chore(deps-dev): bump the all-pnpm-dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the all-pnpm-dependencies group with 4 updates in the / directory: @sveltejs/kit, rollup, svelte and vite.

Updates @sveltejs/kit from 2.48.5 to 2.49.0

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.49.0

Minor Changes

• feat: stream file uploads inside form remote functions allowing form data to be accessed before large files finish uploading (#14775)

@​sveltejs/kit@​2.48.8

Patch Changes

• breaking: invalid now must be imported from @sveltejs/kit (#14768)

• breaking: remove submitter option from experimental form validate() method, always provide default submitter (#14762)

@​sveltejs/kit@​2.48.7

Patch Changes

• fix: allow multiple server-timing headers (#14700)

• fix: allow access to root-level issues in schema-less forms (#14893)

• fix: allow hosting hash-based apps from non-index.html files (#14825)

@​sveltejs/kit@​2.48.6

Patch Changes

• fix: clear issues upon passing validation (#14683)

• fix: don't use fork of unrelated route (#14947)

• fix: prevent type errors when optional @opentelemetry/api dependency isn't installed (#14949)

• fix: preserve this when invoking standard validator (#14943)

• fix: treat client/universal hooks as entrypoints for illegal server import detection (#14876)

• fix: correct query .set and .refresh behavior in commands (#14877)

• fix: improved the accuracy of the types of the output of field.as('...') (#14908)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.49.0

Minor Changes

• feat: stream file uploads inside form remote functions allowing form data to be accessed before large files finish uploading (#14775)

2.48.8

Patch Changes

• breaking: invalid now must be imported from @sveltejs/kit (#14768)

• breaking: remove submitter option from experimental form validate() method, always provide default submitter (#14762)

2.48.7

Patch Changes

• fix: allow multiple server-timing headers (#14700)

• fix: allow access to root-level issues in schema-less forms (#14893)

• fix: allow hosting hash-based apps from non-index.html files (#14825)

2.48.6

Patch Changes

• fix: clear issues upon passing validation (#14683)

• fix: don't use fork of unrelated route (#14947)

• fix: prevent type errors when optional @opentelemetry/api dependency isn't installed (#14949)

• fix: preserve this when invoking standard validator (#14943)

• fix: treat client/universal hooks as entrypoints for illegal server import detection (#14876)

• fix: correct query .set and .refresh behavior in commands (#14877)

• fix: improved the accuracy of the types of the output of field.as('...') (#14908)

Commits

• ab37849 Version Packages (#14959)
• d07ddcf feat: Streaming file uploads (#14775)
• dfb41e1 Version Packages (#14958)
• b9635ab breaking: remove submitter option from experimental form validate(…) meth...
• bd55128 breaking: invalid now must be imported from @sveltejs/kit (#14768)
• 9f55c85 Version Packages (#14954)
• 5b30755 fix: allow hosting hash apps from other html files (#14825)
• 2ff3951 fix: allow access to root-level issues in schema-less forms (#14893)
• 0889a2a fix: append server-timing header value if key exist when using setHeaders...
• f316be0 Version Packages (#14948)
• Additional commits viewable in compare view

Updates rollup from 4.53.2 to 4.53.3

Release notes

Sourced from rollup's releases.

v4.53.3

4.53.3

2025-11-19

Bug Fixes

• Fix an error where too many modules where flagged for having an unused external import (#6182)
• Fix an error where an assignment was wrongly tree-shaken when mutating it (#6183)

Pull Requests

• #6171: Add test-install CI job to test packaging, installation and importing of rollup package (@​antoninkriz, @​lukastaegert)
• #6174: Re-enable TypeScript test (@​lukastaegert)
• #6180: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6182: Tracing the importers chain for exported variables in external module (@​TrickyPi, @​lukastaegert)
• #6183: Check if left side is included when checking if assigning to an assignment has side effects (@​lukastaegert)

Changelog

Sourced from rollup's changelog.

4.53.3

2025-11-19

Bug Fixes

• Fix an error where too many modules where flagged for having an unused external import (#6182)
• Fix an error where an assignment was wrongly tree-shaken when mutating it (#6183)

Pull Requests

• #6171: Add test-install CI job to test packaging, installation and importing of rollup package (@​antoninkriz, @​lukastaegert)
• #6174: Re-enable TypeScript test (@​lukastaegert)
• #6180: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6182: Tracing the importers chain for exported variables in external module (@​TrickyPi, @​lukastaegert)
• #6183: Check if left side is included when checking if assigning to an assignment has side effects (@​lukastaegert)

Commits

• 998b595 4.53.3
• ef834c2 Tracing the importers chain for exported variables in external module (#6182)
• fb21d56 Check if left side is included when checking if assigning to an assignment ha...
• 4b4581d Add test-install CI job to test packaging, installation and importing of roll...
• 18ee41b fix(deps): lock file maintenance minor/patch updates (#6180)
• f0a80d1 Re-enable TypeScript test (#6174)
• See full diff in compare view

Updates svelte from 5.43.8 to 5.43.14

Release notes

Sourced from svelte's releases.

[email protected]

Patch Changes

• fix: correctly migrate named self closing slots (#17199)

• fix: error at compile time instead of at runtime on await expressions inside bindings/transitions/animations/attachments (#17198)

• fix: take async blockers into account for bindings/transitions/animations/attachments (#17198)

[email protected]

Patch Changes

• fix: don't set derived values during time traveling (#17200)

[email protected]

Patch Changes

• fix: maintain correct linked list of effects when updating each blocks (#17191)

[email protected]

Patch Changes

• perf: don't use tracing overeager during dev (#17183)

• fix: don't cancel transition of already outroing elements (#17186)

[email protected]

Patch Changes

• fix: avoid other batches running with queued root effects of main batch (#17145)

[email protected]

Patch Changes

• fix: correctly handle functions when determining async blockers (#17137)

• fix: keep deriveds reactive after their original parent effect was destroyed (#17171)

• fix: ensure eager effects don't break reactions chain (#17138)

• fix: ensure async @const in boundary hydrates correctly (#17165)

• fix: take blockers into account when creating #await blocks (#17137)

• fix: parallelize async @consts in the template (#17165)

Changelog

Sourced from svelte's changelog.

5.43.14

Patch Changes

• fix: correctly migrate named self closing slots (#17199)

• fix: error at compile time instead of at runtime on await expressions inside bindings/transitions/animations/attachments (#17198)

• fix: take async blockers into account for bindings/transitions/animations/attachments (#17198)

5.43.13

Patch Changes

• fix: don't set derived values during time traveling (#17200)

5.43.12

Patch Changes

• fix: maintain correct linked list of effects when updating each blocks (#17191)

5.43.11

Patch Changes

• perf: don't use tracing overeager during dev (#17183)

• fix: don't cancel transition of already outroing elements (#17186)

5.43.10

Patch Changes

• fix: avoid other batches running with queued root effects of main batch (#17145)

5.43.9

Patch Changes

• fix: correctly handle functions when determining async blockers (#17137)

• fix: keep deriveds reactive after their original parent effect was destroyed (#17171)

• fix: ensure eager effects don't break reactions chain (#17138)

• fix: ensure async @const in boundary hydrates correctly (#17165)

• fix: take blockers into account when creating #await blocks (#17137)

... (truncated)

Commits

• 1aafbc4 Version Packages (#17204)
• 91486fa fix: take async into account for bindings/transitions/animations/attachments ...
• a17dc3c fix: correctly migrate named self closing slots (#17199)
• 1101810 Version Packages (#17202)
• 056b201 fix: don't set derived values during time traveling (#17163)
• 9ccbd73 Version Packages (#17192)
• e365890 fix: maintain correct linked list of effects when updating each blocks (#17191)
• 92c936d Version Packages (#17189)
• 203c228 fix: don't cancel transition of already outroing elements (#17186)
• ebb97a6 perf: don't use tracing overeager during dev (#17183)
• Additional commits viewable in compare view

Updates vite from 7.2.2 to 7.2.4

Release notes

Sourced from vite's releases.

v7.2.4

Please refer to CHANGELOG.md for details.

v7.2.3

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.2.4 (2025-11-20)

Bug Fixes

• revert "perf(deps): replace debug with obug (#21107)" (2d66b7b)

7.2.3 (2025-11-20)

Bug Fixes

• allow multiple bindCLIShortcuts calls with shortcut merging (#21103) (5909efd)
• deps: update all non-major dependencies (#21096) (6a34ac3)
• deps: update all non-major dependencies (#21128) (4f8171e)

Performance Improvements

• deps: replace debug with obug (#21107) (acfe939)

Miscellaneous Chores

• deps: update dependency @​rollup/plugin-commonjs to v29 (#21099) (02ceaec)
• deps: update rolldown-related dependencies (#21095) (39a0a15)
• deps: update rolldown-related dependencies (#21127) (5029720)

Commits

• 24a611f release: v7.2.4
• 2d66b7b fix: revert "perf(deps): replace debug with obug (#21107)"
• a668014 release: v7.2.3
• acfe939 perf(deps): replace debug with obug (#21107)
• 4f8171e fix(deps): update all non-major dependencies (#21128)
• 5029720 chore(deps): update rolldown-related dependencies (#21127)
• 5909efd fix: allow multiple bindCLIShortcuts calls with shortcut merging (#21103)
• 39a0a15 chore(deps): update rolldown-related dependencies (#21095)
• 6a34ac3 fix(deps): update all non-major dependencies (#21096)
• 02ceaec chore(deps): update dependency @​rollup/plugin-commonjs to v29 (#21099)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions