fix(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@commitlint/cli (source)	^20.5.0 → ^20.5.3			devDependencies	patch
@commitlint/config-conventional (source)	^20.5.0 → ^20.5.3			devDependencies	patch
@iconify-json/lucide	^1.2.98 → ^1.2.111			devDependencies	patch
@playwright/test (source)	^1.58.2 → ^1.60.0			devDependencies	minor
@sveltejs/kit (source)	^2.55.0 → ^2.61.1			devDependencies	minor
@tailwindcss/vite (source)	^4.2.2 → ^4.3.0			devDependencies	minor
@trpc/client (source)	^11.15.0 → ^11.17.0			dependencies	minor
@trpc/server (source)	^11.15.0 → ^11.17.0			dependencies	minor
@types/node (source)	^24.12.0 → ^24.12.4			devDependencies	patch
better-sqlite3	^12.8.0 → ^12.10.0			dependencies	minor
daisyui (source)	^5.5.19 → ^5.5.20			devDependencies	patch
devalue	^5.6.4 → ^5.8.1			dependencies	minor
eslint-plugin-svelte (source)	^3.16.0 → ^3.19.0			devDependencies	minor
globals	^17.4.0 → ^17.6.0			devDependencies	minor
kysely (source)	^0.28.14 → ^0.29.2			dependencies	minor
node	24.14.0 → 24.16.0			uses-with	minor
pnpm (source)	10.32.1 → 10.34.1			packageManager	minor
pnpm (source)	10.32.1 → 10.34.1			uses-with	minor
postcss (source)	^8.5.8 → ^8.5.15			devDependencies	patch
prettier (source)	^3.8.1 → ^3.8.3			devDependencies	patch
prettier-plugin-svelte	^3.5.1 → ^3.5.2			devDependencies	patch
prettier-plugin-tailwindcss	^0.7.2 → ^0.8.0			devDependencies	minor
svelte (source)	^5.55.0 → ^5.56.0			devDependencies	minor
svelte-check	^4.4.5 → ^4.4.8			devDependencies	patch
svelte-preprocess	^6.0.3 → ^6.0.5			devDependencies	patch
tailwindcss (source)	^4.2.2 → ^4.3.0			devDependencies	minor
typescript-eslint (source)	^8.57.2 → ^8.60.0			devDependencies	minor
vite (source)	^7.3.1 → ^7.3.3			devDependencies	patch
vite-plugin-pwa	^1.2.0 → ^1.3.0			devDependencies	minor
vitest (source)	^4.1.1 → ^4.1.7			devDependencies	patch
workbox-build (source)	^7.4.0 → ^7.4.1			devDependencies	patch
workbox-window (source)	^7.4.0 → ^7.4.1			devDependencies	patch
zod (source)	^4.3.6 → ^4.4.3			dependencies	minor

---

Release Notes

conventional-changelog/commitlint (@​commitlint/cli)

v20.5.3

Compare Source

Note: Version bump only for package @​commitlint/cli

v20.5.2

Compare Source

Note: Version bump only for package @​commitlint/cli

conventional-changelog/commitlint (@​commitlint/config-conventional)

v20.5.3

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

microsoft/playwright (@​playwright/test)

v1.60.0

Compare Source

🌐 HAR recording on Tracing

tracing.startHar() / tracing.stopHar() expose HAR recording as a first-class tracing API, with the same content, mode and urlFilter options as recordHar. The returned Disposable makes it easy to scope a recording with await using:

await using har = await context.tracing.startHar('trace.har');
const page = await context.newPage();
await page.goto('https://playwright.dev');
// HAR is finalized when `har` goes out of scope.

🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:

await page.locator('#dropzone').drop({
  files: { name: 'note.txt', mimeType: 'text/plain', buffer: Buffer.from('hello') },
});

await page.locator('#dropzone').drop({
  data: {
    'text/plain': 'hello world',
    'text/uri-list': 'https://example.com',
  },
});

🎯 Aria snapshots

• expect(page).toMatchAriaSnapshot() now works on a Page, in addition to a Locator — equivalent to asserting against page.locator('body').
• New boxes option on locator.ariaSnapshot() / page.ariaSnapshot() appends each element's bounding box as [box=x,y,width,height], useful for AI consumption.

🛑 test.abort()

New test.abort() aborts the currently running test from a fixture, hook, or route handler with an optional message. Use it when you have detected an unrecoverable misuse and want to fail the test right away:

test('does not publish to the shared page', async ({ page }) => {
  await page.route('**/publish', route => {
    test.abort('Tests must not publish to the shared page. Use the `clone` option.');
    return route.abort();
  });
  // ...
});

New APIs

Browser, Context and Page

• Event browser.on('context') — fired when a new context is created on the browser.
• BrowserContext now mirrors lifecycle events from its pages: browserContext.on('download'), browserContext.on('frameattached'), browserContext.on('framedetached'), browserContext.on('framenavigated'), browserContext.on('pageclose'), browserContext.on('pageload').

Locators and Assertions

• New option description in page.getByRole() / locator.getByRole() / frame.getByRole() / frameLocator.getByRole() for matching the accessible description.
• New option pseudo in expect(locator).toHaveCSS() reads computed styles from ::before or ::after.
• New option style in locator.highlight() applies extra inline CSS to the highlight overlay, plus new page.hideHighlight() to clear all highlights.

Network

• webSocketRoute.protocols() returns the WebSocket subprotocols requested by the page.
• New option noDefaults in browserType.connectOverCDP() disables Playwright's default overrides on the default context (download behavior, focus emulation, media emulation), so attaching to a user's daily-driver browser doesn't disturb its state.

Errors and Reporting

• New webError.location() mirrors consoleMessage.location().
• consoleMessage.location() now exposes line / column properties (lineNumber / columnNumber are deprecated).
• New testInfoError.errorContext surfaces additional diagnostic context, such as the aria snapshot of the receiver at the time of an expect(...) matcher failure.
• reporter.onError() now receives a workerInfo argument with details about the worker for fixture teardown errors.

Test runner

• New {testFileBaseName} token in testProject.snapshotPathTemplate — file name without extension.
• Test runner now errors when a config tries to override a non-option fixture, and rejects workers: 0 or negative values.

🛠️ Other improvements

• HTML reporter:
  • npx playwright show-report accepts .zip files directly — no need to unzip first.
  • Steps that contain attachments inside nested children show an indicator on the parent step.
  • The repeatEachIndex is shown in the test header when non-zero.
• Trace Viewer adds a pretty-print toggle for JSON / form request and response bodies in the network details panel.

Breaking Changes ⚠️

• Removed long-deprecated APIs:
  • Locator.ariaRef() — use the standard locator.ariaSnapshot() pipeline.
  • handle option on BrowserContext.exposeBinding and Page.exposeBinding.
  • logger option on BrowserType.connect and BrowserType.connectOverCDP — use tracing instead.
  • Context options videosPath / videoSize — use recordVideo instead.

Browser Versions

• Chromium 148.0.7778.96
• Mozilla Firefox 150.0.2
• WebKit 26.4

This version was also tested against the following stable channels:

• Google Chrome 147
• Microsoft Edge 147

v1.59.1

Compare Source

v1.59.0

Compare Source

sveltejs/kit (@​sveltejs/kit)

v2.61.1

Compare Source

Patch Changes

• fix: regression where routes starting and ending with a route group are not matched correctly (#​15903)

v2.61.0

Compare Source

Minor Changes

• breaking: the .run() method has been removed from remote queries on both the client and the server. Use await query() directly instead — it now works everywhere (#​15779)

• feat: remote queries can now be awaited in any context (event handlers, module scope, async callbacks), not just inside reactive contexts. The cache is shared across reactive and non-reactive subscribers, so awaiting a query in an event handler will dedupe with components that have already subscribed to the same query. (#​15779)

• feat: live query instances are now themselves async-iterable (#​15878)

• feat: add programmatic submit method to form remote function instances (#​15657)

• feat: pass form remote function instance into enhance callback (#​15657)

Patch Changes

• fix: resolve the app payload without using process.env.NODE_ENV (#​15852)

• fix: support exactOptionalPropertyTypes for optional route params (#​15825)

• fix: correctly send true value to the server for 'submit' and 'hidden' form fields (#​15858)

• fix: avoid build warnings about undefined universal hooks (#​15895)

• fix: prefer default error page when failing to decode the URL pathname (#​15744)

• fix: disable link prefetching on slow internet connections (#​15885)

• fix: allow routes ending with optional parameters next to more specific routes (#​15861)

• fix: remove reliance on Content-Length header in deserialize_binary_form, which caused failures when proxies (e.g. Vercel, Azure) strip the header and use chunked transfer encoding (#​15796)

v2.60.1

Compare Source

Patch Changes

• chore: bump svelte and devalue (#​15836)

• fix: prevent query.batch cross-talk (dadaefc)

v2.60.0

Compare Source

Minor Changes

• feat: allow 'submit' and 'hidden' form fields to accept numbers and booleans (#​15802)

• feat: warn on unread form remote function validation issues (#​15653)

Patch Changes

• fix: abort navigation after async rendering if obsolete (#​15811)

• fix: skip refreshing queries on full-page reload form submissions (#​15803)

v2.59.1

Compare Source

Patch Changes

• fix: resolve paths to route files with the letter drive on Windows (#​15793)

v2.59.0

Compare Source

Minor Changes

• feat: support query.batch in requested(...) (#​15751)

• breaking: on the server, make the promise returned from refresh represent adding the refresh to the map, not the time it takes to run the remote function (#​15705)

• feat: experimental query.live function (#​15705)

Patch Changes

• fix: unwrap Promise in RemoteCommand output type (#​15771)

• fix: empty call to .updates() on a command/form invocation means "don't update anything" (#​15705)

• fix: form.fields.foo.as('checkbox', default_value) now works (#​15752)

• fix: remote forms with default values defined by field.as('text', defaultValue) now correctly reset to the provided default values once submitted (#​15753)

• fix: make sure queries always get started correctly (#​15705)

• fix: allow plain functions as overrides in updates (#​15705)

v2.58.0

Compare Source

Minor Changes

• breaking: require limit in requested (as originally intended) (#​15739)

• feat: RemoteQueryFunction gains an optional third generic parameter Validated (defaulting to Input) that represents the argument type after schema validation/transformation (#​15739)

• breaking: requested now yields { arg, query } entries instead of the validated argument (#​15739)

Patch Changes

• fix: allow query().current, .error, .loading, and .ready to work in non-reactive contexts (#​15699)

• fix: prevent deep_set crash on nullish nested values (#​15600)

• fix: restore correct RemoteFormFields typing for nullable array fields (e.g. when a schema uses .default([])), so .as('checkbox') and friends work again (#​15723)

• fix: don't warn about removed SSI comments in transformPageChunk (#​15695)

  Server-side include (SSI) directives like <!--#include virtual="..." --> are HTML comments that are replaced by servers such as nginx. Previously, removing them in transformPageChunk would trigger a false positive warning about breaking Svelte's hydration. Since SSI comments always start with <!--# and Svelte's hydration comments never do, they can be safely excluded from the check.

• Change enhance function return type from void to MaybePromise. (#​15710)

• fix: throw an error when resolve is called with an external URL (#​15733)

• fix: avoid FOUC for CSR-only pages by loading styles and fonts before CSR starts (#​15718)

• fix: reset form result on redirect (#​15724)

v2.57.1

Compare Source

Patch Changes

• fix: better validation for redirect inputs (10d7b44)

• fix: enforce BODY_SIZE_LIMIT on chunked requests (3202ed6)

• fix: use default values as fallbacks (#​15680)

• fix: relax form typings for union types (#​15687)

v2.57.0

Compare Source

Minor Changes

• feat: return boolean from submit to indicate submission validity for enhanced form remote functions (#​15530)

Patch Changes

• fix: use array type for select fields that accept multiple values (#​15591)

• fix: silently 404 Chrome DevTools workspaces request in dev and preview (#​15656)

• fix: config.kit.csp.directives['trusted-types'] requires 'svelte-trusted-html' (and 'sveltekit-trusted-url' when a service worker is automatically registered) if it is configured (#​15323)

• fix: avoid inlineDynamicImports ignored with codeSplitting warning when using Vite 8 (#​15647)

• fix: reimplement treeshaking non-dynamic prerendered remote functions (#​15447)

v2.56.1

Compare Source

Patch Changes

• chore: update JSDoc (#​15640)

v2.56.0

Compare Source

Minor Changes

• breaking: rework client-driven refreshes (#​15562)

• breaking: stabilize remote function caching by sorting object keys (#​15570)

• breaking: add run() method to queries, disallow awaiting queries outside render (#​15533)

• feat: support TypeScript 6.0 (#​15595)

• breaking: isolate command-triggered query refresh failures per-query (#​15562)

• feat: use hydratable for remote function transport (#​15533)

• feat: allow form fields to specify a default value (field.as(type, value)) (#​15577)

Patch Changes

• fix: don't request new data when .refresh is called on a query with no cache entry (#​15533)

• fix: allow using multiple remote functions within one async derived (#​15561)

• fix: avoid false-positive overridden Vite base setting warning when setting a paths.base in svelte.config.js (#​15623)

• fix: manage queries in their own $effect.root (#​15533)

• fix: avoid inlineDynamicImports deprecation warning when building the service worker with Vite 8 (#​15550)

• fix: correctly escape backticks when precomputing CSS (#​15593)

• fix: discard obsolete forks before finishing navigation (#​15634)

• chore: tighten up override implementation (#​15562)

• fix: ensure the default Svelte 5 error.svelte file uses runes mode (#​15609)

• fix: deduplicate same-cache-key batch calls during SSR (#​15533)

• fix: decrement pending_count when form callback doesn't call submit() (#​15520)

tailwindlabs/tailwindcss (@​tailwindcss/vite)

v4.3.0

Compare Source

Added

• Add @container-size utility (#​18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#​19981, #​20019)
• Add scrollbar-gutter-* utilities (#​20018)
• Add zoom-* utilities (#​20020)
• Add tab-* utilities (#​20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#​19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#​19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#​19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#​19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#​19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#​19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#​19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#​19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#​19986)
• Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#​19988)
• Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#​19991)
• Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#​19918)
• Allow multiple @utility definitions with the same name but different value types (#​19777)
• Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#​19707)
• Ensure start and end legacy utilities without values do not generate CSS (#​20003)
• Ensure --value(…) is required in functional @utility definitions (#​20005)
• Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#​20011)

v4.2.4

Compare Source

Fixed

• Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#​19947)

v4.2.3

Compare Source

Fixed

• Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tighter → tracking-wider) (#​19827)
• Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#​19829)
• Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#​19723)
• Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem] → p-[1.2rem]) (#​19837)
• Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#​19842)
• Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#​19842)
• Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#​19842)
• Canonicalization: collapse overflow-{x,y}-* into overflow-* (#​19842)
• Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#​19842)
• Read from --placeholder-color instead of --background-color for placeholder-* utilities (#​19843)
• Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#​19846)
• Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#​19846)
• Upgrade: never migrate files that are ignored by git (#​19846)
• Add .env and .env.* to default ignored content files (#​19846)
• Canonicalization: migrate overflow-ellipsis into text-ellipsis (#​19849)
• Canonicalization: migrate start-full → inset-s-full, start-auto → inset-s-auto, start-px → inset-s-px, and start-<number> → inset-s-<number> as well as negative versions (#​19849)
• Canonicalization: migrate end-full → inset-e-full, end-auto → inset-e-auto, end-px → inset-e-px, and end-<number> → inset-e-<number> as well as negative versions (#​19849)
• Canonicalization: move the - sign inside the arbitrary value -left-[9rem] → left-[-9rem] (#​19858)
• Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))] → -ml-(--width) (#​19858)
• Improve performance when scanning JSONL / NDJSON files (#​19862)
• Support NODE_PATH environment variable in standalone CLI (#​19617)

trpc/trpc (@​trpc/client)

v11.17.0

Compare Source

What's Changed

• chore(deps): bump next from 15.5.10 to 15.5.14 by @​dependabot[bot] in #​7268
• chore: Review stale skills (v11.16.0) by @​github-actions[bot] in #​7295
• fix(server): unwrap error from cause for streaming onError by @​zirkelc in #​7286
• chore: Add cache checks for openapi router fixtures by @​Nick-Lucas in #​7296
• chore: Update Hey API for new type imports by @​Nick-Lucas in #​7298
• docs: Add oasdiff docs to openapi by @​Nick-Lucas in #​7299
• feat: Add subscription inferrence helpers by @​Nick-Lucas in #​7303
• fix(www): Add accessible text to links without discernible text by @​cyphercodes in #​7302
• fix(deps): update dependency @​tanstack/intent to ^0.0.27 by @​renovate[bot] in #​7309
• fix(deps): update dependency srvx to v0.11.14 by @​renovate[bot] in #​7310
• chore(deps): update dependency @​oxc-project/runtime to v0.123.0 by @​renovate[bot] in #​7311
• fix(deps): update dependency @​clack/prompts to v1.2.0 by @​renovate[bot] in #​7312
• chore(deps): bump fastify from 5.8.1 to 5.8.3 by @​dependabot[bot] in #​7288
• chore(deps): update codecov/codecov-action action to v6 by @​renovate[bot] in #​7313
• fix(deps): update dependency eslint-plugin-unicorn to v64 by @​renovate[bot] in #​7314
• fix(deps): update dependency undici to v8 by @​renovate[bot] in #​7316
• chore(monorepo): remove versions from private workspaces by @​KATT in #​7306
• fix(server): handle React 19 proxy coercion in createInnerProxy by @​DORI2001 in #​7336
• docs: add trpc-studio to awesome-trpc extensions by @​sayefdeen in #​7340
• chore: upgrade pnpm to 10.33.1 by @​KATT in #​7350
• build: upgrade drizzle in next-sse-chat example by @​KATT in #​7351
• chore(www): Add Legora to website logos by @​KATT in #​7358

New Contributors

• @​cyphercodes made their first contribution in #​7302
• @​DORI2001 made their first contribution in #​7336
• @​sayefdeen made their first contribution in #​7340

Full Changelog: trpc/trpc@v11.16.0...v11.17.0

v11.16.0

Compare Source

What's Changed

• feat: OpenAPI Cyclic Types support by @​Nick-Lucas in #​7283
• chore: Review stale skills (manual) by @​github-actions[bot] in #​7294

@trpc/openapi 11.16.0-alpha

• Drops the type depth limit of 20, and significantly hardens cyclic-type support for both inference and Zod
• Support zod.lazy via Standard Schema fallback
• Strip symbols from output (no more __@​asyncIterator@5456 symbols in output)
• Add more comprehensive types for the OpenAPI doc from the official package (now a dependency) and apply some patches to these types because they're slightly outdated
• Fixes several issues with gathering schema descriptions, such as consuming jsdoc comments from node_modules types

New Contributors

• @​github-actions[bot] made their first contribution in #​7294

Full Changelog: trpc/trpc@v11.15.1...v11.16.0

v11.15.2

Compare Source

v11.15.1

Compare Source

What's Changed

• fix(www): render sponsor links in static HTML for SEO by @​shtefcs in #​7285
• fix: error handling with Node VM by @​znikola in #​7280

New Contributors

• @​shtefcs made their first contribution in #​7285
• @​znikola made their first contribution in #​7280

Full Changelog: trpc/trpc@v11.15.0...v11.15.1

WiseLibs/better-sqlite3 (better-sqlite3)

v12.10.0

Compare Source

What's Changed

• Update SQLite to version 3.53.1 by @​JoshuaWise in #​1467
• Add support for Node.js v26 prebuilds and remove EOL builds (Node.js v20, v23) by @​m4heshd in #​1468
• Temporarily rollback support for Electron v42 prebuilds by @​m4heshd in #​1470
• Enable percentile functions by @​Maxime-J in #​1447

Full Changelog: WiseLibs/better-sqlite3@v12.9.1...v12.10.0

v12.9.0

Compare Source

What's Changed

• Update SQLite to version 3.53.0 in #​1464

Full Changelog: WiseLibs/better-sqlite3@v12.8.0...v12.9.0

saadeghi/daisyui (daisyui)

v5.5.20

Compare Source

Bug Fixes

• dropdown animation inside a modal (#​4526) (568d85f)

sveltejs/devalue (devalue)

v5.8.1

Compare Source

Patch Changes

• 206ca67: fix: force sparse arrays to allocate sparsely

v5.8.0

Compare Source

Minor Changes

• c5115b0: feat: add stringifyAsync for async serialization

v5.7.1

Compare Source

Patch Changes

• 8becc7c: fix: handle regexes consistently in uneval's value and reference formats

[v5.7.0](h

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone America/New_York)

• Branch creation
  • "after 5:00pm on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.