Bump svelte from 3.59.2 to 5.4.0 in /frontend

[dependabot]

Bumps svelte from 3.59.2 to 5.4.0.

Release notes

Sourced from svelte's releases.

svelte@5.4.0

Minor Changes

• feat: support #each without as (#14396)

svelte@5.3.2

Patch Changes

• fix: correctly prune CSS for elements inside snippets (#14494)

• fix: render attributes during SSR regardless of case (#14492)

svelte@5.3.1

Patch Changes

• fix: treat spread elements the same as call expressions (#14488)

• fix: correctly increment/decrement bigints (#14485)

svelte@5.3.0

Minor Changes

• feat: add error boundaries with <svelte:boundary> (#14211)

svelte@5.2.12

Patch Changes

• fix: upgrade to esm-env 1.2.1 to fix issues with non-Vite setups (#14470)

• fix: prevent infinite loops when pruning CSS (#14474)

• fix: generate correct code when encountering object expression statement (#14480)

svelte@5.2.11

Patch Changes

• fix: ignore text and expressions outside the template when validating HTML (#14468)

• fix: better account for render tags when pruning CSS (#14456)

svelte@5.2.10

Patch Changes

• fix: correctly remove unused selectors in middle of selector lists (#14448)

• chore: upgrade esm-env for Vite 6 support (#14460)

• fix: strip exported TypeScript function overloads (#14458)

svelte@5.2.9

... (truncated)

Changelog

Sourced from svelte's changelog.

svelte

4.2.3

Patch Changes

• fix: improve a11y-click-events-have-key-events message (#9358)

• fix: more robust hydration of html tag (#9184)

4.2.2

Patch Changes

• fix: support camelCase properties on custom elements (#9328)

• fix: add missing plaintext-only value to contenteditable type (#9242)

• chore: upgrade magic-string to 0.30.4 (#9292)

• fix: ignore trailing comments when comparing nodes (#9197)

4.2.1

Patch Changes

• fix: update style directive when style attribute is present and is updated via an object prop (#9187)

• fix: css sourcemap generation with unicode filenames (#9120)

• fix: do not add module declared variables as dependencies (#9122)

• fix: handle svelte:element with dynamic this and spread attributes (#9112)

• fix: silence false positive reactive component warning (#9094)

• fix: head duplication when binding is present (#9124)

• fix: take custom attribute name into account when reflecting property (#9140)

• fix: add indeterminate to the list of HTMLAttributes (#9180)

• fix: recognize option value on spread attribute (#9125)

4.2.0

Minor Changes

• feat: move svelteHTML from language-tools into core to load the correct svelte/element types (#9070)

... (truncated)

Commits

• a091fb5 Version Packages (#14501)
• a283083 feat: each without as (#14396)
• a39605e Version Packages (#14499)
• ef640c3 fix: render attributes during SSR regardless of case (#14492)
• 83cec2f chore: better SSR output for <svelte:element> (#14493)
• 1f25bd4 fix: correctly prune CSS for elements inside snippets (#14494)
• 99b4cfb Version Packages (#14489)
• 945b625 fix: Prevent $state bigints incrementing and decrementing from throwing (...
• fe15ad4 fix: treat spread elements the same as call expressions (#14488)
• f75a9a5 Version Packages (#14486)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
capy-life	❌ Failed (Inspect)			Dec 2, 2024 6:41pm

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/svelte@5.4.0	None	+17	4.78 MB	svelte-admin

🚮 Removed packages: npm/svelte@3.59.2, pypi/mako@1.2.4, pypi/markdown-it-py@3.0.0, pypi/markupsafe@2.1.3, pypi/mdurl@0.1.2, pypi/motor-types@1.0.0b4, pypi/motor@3.5.1, pypi/motor@3.6.0, pypi/msgspec@0.16.0, pypi/multidict@6.0.4, pypi/mypy-extensions@1.0.0, pypi/mypy@1.10.1, pypi/mypy@1.13.0, pypi/names@0.3.0, pypi/nanoid@2.0.0, pypi/opentelemetry-api@1.18.0, pypi/opentelemetry-instrumentation-asgi@0.41b0, pypi/opentelemetry-instrumentation@0.41b0, pypi/opentelemetry-semantic-conventions@0.41b0, pypi/opentelemetry-util-http@0.41b0, pypi/packaging@23.1, pypi/pathspec@0.11.1, pypi/picologging@0.9.2

View full report↗︎

[socket-security]

Report is too large to display inline.
View full report↗︎

Next steps

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore pypi/h2@4.1.0
• @SocketSecurity ignore pypi/hpack@4.0.0
• @SocketSecurity ignore pypi/hyperframe@6.0.1
• @SocketSecurity ignore pypi/bump2version@1.0.1
• @SocketSecurity ignore pypi/asttokens@2.4.1
• @SocketSecurity ignore pypi/executing@2.0.1
• @SocketSecurity ignore pypi/beautifulsoup4@4.12.3
• @SocketSecurity ignore pypi/gprof2dot@2024.6.6
• @SocketSecurity ignore pypi/ipykernel@6.29.5
• @SocketSecurity ignore pypi/jsonschema@4.23.0
• @SocketSecurity ignore pypi/exceptiongroup@1.2.2
• @SocketSecurity ignore pypi/incremental@24.7.2
• @SocketSecurity ignore pypi/cython@3.0.11
• @SocketSecurity ignore pypi/furo@2024.8.6
• @SocketSecurity ignore pypi/lxml@5.3.0
• @SocketSecurity ignore pypi/keyring@25.4.1
• @SocketSecurity ignore pypi/astroid@3.3.5
• @SocketSecurity ignore pypi/argcomplete@3.5.1
• @SocketSecurity ignore pypi/gcovr@8.2
• @SocketSecurity ignore pypi/blurb@1.3.0
• @SocketSecurity ignore pypi/coverage@7.6.8