chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@eslint/js (source)	^9.36.0 -> ^9.37.0
@testing-library/jest-dom	^6.9.0 -> ^6.9.1
@types/node (source)	^24.6.0 -> ^24.7.2
eslint (source)	^9.36.0 -> ^9.37.0
happy-dom	^20.0.0 -> ^20.0.1
pnpm (source)	10.17.1 -> 10.18.3
svelte (source)	^5.39.7 -> ^5.40.0
svelte-check	^4.3.2 -> ^4.3.3
typescript (source)	^5.9.2 -> ^5.9.3
typescript-eslint (source)	^8.45.0 -> ^8.46.1
vite (source)	^7.1.7 -> ^7.1.10

---

Release Notes

eslint/eslint (@​eslint/js)

v9.37.0

Compare Source

testing-library/jest-dom (@​testing-library/jest-dom)

v6.9.1

Compare Source

eslint/eslint (eslint)

v9.37.0

Compare Source

capricorn86/happy-dom (happy-dom)

v20.0.1

Compare Source

pnpm/pnpm (pnpm)

v10.18.3

Compare Source

Patch Changes

• Fix a bug where pnpm would infinitely recurse when using verifyDepsBeforeInstall: install and pre/post install scripts that called other pnpm scripts #​10060.
• Fixed scoped registry keys (e.g., @scope:registry) being parsed as property paths in pnpm config get when --location=project is used #​9362.
• Remove pnpm-specific CLI options before passing to npm publish to prevent "Unknown cli config" warnings #​9646.
• Fixed EISDIR error when bin field points to a directory #​9441.
• Preserve version and hasBin for variations packages #​10022.
• Fixed pnpm config set --location=project incorrectly handling keys with slashes (auth tokens, registry settings) #​9884.
• When both pnpm-workspace.yaml and .npmrc exist, pnpm config set --location=project now writes to pnpm-workspace.yaml (matching read priority) #​10072.
• Prevent a table width error in pnpm outdated --long #​10040.
• Sync bin links after injected dependencies are updated by build scripts. This ensures that binaries created during build processes are properly linked and accessible to consuming projects #​10057.

v10.18.2

Compare Source

Patch Changes

• pnpm outdated --long should work #​10040.
• Replace ndjson with split2. Reduce the bundle size of pnpm CLI #​10054.
• pnpm dlx should request the full metadata of packages, when minimumReleaseAge is set #​9963.
• pnpm version switching should work when the pnpm home directory is in a symlinked directory #​9715.
• Fix EPIPE errors when piping output to other commands #​10027.

v10.18.1

Compare Source

Patch Changes

• Don't print a warning, when --lockfile-only is used #​8320.
• pnpm setup creates a command shim to the pnpm executable. This is needed to be able to run pnpm self-update on Windows #​5700.
• When using pnpm catalogs and running a normal pnpm install, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This warning now only prints when using pnpm add --save-catalog as originally intended.

v10.18.0

Compare Source

Minor Changes

• Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.

  Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps.
  Warning messages are displayed when requests exceed time thresholds or fall below speed minimums

  Related PR: #​10025.

Patch Changes

• Retry filesystem operations on EAGAIN errors #​9959.
• Outdated command respects minimumReleaseAge configuration #​10030.
• Correctly apply the cleanupUnusedCatalogs configuration when removing dependent packages.
• Don't fail with a meaningless error when scriptShell is set to false #​8748.
• pnpm dlx should not fail when minimumReleaseAge is set #​10037.

sveltejs/svelte (svelte)

v5.40.0

Compare Source

Minor Changes

• feat: add createContext utility for type-safe context (#​16948)

Patch Changes

• chore: simplify batch.apply() (#​16945)

• fix: don't rerun async effects unnecessarily (#​16944)

v5.39.13

Compare Source

Patch Changes

• fix: add missing type for fr attribute for radialGradient tags in svg (#​16943)

• fix: unset context on stale promises (#​16935)

v5.39.12

Compare Source

Patch Changes

• fix: better input cursor restoration for bind:value (#​16925)

• fix: track the user's getter of bind:this (#​16916)

• fix: generate correct SSR code for the case where pending is an attribute (#​16919)

• fix: generate correct code for each blocks with async body (#​16923)

v5.39.11

Compare Source

Patch Changes

• fix: flush batches whenever an async value resolves (#​16912)

v5.39.10

Compare Source

Patch Changes

• fix: hydrate each blocks inside element correctly (#​16908)

• fix: allow await in if block consequent and alternate (#​16890)

• fix: don't replace rest props with $$props for excluded props (#​16898)

• fix: correctly transform $derived private fields on server (#​16894)

• fix: add UNKNOWN evaluation value before breaking for binding.initial===SnippetBlock (#​16910)

v5.39.9

Compare Source

Patch Changes

• fix: flush when pending boundaries resolve (#​16897)

v5.39.8

Compare Source

Patch Changes

• fix: check boundary pending attribute at runtime on server (#​16855)

• fix: preserve tuple type in $state.snapshot (#​16864)

• fix: allow await in svelte:boundary without pending (#​16857)

• fix: update bind:checked error message to clarify usage with radio inputs (#​16874)

sveltejs/language-tools (svelte-check)

v4.3.3

Compare Source

Patch Changes

• fix: prevent file watcher issue (#​2859)

• fix: allow undefined and null values for #each in Svelte 5 (#​2863)

• perf: check if file content changed in tsconfig file watch (#​2859)

microsoft/TypeScript (typescript)

v5.9.3

Compare Source

typescript-eslint/typescript-eslint (typescript-eslint)

v8.46.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.46.0

Compare Source

🚀 Features

• typescript-eslint: export util types (#​10848, #​10849)

❤️ Thank You

• Mister-Hope @​Mister-Hope

You can read about our versioning strategy and releases on our website.

vitejs/vite (vite)

v7.1.10

Compare Source

Bug Fixes

• css: avoid duplicate style for server rendered stylesheet link and client inline style during dev (#​20767) (3a92bc7)
• css: respect emitAssets when cssCodeSplit=false (#​20883) (d3e7eee)
• deps: update all non-major dependencies (879de86)
• deps: update all non-major dependencies (#​20894) (3213f90)
• dev: allow aliases starting with // (#​20760) (b95fa2a)
• dev: remove timestamp query consistently (#​20887) (6537d15)
• esbuild: inject esbuild helpers correctly for esbuild 0.25.9+ (#​20906) (446eb38)
• normalize path before calling fileToBuiltUrl (#​20898) (73b6d24)
• preserve original sourcemap file field when combining sourcemaps (#​20926) (c714776)

Documentation

• correct WebSocket spelling (#​20890) (29e98dc)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20923) (a5e3b06)

v7.1.9

Compare Source

Reverts

• server: drain stdin when not interactive (#​20885) (12d72b0)

v7.1.8

Compare Source

Bug Fixes

• css: improve url escape characters handling (#​20847) (24a61a3)
• deps: update all non-major dependencies (#​20855) (788a183)
• deps: update artichokie to 0.4.2 (#​20864) (e670799)
• dev: skip JS responses for document requests (#​20866) (6bc6c4d)
• glob: fix HMR for array patterns with exclusions (#​20872) (63e040f)
• keep ids for virtual modules as-is (#​20808) (d4eca98)
• server: drain stdin when not interactive (#​20837) (bb950e9)
• server: improve malformed URL handling in middlewares (#​20830) (d65a983)

Documentation

• create-vite: provide deno example (#​20747) (fdb758a)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20810) (ea68a88)
• deps: update rolldown-related dependencies (#​20854) (4dd06fd)
• update url of create-react-app license (#​20865) (166a178)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
sv-router	Ignored	Preview		Oct 15, 2025 2:43am

[changeset-bot]

⚠️ No Changeset found

Latest commit: 78a8135

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR