Skip to content

chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates#2

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/web/npm_and_yarn-0463113060
Open

chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates#2
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/web/npm_and_yarn-0463113060

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 11, 2026

Bumps the npm_and_yarn group with 1 update in the /web directory: @sveltejs/kit.

Updates @sveltejs/kit from 2.21.1 to 2.49.5

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.49.5

Patch Changes

  • fix: avoid overriding Vite default base when running Vitest 4 (#14866)

  • fix: ensure url decoded pathnames are not mistaken as rerouted requests (d9ae9b0)

  • fix: add length checks to remote forms (8ed8155)

@​sveltejs/kit@​2.49.4

Patch Changes

  • fix: support instrumentation for vite preview (#15105)

  • fix: support for URLSearchParams.has(name, value) overload (#15076)

  • fix: put forking behind experimental.forkPreloads (#15135)

@​sveltejs/kit@​2.49.3

Patch Changes

  • fix: avoid false-positive Vite config overridden warning when using Vitest 4 (#15121)

  • fix: add typescript as an optional peer dependency (#15074)

  • fix: use hasOwn check when deep-setting object properties (#15127)

@​sveltejs/kit@​2.49.2

Patch Changes

  • fix: Stop re-loading already-loaded CSS during server-side route resolution (#15014)

  • fix: posixify the instrumentation file import on Windows (#14993)

  • fix: Correctly handle shared memory when decoding binary form data (#15028)

@​sveltejs/kit@​2.49.1

Patch Changes

  • fix: suppress state_referenced_locally warnings in .svelte-kit/generated/root.svelte (#15013)

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.49.5

Patch Changes

  • fix: avoid overriding Vite default base when running Vitest 4 (#14866)

  • fix: ensure url decoded pathnames are not mistaken as rerouted requests (d9ae9b0)

  • fix: add length checks to remote forms (8ed8155)

2.49.4

Patch Changes

  • fix: support instrumentation for vite preview (#15105)

  • fix: support for URLSearchParams.has(name, value) overload (#15076)

  • fix: put forking behind experimental.forkPreloads (#15135)

2.49.3

Patch Changes

  • fix: avoid false-positive Vite config overridden warning when using Vitest 4 (#15121)

  • fix: add typescript as an optional peer dependency (#15074)

  • fix: use hasOwn check when deep-setting object properties (#15127)

2.49.2

Patch Changes

  • fix: Stop re-loading already-loaded CSS during server-side route resolution (#15014)

  • fix: posixify the instrumentation file import on Windows (#14993)

  • fix: Correctly handle shared memory when decoding binary form data (#15028)

2.49.1

Patch Changes

... (truncated)

Commits
  • 80ffb53 Version Packages (#15162)
  • 8ed8155 Merge commit from fork
  • d9ae9b0 Merge commit from fork
  • ec4596a chore: Upgrade devalue (#15172)
  • 81cd545 fix: avoid overriding Vite default base when running Vitest 4 (#14866)
  • 6cf9491 chore: remove unused is_http_method helper and method set to (#15152)
  • 3305022 Revert "breaking: remove buttonProps from experimental remote form function...
  • 4f9870d breaking: remove buttonProps from experimental remote form functions (#14622)
  • c8e4017 Version Packages (#15129)
  • 50bf727 chore: fix prettier ignoring source code in with build in the name (#15133)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​sveltejs/kit since your current version.


Updates devalue from 5.3.2 to 5.6.2

Release notes

Sourced from devalue's releases.

v5.6.2

Patch Changes

  • 1175584: fix: validate input for ArrayBuffer parsing
  • e46afa6: fix: validate input for typed arrays
  • 1175584: fix: more helpful errors for inputs causing stack overflows

v5.6.1

Patch Changes

  • 2161d44: fix: add hasOwn check before calling reviver

v5.6.0

Minor Changes

  • a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses
  • a3d09d4: feat: add value and root properties in DevalueError instances

v5.5.0

Minor Changes

  • 828fa1c: Enable support for custom reducer/reviver for "function" values

v5.4.2

Patch Changes

  • 5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

v5.4.1

Patch Changes

  • ca3c7b6: chore: Remove impossible void type from replacer's uneval

v5.4.0

Minor Changes

  • 9306d09: feat: pass uneval to replacer, for handling nested custom types

Patch Changes

  • b617c7c: perf: shrink uneval output with null-proto objects
Changelog

Sourced from devalue's changelog.

5.6.2

Patch Changes

  • 1175584: fix: validate input for ArrayBuffer parsing
  • e46afa6: fix: validate input for typed arrays
  • 1175584: fix: more helpful errors for inputs causing stack overflows

5.6.1

Patch Changes

  • 2161d44: fix: add hasOwn check before calling reviver

5.6.0

Minor Changes

  • a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses
  • a3d09d4: feat: add value and root properties in DevalueError instances

5.5.0

Minor Changes

  • 828fa1c: Enable support for custom reducer/reviver for "function" values

5.4.2

Patch Changes

  • 5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

5.4.1

Patch Changes

  • ca3c7b6: chore: Remove impossible void type from replacer's uneval

5.4.0

Minor Changes

  • 9306d09: feat: pass uneval to replacer, for handling nested custom types

Patch Changes

  • b617c7c: perf: shrink uneval output with null-proto objects
Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for devalue since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 2 up…
b2eebab 
…dates

Bumps the npm_and_yarn group with 1 update in the /web directory: [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit).


Updates `@sveltejs/kit` from 2.21.1 to 2.49.5
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.49.5/packages/kit)

Updates `devalue` from 5.3.2 to 5.6.2
- [Release notes](https://github.com/sveltejs/devalue/releases)
- [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md)
- [Commits](sveltejs/devalue@v5.3.2...v5.6.2)

---
updated-dependencies:
- dependency-name: "@sveltejs/kit"
  dependency-version: 2.49.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: devalue
  dependency-version: 5.6.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants