chore(deps-dev): bump the svelte group with 3 updates

[dependabot]

Bumps the svelte group with 3 updates: @sveltejs/kit, svelte and vite.

Updates @sveltejs/kit from 2.57.1 to 2.58.0

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.58.0

Minor Changes

• breaking: require limit in requested (as originally intended) (#15739)

• feat: RemoteQueryFunction gains an optional third generic parameter Validated (defaulting to Input) that represents the argument type after schema validation/transformation (#15739)

• breaking: requested now yields { arg, query } entries instead of the validated argument (#15739)

Patch Changes

• fix: allow query().current, .error, .loading, and .ready to work in non-reactive contexts (#15699)

• fix: prevent deep_set crash on nullish nested values (#15600)

• fix: restore correct RemoteFormFields typing for nullable array fields (e.g. when a schema uses .default([])), so .as('checkbox') and friends work again (#15723)

• fix: don't warn about removed SSI comments in transformPageChunk (#15695)

  Server-side include (SSI) directives like <!--#include virtual="..." --> are HTML comments that are replaced by servers such as nginx. Previously, removing them in transformPageChunk would trigger a false positive warning about breaking Svelte's hydration. Since SSI comments always start with <!--# and Svelte's hydration comments never do, they can be safely excluded from the check.

• Change enhance function return type from void to MaybePromise. (#15710)

• fix: throw an error when resolve is called with an external URL (#15733)

• fix: avoid FOUC for CSR-only pages by loading styles and fonts before CSR starts (#15718)

• fix: reset form result on redirect (#15724)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.58.0

Minor Changes

• breaking: require limit in requested (as originally intended) (#15739)

• feat: RemoteQueryFunction gains an optional third generic parameter Validated (defaulting to Input) that represents the argument type after schema validation/transformation (#15739)

• breaking: requested now yields { arg, query } entries instead of the validated argument (#15739)

Patch Changes

• fix: allow query().current, .error, .loading, and .ready to work in non-reactive contexts (#15699)

• fix: prevent deep_set crash on nullish nested values (#15600)

• fix: restore correct RemoteFormFields typing for nullable array fields (e.g. when a schema uses .default([])), so .as('checkbox') and friends work again (#15723)

• fix: don't warn about removed SSI comments in transformPageChunk (#15695)

  Server-side include (SSI) directives like <!--#include virtual="..." --> are HTML comments that are replaced by servers such as nginx. Previously, removing them in transformPageChunk would trigger a false positive warning about breaking Svelte's hydration. Since SSI comments always start with <!--# and Svelte's hydration comments never do, they can be safely excluded from the check.

• Change enhance function return type from void to MaybePromise. (#15710)

• fix: throw an error when resolve is called with an external URL (#15733)

• fix: avoid FOUC for CSR-only pages by loading styles and fonts before CSR starts (#15718)

• fix: reset form result on redirect (#15724)

Commits

• a21582c Version Packages (#15716)
• f499a45 breaking: return bound query instance from requested (#15739)
• 8cc203a fix: don't warn about removed SSI comments in transformPageChunk (#15695)
• 6b41862 Testing fix for CVE-2026-40073 (#15701)
• ee8047b fix: throw on external links in resolve (#15733)
• f06726c Change enhance function return type to void | Promise<void> (#15710)
• b34cc27 fix: reset form result on redirect (#15724)
• 394470c fix: restore correct RemoteFormFields typing for nullable array fields (#15...
• b77f00d fix: allow query().current and other data properties to work in non-reactiv...
• 50cc685 fix: link stylesheets and fonts in the head even when SSR is disabled (#15718)
• Additional commits viewable in compare view

Updates svelte from 5.55.4 to 5.55.5

Release notes

Sourced from svelte's releases.

svelte@5.55.5

Patch Changes

• fix: don't mark deriveds while an effect is updating (#18124)

• fix: do not dispatch introstart event with animation of animate directive (#18122)

Changelog

Sourced from svelte's changelog.

5.55.5

Patch Changes

• fix: don't mark deriveds while an effect is updating (#18124)

• fix: do not dispatch introstart event with animation of animate directive (#18122)

Commits

• b771df3 Version Packages (#18125)
• 8e73190 fix: don't mark deriveds while an effect is updating (#18124)
• 51736e5 fix: do not dispatch transition event with animation (#18122)
• See full diff in compare view

Updates vite from 8.0.9 to 8.0.10

Release notes

Sourced from vite's releases.

v8.0.10

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.10 (2026-04-23)

Features

• update rolldown to 1.0.0-rc.17 (#22299) (a4d06d9)

Bug Fixes

• hmrClient.logger.debug and hmrClient.logger.error looked different from other HMR logs (#22147) (a4d828f)
• css: show filename in CSS minification warnings for .css?inline (#22292) (83f0a78)
• optimizer: allow user transform.target to override default in optimizeDeps (#22273) (5c7cec6)
• remove format sniffing module resolution from JS resolver (#22297) (b8a21cc)

Code Refactoring

• enable some typecheck rules (#22278) (9437518)
• typecheck client directory (#22284) (40a0847)

Commits

• 32c2978 release: v8.0.10
• a4d06d9 feat: update rolldown to 1.0.0-rc.17 (#22299)
• a4d828f fix: hmrClient.logger.debug and hmrClient.logger.error looked different f...
• 83f0a78 fix(css): show filename in CSS minification warnings for .css?inline (#22292)
• b8a21cc fix: remove format sniffing module resolution from JS resolver (#22297)
• 40a0847 refactor: typecheck client directory (#22284)
• 5c7cec6 fix(optimizer): allow user transform.target to override default in optimizeDe...
• 9437518 refactor: enable some typecheck rules (#22278)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions