

  • chore: make config deprecation warnings more visible (#​14281)

  • chore: remove redundant Not Found error message (#​14289)

  • chore: deprecate csrf.checkOrigin in favour of csrf.trustedOrigins: ['*'] (#​14281)

v2.36.1

Compare Source

Patch Changes
  • fix: ensure importing from $app/navigation works in test files (#​14195)

v2.36.0

Compare Source

Minor Changes
  • feat: add csrf.trustedOrigins configuration (#​14021)
Patch Changes

  • fix: correctly decode custom types streamed from a server load function (#​14261)

  • fix: add trailing slash pathname when generating typed routes (#​14065)

v2.35.0

Compare Source

Minor Changes
  • feat: better server-side error logging (#​13990)
Patch Changes
  • fix: ensure static error page is loaded correctly for custom user errors (#​13952)

v2.34.1

Compare Source

Patch Changes

  • fix: support multiple cookies with the same name across different paths and domains (b2c5d02)

  • fix: add link header when preloading font (#​14200)

  • fix: cookies.get(...) returns undefined for a just-deleted cookie (b2c5d02)

  • fix: load env before prerender (c5f7139)

v2.34.0

Compare Source

Minor Changes
  • feat: allow dynamic env access during prerender (#​14243)
Patch Changes

  • fix: clone fetch responses so that headers are mutable (#​13942)

  • fix: serialize server load data before passing to universal load, to handle mutations (#​14268)

  • fix: allow asset(...) to be used with imported assets (#​14270)

v2.33.1

Compare Source

Patch Changes

  • fix: make paths in .css assets relative (#​14262)

  • fix: avoid copying SSR stylesheets to client assets (#​13069)

v2.33.0

Compare Source

Minor Changes
  • feat: configure error reporting when routes marked as prerendable were not prerendered (#​11702)
Patch Changes

  • fix: use correct flag for server tracing (#​14250)

  • fix: correct type names for new handleUnseenRoutes option (#​14254)

  • chore: Better docs and error message for missing @opentelemetry/api dependency (#​14250)

v2.32.0

Compare Source

Minor Changes
  • feat: inline load fetch response.body stream data as base64 in page (#​11473)
Patch Changes
  • fix: better error when .remote.ts files are used without the experimental.remoteFunctions flag (#​14225)

v2.31.1

Compare Source

Patch Changes
  • fix: pass options to resolve in resolveId hook (#​14223)

v2.31.0

Compare Source

Minor Changes

  • feat: OpenTelemetry tracing for handle, sequence, form actions, remote functions, and load functions running on the server (#​13899)

  • feat: add instrumentation.server.ts for tracing and observability setup (#​13899)

v2.30.1

Compare Source

Patch Changes
  • chore: generate $app/types in a more Typescript-friendly way (#​14207)

v2.30.0

Compare Source

Minor Changes
  • feat: allow to specify options for the service worker in svelte.config.js (#​13578)
Patch Changes

  • fix: ensure buttonProps.enhance works on buttons with nested text (#​14199)

  • fix: pass validation issues specifically to avoid non-enumerable spreading error (#​14197)

v2.29.1

Compare Source

Patch Changes
  • chore: allow remote functions in all of the src directory (#​14198)

v2.29.0

Compare Source

Minor Changes
  • feat: add a kit.files.src option (#​14152)
Patch Changes

  • fix: don't treat $lib/server.ts or $lib/server_whatever.ts as server-only modules, only $lib/server/** (#​14191)

  • fix: make illegal server-only import errors actually useful (#​14155)

  • chore: deprecate config.kit.files options (#​14152)

  • fix: avoid warning if page options in a Svelte file belongs to a comment (#​14180)

v2.28.0

Compare Source

Minor Changes

  • feat: add RouteId and RouteParams to NavigationTarget interface (#​14167)

  • feat: add pending property to forms and commands (#​14137)

Patch Changes

  • fix: fetch imported assets during prerender (#​12201)

  • chore: refactor redundant base64 encoding/decoding functions (#​14160)

  • fix: use correct cache result when fetching same url multiple times (#​12355)

  • fix: don't refresh queries automatically when running commands (#​14170)

  • fix: avoid writing remote function bundle to disk when treeshaking prerendered queries (#​14161)

v2.27.3

Compare Source

Patch Changes
  • chore: add .git to the end of package.json repository url (#​14134)

v2.27.2

Compare Source

Patch Changes

  • fix: ensure form() remote functions work when the app is configured to a single output (#​14127)

  • fix: use the configured base path when calling remote functions from the client (#​14106)

v2.27.1

Compare Source

Patch Changes

  • fix: correctly type remote function input parameters from a schema (#​14098)

  • fix: match URL-encoded newlines in rest route params (#​14102)

  • fix: correctly spell server-side in error messages (#​14101)

v2.27.0

Compare Source

Minor Changes

v2.26.1

Compare Source

Patch Changes

  • fix: posixify internal app server path (#​14049)

  • fix: ignore route groups when generating typed routes (#​14050)

v2.26.0

Compare Source

Minor Changes

  • feat: better type-safety for page.route.id, page.params, page.url.pathname and various other places (#​13864)

  • feat: resolve(...) and asset(...) helpers for resolving paths (#​13864)

  • feat: Add $app/types module with Asset, RouteId, Pathname, ResolvedPathname RouteParams<T> and LayoutParams<T> (#​13864)

v2.25.2

Compare Source

Patch Changes
  • fix: correctly set URL when navigating during an ongoing navigation (#​14004)

v2.25.1

Compare Source

Patch Changes
  • fix: add missing params property (#​14012)

v2.25.0

Compare Source

Minor Changes
  • feat: support asynchronous read implementations from adapters (#​13859)
Patch Changes
  • fix: log when no Svelte config file has been found to avoid confusion (#​14001)

v2.24.0

Compare Source

Minor Changes
  • feat: typed params prop for page/layout components (#​13999)
Patch Changes
  • fix: treeshake internal storage.get helper (#​13998)

v2.23.0

Compare Source

Minor Changes

  • feat: support svelte.config.ts (#​13935)

    NOTE

    Your runtime has to support importing TypeScript files for svelte.config.ts to work. In Node.js, the feature is supported with the --experimental-strip-types flag starting in Node 22.6.0 and supported without a flag starting in Node 23.6.0.

Patch Changes

  • fix: extend vite-plugin-svelte's Config type instead of duplicating it (#​13982)

  • fix: regression with rolldown-vite not bundling a single JS file for single and inline apps (#​13941)

v2.22.5

Compare Source

Patch Changes
  • fix: re-add @sveltejs/kit to optimizeDeps.exclude (#​13983)

v2.22.4

Compare Source

Patch Changes
  • fix: force $app/* modules to be bundled (#​13977)

v2.22.3

Compare Source

Patch Changes
  • fix: don't bundle @sveltejs/kit (#​13971)

v2.22.2

Compare Source

Patch Changes

  • fix: use fallback if untrack doesn't exist in svelte package (#​13933)

  • fix: warning for chrome devtools requests now suggests sv instead of vite plugin (#​13905)

v2.22.1

Compare Source

Patch Changes

  • fix: prevent infinite loop when calling pushState/replaceState in $effect (#​13914)

  • chore: use manualChunks to bundle single and inline apps with Rolldown (#​13915)

v2.22.0

Compare Source

Minor Changes
  • feat: add support for Vite 7 and Rolldown. See https://vite.dev/guide/rolldown.html#how-to-try-rolldown for details about how to try experimental Rolldown support. You will also need vite-plugin-svelte@^6.0.0-next.0 and vite@^7.0.0-beta.0. Compilation should be faster using Rolldown, but with larger bundle sizes until additional tree-shaking is implemented in Rolldown. See #​13738 for ongoing work. (#​13747)

v2.21.5

Compare Source

Patch Changes

  • fix: correctly set the sequential focus navigation point when using hash routing (#​13884)

  • fix: regression when resetting focus and the URL hash contains selector combinators or separators (#​13884)

v2.21.4

Compare Source

Patch Changes
  • fix: correctly access transport decoders on the client when building for a single or inline output app (#​13871)

v2.21.3

Compare Source

Patch Changes

  • fix: correctly invalidate static analysis cache of child nodes when modifying a universal +layout file during dev (#​13793)

  • fix: correctly set sequential focus navigation starting point after navigation (#​10856)

  • fix: suppress console spam for chrome devtools requests (#​13830)

  • fix: avoid externalising packages that depend on @sveltejs/kit so that libraries can also use redirect and error helpers (#​13843)

  • fix: correctly run deserialize on the server (#​13686)

  • fix: correctly inline stylesheets of components dynamically imported in a universal load function if they are below the configured inlineStyleThreshold (#​13723)

v2.21.2

Compare Source

Patch Changes
  • fix: omit stack when logging 404 errors (#​13848)

v2.21.1

Compare Source

Patch Changes

  • chore: clarify which functions handleFetch affects (#​13788)

  • fix: ensure $env and $app/environment are correctly set while analysing server nodes (#​13790)

v2.21.0

Compare Source

Minor Changes
  • feat: allow running client-side code at the top-level of universal pages/layouts when SSR is disabled and page options are only boolean or string literals (#​13684)
Patch Changes

  • chore: remove import-meta-resolve dependency (#​13629)

  • fix: remove component code from server nodes that are never used for SSR (#​13684)

v2.20.8

Compare Source

Patch Changes
  • fix: ensure that ssr and csr page options apply to error pages rendered as a result of a load function error on the server (#​13695)

v2.20.7

Compare Source

Patch Changes
  • fix: regression when serializing server data (#​13709)

v2.20.6

Compare Source

Patch Changes

v2.20.5

Compare Source

Patch Changes

  • allow HandleServerError hook to access getRequestEvent (#​13666)

  • fix: prevent Rollup warnings for undefined hooks (#​13687)

v2.20.4

Compare Source

Patch Changes
  • chore: remove internal class-replacement hack that isn't needed anymore (#​13664)

v2.20.3

Compare Source

Patch Changes
  • fix: only call afterNavigate once on app start when SSR is disabled (#​13593)

v2.20.2

Compare Source

Patch Changes
  • fix: allow non-prerendered API endpoint calls during reroute when prerendering (#​13616)

v2.20.1

Compare Source

Patch Changes
  • fix: avoid using top-level await (#​13607)

v2.20.0

Compare Source

Minor Changes
  • feat: add getRequestEvent to $app/server (#​13582)

v2.19.2

Compare Source

Patch Changes
  • fix: lazily load CSS for dynamically imported components (#​13564)

v2.19.1

Compare Source

Patch Changes
  • fix: allow reroute to point to prerendered route (#​13575)

v2.19.0

Compare Source

Minor Changes
Patch Changes

v2.18.0

Compare Source

Minor Changes
Patch Changes

  • fix: correct navigation history with hash router and ensure load functions are rerun on user changes to URL hash (#​13492)

  • fix: include universal load assets as server assets (#​13531)

  • fix: Include root layout and error nodes even when apps have only prerendered pages (#​13522)

  • fix: correctly preload data on mousedown/touchstart if code was preloaded on hover (#​13530)

v2.17.3

Compare Source

Patch Changes

  • fix: avoid simulated CORS errors with non-HTTP URLs (#​13493)

  • fix: correctly preload links on mousedown/touchstart (#​13486)

  • fix: load CSS when using server-side route resolution (#​13498)

  • fix: correctly find shared entry-point CSS files during inlining (#​13431)

v2.17.2

Compare Source

Patch Changes

  • fix: add promise return type to the enhance action callback (#​13420)

  • fix: change server-side route resolution endpoint (#​13461)

v2.17.1

Compare Source

Patch Changes
  • fix: make route resolution imports root-relative if paths.relative option is false (#​13412)

v2.17.0

Compare Source

Minor Changes

  • feat: validate values for cache-control and content-type headers in dev mode (#​13114)

  • feat: support server-side route resolution (#​13379)

Patch Changes

  • chore: don't error during development when using use:enhance with +server as some third party libraries make it possible to POST forms to it (#​13397)

  • fix: skip hooks for server fetch to prerendered routes (#​13377)

  • fix: ignore non-entry-point CSS files during inlining (#​13395)

  • fix: default server fetch to use prerendered paths (#​13377)

v2.16.1

Compare Source

Patch Changes

  • fix: avoid overwriting headers for sub-requests made while loading the error page (#​13341)

  • fix: correctly resolve index file entrypoints such as src/service-worker/index.js (#​13354)

  • fix: correctly handle relative anchors when using the hash router (#​13356)

v2.16.0

Compare Source

Minor Changes

  • feat: add ability to invalidate a custom identifier on goto() (#​13256)

  • feat: remove the postinstall script to support pnpm 10 (#​13304)

    NOTE: users should add "prepare": "svelte-kit sync" to their package.json in order to avoid the following warning upon first running Vite:

    ▲ [WARNING] Cannot find base config file "./.svelte-kit/tsconfig.json" [tsconfig.json]

    tsconfig.json:2:12:
      2 │   "extends": "./.svelte-kit/tsconfig.json",
        ╵              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • feat: provide PageProps and LayoutProps types (#​13308)

Patch Changes

  • perf: shorten chunk file names (#​13003)

  • fix: strip internal data before passing URL to reroute (#​13092)

  • fix: support absolute URLs and reroutes with data-sveltekit-preload-code="viewport" (#​12217)

  • fix: use current window.fetch for server load fetch requests (#​13315)

  • fix: resolve symlinks when handling routes (#​12740)

  • fix: prevent infinite reload when using the hash router and previewing /index.html (#​13296)

  • fix: service worker base path in dev mode (#​12577)

  • chore: error during development when using use:enhance with +server (#​13197)

  • chore: add most common status codes to redirect() JS documentation (#​13301)

  • fix: correctly link to assets inlined by the inlineStyleThreshold option (#​13068)

  • fix: fall back to importing dynamic dependencies relative to SvelteKit package (#​12532)

  • fix: use arrow function types over bound funcs (#​12955)

  • fix: correctly navigate when hash router is enabled and the browser encodes extra hashes (#​13321)

v2.15.3

Compare Source

Patch Changes

  • fix: fix race-condition when not using SSR when pressing back before initial load (#​12925)

  • fix: remove ":$" from virtual module ids to allow dev server to work with proxies (#​12157)

  • fix: upgrade esm-env to remove warning when NODE_ENV is not set (#​13291)

  • fix: handle Redirect thrown from root layout load function when client-side navigating to a non-existent page (#​12005)

  • fix: make param matchers generated type import end with .js (#​13286)

v2.15.2

Compare Source

Patch Changes

  • fix: correctly notify page store subscribers (#​13205)

  • fix: prerender data when there is no server load but the trailingSlash option is set from the server (#​13262)

  • fix: correctly remove navigation callbacks when returning function in onNavigate (#​13241)

v2.15.1

Compare Source

Patch Changes

  • fix: add CSP hashes/nonces to inline styles when using bundleStrategy: 'inline' (#​13232)

  • fix: silence dev/prod warning during sync (#​13244)

v2.15.0

Compare Source

Minor Changes
  • feat: add bundleStrategy: 'inline' option (#​13193)

v2.14.1

Compare Source

Patch Changes
  • fix: do not mutate URL during reroute logic (#​13222)

v2.14.0

Compare Source

Minor Changes
  • feat: add hash-based routing option (#​13191)
Patch Changes
  • fix: create new URL when calling goto(...), to handle case where URL is mutated (#​13196)

v2.13.0

Compare Source

Minor Changes
  • feat: add bundleStrategy: 'split' | 'single' option (#​13173)

v2.12.2

Compare Source

Patch Changes

  • fix: correctly resolve no hooks file when a similarly named directory exists (#​13188)

  • fix: correctly resolve $app/state on the server with Vite 5 (#​13192)

v2.12.1

Compare Source

Patch Changes
  • fix: replace navigating.current.<x> with navigating.<x> (#​13174)

v2.12.0

Compare Source

Minor Changes
Patch Changes
  • chore: specify the route ID in the error message during development when making a form action request to a route without form actions (#​13167)

v2.11.1

Compare Source

Patch Changes
  • fix: adhere to Vite build.minify setting when building the service worker (#​13143)

v2.11.0

Compare Source

Minor Changes
  • feat: transport custom types across the server/client boundary (#​13149)
Patch Changes
  • fix: correctly resolve hooks file when a similarly named directory exists (#​13144)

v2.10.1

Compare Source

Patch Changes
  • fix: export init hook from get_hooks (#​13136)

v2.10.0

Compare Source

Minor Changes
  • feat: server and client init hook (#​13103)
Patch Changes
  • fix: prevent hooks exported from hooks.js from overwriting hooks from hooks.server.js (#​13104)

v2.9.1

Compare Source

Patch Changes
  • fix: correctly match route groups preceding optional parameters (#​13099)

v2.9.0

Compare Source

Minor Changes
Patch Changes
  • fix: transform link[rel='shortcut icon'] and link[rel='apple-touch-icon'] to be absolute to avoid console error when navigating (#​13077)

v2.8.5

Compare Source

Patch Changes
  • fix: don't hydrate when falling back to error page (#​13056)

v2.8.4

Compare Source

Patch Changes
  • fix: update inline css url generation for FOUC prevention in dev (#​13007)

v2.8.3

Compare Source

Patch Changes

  • fix: ensure error messages are escaped (#​13050)

  • fix: escape values included in dev 404 page (#​13039)

v2.8.2

Compare Source

Patch Changes

  • fix: prevent duplicate fetch request when using Request with load function's fetch (#​13023)

  • fix: do not override default cookie decoder to allow users to override the cookie library version (#​13037)

v2.8.1

Compare Source

Patch Changes

  • fix: only add nonce to script-src-elem, style-src-attr and style-src-elem CSP directives when unsafe-inline is not present (#​11613)

  • fix: support HTTP/2 in dev and production. Revert the changes from #​12907 to downgrade HTTP/2 to TLS as now being unnecessary (#​12989)

v2.8.0

Compare Source

Minor Changes
  • feat: add helper to identify ActionFailure objects (#​12878)

v2.7.7

Compare Source

Patch Changes

v2.7.6

Compare Source

Patch Changes
  • fix: update broken links in JSDoc (#​12960)

v2.7.5

Compare Source

Patch Changes

  • fix: warn on invalid cookie name characters (#​12806)

  • fix: when using @vitejs/plugin-basic-ssl, set a no-op proxy config to downgrade from HTTP/2 to TLS since undici does not yet enable HTTP/2 by default (#​12907)

v2.7.4

Compare Source

Patch Changes

  • fix: ensure element is focused after subsequent clicks of the same hash link (#​12866)

  • fix: avoid preload if event default was prevented for touchstart and mousedown events (#​12887)

  • fix: avoid reloading behaviour for hash links with data-sveltekit-reload if the hash is on the same page (#​12866)

v2.7.3

Compare Source

Patch Changes

  • fix: include importer in illegal import error message (#​12820)

  • fix: don't try reading assets directly that aren't present (#​12876)

  • fix: decode non-latin characters when previewing prerendered pages (#​12874)

  • fix: better error message when a Result is returned from a form action (#​12829)

  • docs: update URLs for new svelte.dev site (#​12857)

v2.7.2

Compare Source

Patch Changes
  • fix: use absolute links in JSDoc comments (#​12718)

v2.7.1

Compare Source

Patch Changes

  • chore: upgrade to sirv 3.0 (#​12796)

  • fix: warn when form action responses are lost because SSR is off (#​12063)

v2.7.0

Compare Source

Minor Changes
  • feat: update service worker when new version is detected (#​12448)
Patch Changes

  • fix: correctly handle relative paths when fetching assets on the server (#​12113)

  • fix: decode non ASCII anchor hashes when scrolling into view (#​12699)

  • fix: page response missing CSP and Link headers when return promise in load (#​12418)

v2.6.4

Compare Source

Patch Changes

  • fix: only preload links that have a different URL than the current page (#​12773)

  • fix: revert change to replace version in generateBundle (#​12779)

  • fix: catch stack trace fixing errors thrown in web containers (#​12775)

  • fix: use absolute links in JSDoc comments (#​12772)

v2.6.3

Compare Source

Patch Changes

  • fix: ensure a changing version doesn't affect the hashes for chunks without any actual code changes (#​12700)

  • fix: prevent crash when logging URL search params in a server load function (#​12763)

  • chore: revert update dependency cookie to ^0.7.0 (#​12767)

v2.6.2

Compare Source

Patch Changes
  • chore(deps): update dependency cookie to ^0.7.0 (#​12746)

v2.6.1

Compare Source

Patch Changes
  • fix: better error message when calling push/replaceState before router is initialized (#​11968)

v2.6.0

Compare Source

Minor Changes
  • feat: support typed arrays in load functions (#​12716)
Patch Changes
  • fix: open a new tab for <form target="_blank"> and ` submissions (#​11936)

v2.5.28

Compare Source

Patch Changes
  • fix: import node:process instead of using globals (#​12641)

v2.5.27

Compare Source

Patch Changes

  • fix: asynchronously instantiate components when using Svelte 5 (#​12613)

  • fix: use {@&#8203;render ...} tag when generating default fallback page for svelte 5 apps (#​12653)

  • fix: emulate event.platform even when the route does not exist (#​12513)

v2.5.26

Compare Source

Patch Changes
  • fix: exclude service worker directory from tsconfig (#​12196)

v2.5.25

Compare Source

Patch Changes

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Modification effectuée par Renovate Bot

Rapports de requête de fusion