Skip to content

chore(deps): update dependency @sveltejs/kit to v2.53.3 [security]#10204

Merged
renovate[bot] merged 1 commit intomainfrom
renovate/npm-sveltejs-kit-vulnerability
Mar 2, 2026
Merged

chore(deps): update dependency @sveltejs/kit to v2.53.3 [security]#10204
renovate[bot] merged 1 commit intomainfrom
renovate/npm-sveltejs-kit-vulnerability

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Mar 1, 2026

This PR contains the following updates:

Package Change Age Confidence
@sveltejs/kit (source) 2.52.22.53.3 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

GHSA-fpg4-jhqr-589c

Some relatively small inputs can cause very large files arrays in form handlers. If the SvelteKit application code doesn't check files.length or individual files' sizes and performs expensive processing with them, it can result in Denial of Service.

Only users with experimental.remoteFunctions: true who are using the form function and are processing the files array without validation are vulnerable.

Release Notes

sveltejs/kit (@​sveltejs/kit)

v2.53.3

Compare Source

Patch Changes
  • fix: prevent overlapping file metadata in remote functions form (faba869)

v2.53.2

Compare Source

Patch Changes

  • fix: server-render nested form value sets (#​15378)

  • fix: use deep partial types for form remote functions .value() and .set(...) (#​14837)

  • fix: provide correct url info to remote functions (#​15418)

  • fix: allow optional types for remote query/command/prerender functions (#​15293)

  • fix: allow commands in more places (#​15288)

v2.53.1

Compare Source

Patch Changes
  • fix: address warning about inlineDynamicImports when using Vite 8 (#​15403)

v2.53.0

Compare Source

Minor Changes
Patch Changes

  • fix: remove event listeners on form attachment cleanup (#​15286)

  • fix: apply queries refreshed in a form remote function when a redirect is thrown (#​15362)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Mar 1, 2026
@changeset-bot
Copy link

changeset-bot bot commented Mar 1, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: c8ffc43

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 1, 2026

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch renovate/npm-sveltejs-kit-vulnerability

Comment @coderabbitai help to get the list of available commands and usage tips.

@nx-cloud
Copy link

nx-cloud bot commented Mar 1, 2026
edited
Loading

View your CI Pipeline Execution ↗ for commit c8ffc43

Command Status Duration Result
nx affected --targets=test:sherif,test:knip,tes... ✅ Succeeded 4m 32s View ↗
nx run-many --target=build --exclude=examples/*... ✅ Succeeded 2s View ↗

☁️ Nx Cloud last updated this comment at 2026-03-01 21:13:01 UTC

@pkg-pr-new
Copy link

pkg-pr-new bot commented Mar 1, 2026
edited
Loading

More templates

@tanstack/angular-query-experimental

npm i https://pkg.pr.new/TanStack/query/@tanstack/angular-query-experimental@10204

@tanstack/eslint-plugin-query

npm i https://pkg.pr.new/TanStack/query/@tanstack/eslint-plugin-query@10204

@tanstack/preact-query

npm i https://pkg.pr.new/TanStack/query/@tanstack/preact-query@10204

@tanstack/preact-query-devtools

npm i https://pkg.pr.new/TanStack/query/@tanstack/preact-query-devtools@10204

@tanstack/query-async-storage-persister

npm i https://pkg.pr.new/TanStack/query/@tanstack/query-async-storage-persister@10204

@tanstack/query-broadcast-client-experimental

npm i https://pkg.pr.new/TanStack/query/@tanstack/query-broadcast-client-experimental@10204

@tanstack/query-core

npm i https://pkg.pr.new/TanStack/query/@tanstack/query-core@10204

@tanstack/query-devtools

npm i https://pkg.pr.new/TanStack/query/@tanstack/query-devtools@10204

@tanstack/query-persist-client-core

npm i https://pkg.pr.new/TanStack/query/@tanstack/query-persist-client-core@10204

@tanstack/query-sync-storage-persister

npm i https://pkg.pr.new/TanStack/query/@tanstack/query-sync-storage-persister@10204

@tanstack/react-query

npm i https://pkg.pr.new/TanStack/query/@tanstack/react-query@10204

@tanstack/react-query-devtools

npm i https://pkg.pr.new/TanStack/query/@tanstack/react-query-devtools@10204

@tanstack/react-query-next-experimental

npm i https://pkg.pr.new/TanStack/query/@tanstack/react-query-next-experimental@10204

@tanstack/react-query-persist-client

npm i https://pkg.pr.new/TanStack/query/@tanstack/react-query-persist-client@10204

@tanstack/solid-query

npm i https://pkg.pr.new/TanStack/query/@tanstack/solid-query@10204

@tanstack/solid-query-devtools

npm i https://pkg.pr.new/TanStack/query/@tanstack/solid-query-devtools@10204

@tanstack/solid-query-persist-client

npm i https://pkg.pr.new/TanStack/query/@tanstack/solid-query-persist-client@10204

@tanstack/svelte-query

npm i https://pkg.pr.new/TanStack/query/@tanstack/svelte-query@10204

@tanstack/svelte-query-devtools

npm i https://pkg.pr.new/TanStack/query/@tanstack/svelte-query-devtools@10204

@tanstack/svelte-query-persist-client

npm i https://pkg.pr.new/TanStack/query/@tanstack/svelte-query-persist-client@10204

@tanstack/vue-query

npm i https://pkg.pr.new/TanStack/query/@tanstack/vue-query@10204

@tanstack/vue-query-devtools

npm i https://pkg.pr.new/TanStack/query/@tanstack/vue-query-devtools@10204

commit: 7a4ae82

@github-actions
Copy link
Contributor

github-actions bot commented Mar 1, 2026
edited
Loading

size-limit report 📦

Path Size
react full 11.92 KB (0%)
react minimal 8.95 KB (0%)

@renovate renovate bot force-pushed the renovate/npm-sveltejs-kit-vulnerability branch from f731a8c to c8ffc43 Compare March 1, 2026 21:07
@renovate renovate bot merged commit c0c8398 into main Mar 2, 2026
6 checks passed
@renovate renovate bot deleted the renovate/npm-sveltejs-kit-vulnerability branch March 2, 2026 01:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants