fix(deps): update core

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update	Pending
@sveltejs/kit (source)	2.8.5 -> 2.10.1					devDependencies	minor	2.12.0 (+2)
bits-ui	1.0.0-next.64 -> 1.0.0-next.70					dependencies	patch	1.0.0-next.72 (+1)
cloudflare (source)	4.47.0 -> 4.48.0					required_provider	minor
eslint (source)	9.15.0 -> 9.16.0					devDependencies	minor	9.17.0
eslint-plugin-svelte (source)	2.46.0 -> 2.46.1					devDependencies	patch
globals	15.12.0 -> 15.13.0					devDependencies	minor
prettier (source)	3.4.1 -> 3.4.2					devDependencies	patch
svelte (source)	5.2.10 -> 5.11.0					devDependencies	minor	5.14.0 (+5)
svelte-check	4.1.0 -> 4.1.1					devDependencies	patch
tailwindcss (source)	3.4.15 -> 3.4.16					devDependencies	patch
typescript-eslint (source)	8.16.0 -> 8.18.0					devDependencies	minor	8.18.1
vitest (source)	2.1.6 -> 2.1.8					devDependencies	patch

---

Release Notes

sveltejs/kit (@​sveltejs/kit)

v2.10.1

Compare Source

Patch Changes

• fix: export init hook from get_hooks (#​13136)

v2.10.0

Compare Source

Minor Changes

• feat: server and client init hook (#​13103)

Patch Changes

• fix: prevent hooks exported from hooks.js from overwriting hooks from hooks.server.js (#​13104)

v2.9.1

Compare Source

Patch Changes

• fix: correctly match route groups preceding optional parameters (#​13099)

v2.9.0

Compare Source

Minor Changes

• feat: Vite 6 support (#​12270)

Patch Changes

• fix: transform link[rel='shortcut icon'] and link[rel='apple-touch-icon'] to be absolute to avoid console error when navigating (#​13077)

huntabyte/bits-ui (bits-ui)

v1.0.0-next.70

Compare Source

Patch Changes

• feat: add onStateChange callback to Command component (#​972)

• BREAKING: Update child snippet behavior of Floating UI-based Content components (#​994)

• fix: issue where you were unable to navigate to the previous menu from within a menu of the menubar via arrow keys (#​990)

• perf: optimize command methods (#​992)

v1.0.0-next.69

Compare Source

Patch Changes

• fix: allow resetting DateField value (#​988)

• optimize classes via prototype bindings (#​986)

v1.0.0-next.68

Compare Source

Patch Changes

• fix: avoidCollisions in Floating UI components (#​984)

v1.0.0-next.67

Compare Source

Patch Changes

• fix: allow Select to handle empty string values via keyboard (#​979)

v1.0.0-next.66

Compare Source

Patch Changes

• fix: make open prop of DateRangePicker and DatePicker $bindable (#​975)

v1.0.0-next.65

Compare Source

Patch Changes

• improve export strategy (#​966)

cloudflare/terraform-provider-cloudflare (cloudflare)

v4.48.0

Compare Source

NOTES:

• resource/cloudflare_ruleset: rules must now be given an explicit ref to avoid their IDs changing across ruleset updates, see https://developers.cloudflare.com/terraform/troubleshooting/rule-id-changes/ (#​4697)

FEATURES:

• New Resource: cloudflare_leaked_credential_check (#​4674)
• New Resource: cloudflare_leaked_credential_check_rule (#​4676)
• New Resource: cloudflare_snippet (#​4565)
• New Resource: cloudflare_snippet_rules (#​4565)

ENHANCEMENTS:

• resource/access_application: add support for destinations and domain_type (#​4661)
• resource/access_identity_provider: document scim_config fields (#​4721)
• resource/cloudflare_access_policy: adds support for Access infrastructure allow_email_alias connection rule flag (#​4665)
• resource/cloudflare_ruleset: improve diffs when only some rules are changed (#​4697)
• resource/cloudflare_teams_list: use PUT call to update list items (#​4737)
• resource/cloudflare_zero_trust_access_policy: adds support for Access infrastructure allow_email_alias connection rule flag (#​4665)

BUG FIXES:

• resource/cloudflare_authenticated_origin_pulls: Fix issue where resources are disabled instead of being destroyed on tf destroy (#​4649)
• resource/cloudflare_leaked_credential_check_rule: Fix bug in update method (#​4741)

DEPENDENCIES:

• provider: bump github.com/cloudflare/cloudflare-go from 0.110.0 to 0.111.0 (#​4709)
• provider: bump golang.org/x/net from 0.31.0 to 0.32.0 (#​4718)

eslint/eslint (eslint)

v9.16.0

Compare Source

Features

• 8f70eb1 feat: Add ignoreComputedKeys option in sort-keys rule (#​19162) (Milos Djermanovic)

Documentation

• 9eefc8f docs: fix typos in use-isnan (#​19190) (루밀LuMir)
• 0c8cea8 docs: switch the order of words in no-unreachable (#​19189) (루밀LuMir)
• 0c19417 docs: add missing backtick to no-async-promise-executor (#​19188) (루밀LuMir)
• 8df9276 docs: add backtick in -0 in description of no-compare-neg-zero (#​19186) (루밀LuMir)
• 7e16e3f docs: fix caseSensitive option's title of sort-keys (#​19183) (Tanuj Kanti)
• 0c6b842 docs: fix typos in migration-guide.md (#​19180) (루밀LuMir)
• 353266e docs: fix a typo in debug.md (#​19179) (루밀LuMir)
• 5ff318a docs: delete unnecessary horizontal rule(---) in nodejs-api (#​19175) (루밀LuMir)
• 576bcc5 docs: mark more rules as handled by TypeScript (#​19164) (Tanuj Kanti)
• 742d054 docs: note that no-restricted-syntax can be used with any language (#​19148) (Milos Djermanovic)

Chores

• feb703b chore: upgrade to @eslint/[email protected] (#​19195) (Francesco Trotta)
• df9bf95 chore: package.json update for @​eslint/js release (Jenkins)
• f831893 chore: add type for ignoreComputedKeys option of sort-keys (#​19184) (Tanuj Kanti)
• 3afb8a1 chore: update dependency @​eslint/json to ^0.8.0 (#​19177) (Milos Djermanovic)
• 1f77c53 chore: add repository.directory property to package.json (#​19165) (루밀LuMir)
• d460594 chore: update dependency @​arethetypeswrong/cli to ^0.17.0 (#​19147) (renovate[bot])
• 45cd4ea refactor: update default options in rules (#​19136) (Milos Djermanovic)

sveltejs/eslint-plugin-svelte (eslint-plugin-svelte)

v2.46.1

Compare Source

Patch Changes

• sveltejs/eslint-plugin-svelte@a6b19c0 fix: crash with eslint v9.16.0 in svelte/no-inner-declarations

sindresorhus/globals (globals)

v15.13.0

Compare Source

prettier/prettier (prettier)

v3.4.2

Compare Source

diff

Treat U+30A0 & U+30FB in Katakana Block as CJK (#​16796 by @​tats-u)

Prettier doesn't treat U+30A0 & U+30FB as Japanese. U+30FB is commonly used in Japanese to represent the delimitation of first and last names of non-Japanese people or “and”. The following “C言語・C++・Go・Rust” means “C language & C++ & Go & Rust” in Japanese.

<!-- Input (--prose-wrap=never) -->

C言
語
・
C++
・
Go
・
Rust

<!-- Prettier 3.4.1 -->
C言語・ C++ ・ Go ・ Rust

<!-- Prettier 3.4.2 -->
C言語・C++・Go・Rust

U+30A0 can be used as the replacement of the - in non-Japanese names (e.g. “Saint-Saëns” (Charles Camille Saint-Saëns) can be represented as “サン゠サーンス” in Japanese), but substituted by ASCII hyphen (U+002D) or U+FF1D (full width hyphen) in many cases (e.g. “サン=サーンス” or “サン＝サーンス”).

Fix comments print on class methods with decorators (#​16891 by @​fisker)

// Input
class A {
  @​decorator
  /** 
   * The method description
   *
  */
  async method(foo: Foo, bar: Bar) {
    console.log(foo);
  }
}

// Prettier 3.4.1
class A {
  @​decorator
  async /**
   * The method description
   *
   */
  method(foo: Foo, bar: Bar) {
    console.log(foo);
  }
}

// Prettier 3.4.2
class A {
  @​decorator
  /**
   * The method description
   *
   */
  async method(foo: Foo, bar: Bar) {
    console.log(foo);
  }
}

Fix non-idempotent formatting (#​16899 by @​seiyab)

This bug fix is not language-specific. You may see similar change in any languages. This fixes regression in 3.4.0 so change caused by it should yield same formatting as 3.3.3.

// Input
<div>
  foo
  <span>longlonglonglonglonglonglonglonglonglonglonglonglonglonglongl foo</span>
  , abc
</div>;

// Prettier 3.4.1 (first)
<div>
  foo
  <span>
    longlonglonglonglonglonglonglonglonglonglonglonglonglonglongl foo
  </span>, abc
</div>;

// Prettier 3.4.1 (second)
<div>
  foo
  <span>longlonglonglonglonglonglonglonglonglonglonglonglonglonglongl foo</span>
  , abc
</div>;

// Prettier 3.4.2
<div>
  foo
  <span>longlonglonglonglonglonglonglonglonglonglonglonglonglonglongl foo</span>
  , abc
</div>;

sveltejs/svelte (svelte)

v5.11.0

Compare Source

Minor Changes

• feat: add svelte/reactivity/window module (#​14660)

Patch Changes

• fix: take into account registration state when setting custom element props (#​14508)

v5.10.1

Compare Source

Patch Changes

• fix: ensure snippet hoisting works in the correct scope (#​14642)

• fix: ensure $state.snapshot clones holey arrays correctly (#​14657)

• fix: restore input binding selection position (#​14649)

• fix: transform everything that is not a selector inside :global (#​14577)

• Overwrite Spring.#last_value when using .set() with {instant: true} (#​14656)

• fix: don't emit assignment warnings for bindings (#​14651)

v5.10.0

Compare Source

Minor Changes

• feat: provide links to documentation for errors/warnings (#​14629)

Patch Changes

• fix: allow exports with source from script module even if no bind is present (#​14620)

• fix: deconflict get_name for literal class properties (#​14607)

v5.9.1

Compare Source

Patch Changes

• fix: mark subtree dynamic for bind with sequence expressions (#​14626)

v5.9.0

Compare Source

Minor Changes

• feat: add support for bind getters/setters (#​14307)

Patch Changes

• fix: always run if block code the first time (#​14597)

v5.8.1

Compare Source

Patch Changes

• fix: reinstate missing prefersReducedMotion export (#​14586)

v5.8.0

Compare Source

Minor Changes

• feat: add Spring and Tween classes to svelte/motion (#​11519)

v5.7.1

Compare Source

Patch Changes

• fix: ensure bindings always take precedence over spreads (#​14575)

v5.7.0

Compare Source

Minor Changes

• feat: add createSubscriber function for creating reactive values that depend on subscriptions (#​14422)

• feat: add reactive MediaQuery class, and a prefersReducedMotion class instance (#​14422)

Patch Changes

• fix: treat undefined and null the same for the initial input value (#​14562)

v5.6.2

Compare Source

Patch Changes

• chore: make if blocks tree-shakable (#​14549)

v5.6.1

Compare Source

Patch Changes

• fix: handle static form values in combination with default values (#​14555)

v5.6.0

Compare Source

Minor Changes

• feat: support defaultValue/defaultChecked for inputs (#​14289)

v5.5.4

Compare Source

Patch Changes

• fix: better error messages for invalid HTML trees (#​14445)

• fix: remove spreaded event handlers when they become nullish (#​14546)

• fix: respect the unidirectional nature of time (#​14541)

v5.5.3

Compare Source

Patch Changes

• fix: don't try to add owners to non-$state class fields (#​14533)

• fix: capture infinite_loop_guard in error boundary (#​14534)

• fix: proxify values when assigning using ||=, &&= and ??= operators (#​14273)

v5.5.2

Compare Source

Patch Changes

• fix: use correct reaction when lazily creating deriveds inside SvelteDate (#​14525)

v5.5.0

Compare Source

Minor Changes

• feat: allow snippets to be exported from module scripts (#​14315)

Patch Changes

• fix: ignore TypeScript generics on variables (#​14509)

v5.4.0

Compare Source

Minor Changes

• feat: support #each without as (#​14396)

v5.3.2

Compare Source

Patch Changes

• fix: correctly prune CSS for elements inside snippets (#​14494)

• fix: render attributes during SSR regardless of case (#​14492)

v5.3.1

Compare Source

Patch Changes

• fix: treat spread elements the same as call expressions (#​14488)

• fix: correctly increment/decrement bigints (#​14485)

v5.3.0

Compare Source

Minor Changes

• feat: add error boundaries with <svelte:boundary> (#​14211)

v5.2.12

Compare Source

Patch Changes

• fix: upgrade to esm-env 1.2.1 to fix issues with non-Vite setups (#​14470)

• fix: prevent infinite loops when pruning CSS (#​14474)

• fix: generate correct code when encountering object expression statement (#​14480)

v5.2.11

Compare Source

Patch Changes

• fix: ignore text and expressions outside the template when validating HTML (#​14468)

• fix: better account for render tags when pruning CSS (#​14456)

sveltejs/language-tools (svelte-check)

v4.1.1

Compare Source

• fix: support each without as (#​2615)

tailwindlabs/tailwindcss (tailwindcss)

v3.4.16

Compare Source

Fixed

• Ensure the TypeScript types for PluginsConfig allow undefined values (#​14668)

Changed

• Bumped lilconfig to v3.x (#​15289)

typescript-eslint/typescript-eslint (typescript-eslint)

v8.18.0

Compare Source

🩹 Fixes

• typescript peer dependency (#​10373)

❤️ Thank You

• rtritto

You can read about our versioning strategy and releases on our website.

v8.17.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

vitest-dev/vitest (vitest)

v2.1.8

Compare Source

   🐞 Bug Fixes

• Support Node 21  -  by @​sheremet-va (92f7a)

    View changes on GitHub

v2.1.7

Compare Source

   🐞 Bug Fixes

• Revert support for Vite 6  -  by @​sheremet-va (fbe5c)
  • This introduced some breaking changes (https://github.com/vitest-dev/vitest/issues/6992). We will enable support at a later time. In the meantime, you can still use pnpm.overrides or yarn resolutions to override the vite version in the vitest package - the APIs are compatible.

    View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - "on tuesday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

📖 Preview of ui.immich.app deployed to ui.pr-39.dev.immich.app