chore(deps-dev): bump the development-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the development-dependencies group with 10 updates in the / directory:

Package	From	To
typescript	5.9.2	5.9.3
vite	7.1.6	7.1.9
@rollup/plugin-node-resolve	16.0.1	16.0.2
rollup	4.50.2	4.52.4
@rsbuild/core	1.5.10	1.5.13
@sveltejs/adapter-static	3.0.9	3.0.10
@sveltejs/kit	2.42.2	2.44.0
@sveltejs/vite-plugin-svelte	6.2.0	6.2.1
svelte	5.39.2	5.39.9
svelte-check	4.3.1	4.3.2

Updates typescript from 5.9.2 to 5.9.3

Release notes

Sourced from typescript's releases.

TypeScript 5.9.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)
• fixed issues query for Typescript 5.9.3 (Stable).

Downloads are available on:

• npm

Commits

• c63de15 Bump version to 5.9.3 and LKG
• 8428ca4 🤖 Pick PR #62438 (Fix incorrectly ignored dts file fr...) into release-5.9 (#...
• a131cac 🤖 Pick PR #62351 (Add missing Float16Array constructo...) into release-5.9 (#...
• 0424333 🤖 Pick PR #62423 (Revert PR 61928) into release-5.9 (#62425)
• bdb641a 🤖 Pick PR #62311 (Fix parenthesizer rules for manuall...) into release-5.9 (#...
• 0d9b9b9 🤖 Pick PR #61978 (Restructure CI to prepare for requi...) into release-5.9 (#...
• 2dce0c5 Intentionally regress one buggy declaration output to an older version (#62163)
• See full diff in compare view

Updates vite from 7.1.6 to 7.1.9

Release notes

Sourced from vite's releases.

v7.1.9

Please refer to CHANGELOG.md for details.

v7.1.8

Please refer to CHANGELOG.md for details.

v7.1.7

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.1.9 (2025-10-03)

Reverts

• server: drain stdin when not interactive (#20885) (12d72b0)

7.1.8 (2025-10-02)

Bug Fixes

• css: improve url escape characters handling (#20847) (24a61a3)
• deps: update all non-major dependencies (#20855) (788a183)
• deps: update artichokie to 0.4.2 (#20864) (e670799)
• dev: skip JS responses for document requests (#20866) (6bc6c4d)
• glob: fix HMR for array patterns with exclusions (#20872) (63e040f)
• keep ids for virtual modules as-is (#20808) (d4eca98)
• server: drain stdin when not interactive (#20837) (bb950e9)
• server: improve malformed URL handling in middlewares (#20830) (d65a983)

Documentation

• create-vite: provide deno example (#20747) (fdb758a)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#20810) (ea68a88)
• deps: update rolldown-related dependencies (#20854) (4dd06fd)
• update url of create-react-app license (#20865) (166a178)

7.1.7 (2025-09-22)

Bug Fixes

• build: fix ssr environment emitAssets: true when sharedConfigBuild: true (#20787) (4c4583c)
• client: use CSP nonce when rendering error overlay (#20791) (9bc9d12)
• deps: update all non-major dependencies (#20811) (9f2247c)
• glob: handle glob imports from folders starting with dot (#20800) (105abe8)
• hmr: trigger prune event when import is removed from non hmr module (#20768) (9f32b1d)
• hmr: wait for import.meta.hot.prune callbacks to complete before running other HMRs (#20698) (98a3484)

Commits

• 17e2517 release: v7.1.9
• 12d72b0 revert(server): drain stdin when not interactive (#20885)
• 8d12c8b release: v7.1.8
• 63e040f fix(glob): fix HMR for array patterns with exclusions (#20872)
• 24a61a3 fix(css): improve url escape characters handling (#20847)
• 6bc6c4d fix(dev): skip JS responses for document requests (#20866)
• 166a178 chore: update url of create-react-app license (#20865)
• d4eca98 fix: keep ids for virtual modules as-is (#20808)
• e670799 fix(deps): update artichokie to 0.4.2 (#20864)
• bb950e9 fix(server): drain stdin when not interactive (#20837)
• Additional commits viewable in compare view

Updates @rollup/plugin-node-resolve from 16.0.1 to 16.0.2

Changelog

Sourced from @​rollup/plugin-node-resolve's changelog.

v16.0.2

2025-10-04

Bugfixes

• fix: error thrown with empty entry (#1893)

Commits

• 516ed1d chore(release): node-resolve v16.0.2
• 7ad5057 fix(node-resolve): error thrown with empty entry (#1893)
• See full diff in compare view

Updates rollup from 4.50.2 to 4.52.4

Release notes

Sourced from rollup's releases.

v4.52.4

4.52.4

2025-10-03

Bug Fixes

• Fix an issue where the wrong branch of nullish coalescing was picked (#6133)

Pull Requests

• #6128: Enable npm OIDC publishing (@​lukastaegert)
• #6133: Correct nullish coalescing branch resolution for symbol left value (@​TrickyPi)
• #6134: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

v4.52.3

4.52.3

2025-09-27

Bug Fixes

• Fix check in native loader for environments that do not support reports (#6123)

Pull Requests

• #6123: fix(native-loader): safely handle report.getReport() on Termux/Android (@​Jobians, @​lukastaegert)
• #6124: chore(deps): pin msys2/setup-msys2 action to fb197b7 (@​renovate[bot])
• #6125: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #6126: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.52.2

4.52.2

2025-09-23

Bug Fixes

• Fix Android build crashing due to failed dlopen (#6109)

Pull Requests

• #6109: fix(rust): use prebuilt std when it is available (@​cyyynthia)

v4.52.1

4.52.1

2025-09-23

Bug Fixes

... (truncated)

Changelog

Sourced from rollup's changelog.

4.52.4

2025-10-03

Bug Fixes

• Fix an issue where the wrong branch of nullish coalescing was picked (#6133)

Pull Requests

• #6128: Enable npm OIDC publishing (@​lukastaegert)
• #6133: Correct nullish coalescing branch resolution for symbol left value (@​TrickyPi)
• #6134: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

4.52.3

2025-09-27

Bug Fixes

• Fix check in native loader for environments that do not support reports (#6123)

Pull Requests

• #6123: fix(native-loader): safely handle report.getReport() on Termux/Android (@​Jobians, @​lukastaegert)
• #6124: chore(deps): pin msys2/setup-msys2 action to fb197b7 (@​renovate[bot])
• #6125: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #6126: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

4.52.2

2025-09-23

Bug Fixes

• Fix Android build crashing due to failed dlopen (#6109)

Pull Requests

• #6109: fix(rust): use prebuilt std when it is available (@​cyyynthia)

4.52.1

2025-09-23

Bug Fixes

• Opt-out of dynamic import optimization when using top-level await to effectively prevent deadlocks (#6121)

Pull Requests

... (truncated)

Commits

• cd81da7 4.52.4
• 0fd66e6 Correct nullish coalescing branch resolution for symbol left value (#6133)
• c1c4175 fix(deps): lock file maintenance minor/patch updates (#6134)
• bef29f4 Enable npm OIDC publishing (#6128)
• 74c555c 4.52.3
• 4362862 fix(native-loader): safely handle report.getReport() on Termux/Android (#6123)
• 7340c45 chore(deps): pin msys2/setup-msys2 action to fb197b7 (#6124)
• cfe817e chore(deps): lock file maintenance minor/patch updates (#6126)
• 89e4411 fix(deps): lock file maintenance minor/patch updates (#6125)
• fa2315c 4.52.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for rollup since your current version.

Updates @rsbuild/core from 1.5.10 to 1.5.13

Release notes

Sourced from @​rsbuild/core's releases.

v1.5.13

Highlights 💡

Browser logs

Rsbuild now forwards browser errors to your terminal — giving your coding agent more context 🤖.

This can be disabled via dev.browserLogs config:

export default {
  dev: {
    browserLogs: false,
  },
}

What's Changed

New Features 🎉

• feat(plugin-react): complete preserve React runtime by @​fi3ework in web-infra-dev/rsbuild#6240
• feat(core): simplify config option of createRsbuild by @​chenjiahan in web-infra-dev/rsbuild#6245
• feat: display browser runtime errors in the terminal by @​chenjiahan in web-infra-dev/rsbuild#6251
• feat: add dev.browserLogs configuration by @​chenjiahan in web-infra-dev/rsbuild#6253
• feat: add support for displaying unhandled rejection logs in terminal by @​chenjiahan in web-infra-dev/rsbuild#6254
• feat: enhance browser logs with source file locations by @​chenjiahan in web-infra-dev/rsbuild#6260
• feat: implement deduplication for browser error logs by @​chenjiahan in web-infra-dev/rsbuild#6283
• feat(deps): update dependency @​rspack/core to v1.5.8 by @​chenjiahan in web-infra-dev/rsbuild#6285

Performance 🚀

• perf: replace source-map with @​jridgewell/trace-mapping by @​chenjiahan in web-infra-dev/rsbuild#6273
• perf: optimize module resolution of compiled packages by @​chenjiahan in web-infra-dev/rsbuild#6274

Bug Fixes 🐞

• fix(browser-logs): should skip anonymous frame by @​chenjiahan in web-infra-dev/rsbuild#6261
• fix(browser-logs): deduplicate consecutive runtime error logs by @​chenjiahan in web-infra-dev/rsbuild#6263
• fix: skip browser error reporting for webpack by @​chenjiahan in web-infra-dev/rsbuild#6264
• fix: skip browser error logs when build fails by @​chenjiahan in web-infra-dev/rsbuild#6270
• fix: mark custom compiler option as deprecated by @​chenjiahan in web-infra-dev/rsbuild#6272
• fix: print the more concise module name if it exists by @​chenjiahan in web-infra-dev/rsbuild#6280
• fix: prioritize custom file path in error logs by @​chenjiahan in web-infra-dev/rsbuild#6281
• fix: replace the deprecated url.parse in assets middleware by @​chenjiahan in web-infra-dev/rsbuild#6284

Refactor 🔨

• refactor: extract server assets middleware by @​chenjiahan in web-infra-dev/rsbuild#6257
• refactor(assets-middleware): simplify paths handling and server hooks by @​chenjiahan in web-infra-dev/rsbuild#6258
• refactor(server): make filename helper independent of assets middleware context by @​chenjiahan in web-infra-dev/rsbuild#6259
• refactor: simplify variable naming in HMR client by @​chenjiahan in web-infra-dev/rsbuild#6266
• refactor(assets-middleware): simplify context management by @​chenjiahan in web-infra-dev/rsbuild#6269

Document 📖

... (truncated)

Commits

• bc42a00 release: v1.5.13 (#6286)
• da8781c feat(deps): update dependency @​rspack/core to v1.5.8 (#6285)
• 8e02d6e fix: replace the deprecated url.parse in assets middleware (#6284)
• 24cf767 feat: implement deduplication for browser error logs (#6283)
• 3133571 fix: prioritize custom file path in error logs (#6281)
• 9d2e491 fix: print the more concise module name if it exists (#6280)
• ac301c3 chore(deps): update dependency memfs to ^4.47.0 (#6278)
• f58ab58 perf: optimize module resolution of compiled packages (#6274)
• bab9210 perf: replace source-map with @​jridgewell/trace-mapping (#6273)
• efd4e35 fix: mark custom compiler option as deprecated (#6272)
• Additional commits viewable in compare view

Updates @sveltejs/adapter-static from 3.0.9 to 3.0.10

Release notes

Sourced from @​sveltejs/adapter-static's releases.

@​sveltejs/adapter-static@​3.0.10

Patch Changes

• chore: update "homepage" field in package.json (#14579)

Changelog

Sourced from @​sveltejs/adapter-static's changelog.

3.0.10

Patch Changes

• chore: update "homepage" field in package.json (#14579)

Commits

• 9fbd0d1 Version Packages (#14580)
• 193d37c chore: fix "homepage" field in package.json (#14579)
• 5f9df61 use catalog dependencies for everything (#14509)
• d4efeb5 chore: remove stale create-svelte references (#14501)
• 0afc71d chore: use catalog for more "svelte" dependencies (#14487)
• 6652939 chore: bump Svelte (#14320)
• 758ec17 fix: conditionally access builder properties that only exist on the latest Sv...
• d4f00a1 chore: remove skipLibCheck (#14227)
• f635678 feat: OpenTelemetry Tracing (#13899)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​sveltejs/adapter-static since your current version.

Updates @sveltejs/kit from 2.42.2 to 2.44.0

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.44.0

Minor Changes

• feat: expose event.route and event.url to remote functions (#14606)

• breaking: update experimental form API (#14481)

Patch Changes

• fix: don't crawl error responses during prerendering (#14596)

@​sveltejs/kit@​2.43.8

Patch Changes

• fix: HMR for query (#14587)

• fix: avoid client modules while traversing dependencies to prevent FOUC during dev (#14577)

• fix: skip prebundling of .remote.js files (#14583)

• fix: more robust remote file pattern matching (#14578)

@​sveltejs/kit@​2.43.7

Patch Changes

• fix: correctly type the result of form remote functions that do not accept data (#14573)

• fix: force remote module chunks to isolate themselves (#14571)

@​sveltejs/kit@​2.43.6

Patch Changes

• fix: ensure cache key is consistent between client/server (#14563)

• fix: keep resolve relative to initial base during prerender (#14533)

• fix: avoid including HEAD twice when an unhandled HTTP method is used in a request to a +server handler that has both a GET handler and a HEAD handler (#14564)

• fix: smoothscroll to deep link (#14569)

@​sveltejs/kit@​2.43.5

Patch Changes

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.44.0

Minor Changes

• feat: expose event.route and event.url to remote functions (#14606)

• breaking: update experimental form API (#14481)

Patch Changes

• fix: don't crawl error responses during prerendering (#14596)

2.43.8

Patch Changes

• fix: HMR for query (#14587)

• fix: avoid client modules while traversing dependencies to prevent FOUC during dev (#14577)

• fix: skip prebundling of .remote.js files (#14583)

• fix: more robust remote file pattern matching (#14578)

2.43.7

Patch Changes

• fix: correctly type the result of form remote functions that do not accept data (#14573)

• fix: force remote module chunks to isolate themselves (#14571)

2.43.6

Patch Changes

• fix: ensure cache key is consistent between client/server (#14563)

• fix: keep resolve relative to initial base during prerender (#14533)

• fix: avoid including HEAD twice when an unhandled HTTP method is used in a request to a +server handler that has both a GET handler and a HEAD handler (#14564)

... (truncated)

Commits

• 7fe3895 Version Packages (#14597)
• 313ee5e feat: expose event.route and event.url to remote functions (#14606)
• ab7df93 feat: better remote form field interactions (#14481)
• dfb7f49 fix: don't crawl error responses during prerendering (#14596)
• d14a9cb Version Packages (#14588)
• 5121479 fix: avoid client modules while traversing dependencies to prevent FOUC durin...
• 04ba87e fix: HMR for query (#14587)
• 342fed6 fix: skip prebundling of .remote.js files (#14583)
• dcddc33 fix: more robust remote file pattern matching (#14578)
• 63285ee Version Packages (#14574)
• Additional commits viewable in compare view

Updates @sveltejs/vite-plugin-svelte from 6.2.0 to 6.2.1

Release notes

Sourced from @​sveltejs/vite-plugin-svelte's releases.

@​sveltejs/vite-plugin-svelte@​6.2.1

Patch Changes

• fix: remove unscopable global styles warning (#1223)

• Remove automatic configuration for rolldownOptions.optimization.inlineConst because latest version of rolldown-vite has it enabled by default. (#1225)

Changelog

Sourced from @​sveltejs/vite-plugin-svelte's changelog.

6.2.1

Patch Changes

• fix: remove unscopable global styles warning (#1223)

• Remove automatic configuration for rolldownOptions.optimization.inlineConst because latest version of rolldown-vite has it enabled by default. (#1225)

Commits

• 1b50eb9 Version Packages (#1224)
• b81ef40 fix: remove automatic setting of rolldown inlineConst (#1225)
• bb4b033 fix: remove unscopable global warning (#1223)
• e3c60c5 fix(deps): update all non-major dependencies (#1218)
• See full diff in compare view

Updates svelte from 5.39.2 to 5.39.9

Release notes

Sourced from svelte's releases.

[email protected]

Patch Changes

• fix: flush when pending boundaries resolve (#16897)

[email protected]

Patch Changes

• fix: check boundary pending attribute at runtime on server (#16855)

• fix: preserve tuple type in $state.snapshot (#16864)

• fix: allow await in svelte:boundary without pending (#16857)

• fix: update bind:checked error message to clarify usage with radio inputs (#16874)

[email protected]

Patch Changes

• chore: simplify batch logic (#16847)

• fix: rebase pending batches when other batches are committed (#16866)

• fix: wrap async children in $$renderer.async (#16862)

• fix: silence label warning for buttons and anchor tags with title attributes (#16872)

• fix: coerce nullish <title> to empty string (#16863)

[email protected]

Patch Changes

• fix: depend on reads of deriveds created within reaction (async mode) (#16823)

• fix: SSR regression of processing attributes of <select> and <option> (#16821)

• fix: async class: + spread attributes were compiled into sync server-side code (#16834)

• fix: ensure tick resolves within a macrotask (#16825)

[email protected]

Patch Changes

• fix: allow {@html await ...} and snippets with async content on the server (#16817)

• fix: use nginx SSI-compatible comments for $props.id() (#16820)

[email protected]

Patch Changes

... (truncated)

Changelog

Sourced from svelte's changelog.

5.39.9

Patch Changes

• fix: flush when pending boundaries resolve (#16897)

5.39.8

Patch Changes

• fix: check boundary pending attribute at runtime on server (#16855)

• fix: preserve tuple type in $state.snapshot (#16864)

• fix: allow await in svelte:boundary without pending (#16857)

• fix: update bind:checked error message to clarify usage with radio inputs (#16874)

5.39.7

Patch Changes

• chore: simplify batch logic (#16847)

• fix: rebase pending batches when other batches are committed (#16866)

• fix: wrap async children in $$renderer.async (#16862)

• fix: silence label warning for buttons and anchor tags with title attributes (#16872)

• fix: coerce nullish <title> to empty string (#16863)

5.39.6

Patch Changes

• fix: depend on reads of deriveds created within reaction (async mode) (#16823)

• fix: SSR regression of processing attributes of <select> and <option> (#16821)

• fix: async class: + spread attributes were compiled into sync server-side code (#16834)

• fix: ensure tick resolves within a macrotask (#16825)

5.39.5

Patch Changes

• fix: allow {@html await ...} and snippets with async content on the server (#16817)

... (truncated)

Commits

• acdd930 Version Packages (#16899)
• 2b49a5e fix: flush when pending boundaries resolve (#16897)
• 5c847ff Version Packages (#16877)
• 949c026 fix: preserve tuple type in $state.snapshot (#16864)
• 4999734 fix: check boundary pending attribute at runtime on server (#16855)
• 4f653dd fix: update error message to clarify usage with radio inputs (#16874)
• 31541c8 fix: allow await in svelte boundary without pending (#16857)
• e9cd45a Version Packages (#16848)
• 46c10d0 fix: missing title warning for buttons and anchor tags (#16872)
• 25cbdc8 fix: merge batches (#16866)
• Additional commits viewable in compare view

Updates svelte-check from 4.3.1 to 4.3.2

Release notes

Sourced from svelte-check's releases.

[email protected]

Patch Changes

• perf: tweak some snapshot hot paths (#2852)

• perf: more precise module cache invalidation (#2853)

• fix: properly handle runes={false} in <svelte:options> (#2847)

See https://github.com/sveltejs/language-tools/releases

Commits

• b467045 chore: fix svelte-check build
• 62b31ff Version Packages (#2848)
• 69e258e perf: rework snapshot hot paths (#2852)
• ec7be4b perf: use failed path to invalidate module cache (#2853)
• dec37ea fix(svelte2tsx): support for runes={false} in svelte:options (#2847)
• f799839 (deps) Replace pascal-case with scule (Maintained & Lighter) (#2842)
• 0d8e5ae chore: set vscode package to private
• 8269ff7 chore: fix release script
• b9bf257 Version Packages (#2846)
• c73e4f5 chore: add missing changeset formatting package
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for svelte-check since your current version.

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud