Skip to content

chore(deps-dev): bump the prod-dependencies group with 5 updates#401

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/prod-dependencies-3b13a921c6
Closed

chore(deps-dev): bump the prod-dependencies group with 5 updates#401
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/prod-dependencies-3b13a921c6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 15, 2026
edited
Loading

Bumps the prod-dependencies group with 5 updates:

Package From To
@lucide/svelte 1.14.0 1.16.0
@sveltejs/kit 2.59.1 2.60.1
isomorphic-dompurify 3.12.0 3.13.0
svelte 5.55.5 5.55.7
wrangler 4.90.1 4.91.0

Updates @lucide/svelte from 1.14.0 to 1.16.0

Release notes

Sourced from @​lucide/svelte's releases.

Version 1.16.0

What's Changed

Full Changelog: lucide-icons/lucide@1.15.0...1.16.0

Version 1.15.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@1.14.0...1.15.0

Commits

Updates @sveltejs/kit from 2.59.1 to 2.60.1

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.60.1

Patch Changes

  • chore: bump svelte and devalue (#15836)

  • fix: prevent query.batch cross-talk (dadaefc)

@​sveltejs/kit@​2.60.0

Minor Changes

  • feat: allow 'submit' and 'hidden' form fields to accept numbers and booleans (#15802)

  • feat: warn on unread form remote function validation issues (#15653)

Patch Changes

  • fix: abort navigation after async rendering if obsolete (#15811)

  • fix: skip refreshing queries on full-page reload form submissions (#15803)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.60.1

Patch Changes

  • chore: bump svelte and devalue (#15836)

  • fix: prevent query.batch cross-talk (dadaefc)

2.60.0

Minor Changes

  • feat: allow 'submit' and 'hidden' form fields to accept numbers and booleans (#15802)

  • feat: warn on unread form remote function validation issues (#15653)

Patch Changes

  • fix: abort navigation after async rendering if obsolete (#15811)

  • fix: skip refreshing queries on full-page reload form submissions (#15803)

Commits

Updates isomorphic-dompurify from 3.12.0 to 3.13.0

Release notes

Sourced from isomorphic-dompurify's releases.

3.13.0: Updated dependencies

What's Changed

Full Changelog: kkomelin/isomorphic-dompurify@3.12.0...3.13.0

Commits
  • c159087 chore: Updated deps and incremented project version.
  • e8b2f23 chore(deps): bump dompurify from 3.4.2 to 3.4.3
  • 64b1d7b chore(deps-dev): bump @​biomejs/biome from 2.4.14 to 2.4.15
  • 233ed4d chore(deps-dev): bump @​types/jsdom from 28.0.1 to 28.0.3
  • bf44524 chore(deps-dev): bump vitest from 4.1.5 to 4.1.6
  • See full diff in compare view

Updates svelte from 5.55.5 to 5.55.7

Release notes

Sourced from svelte's releases.

svelte@5.55.7

Patch Changes

svelte@5.55.6

Patch Changes

  • fix: leave stale promises to wait for a later resolution, instead of rejecting (#18180)

  • fix: keep dependencies of $state.eager/pending (#18218)

  • fix: reapply context after transforming error during SSR (#18099)

  • fix: don't rebase just-created batches (#18117)

  • chore: allow null for pending in typings (#18201)

  • fix: flush eager effects in production (#18107)

  • fix: rethrow error of failed iterable after calling return() (#18169)

  • fix: account for proxified instance when updating bind:this (#18147)

  • fix: ensure scheduled batch is flushed if not obsolete (#18131)

  • fix: resolve stale deriveds with latest value (#18167)

  • chore: remove unnecessary increment_pending calls (#18183)

  • fix: correctly compile component member expressions for SSR (#18192)

  • fix: reset source.updated stack traces after flush (#18196)

  • fix: replacing async 'blocking' strategy with 'merging' (#18205)

  • fix: allow @debug tags to reference awaited variables (#18138)

  • fix: re-run fallback props if dependencies update (#18146)

  • fix: abort running obsolete async branches (#18118)

... (truncated)

Changelog

Sourced from svelte's changelog.

5.55.7

Patch Changes

5.55.6

Patch Changes

  • fix: leave stale promises to wait for a later resolution, instead of rejecting (#18180)

  • fix: keep dependencies of $state.eager/pending (#18218)

  • fix: reapply context after transforming error during SSR (#18099)

  • fix: don't rebase just-created batches (#18117)

  • chore: allow null for pending in typings (#18201)

  • fix: flush eager effects in production (#18107)

  • fix: rethrow error of failed iterable after calling return() (#18169)

  • fix: account for proxified instance when updating bind:this (#18147)

  • fix: ensure scheduled batch is flushed if not obsolete (#18131)

  • fix: resolve stale deriveds with latest value (#18167)

  • chore: remove unnecessary increment_pending calls (#18183)

  • fix: correctly compile component member expressions for SSR (#18192)

  • fix: reset source.updated stack traces after flush (#18196)

  • fix: replacing async 'blocking' strategy with 'merging' (#18205)

  • fix: allow @debug tags to reference awaited variables (#18138)

  • fix: re-run fallback props if dependencies update (#18146)

... (truncated)

Commits

Updates wrangler from 4.90.1 to 4.91.0

Release notes

Sourced from wrangler's releases.

wrangler@4.91.0

Minor Changes

  • #13822 c8be316 Thanks @​edmundhung! - Add named tunnel support and tunnel shortcuts to wrangler dev

    You can now use wrangler dev --tunnel --tunnel-name <name> to start a dev session with an existing named Cloudflare Tunnel, or set --tunnel-name ahead of time and start it later by pressing t to start or close the tunnel. This gives you a stable public hostname for local development instead of the temporary trycloudflare.com URL used by Quick Tunnels.

Patch Changes

  • #13848 d4794a8 Thanks @​MattieTK! - Condense repeated environment configuration warnings

    Wrangler now summarises repeated missing vars and define entries in environment configuration warnings. Experimental unsafe warnings are also only emitted once when the field appears at both the top level and in the active environment.

  • #13894 58b4403 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260508.1 1.20260511.1

  • #13780 4352f87 Thanks @​matingathani! - Normalize legacy instance type aliases (standardstandard-1, devlite) to prevent phantom EDIT diffs on every deploy

  • #13834 a9e6741 Thanks @​matingathani! - fix: hotkeys now work with Caps Lock enabled

    Wrangler's dev server hotkeys (e.g. b to open browser and x to exit) did not respond when Caps Lock was enabled. These hotkeys now work consistently whether or not Caps Lock is on.

  • #13750 da664d5 Thanks @​matingathani! - fix: automatically delete log files older than 30 days and add WRANGLER_WRITE_LOGS=false to disable disk logging

    Wrangler previously accumulated log files in ~/.wrangler/logs/ indefinitely, causing some users to accumulate gigabytes of logs over time.

    Log files older than 30 days are now automatically cleaned up on the first log write. Disk logging can be disabled entirely by setting WRANGLER_WRITE_LOGS=false.

  • #13914 bdc398c Thanks @​Maximo-Guk! - preserve native shape of non-string vars in worker previews

    wrangler preview previously coerced every non-string entry in previews.vars (arrays, objects, numbers, booleans) into a plain_text binding via JSON.stringify, so at runtime the worker saw a literal string instead of the value declared in wrangler.jsonc. wrangler deploy already serializes non-string vars as json bindings so the Workers runtime parses them back into native JS values; previews now match.

    Before:

    // wrangler.jsonc — previews.vars
{ "ALLOWLIST": ["a@example.com", "b@example.com"] }
// runtime
typeof env.ALLOWLIST === "string" // true (was '["a@example.com","b@example.com"]')

    After:

    typeof env.ALLOWLIST === "object"; // Array.isArray(env.ALLOWLIST) === true

... (truncated)

Commits
  • adbf8cb Version Packages (#13895)
  • 7ce6f6f feat(vite-plugin-cloudflare): named tunnel support (#13903)
  • bdc398c fix(wrangler): preserve native shape of non-string vars in worker previews (#...
  • c8be316 feat(wrangler): named tunnel support (#13822)
  • 1420f10 fix(wrangler): propagate unsafe.bindings and cross_account_grant to worker pr...
  • a9e6741 [wrangler] fix: hotkeys work with Caps Lock enabled (#13834)
  • 58b4403 Bump the workerd-and-workers-types group with 2 updates (#13894)
  • da664d5 [wrangler] fix: auto-delete logs older than 7 days and add WRANGLER_LOG_DISK ...
  • 4352f87 [wrangler] fix: normalize legacy instance type aliases to prevent phantom EDI...
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps-dev): bump the prod-dependencies group with 5 updates
66cfe4f 
Bumps the prod-dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [@lucide/svelte](https://github.com/lucide-icons/lucide/tree/HEAD/packages/svelte) | `1.14.0` | `1.16.0` |
| [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `2.59.1` | `2.60.1` |
| [isomorphic-dompurify](https://github.com/kkomelin/isomorphic-dompurify) | `3.12.0` | `3.13.0` |
| [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `5.55.5` | `5.55.7` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.90.1` | `4.91.0` |


Updates `@lucide/svelte` from 1.14.0 to 1.16.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.16.0/packages/svelte)

Updates `@sveltejs/kit` from 2.59.1 to 2.60.1
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.60.1/packages/kit)

Updates `isomorphic-dompurify` from 3.12.0 to 3.13.0
- [Release notes](https://github.com/kkomelin/isomorphic-dompurify/releases)
- [Commits](kkomelin/isomorphic-dompurify@3.12.0...3.13.0)

Updates `svelte` from 5.55.5 to 5.55.7
- [Release notes](https://github.com/sveltejs/svelte/releases)
- [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.55.7/packages/svelte)

Updates `wrangler` from 4.90.1 to 4.91.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.91.0/packages/wrangler)

---
updated-dependencies:
- dependency-name: "@lucide/svelte"
  dependency-version: 1.16.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: "@sveltejs/kit"
  dependency-version: 2.60.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: isomorphic-dompurify
  dependency-version: 3.13.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: svelte
  dependency-version: 5.55.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: wrangler
  dependency-version: 4.91.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 15, 2026
@getarcaneappbot
Copy link
Copy Markdown
Contributor

getarcaneappbot commented May 15, 2026

Preview deployed successfully!

Built from commit 77fb374

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 16, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 16, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/prod-dependencies-3b13a921c6 branch May 16, 2026 00:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@getarcaneappbot