[pull] main from sveltejs:main#1
Open
pull[bot] wants to merge 2032 commits into
Open
Conversation
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @sveltejs/kit@2.53.3 ### Patch Changes - fix: prevent overlapping file metadata in remote functions `form` ([`faba869`](faba869)) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Related to sveltejs/svelte.dev#1632 This will allow us to apply for a grant from floss.fund --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [ ] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [ ] This message body should clearly illustrate what problems it solves. - [ ] Ideally, include a test that fails without this PR but passes with it. ### Tests - [ ] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [ ] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [ ] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.
Co-authored-by: Ben McCann <322311+benmccann@users.noreply.github.com> Co-authored-by: vercel[bot] <35613825+vercel[bot]@users.noreply.github.com>
…late (#15280) Fixes #15200 --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [x] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [x] This message body should clearly illustrate what problems it solves. - [x] Ideally, include a test that fails without this PR but passes with it. ### Tests - [x] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [x] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. --------- Co-authored-by: vercel[bot] <35613825+vercel[bot]@users.noreply.github.com> Co-authored-by: Tee Ming <chewteeming01@gmail.com>
This PR fixes the symlink test so that it actually runs. It also updates it since the test result has been outdated for a long time (I'm not sure if the test ever worked...). Apparently, `isSymbolicLink` only works if you first check the file with `lstatSync` and not `statSync` --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [ ] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [ ] This message body should clearly illustrate what problems it solves. - [ ] Ideally, include a test that fails without this PR but passes with it. ### Tests - [ ] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [ ] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [ ] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.
… fragments (#15458) ## Summary Adds a `ResolvablePath` type that extends `Pathname` with optional `?${string}` and `#${string}` suffixes, allowing `resolve()` to accept pathnames with query strings and hash fragments. - No runtime changes — `resolve_route()` already passes through `?` and `#` correctly - `Pathname` type is unchanged (still used for `page.url.pathname`) - Existing `resolve()` behavior with route IDs and params is unaffected ## Motivation Currently there is no way to use `goto()` with query strings or hash fragments without either disabling the lint rule or bypassing `resolve()`: 1. `resolve('/products?page=2')` fails type-checking (`Pathname` doesn't include `?`) 2. `goto(resolve('/products') + '?page=2')` fails the `svelte/no-navigation-without-resolve` lint rule (argument isn't a `resolve()` call) Per @teemingc's suggestion in #14750: > "It should be possible to add a union type with a template string such as `/my-route#${string}` and `/my-route?${string}`. This would continue to keep the function type-safe." This is a minimal type-only fix that doesn't conflict with #14756 (which adds richer `{ hash, searchParams }` options). ## What this enables ```js // All of these now type-check AND satisfy the lint rule: goto(resolve('/products?page=2')); goto(resolve(`/search?${params}`)); goto(resolve('/docs/intro#getting-started')); ``` ## Test plan - [x] `pnpm check` passes - [x] `pnpm lint` passes - [x] Existing tests pass (no runtime changes, only type widening) Closes #14750 --------- Co-authored-by: Tee Ming <chewteeming01@gmail.com>
fixes the ci lint job --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [ ] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [ ] This message body should clearly illustrate what problems it solves. - [ ] Ideally, include a test that fails without this PR but passes with it. ### Tests - [ ] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [ ] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [ ] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.
Copilot on GitHub is a little rubbish. After a few more iterations on a local computer, we now have an action we can dispatch from the web UI to update the `main` branch or by commenting `/autofix` on a PR whose branch is on origin. This will run prettier and regenerate the kit types then commit it. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: teemingc <54401897+teemingc@users.noreply.github.com> Co-authored-by: Tee Ming <chewteeming01@gmail.com>
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/github-script](https://redirect.github.com/actions/github-script) | action | major | `v7` → `v8` | --- ### Release Notes <details> <summary>actions/github-script (actions/github-script)</summary> ### [`v8`](https://redirect.github.com/actions/github-script/releases/tag/v8): .0.0 [Compare Source](https://redirect.github.com/actions/github-script/compare/v7...v8) ##### What's Changed - Update Node.js version support to 24.x by [@​salmanmkc](https://redirect.github.com/salmanmkc) in [#​637](https://redirect.github.com/actions/github-script/pull/637) - README for updating actions/github-script from v7 to v8 by [@​sneha-krip](https://redirect.github.com/sneha-krip) in [#​653](https://redirect.github.com/actions/github-script/pull/653) #####⚠️ Minimum Compatible Runner Version **v2.327.1**\ [Release Notes](https://redirect.github.com/actions/runner/releases/tag/v2.327.1) Make sure your runner is updated to this version or newer to use this release. ##### New Contributors - [@​salmanmkc](https://redirect.github.com/salmanmkc) made their first contribution in [#​637](https://redirect.github.com/actions/github-script/pull/637) - [@​sneha-krip](https://redirect.github.com/sneha-krip) made their first contribution in [#​653](https://redirect.github.com/actions/github-script/pull/653) **Full Changelog**: <actions/github-script@v7.1.0...v8.0.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/sveltejs/kit). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40OC4xIiwidXBkYXRlZEluVmVyIjoiNDMuNDguMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
If you build the Vercel adapter test apps, the linter is going to walk through those build output files. Also, our eslint config was ignoring `packages/kit/src/exports/vite/build` because it thought it was a build output folder --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [ ] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [ ] This message body should clearly illustrate what problems it solves. - [ ] Ideally, include a test that fails without this PR but passes with it. ### Tests - [ ] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [ ] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [ ] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.
@teemingc should stop the madness
As pointed out by @GrygrFlzr we can save a few bytes by shortening and moving the placeholder URL up a scope for the client page state module. `'a:'` is a valid URL input with the following output: ```sh Welcome to Node.js v22.22.0. Type ".help" for more information. > new URL('a:') URL { href: 'a:', origin: 'null', protocol: 'a:', username: '', password: '', host: '', hostname: '', port: '', pathname: '', search: '', searchParams: URLSearchParams {}, hash: '' } ``` Similarly for the browser: ``` new URL('a:') URL {origin: 'null', protocol: 'a:', username: '', password: '', host: '', …}href: "a:"origin: "null"protocol: "a:"searchParams: URLSearchParams {size: 0}[[Prototype]]: URL ``` --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [ ] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [ ] This message body should clearly illustrate what problems it solves. - [ ] Ideally, include a test that fails without this PR but passes with it. ### Tests - [ ] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [ ] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. Do we need one? ### Edits - [ ] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.
Helps keep the prettier related deps synced across the playground and repo root --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [ ] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [ ] This message body should clearly illustrate what problems it solves. - [ ] Ideally, include a test that fails without this PR but passes with it. ### Tests - [ ] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [ ] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [ ] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.
closes #15470 This PR ensures that the type descriptions for the various navigation types show up correctly in the IDE when hovering over the type. This results in _slightly_ worse docs when viewing the `OnNavigate` and `AfterNavigate` sections but the trade-off is worth it. We get the correct descriptions after type-narrowing too. The thing about TypeScript and unions is that it tries to merge the description for similar properties. If you have something like: ```ts type A = { /** foo */ example: 'foo'; } type B = { /** bar */ example: 'bar'; } type C = A | B; ``` The description for `C['example']` would be "foo bar". However, if you have some overlap, TypeScript merges your descriptions as best as it can: ```ts type A = { /** * This contains: * - foo */ example: 'foo'; } type B = { /** * This contains: * - bar */ example: 'bar'; } type C = A | B; ``` You'll end up with: ``` This contains: - foo - bar ``` which works nicely for us in our case. --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [x] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [x] This message body should clearly illustrate what problems it solves. - [ ] Ideally, include a test that fails without this PR but passes with it. ### Tests - [ ] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [ ] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. Not sure if this needs a changeset since the user isn't really affected... Maybe it does? Might even be a breaking change? The types should still be equivalent though. ### Edits - [ ] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.
…15488) This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@opentelemetry/sdk-node](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-sdk-node) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`^0.212.0` → `^0.213.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-node/0.212.0/0.213.0) |  |  | --- ### Release Notes <details> <summary>open-telemetry/opentelemetry-js (@​opentelemetry/sdk-node)</summary> ### [`v0.213.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/ad92be4c2c1094745a85b0b7eeff1444a11b1b4a...541e1b4ad83ad2093459794a18283228fe58d199) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/ad92be4c2c1094745a85b0b7eeff1444a11b1b4a...541e1b4ad83ad2093459794a18283228fe58d199) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/sveltejs/kit). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40OC4xIiwidXBkYXRlZEluVmVyIjoiNDMuNDguMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
As discussed during the maintainer's meeting, this PR undeprecates the `kit.files` options. It also reverts the removal of mentions about these options in various parts of the docs done in #15343 --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [ ] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [x] This message body should clearly illustrate what problems it solves. - [ ] Ideally, include a test that fails without this PR but passes with it. ### Tests - [ ] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [x] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [x] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed. --------- Co-authored-by: Ben McCann <322311+benmccann@users.noreply.github.com>
closes #15197 --- - [ ] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [x] This message body should clearly illustrate what problems it solves. - [x] Ideally, include a test that fails without this PR but passes with it. ### Tests - [x] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [x] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [x] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed. --- ### Problem Remote forms with ```target="_blank"``` did not open the redirect destination in a new tab. Instead, the current tab would navigate to the redirect URL, making ```target="_blank"``` completely ignored for both internal and external redirects. ### Solution Check the form element's target attribute before deciding how to navigate. If it's``` _blank``` or ```_new```, use ```window.open()``` instead of ```_goto()``` I have ran all the tests and there were no issues. --------- Co-authored-by: vercel[bot] <35613825+vercel[bot]@users.noreply.github.com> Co-authored-by: Tee Ming <chewteeming01@gmail.com>
Co-authored-by: rohan436 <rohan.santhoshkumar@googlemail.com>
closes #14162 This PR modifies the Vite server filesystem allow list to always include our runtime directory. This ensures the client entry gets served correctly during development even when it's located in the global virtual store. I also included a quick fix where we hardcoded allowing the "src" directory rather than `kit.files.src` (there was a TODO for that). No tests included but tested in a local app. Unless we want to add https://pnpm.io/settings#enableglobalvirtualstore to our pnpm workspace file --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [x] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [x] This message body should clearly illustrate what problems it solves. - [ ] Ideally, include a test that fails without this PR but passes with it. ### Tests - [ ] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [x] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [x] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.
…group across 1 directory (#16047) Bumps the npm_and_yarn group with 1 update in the / directory: [esbuild](https://github.com/evanw/esbuild). Updates `esbuild` from 0.25.12 to 0.28.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/releases">esbuild's releases</a>.</em></p> <blockquote> <h2>v0.28.1</h2> <ul> <li> <p>Disallow <code>\</code> in local development server HTTP requests (<a href="https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr">GHSA-g7r4-m6w7-qqqr</a>)</p> <p>This release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a <code>\</code> backslash character. It happened due to the use of Go's <code>path.Clean()</code> function, which only handles Unix-style <code>/</code> characters. HTTP requests with paths containing <code>\</code> are no longer allowed.</p> <p>Thanks to <a href="https://github.com/dellalibera"><code>@dellalibera</code></a> for reporting this issue.</p> </li> <li> <p>Add integrity checks to the Deno API (<a href="https://github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr">GHSA-gv7w-rqvm-qjhr</a>)</p> <p>The previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.</p> <p>Note that esbuild's Deno API installs from <code>registry.npmjs.org</code> by default, but allows the <code>NPM_CONFIG_REGISTRY</code> environment variable to override this with a custom package registry. This change means that the esbuild executable served by <code>NPM_CONFIG_REGISTRY</code> must now match the expected content.</p> <p>Thanks to <a href="https://github.com/sondt99"><code>@sondt99</code></a> for reporting this issue.</p> </li> <li> <p>Avoid inlining <code>using</code> and <code>await using</code> declarations (<a href="https://redirect.github.com/evanw/esbuild/issues/4482">#4482</a>)</p> <p>Previously esbuild's minifier sometimes incorrectly inlined <code>using</code> and <code>await using</code> declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for <code>let</code> and <code>const</code> declarations by avoiding doing it for <code>var</code> declarations, which no longer worked when more declaration types were added. Here's an example:</p> <pre lang="js"><code>// Original code { using x = new Resource() x.activate() } <p>// Old output (with --minify)<br /> new Resource().activate();</p> <p>// New output (with --minify)<br /> {using e=new Resource;e.activate()}<br /> </code></pre></p> </li> <li> <p>Fix module evaluation when an error is thrown (<a href="https://redirect.github.com/evanw/esbuild/issues/4461">#4461</a>, <a href="https://redirect.github.com/evanw/esbuild/pull/4467">#4467</a>)</p> <p>If an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if <code>import()</code> or <code>require()</code> is used to import a module multiple times. The thrown error is supposed to be thrown by every call to <code>import()</code> or <code>require()</code>, not just the first. With this release, esbuild will now throw the same error every time you call <code>import()</code> or <code>require()</code> on a module that throws during its evaluation.</p> </li> <li> <p>Fix some edge cases around the <code>new</code> operator (<a href="https://redirect.github.com/evanw/esbuild/issues/4477">#4477</a>)</p> <p>Previously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a <code>new</code> expression (specifically an optional chain and/or a tagged template literal). The generated code for the <code>new</code> target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the <code>new</code> target in parentheses. Here is an example of some affected code:</p> <pre lang="js"><code>// Original code new (foo()`bar`)() new (foo()?.bar)() <p>// Old output<br /> new foo()<code>bar</code>();<br /> new (foo())?.bar();</p> <p></code></pre></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md">esbuild's changelog</a>.</em></p> <blockquote> <h1>Changelog: 2025</h1> <p>This changelog documents all esbuild versions published in the year 2025 (versions 0.25.0 through 0.27.2).</p> <h2>0.27.2</h2> <ul> <li> <p>Allow import path specifiers starting with <code>#/</code> (<a href="https://redirect.github.com/evanw/esbuild/pull/4361">#4361</a>)</p> <p>Previously the specification for <code>package.json</code> disallowed import path specifiers starting with <code>#/</code>, but this restriction <a href="https://redirect.github.com/nodejs/node/pull/60864">has recently been relaxed</a> and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping <code>#/*</code> to <code>./src/*</code> (previously you had to use another character such as <code>#_*</code> instead, which was more confusing). There is some more context in <a href="https://redirect.github.com/nodejs/node/issues/49182">nodejs/node#49182</a>.</p> <p>This change was contributed by <a href="https://github.com/hybrist"><code>@hybrist</code></a>.</p> </li> <li> <p>Automatically add the <code>-webkit-mask</code> prefix (<a href="https://redirect.github.com/evanw/esbuild/issues/4357">#4357</a>, <a href="https://redirect.github.com/evanw/esbuild/issues/4358">#4358</a>)</p> <p>This release automatically adds the <code>-webkit-</code> vendor prefix for the <a href="https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Properties/mask"><code>mask</code></a> CSS shorthand property:</p> <pre lang="css"><code>/* Original code */ main { mask: url(x.png) center/5rem no-repeat } <p>/* Old output (with --target=chrome110) */<br /> main {<br /> mask: url(x.png) center/5rem no-repeat;<br /> }</p> <p>/* New output (with --target=chrome110) */<br /> main {<br /> -webkit-mask: url(x.png) center/5rem no-repeat;<br /> mask: url(x.png) center/5rem no-repeat;<br /> }<br /> </code></pre></p> <p>This change was contributed by <a href="https://github.com/BPJEnnova"><code>@BPJEnnova</code></a>.</p> </li> <li> <p>Additional minification of <code>switch</code> statements (<a href="https://redirect.github.com/evanw/esbuild/issues/4176">#4176</a>, <a href="https://redirect.github.com/evanw/esbuild/issues/4359">#4359</a>)</p> <p>This release contains additional minification patterns for reducing <code>switch</code> statements. Here is an example:</p> <pre lang="js"><code>// Original code switch (x) { case 0: foo() break case 1: default: bar() } </code></pre> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/evanw/esbuild/commit/bb9db84c02433fbe37b3509f53f9f3e3cc48725e"><code>bb9db84</code></a> publish 0.28.1 to npm</li> <li><a href="https://github.com/evanw/esbuild/commit/9ff053e53b8eeb990f59355dbea365277ac45ee2"><code>9ff053e</code></a> security: add integrity checks to the Deno API</li> <li><a href="https://github.com/evanw/esbuild/commit/0a9bf2135b67c7e28989a5ba19f0f000805a5ab5"><code>0a9bf21</code></a> enforce non-negative size in gzip parser</li> <li><a href="https://github.com/evanw/esbuild/commit/e2a1a7132058ee067fe736eac15f695861b8654e"><code>e2a1a71</code></a> security: forbid <code>\\</code> in local dev server requests</li> <li><a href="https://github.com/evanw/esbuild/commit/83a2cbfc35809f4fd5152da59572d7bed7739d78"><code>83a2cbf</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4482">#4482</a>: don't inline <code>using</code> declarations</li> <li><a href="https://github.com/evanw/esbuild/commit/308ad745d824c77bc607603451b257d0f2fd9a38"><code>308ad74</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4471">#4471</a>: renaming of nested <code>var</code> declarations</li> <li><a href="https://github.com/evanw/esbuild/commit/f013f5f99a015bce92ec48d49181d4ad3177b29b"><code>f013f5f</code></a> fix some typos</li> <li><a href="https://github.com/evanw/esbuild/commit/aafd6e48b1088336a5f5a17e930be7e840d43d8c"><code>aafd6e4</code></a> chore: fix some minor issues in comments (<a href="https://redirect.github.com/evanw/esbuild/issues/4462">#4462</a>)</li> <li><a href="https://github.com/evanw/esbuild/commit/15300c30b5e22f7cfcbed850c246d35095658386"><code>15300c3</code></a> follow up: cjs evaluation fixes</li> <li><a href="https://github.com/evanw/esbuild/commit/1bda0c31d7697c0af44b3ab39b81e599e559a395"><code>1bda0c3</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4461">#4461</a>, fix <a href="https://redirect.github.com/evanw/esbuild/issues/4467">#4467</a>: esm evaluation fixes</li> <li>Additional commits viewable in <a href="https://github.com/evanw/esbuild/compare/v0.25.12...v0.28.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for esbuild since your current version.</p> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sveltejs/kit/network/alerts). </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Rich Harris <rich.harris@vercel.com>
closes #16036 Ever since we moved the svelte config to the Vite config file, the user's adapter `ambient.d.ts` actually gets applied (good thing!). Unfortunately, our adapter's type of `platform.env` is preventing the user from declaring it themselves. This PR fixes that. --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [ ] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [ ] This message body should clearly illustrate what problems it solves. - [ ] Ideally, include a test that fails without this PR but passes with it. ### Tests - [ ] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [ ] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [ ] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.
… hash router (#16042) fixes #16033 We previously only avoided loading universal nodes if SSR was explicitly turned off. However, this doesn't work for hash router apps because we throw an error if the user sets any page options. This PR fixes that by avoiding universal node imports if the hash router is configured for the app (not just when SSR is explicitly false). It also does so in a way that we still throw the validation error if the user sets any page options. --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [x] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [x] This message body should clearly illustrate what problems it solves. - [x] Ideally, include a test that fails without this PR but passes with it. ### Tests - [ ] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [x] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [x] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed. --------- Co-authored-by: vercel[bot] <35613825+vercel[bot]@users.noreply.github.com>
Resolves a bug on Windows where the following error was displayed when running `npm run check`: ``` The following Vite config options will be overridden by SvelteKit: - root ``` Fixes #15987
It's possible for a query to be cached in a shared cache, which is undesirable given it may include personalized responses. Co-authored-by: Elliott Johnson <--global> Co-authored-by: Tee Ming <chewteeming01@gmail.com>
First kit fix I ever wrote, it's been sitting on my machine because I wasn't confident enough to post it. `preloadCode` throws when called during initial page load because `current.url` is null until hydration completes, so `new URL(pathname, current.url)` rejects the relative path. If the call happens in a `load` function, the throw takes the whole page down with a 500. Falling back to `location.href` covers that window. Same diagnosis I posted in the issue thread. The new test calls `preloadCode` from a universal `load` during initial load. It fails on main and passes with this. Fixes #13297 --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [x] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [x] This message body should clearly illustrate what problems it solves. - [x] Ideally, include a test that fails without this PR but passes with it. ### Tests - [x] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [x] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [x] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.
…ient-side replay (#16034) When a universal `load` fetches a **binary** resource during SSR, the response is serialized into the page as `<script data-sveltekit-fetched data-b64 data-ttl="...">` (`data-ttl` derived from the response's `s-maxage`/`max-age`, `data-b64` marking a base64-encoded body). During hydration, `initial_fetch` stores the entry in the client-side fetch cache **before** decoding the body: ```js const ttl = script.getAttribute('data-ttl'); if (ttl) cache.set(selector, { body, init, ttl: 1000 * Number(ttl) }); // body is still a base64 string const b64 = script.getAttribute('data-b64'); if (b64 !== null) { body = base64_decode(body); } ``` So the cache holds the raw base64 string. When the user client-side navigates back to the page within the TTL window, `subsequent_fetch` replays `new Response(cached.body, cached.init)` and the load function receives base64 **text** instead of the original bytes — e.g. an endpoint returning `[1, 2, 3, 4]` is replayed as `[65, 81, 73, 68, 66, 65, 61, 61]` (the UTF-8 bytes of `"AQIDBA=="`). Anything that parses the body (protobuf, images, etc.) breaks, and only on cached client-side re-navigation, which makes it look like a flaky backend. The fix moves the decode above the `cache.set` so the cache stores the decoded bytes; the hydration-time `Response` is unaffected (it was already constructed after decoding). Includes a regression test mirroring the existing `fetch-cache-control` suite: a binary endpoint with `cache-control: public, max-age=7`, client-side navigation away and back, asserting the byte content and that no new request was made. It fails on `main` with the corrupted bytes above and passes with this change; the neighbouring cache and b64 serialization tests stay green. --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [ ] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [x] This message body should clearly illustrate what problems it solves. - [x] Ideally, include a test that fails without this PR but passes with it. ### Tests - [x] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [x] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [x] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.
b42cc23 broke the release workflow
We didn't really test any of the mid-stream behavior of LiveQuery, this adds a couple of tests around that. --------- Co-authored-by: Elliott Johnson <--global>
…rs are in use, and emit them as prerender output (#16024) With `experimental.explicitEnvironmentVariables` enabled, every prerendered page boots through `import("/_app/env.js")` and a service worker that imports `$app/env/public` calls `importScripts('/_app/env.script.js')`, but adapter-static never writes either file. Static hosts answer the missing module with fallback HTML and hydration dies on a MIME error before any user code runs. The renderer and `generateEnvModule()` disagree about when runtime env is needed. `render_response` defers env loading whenever the flag is set, even if every public variable is `static: true` and nothing can ever read `env.js`. Meanwhile `generateEnvModule()` only writes the file when `client.uses_env_dynamic_public` is set, which is always false under explicit env vars because `$env/dynamic/public` is disabled, so its explicit-env branch was unreachable. This PR makes both sides read the same bit. `uses_env_dynamic_public` is now also true when the client bundle contains `$app/env/public` and at least one public variable is dynamic. Static-only apps get fully inlined env and no `env.js` import, and pages that do defer pick up a previously missing `modulepreload`. For the genuinely dynamic case `generateEnvModule()` now emits `env.js`, plus `env.script.js` when the app has a service worker, since non-module workers load dynamic vars via `importScripts`. The service worker build also drops the `importScripts` prelude when all public vars are static, resolving the TODO from #15934. Two new `test/prerendering` apps cover both directions. `explicit-env-static` asserts prerendered HTML inlines the values and references no `env.js`, and that the service worker doesn't call `importScripts`. `explicit-env-dynamic` asserts the deferral stays and that `env.js`/`env.script.js` are emitted with only the dynamic values. Four of the eight assertions fail on main. Hopefully this continues my redemption arc after #16008 😅 Fixes #15985 --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [x] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [x] This message body should clearly illustrate what problems it solves. - [x] Ideally, include a test that fails without this PR but passes with it. ### Tests - [x] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [x] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [x] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed. --------- Co-authored-by: Tee Ming Chew <chewteeming01@gmail.com>
…across 1 directory (#16051) Bumps the npm_and_yarn group with 1 update in the / directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 6.4.2 to 6.4.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v6.4.3</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.4.3/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/v6.4.3/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted -->6.4.3 (2026-06-01)<!-- raw HTML omitted --></h2> <ul> <li>fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22572">#22572</a>, reject windows alternate paths (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22576">#22576</a>) (<a href="https://github.com/vitejs/vite/commit/96b0c10162e9c55485d922db2cfc6b8227cbc176">96b0c10</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/22572">#22572</a> <a href="https://redirect.github.com/vitejs/vite/issues/22576">#22576</a></li> <li>fix(deps): backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22571">#22571</a>, reject UNC paths for launch-editor-middleware (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22575">#22575</a>) (<a href="https://github.com/vitejs/vite/commit/8fed5cf540c0d475266787f52072f258478cd42f">8fed5cf</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/22571">#22571</a> <a href="https://redirect.github.com/vitejs/vite/issues/22575">#22575</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite/commit/6c2c881f15495738ff03bc1d67cc052c07e0cac4"><code>6c2c881</code></a> release: v6.4.3</li> <li><a href="https://github.com/vitejs/vite/commit/96b0c10162e9c55485d922db2cfc6b8227cbc176"><code>96b0c10</code></a> fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22572">#22572</a>, reject windows alternate paths (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22576">#22576</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/8fed5cf540c0d475266787f52072f258478cd42f"><code>8fed5cf</code></a> fix(deps): backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22571">#22571</a>, reject UNC paths for launch-editor-middleware (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/2">#2</a>...</li> <li>See full diff in <a href="https://github.com/vitejs/vite/commits/v6.4.3/packages/vite">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sveltejs/kit/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
#16021) We had better error handling in the SSE handling for live queries, so I ported it over to regular queries as well. Previously, if an error occurred outside of the remote functions handling, we'd lose all of that error's metadata. --------- Co-authored-by: Rich Harris <rich.harris@vercel.com> Co-authored-by: Tee Ming <chewteeming01@gmail.com>
…ources (#16018) Attaches catch handlers in a number of places that I'm pretty sure would cause unhandled rejections in some scenarios. --------- Co-authored-by: Elliott Johnson <--global> Co-authored-by: Tee Ming <chewteeming01@gmail.com>
Avoids this error when running `pnpm dedupe` ``` ERR_PNPM_NO_MATURE_MATCHING_VERSION Version 0.8.1 (released 38 hours ago) of dts-buddy does not meet the minimumReleaseAge constraint This error happened while installing a direct dependency of /Users/teeming/git/sveltejs/kit/packages/kit The latest release of dts-buddy is "0.8.1". Published at 6/15/2026 If you need the full list of all 52 published versions run "pnpm view dts-buddy versions". If you want to install the matched version ignoring the time it was published, you can add the package name to the minimumReleaseAgeExclude setting. Read more about it: https://pnpm.io/settings#minimumreleaseageexclude ```
mostly just trying to unstick whatever's causing CI to fail on #15994
quick follow-up to #16024 — the flag is guaranteed to be `true` at this point
…a non-HTML response (#15994) Closes #11087 When a root `+server.js` returns a non-HTML response and is marked as prerenderable, SvelteKit was silently saving the response as `index.html`. This was caused by `output_filename()` falling back to `'index.html'` when the path slice for the root was an empty string. The fix throws a clear error at build time instead. There's no valid static filename for a non-HTML response at the root path. A static host will always serve an HTML file for `/`. --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [x] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [x] This message body should clearly illustrate what problems it solves. - [x] Ideally, include a test that fails without this PR but passes with it. ### Tests - [x] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [x] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [x] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed. --------- Co-authored-by: Rich Harris <rich.harris@vercel.com> Co-authored-by: Rich Harris <richard.a.harris@gmail.com> Co-authored-by: Tee Ming Chew <chewteeming01@gmail.com>
#16058) This PR ensures `building` correctly resolves to true/false in the `env.ts` file. It does so by calling `set_building` during the build before evaluating the user's `env.ts` file. It also changes the static import of the env module to a dynamic import to ensure we load it _after_ `set_building` has chance to run. --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [ ] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [x] This message body should clearly illustrate what problems it solves. - [x] Ideally, include a test that fails without this PR but passes with it. ### Tests - [ ] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [x] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [x] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.
I asked Opus 4.8 to fix flaky tests in a loop until nothing failed, and this is what it came up with. Looks sensible but the proof will be in the CI runs
Extracts the env stuff out into a separate module, so that we don't need the dynamic import in `set_env` — not really an issue during build, but adds unnecessary microtasks on every `server.init(...)` at runtime
…#15967) ## Summary The `{#await}` example in the FAQ entry _"How do I use a client-side library accessing `document` or `window`?"_ renders the resolved component with `<svelte:component>`: ```svelte {:then component} <svelte:component this={component} /> ``` `<svelte:component>` is **deprecated in Svelte 5 runes mode** — components are dynamic by default, so a capitalized variable can be rendered directly. SvelteKit 2 requires Svelte 5, so copying this example emits a deprecation warning. ## Change Render the resolved constructor directly by capitalizing the `{:then}` binding: ```svelte {:then Component} <Component /> ``` This is the only `<svelte:component>` usage left in `documentation/docs/`. Docs-only change. --------- Co-authored-by: Rich Harris <rich.harris@vercel.com>
…#15914) closes #15734 When you set up a custom server using `handler.js` from `@sveltejs/adapter-node`, only the request-handling environment variables (e.g. `ORIGIN`, `BODY_SIZE_LIMIT`) actually do anything. The server-lifecycle ones (`PORT`, `HOST`, `SOCKET_PATH`, the various timeouts, and the socket-activation pair) are read by `index.js` (the default `node build` server) and have to be implemented manually if you want them in a custom server. The current docs don't mention this, and the existing code example hardcodes port 3000 without flagging that it's ignoring `PORT`. Added a note right after the custom-server code example listing both sets explicitly. Cross-checked the variable lists against the source in `packages/adapter-node/src/handler.js` and `packages/adapter-node/src/index.js`. ### Tests - [x] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check`. N/A — docs-only change. ### Changesets - [x] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset. N/A — docs-only. ### Edits - [x] Please ensure that 'Allow edits from maintainers' is checked.
#15938) could not find an issue which references this problem currently defining websockets inside CSP directives will throw a type error: <img width="673" height="170" alt="image" src="https://github.com/user-attachments/assets/7a6190ee-c680-4dc9-af1c-7a8b574c1550" /> additionally base sources don't support trusted-types-eval, which is part of the spec https://www.w3.org/TR/CSP3/#grammardef-keyword-source there are also other missing values, however I have not used them, so I don't know how to verify them this fixes that, its a very minor change unsure if this should be a fix or a chore, as in theory it doesn't change any runtime behavior, and is only development tooling related --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [ ] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [x] This message body should clearly illustrate what problems it solves. - [ ] Ideally, include a test that fails without this PR but passes with it. ### Tests - [x] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [x] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [x] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed. --------- Co-authored-by: Rich Harris <hello@rich-harris.dev> Co-authored-by: Rich Harris <rich.harris@vercel.com>
…to vite-plugin-svelte (#16010) Closes #16009 Previously `sveltekit(...)` only forwarded a subset of options to `vite-plugin-svelte` and treated everything else as Kit options, so options like `inspector` were rejected as unexpected Kit options instead of being passed through. ### Changes - New internal `split_config()` helper that **plucks out SvelteKit's own options and passes everything else through to `vite-plugin-svelte`** (which does its own validation), making no assumptions about what VPS accepts. - Resolves the shared `experimental` namespace: SvelteKit reads the flags it recognises and forwards the rest to VPS. - The lists of Kit option keys are **derived from the validation schema** (`options.js` now exports `kit_options` / `kit_experimental_options`) so they stay in sync automatically. - Types now use `Options` from `vite-plugin-svelte` instead of `SvelteConfig` (kept `Pick<SvelteConfig, 'vitePlugin'>` for back-compat). - Docs + changeset + unit tests (passthrough, experimental splitting, fixture regression with `inspector: true`). ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [x] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [x] This message body should clearly illustrate what problems it solves. - [x] Ideally, include a test that fails without this PR but passes with it. ### Tests - [x] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [x] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changesets that add features with `feat:` and bugfixes with `fix:`. --------- Co-authored-by: Tee Ming <chewteeming01@gmail.com>
Closes #15886 Fixes empty `file` inputs in remote form data by updating `convert_formdata` to skip a field when the browser’s empty placeholder `File` is filtered out and no real value remains, preventing optional file fields from being submitted as `{ file: undefined }` --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [x] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [x] This message body should clearly illustrate what problems it solves. - [x] Ideally, include a test that fails without this PR but passes with it. ### Tests - [x] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [x] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [x] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed. --------- Co-authored-by: Rich Harris <richard.a.harris@gmail.com>
closes #15891 --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [x] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [x] This message body should clearly illustrate what problems it solves. - [x] Ideally, include a test that fails without this PR but passes with it. ### Tests - [x] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [x] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [x] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed. --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Rich Harris <rich.harris@vercel.com>
… request (#15884) closes #11353 When a non-existent page is requested with the `__data.json` suffix (e.g. `/example/__data.json`), the suffix is stripped from the URL before routing so that the path can be matched against the route table. The error page that is rendered for the resulting 404 then computed its relative asset paths from that *stripped* URL, which is one path segment shallower than the URL the browser is actually at. As a result the `_app/immutable/...` links (and the `resolve`/`asset` helpers from `$app/paths`) ended up one directory too shallow, so the error page loaded unstyled and without its scripts. For example, requesting `/example/__data.json` produced asset links that resolved to `/example/_app/...` instead of `/_app/...`. This re-adds the data suffix when computing the relative path depth in both the error page renderer and `$app/paths`' `resolve`/`asset`, so the paths are resolved against the URL the browser is actually at. Root-level requests (`/__data.json`) and the `.html__data.json` form are unaffected because the reconstructed path has the same segment depth as the original request. --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [x] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [x] This message body should clearly illustrate what problems it solves. - [x] Ideally, include a test that fails without this PR but passes with it. ### Tests - [x] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [x] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [x] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed. --------- Co-authored-by: ATOM00blue <219721791+ATOM00blue@users.noreply.github.com> Co-authored-by: Rich Harris <rich.harris@vercel.com>
…5882) Noticed some service worker tests weren't being run on accident. This PR re-enables them and fixes one of them by ensuring `base` is exported for the dev-time `$service-worker` module. --- ### Please don't delete this checklist! Before submitting the PR, please make sure you do the following: - [ ] It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs - [ ] This message body should clearly illustrate what problems it solves. - [ ] Ideally, include a test that fails without this PR but passes with it. ### Tests - [ ] Run the tests with `pnpm test` and lint the project with `pnpm lint` and `pnpm check` ### Changesets - [ ] If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running `pnpm changeset` and following the prompts. Changesets that add features should be `minor` and those that fix bugs should be `patch`. Please prefix changeset messages with `feat:`, `fix:`, or `chore:`. ### Edits - [ ] Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed. Co-authored-by: Rich Harris <richard.a.harris@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )