build(deps-dev): bump @sveltejs/kit from 2.57.1 to 2.58.0 in /cornucopia.owasp.org

[dependabot]

Bumps @sveltejs/kit from 2.57.1 to 2.58.0.

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.58.0

Minor Changes

• breaking: require limit in requested (as originally intended) (#15739)

• feat: RemoteQueryFunction gains an optional third generic parameter Validated (defaulting to Input) that represents the argument type after schema validation/transformation (#15739)

• breaking: requested now yields { arg, query } entries instead of the validated argument (#15739)

Patch Changes

• fix: allow query().current, .error, .loading, and .ready to work in non-reactive contexts (#15699)

• fix: prevent deep_set crash on nullish nested values (#15600)

• fix: restore correct RemoteFormFields typing for nullable array fields (e.g. when a schema uses .default([])), so .as('checkbox') and friends work again (#15723)

• fix: don't warn about removed SSI comments in transformPageChunk (#15695)

  Server-side include (SSI) directives like <!--#include virtual="..." --> are HTML comments that are replaced by servers such as nginx. Previously, removing them in transformPageChunk would trigger a false positive warning about breaking Svelte's hydration. Since SSI comments always start with <!--# and Svelte's hydration comments never do, they can be safely excluded from the check.

• Change enhance function return type from void to MaybePromise. (#15710)

• fix: throw an error when resolve is called with an external URL (#15733)

• fix: avoid FOUC for CSR-only pages by loading styles and fonts before CSR starts (#15718)

• fix: reset form result on redirect (#15724)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.58.0

Minor Changes

• breaking: require limit in requested (as originally intended) (#15739)

• feat: RemoteQueryFunction gains an optional third generic parameter Validated (defaulting to Input) that represents the argument type after schema validation/transformation (#15739)

• breaking: requested now yields { arg, query } entries instead of the validated argument (#15739)

Patch Changes

• fix: allow query().current, .error, .loading, and .ready to work in non-reactive contexts (#15699)

• fix: prevent deep_set crash on nullish nested values (#15600)

• fix: restore correct RemoteFormFields typing for nullable array fields (e.g. when a schema uses .default([])), so .as('checkbox') and friends work again (#15723)

• fix: don't warn about removed SSI comments in transformPageChunk (#15695)

  Server-side include (SSI) directives like <!--#include virtual="..." --> are HTML comments that are replaced by servers such as nginx. Previously, removing them in transformPageChunk would trigger a false positive warning about breaking Svelte's hydration. Since SSI comments always start with <!--# and Svelte's hydration comments never do, they can be safely excluded from the check.

• Change enhance function return type from void to MaybePromise. (#15710)

• fix: throw an error when resolve is called with an external URL (#15733)

• fix: avoid FOUC for CSR-only pages by loading styles and fonts before CSR starts (#15718)

• fix: reset form result on redirect (#15724)

Commits

• a21582c Version Packages (#15716)
• f499a45 breaking: return bound query instance from requested (#15739)
• 8cc203a fix: don't warn about removed SSI comments in transformPageChunk (#15695)
• 6b41862 Testing fix for CVE-2026-40073 (#15701)
• ee8047b fix: throw on external links in resolve (#15733)
• f06726c Change enhance function return type to void | Promise<void> (#15710)
• b34cc27 fix: reset form result on redirect (#15724)
• 394470c fix: restore correct RemoteFormFields typing for nullable array fields (#15...
• b77f00d fix: allow query().current and other data properties to work in non-reactiv...
• 50cc685 fix: link stylesheets and fonts in the head even when SSR is disabled (#15718)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)