chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@iconify/json (source)	2.2.392 -> 2.2.406			devDependencies	patch
@sveltejs/kit (source)	2.45.0 -> 2.48.4			devDependencies	minor
@tailwindcss/vite (source)	4.1.14 -> 4.1.17			devDependencies	patch
@vite-pwa/assets-generator	1.0.1 -> 1.0.2			devDependencies	patch
@vite-pwa/sveltekit	1.0.0 -> 1.0.1			devDependencies	patch
bits-ui	2.11.4 -> 2.14.3			devDependencies	minor
layerchart	2.0.0-next.40 -> 2.0.0-next.42			devDependencies	patch
node (source)	22.20.0 -> 22.21.1				minor
pnpm (source)	10.18.1 -> 10.22.0			packageManager	minor
prettier-plugin-tailwindcss	^0.6.14 -> ^0.7.0			devDependencies	minor
runed (source)	^0.34.0 -> ^0.36.0			devDependencies	minor
sharp (source, changelog)	0.34.4 -> 0.34.5			devDependencies	patch
svelte (source)	5.39.9 -> 5.43.6			devDependencies	minor
svelte-check	4.3.2 -> 4.3.4			devDependencies	patch
sveltekit-superforms (source)	2.27.2 -> 2.28.1			devDependencies	minor
tailwind-merge	3.3.1 -> 3.4.0			devDependencies	minor
tailwindcss (source)	4.1.14 -> 4.1.17			devDependencies	patch
unplugin-icons	22.4.2 -> 22.5.0			devDependencies	minor
vite-plugin-pwa	1.0.3 -> 1.1.0			devDependencies	minor
wrangler (source)	4.42.0 -> 4.47.0			devDependencies	minor

---

Release Notes

iconify/icon-sets (@​iconify/json)

v2.2.406

Compare Source

v2.2.405

Compare Source

v2.2.404

Compare Source

v2.2.403

Compare Source

v2.2.402

Compare Source

v2.2.401

Compare Source

v2.2.400

Compare Source

v2.2.399

Compare Source

v2.2.398

Compare Source

v2.2.397

Compare Source

v2.2.396

Compare Source

v2.2.395

Compare Source

v2.2.394

Compare Source

v2.2.393

Compare Source

sveltejs/kit (@​sveltejs/kit)

v2.48.4

Compare Source

Patch Changes

• fix: adjust query's promise implementation to properly allow chaining (#​14859)

• fix: make prerender cache work, including in development (#​14860)

v2.48.3

Compare Source

Patch Changes

• fix: include hash when using resolve with hash routing enabled (#​14786)

• fix: afterNavigate callback not running after hydration when experimental async is enabled (#​14644)
  fix: Snapshot restore method not called after reload when experimental async is enabled

• fix: expose issue.path in .allIssues() (#​14784)

v2.48.2

Compare Source

Patch Changes

• fix: update DOM before running navigate callbacks (#​14829)

v2.48.1

Compare Source

Patch Changes

• fix: wait for commit promise instead of settled (#​14818)

v2.48.0

Compare Source

Minor Changes

• feat: use experimental fork API when available (#​14793)

Patch Changes

• fix: await for settled instead of tick in navigate (#​14800)

v2.47.3

Compare Source

Patch Changes

• fix: avoid hanging when error() is used while streaming promises from a server load function (#​14722)

• chore: treeshake load function code if we know it's unused (#​14764)

• fix: RecursiveFormFields type for recursive or unknown schemas (#​14734)

• fix: rework internal representation of form value to be $state (#​14771)

v2.47.2

Compare Source

Patch Changes

• fix: streamed promise not resolving when another load function returns a fast resolving promise (#​14753)

• chore: allow to run preflight validation only (#​14744)

• fix: update overload to set invalid type to schema input (#​14748)

v2.47.1

Compare Source

Patch Changes

• fix: allow read to be used at the top-level of remote function files (#​14672)

• fix: more robust remote files generation (#​14682)

v2.47.0

Compare Source

Minor Changes

• feat: add signal property to request (#​14715)

Patch Changes

• fix: resolve remote module syntax errors with trailing expressions (#​14728)

v2.46.5

Compare Source

Patch Changes

• fix: ensure form remote functions' fields.set triggers reactivity (#​14661)

v2.46.4

Compare Source

Patch Changes

• fix: prevent access of Svelte 5-only untrack function (#​14658)

v2.46.3

Compare Source

Patch Changes

• fix: merge field.set(...) calls (#​14651)

• fix: don't automatically reset form after an enhanced submission (#​14626)

• fix: normalize path strings when updating field values (#​14649)

v2.46.2

Compare Source

Patch Changes

• fix: prevent code execution order issues around SvelteKit's env modules (#​14637)

v2.46.1

Compare Source

Patch Changes

• fix: use $derived for form fields (#​14621)

• docs: remove @example blocks to allow docs to deploy (#​14636)

• fix: require a value with submit and hidden fields (#​14635)

• fix: delete hydration cache on effect teardown (#​14611)

v2.46.0

Compare Source

Minor Changes

• feat: imperative form validation (#​14624)

Patch Changes

• fix: wait a tick before collecting form data for validation (#​14631)

• fix: prevent code execution order issues around SvelteKit's env modules (#​14632)

tailwindlabs/tailwindcss (@​tailwindcss/vite)

v4.1.17

Compare Source

Fixed

• Substitute @variant inside legacy JS APIs (#​19263)
• Prevent occasional crash on Windows when loaded into a worker thread (#​19242)

v4.1.16

Compare Source

Fixed

• Discard candidates with an empty data type (#​19172)
• Fix canonicalization of arbitrary variants with attribute selectors (#​19176)
• Fix invalid colors due to nested & (#​19184)
• Improve canonicalization for & > :pseudo and & :pseudo arbitrary variants (#​19178)

v4.1.15

Compare Source

Fixed

• Fix Safari devtools rendering issue due to color-mix fallback (#​19069)
• Suppress Lightning CSS warnings about :deep, :slotted, and :global (#​19094)
• Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (#​19097)
• Allow named groups in combination with not-*, has-*, and in-* (#​19100)
• Prevent important utilities from affecting other utilities (#​19110)
• Don’t index into strings with the theme(…) function (#​19111)
• Fix parsing issue when \t is used in at-rules (#​19130)
• Upgrade: Canonicalize utilities containing 0 values (#​19095)
• Upgrade: Migrate deprecated break-words to wrap-break-word (#​19157)

Changed

• Remove the postinstall script from oxide ([#​19149])(#​19149)

vite-pwa/assets-generator (@​vite-pwa/assets-generator)

v1.0.2

Compare Source

No significant changes

    View changes on GitHub

vite-pwa/sveltekit (@​vite-pwa/sveltekit)

v1.0.1

Compare Source

No significant changes

    View changes on GitHub

huntabyte/bits-ui (bits-ui)

v2.14.3

Compare Source

Patch Changes

• fix(ContextMenu): allow overriding tabindex of trigger (#​1887)

• fix(Calendar, DateField, DatePicker, DateRangeField, DateRangePicker, RangeCalendar): Change default placeholder behaviour to choose the closest available value to current date, in case current date is outside of allowed range by minValue and maxValue. (#​1874)

v2.14.2

Compare Source

Patch Changes

• added $bindable to menu.root value (#​1868)
• fix(Tooltip): ensure hovering between triggers of the same provider is smooth (#​1875)

v2.14.1

Compare Source

Patch Changes

• chore: simplify internals (#​1853)

• fix(DateField): fallback to infer hour cycle from locale (#​1859)

v2.14.0

Compare Source

Minor Changes

• feat(Popover): add Popover.Overlay component (#​1851)

v2.13.1

Compare Source

Patch Changes

• fix(ContextMenu): left clicking the trigger when open should register as outside click event (#​1848)

v2.13.0

Compare Source

Minor Changes

• feat(Menu): expose openDelay prop on *Menu.SubTrigger to control open delay (#​1845)

v2.12.0

Compare Source

Minor Changes

• feat(AlertDialog): add nested attributes and CSS vars for better styling of nested dialogs (#​1841)

• feat(Dialog): add nested attributes and CSS vars for better styling of nested dialogs (#​1841)

v2.11.8

Compare Source

Patch Changes

• fix(Command): allow selection of the initial value when passed as the value prop (#​1837)

• fix(Select): prevent interrupting scroll when virtual select items are added (#​1830)

• chore: update runed and svelte-toolbelt (#​1838)

v2.11.7

Compare Source

Patch Changes

• fix(ContextMenu): not opening under certain conditions (#​1831)

v2.11.6

Compare Source

Patch Changes

• fix(DropdownMenu): focus restoration issue (#​1827)

v2.11.5

Compare Source

Patch Changes

• fix(Select): don't submit empty string when no values are selected in multiple mode (#​1816)

techniq/layerchart (layerchart)

v2.0.0-next.42

Compare Source

Patch Changes

• fix(Calendar): Respect start instead of always start of year (#​657)

v2.0.0-next.41

Compare Source

Patch Changes

• fix(Tooltip): Correctly set tooltip position on chart enter and exit (#​655)

nodejs/node (node)

v22.21.1: 2025-10-28, Version 22.21.1 'Jod' (LTS), @​aduh95

Compare Source

Commits

• [af33e8e668] - benchmark: remove unused variable from util/priority-queue (Bruno Rodrigues) #​59872
• [6764ce8756] - benchmark: update count to n in permission startup (Bruno Rodrigues) #​59872
• [4e8d99f0dc] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #​59872
• [af0a8ba7f8] - benchmark: adjust dgram offset-length len values (Bruno Rodrigues) #​59708
• [78efd1be4a] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #​59708
• [df72dc96e9] - console,util: improve array inspection performance (Ruben Bridgewater) #​60037
• [ef67d09f50] - http: improve writeEarlyHints by avoiding for-of loop (Haram Jeong) #​59958
• [23468fd76b] - http2: fix allowHttp1+Upgrade, broken by shouldUpgradeCallback (Tim Perry) #​59924
• [56abc4ac76] - lib: optimize priority queue (Gürgün Dayıoğlu) #​60039
• [ea5cfd98c5] - lib: implement passive listener behavior per spec (BCD1me) #​59995
• [c2dd6eed2f] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #​60103
• [81a3055710] - process: fix default env for process.execve (Richard Lau) #​60029
• [fe492c7ace] - process: fix hrtime fast call signatures (Renegade334) #​59600
• [76b4cab8fc] - src: bring permissions macros in line with general C/C++ standards (Anna Henningsen) #​60053
• [21970970c7] - src: remove AnalyzeTemporaryDtors option from .clang-tidy (iknoom) #​60008
• [609c063e81] - src: remove unused variables from report (Moonki Choi) #​60047
• [987841a773] - src: avoid unnecessary string allocations in SPrintF impl (Anna Henningsen) #​60052
• [6e386c0632] - src: make ToLower/ToUpper input args more flexible (Anna Henningsen) #​60052
• [c3be1226c7] - src: allow std::string_view arguments to SPrintF() and friends (Anna Henningsen) #​60058
• [764d35647d] - src: remove unnecessary std::string error messages (Anna Henningsen) #​60057
• [1289ef89ec] - src: remove unnecessary shadowed functions on Utf8Value & BufferValue (Anna Henningsen) #​60056
• [d1fb8a538d] - src: avoid unnecessary string -> char* -> string round trips (Anna Henningsen) #​60055
• [54b439fb5a] - src: fill options_args, options_env after vectors are finalized (iknoom) #​59945
• [c7c597e2ca] - src: use RAII for uv_process_options_t (iknoom) #​59945
• [b928ea9716] - test: ensure that the message event is fired (Luigi Pinca) #​59952
• [e4b95a5158] - test: replace diagnostics_channel stackframe in output snapshots (Chengzhong Wu) #​60024
• [4206406694] - test: mark test-web-locks skip on IBM i (SRAVANI GUNDEPALLI) #​59996
• [26394cd5bf] - test: expand tls-check-server-identity coverage (Diango Gavidia) #​60002
• [b58df47995] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #​59993
• [af3a59dba8] - test: verify tracing channel doesn't swallow unhandledRejection (Gerhard Stöbich) #​59974
• [cee362242b] - timers: fix binding fast call signatures (Renegade334) #​59600
• [40fea57fdd] - tools: add message on auto-fixing js lint issues in gh workflow (Dario Piotrowicz) #​59128
• [aac90d351b] - tools: verify signatures when updating nghttp* (Antoine du Hamel) #​60113
• [9fae03c7d9] - tools: use dependabot cooldown and move tools/doc (Rafael Gonzaga) #​59978
• [81548abdf6] - wasi: fix WasiFunction fast call signature (Renegade334) #​59600

v22.21.0: 2025-10-20, Version 22.21.0 'Jod' (LTS), @​aduh95

Compare Source

Notable Changes

• [1486fedea1] - (SEMVER-MINOR) cli: add --use-env-proxy (Joyee Cheung) #​59151
• [bedaaa11fc] - (SEMVER-MINOR) http: support http proxy for fetch under NODE_USE_ENV_PROXY (Joyee Cheung) #​57165
• [af8b5fa29d] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #​59824
• [42102594b1] - (SEMVER-MINOR) http,https: add built-in proxy support in http/https.request and Agent (Joyee Cheung) #​58980
• [686ac49b82] - (SEMVER-MINOR) src: add percentage support to --max-old-space-size (Asaf Federman) #​59082

Commits

• [a71dd592e3] - benchmark: calibrate config dgram multi-buffer (Bruno Rodrigues) #​59696
• [16c4b466f4] - benchmark: calibrate config cluster/echo.js (Nam Yooseong) #​59836
• [53cb9f3b6c] - build: add the missing macro definitions for OpenHarmony (hqzing) #​59804
• [ec5290fe01] - build: do not include custom ESLint rules testing in tarball (Antoine du Hamel) #​59809
• [1486fedea1] - (SEMVER-MINOR) cli: add --use-env-proxy (Joyee Cheung) #​59151
• [1f93913446] - crypto: use return await when returning Promises from async functions (Renegade334) #​59841
• [f488b2ff73] - crypto: use async functions for non-stub Promise-returning functions (Renegade334) #​59841
• [aed9fd5ac4] - crypto: avoid calls to promise.catch() (Renegade334) #​59841
• [37c2d186f0] - deps: update amaro to 1.1.4 (pmarchini) #​60044
• [28aea13419] - deps: update archs files for openssl-3.5.4 (Node.js GitHub Bot) #​60101
• [ddbc1aa0bb] - deps: upgrade openssl sources to openssl-3.5.4 (Node.js GitHub Bot) #​60101
• [badbba2da9] - deps: update googletest to 50b8600 (Node.js GitHub Bot) #​59955
• [48aaf98a08] - deps: update archs files for openssl-3.5.3 (Node.js GitHub Bot) #​59901
• [e02a562ea6] - deps: upgrade openssl sources to openssl-3.5.3 (Node.js GitHub Bot) #​59901
• [7e0e86cb92] - deps: upgrade npm to 10.9.4 (npm team) #​60074
• [91dda5facf] - deps: update undici to 6.22.0 (Matteo Collina) #​60112
• [3a3220a2f0] - dgram: restore buffer optimization in fixBufferList (Yoo) #​59934
• [09bdcce6b8] - diagnostics_channel: fix race condition with diagnostics_channel and GC (Ugaitz Urien) #​59910
• [b3eeb3bd13] - doc: provide alternative to url.parse() using WHATWG URL (Steven) #​59736
• [1ddaab1904] - doc: mention reverse proxy and include simple example (Steven) #​59736
• [3b3b71e99c] - doc: mark .env files support as stable (Santeri Hiltunen) #​59925
• [d37f67d1bd] - doc: remove optional title prefixes (Aviv Keller) #​60087
• [ca2dff63f9] - doc: fix typo on child_process.md (Angelo Gazzola) #​60114
• [3fca564a05] - doc: add automated migration info to deprecations (Augustin Mauroy) #​60022
• [4bc366fc16] - doc: use "WebAssembly" instead of "Web Assembly" (Tobias Nießen) #​59954
• [4808dbdd9a] - doc: fix typo in section on microtask order (Tobias Nießen) #​59932
• [d6e303d645] - doc: update V8 fast API guidance (René) #​58999
• [0a3a3f729e] - doc: add security escalation policy (Ulises Gascón) #​59806
• [8fd669c70d] - doc: type improvement of file http.md (yusheng chen) #​58189
• [9833dc6060] - doc: rephrase dynamic import() description (Nam Yooseong) #​59224
• [2870a73681] - doc,crypto: update subtle.generateKey and subtle.importKey (Filip Skokan) #​59851
• [85818db93c] - fs,win: do not add a second trailing slash in readdir (Gerhard Stöbich) #​59847
• [bedaaa11fc] - (SEMVER-MINOR) http: support http proxy for fetch under NODE_USE_ENV_PROXY (Joyee Cheung) #​57165
• [af8b5fa29d] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #​59824
• [758271ae66] - http: optimize checkIsHttpToken for short strings (방진혁) #​59832
• [42102594b1] - (SEMVER-MINOR) http,https: add built-in proxy support in http/https.request and Agent (Joyee Cheung) #​58980
• [a33ed9bf96] - inspector: ensure adequate memory allocation for Binary::toBase64 (René) #​59870
• [34c686be2b] - lib: update inspect output format for subclasses (Miguel Marcondes Filho) #​59687
• [12e553529c] - lib: add source map support for assert messages (Chengzhong Wu) #​59751
• [d2a70571f8] - lib,src: refactor assert to load error source from memory (Chengzhong Wu) #​59751
• [20a9e86b5d] - meta: move Michael to emeritus (Michael Dawson) #​60070
• [c591cca15c] - meta: bump github/codeql-action from 3.30.0 to 3.30.5 (dependabot[bot]) #​60089
• [090ba141b1] - meta: bump codecov/codecov-action from 5.5.0 to 5.5.1 (dependabot[bot]) #​60091
• [a0ba6884a5] - meta: bump actions/stale from 9.1.0 to 10.0.0 (dependabot[bot]) #​60092
• [0feca0c541] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #​60093
• [7cd2b42d18] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #​60094
• [1f3b9d66ac] - meta: bump actions/cache from 4.2.4 to 4.3.0 (dependabot[bot]) #​60095
• [0fedbb3de7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #​60096
• [04590b8267] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #​60090
• [2bf0a9318f] - meta: add .npmrc with ignore-scripts=true (Joyee Cheung) #​59914
• [e10dc7b81c] - module: allow overriding linked requests for a ModuleWrap (Chengzhong Wu) #​59527
• [2237142369] - module: link module with a module request record (Chengzhong Wu) #​58886
• [6d24b88fbc] - node-api: added SharedArrayBuffer api (Mert Can Altin) #​59071
• [4cc84c96f4] - node-api: make napi_delete_reference use node_api_basic_env (Jeetu Suthar) #​59684
• [e790eb6b50] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #​59857
• [99ea08dc43] - repl: add isValidParentheses check before wrap input (Xuguang Mei) #​59607
• [e4a4f63019] - sqlite: fix crash session extension callbacks with workers (Bart Louwers) #​59848
• [42c5544b97] - src: assert memory calc for max-old-space-size-percentage (Asaf Federman) #​59460
• [686ac49b82] - (SEMVER-MINOR) src: add percentage support to --max-old-space-size (Asaf Federman) #​59082
• [84701ff668] - src: clear all linked module caches once instantiated (Chengzhong Wu) #​59117
• [8e182e561f] - src: remove unnecessary Environment::GetCurrent() calls (Moonki Choi) #​59814
• [c9cde35c4d] - src: simplify is_callable by making it a concept (Tobias Nießen) #​58169
• [892b425ee1] - src: rename private fields to follow naming convention (Moonki Choi) #​59923
• [36b68db7f5] - src: reduce the nearest parent package JSON cache size (Michael Smith) #​59888
• [26b40bad02] - src: replace FIXED_ONE_BYTE_STRING with Environment-cached strings (Moonki Choi) #​59891
• [34dcb7dc32] - src: create strings in FIXED_ONE_BYTE_STRING as internalized (Anna Henningsen) #​59826
• [4d748add05] - src: remove std::array overload of FIXED_ONE_BYTE_STRING (Anna Henningsen) #​59826
• [bb6fd7c2d1] - src: ensure v8::Eternal is empty before setting it (Anna Henningsen) #​59825
• [7a91282bf9] - src: use simdjson::pad (0hm☘️) #​59391
• [ba00875f01] - stream: use new AsyncResource instead of bind (Matteo Collina) #​59867
• [ebec3ef68b] - (SEMVER-MINOR) test: move http proxy tests to test/client-proxy (Joyee Cheung) #​58980
• [7067d79fb3] - test: mark sea tests flaky on macOS x64 (Richard Lau) #​60068
• [ca1942c9d5] - test: testcase demonstrating issue 59541 (Eric Rannaud) #​59801
• [660d57355e]

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying lipu-svelte with    Cloudflare Pages

Latest commit:	e582c3a
Status:	✅  Deploy successful!
Preview URL:	https://27d1deb0.lipu-svelte.pages.dev
Branch Preview URL:	https://renovate-all-minor-patch.lipu-svelte.pages.dev

View logs