chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@angular/common (source)	^19.2.4 -> ^19.2.14
@angular/core (source)	^19.2.4 -> ^19.2.14
@angular/platform-browser-dynamic (source)	^20.0.6 -> ^20.1.2
@antfu/eslint-config	^4.16.2 -> ^4.17.0
eslint (source)	^9.30.1 -> ^9.31.0
pnpm (source)	10.12.4 -> 10.13.1
react (source)	>=18 -> >=18.3.1
svelte (source)	>=5.23.0 -> >=5.36.8
vue (source)	>=3.5.13 -> >=3.5.17

---

Release Notes

angular/angular (@​angular/common)

v19.2.14

Compare Source

compiler

Commit	Type	Description
24bab55f0c	fix	lexer support for template literals in object literals (#​61601)

migrations

Commit	Type	Description
9e1cd49662	fix	preserve comments when removing unused imports (#​61674)

v19.2.13

Compare Source

common

Commit	Type	Description
2c876b4fc5	fix	avoid injecting ApplicationRef in FetchBackend (#​61649)

service-worker

Commit	Type	Description
b15bddfa04	fix	do not register service worker if app is destroyed before it is ready to register (#​61101)

v19.2.12

Compare Source

common

Commit	Type	Description
126efc9972	fix	cancel reader when app is destroyed (#​61528)
efda872453	fix	prevent reading chunks if app is destroyed (#​61354)

compiler

Commit	Type	Description
44bb328eae	fix	avoid conflicts between HMR code and local symbols (#​61550)

compiler-cli

Commit	Type	Description
107180260f	fix	Always retain prior results for all files (#​61487)
1191e62d70	fix	avoid ECMAScript private field metadata emit (#​61227)

core

Commit	Type	Description
2b1b14f4d3	fix	cleanup rxResource abort listener (#​58306)
8f9b05eaaa	fix	cleanup testability subscriptions (#​61261)
eb53bda470	fix	enable stashing only when withEventReplay() is invoked (#​61352)
94f5a4b4d6	fix	Testing should not throw when Zone does not patch test FW APIs (#​61376)
c0c69a5abc	fix	unregister onDestroy in toSignal. (#​61514)

platform-server

Commit	Type	Description
8edafd0559	perf	speed up resolution of base (#​61392)

v19.2.11

Compare Source

v19.2.10

Compare Source

common

Commit	Type	Description
89056a0356	fix	cleanup updateLatestValue if view is destroyed before promise resolves (#​61064)

core

Commit	Type	Description
4623b61448	fix	missing useExisting providers throwing for optional calls (#​61152)
400dbc5b89	fix	properly handle app stabilization with defer blocks (#​61056)

platform-server

Commit	Type	Description
a6f0d5bc20	fix	less aggressive ngServerMode cleanup (#​61106)

v19.2.9

Compare Source

core

Commit	Type	Description
946b844e0d	fix	async EventEmitter error should not prevent stability (#​61028)
dbb87026ca	fix	call DestroyRef on destroy callback if view is destroyed [patch] (#​61061)
2e140a136a	fix	prevent stash listener conflicts [patch] (#​61063)

v19.2.8

Compare Source

forms

Commit	Type	Description
ea4a211216	fix	make NgForm emit FormSubmittedEvent and FormResetEvent (#​60887)

v19.2.7

Compare Source

common

Commit	Type	Description
37ab6814f5	fix	issue a warning instead of an error when NgOptimizedImage exceeds the preload limit (#​60883)

core

Commit	Type	Description
b144126612	fix	inject migration: replace param with this. (#​60713)

http

Commit	Type	Description
d39e09da41	fix	Include HTTP status code and headers when HTTP requests errored in httpResource (#​60802)

v19.2.6

Compare Source

compiler

Commit	Type	Description
3441f7b914	fix	error if rawText isn't estimated correctly (#​60529) (#​60753)

compiler-cli

Commit	Type	Description
fc946c5f72	fix	ensure HMR works with different output module type (#​60797)

core

Commit	Type	Description
00bbd9b382	fix	fix docs for output migration (#​60764)
f2bfa3151e	fix	fix ng generate @​angular/core:output-migration. Fixes angular#​58650 (#​60763)
9241615ad0	fix	reduce total memory usage of various migration schematics (#​60776)

language-service

Commit	Type	Description
0e82d42774	fix	Do not provide element completions in end tag (#​60616)
fcdef1019f	fix	Ensure dollar signs are escaped in completions (#​60597)

v19.2.5

Compare Source

Commit	Type	Description
e61d06afb5	fix	step 6 tutorial docs (#​60630)

animations

Commit	Type	Description
fa48f98d9f	fix	add missing peer dependency on @angular/common (#​60660)

compiler

Commit	Type	Description
ca5aa4d55b	fix	throw for invalid "as" expression in if block (#​60580)

compiler-cli

Commit	Type	Description
f4c4b10ea8	fix	Produce fatal diagnostic on duplicate decorated properties (#​60376)
22a0e54ac4	fix	support relative imports to symbols outside rootDir (#​60555)

core

Commit	Type	Description
64da69f7b6	fix	check ngDevMode for undefined (#​60565)
8f68d1bec3	fix	fix ng generate @​angular/core:output-migration (#​60626)
bc79985c65	fix	fix regexp for event types (#​60592)
006ac7f22f	fix	fixes #​592882 ng generate @​angular/core:signal-queries-migration (#​60688)
da6e93f434	fix	preserve comments in internal inject migration (#​60588)
dbbddd1617	fix	prevent omission of deferred pipes in full compilation (#​60571)

language-service

Commit	Type	Description
0e9e0348dd	fix	Update adapter to log instead of throw errors (#​60651)

migrations

Commit	Type	Description
15f53f035b	fix	handle shorthand assignments in super call (#​60602)
4b161e6234	fix	inject migration not handling super parameter referenced via this (#​60602)

router

Commit	Type	Description
958e98e4f7	fix	Add missing types to transition (#​60307)

service-worker

Commit	Type	Description
7cd89ad2c6	fix	assign initializing client's app version, when a request is for worker script (#​58131)

antfu/eslint-config (@​antfu/eslint-config)

v4.17.0

Compare Source

   🚀 Features

• Support sort jsconfig  -  by @​pacexy in https://github.com/antfu/eslint-config/issues/733 (5dff7)
• Update deps  -  by @​antfu (f5f3f)

   🐞 Bug Fixes

• Update GLOB_SVELTE to include .js/.ts extensions  -  by @​agafonovim in https://github.com/antfu/eslint-config/issues/734 (46ead)

    View changes on GitHub

eslint/eslint (eslint)

v9.31.0

Compare Source

pnpm/pnpm (pnpm)

v10.13.1

Compare Source

Patch Changes

• Run user defined pnpmfiles after pnpmfiles of plugins.

v10.13.0

Compare Source

Minor Changes

• Added the possibility to load multiple pnpmfiles. The pnpmfile setting can now accept a list of pnpmfile locations #​9702.

• pnpm will now automatically load the pnpmfile.cjs file from any config dependency named @pnpm/plugin-* or pnpm-plugin-* #​9729.

  The order in which config dependencies are initialized should not matter — they are initialized in alphabetical order. If a specific order is needed, the paths to the pnpmfile.cjs files in the config dependencies can be explicitly listed using the pnpmfile setting in pnpm-workspace.yaml.

Patch Changes

• When patching dependencies installed via pkg.pr.new, treat them as Git tarball URLs #​9694.
• Prevent conflicts between local projects' config and the global config in dangerouslyAllowAllBuilds, onlyBuiltDependencies, onlyBuiltDependenciesFile, and neverBuiltDependencies #​9628.
• Sort keys in pnpm-workspace.yaml with deep #​9701.
• The pnpm rebuild command should not add pkgs included in ignoredBuiltDependencies to ignoredBuilds in node_modules/.modules.yaml #​9338.
• Replaced shell-quote with shlex for quoting command arguments #​9381.

facebook/react (react)

v18.3.1

Compare Source

• Export act from react f1338f

v18.3.0

Compare Source

This release is identical to 18.2 but adds warnings for deprecated APIs and other changes that are needed for React 19.

Read the React 19 Upgrade Guide for more info.

React

• Allow writing to this.refs to support string ref codemod 909071
• Warn for deprecated findDOMNode outside StrictMode c3b283
• Warn for deprecated test-utils methods d4ea75
• Warn for deprecated Legacy Context outside StrictMode 415ee0
• Warn for deprecated string refs outside StrictMode #​25383
• Warn for deprecated defaultProps for function components #​25699
• Warn when spreading key #​25697
• Warn when using act from test-utils d4ea75

React DOM

• Warn for deprecated unmountComponentAtNode 8a015b
• Warn for deprecated renderToStaticNodeStream #​28874

v18.2.0

Compare Source

React DOM

• Provide a component stack as a second argument to onRecoverableError. (@​gnoff in #​24591)
• Fix hydrating into document causing a blank page on mismatch. (@​gnoff in #​24523)
• Fix false positive hydration errors with Suspense. (@​gnoff in #​24480 and @​acdlite in #​24532)
• Fix ignored setState in Safari when adding an iframe. (@​gaearon in #​24459)

React DOM Server

• Pass information about server errors to the client. (@​salazarm and @​gnoff in #​24551 and #​24591)
• Allow to provide a reason when aborting the HTML stream. (@​gnoff in #​24680)
• Eliminate extraneous text separators in the HTML where possible. (@​gnoff in #​24630)
• Disallow complex children inside <title> elements to match the browser constraints. (@​gnoff in #​24679)
• Fix buffering in some worker environments by explicitly setting highWaterMark to 0. (@​jplhomer in #​24641)

Server Components (Experimental)

• Add support for useId() inside Server Components. (@​gnoff in #​24172)

v18.1.0

Compare Source

React DOM

• Fix the false positive warning about react-dom/client when using UMD bundle. (@​alireza-molaee in #​24274)
• Fix suppressHydrationWarning to work in production too. (@​gaearon in #​24271)
• Fix componentWillUnmount firing twice inside of Suspense. (@​acdlite in #​24308)
• Fix some transition updates being ignored. (@​acdlite in #​24353)
• Fix useDeferredValue causing an infinite loop when passed an unmemoized value. (@​acdlite in #​24247)
• Fix throttling of revealing Suspense fallbacks. (@​sunderls in #​24253)
• Fix an inconsistency in whether the props object is the same between renders. (@​Andarist and @​acdlite in #​24421)
• Fix a missing warning about a setState loop in useEffect. (@​gaearon in #​24298)
• Fix a spurious hydration error. (@​gnoff in #​24404)
• Warn when calling setState in useInsertionEffect. (@​gaearon in #​24295)
• Ensure the reason for hydration errors is always displayed. (@​gaearon in #​24276)

React DOM Server

• Fix escaping for the bootstrapScriptContent contents. (@​gnoff in #​24385)
• Significantly improve performance of renderToPipeableStream. (@​gnoff in #​24291)

ESLint Plugin: React Hooks

• Fix false positive errors with a large number of branches. (@​scyron6 in #​24287)
• Don't consider a known dependency stable when the variable is reassigned. (@​afzalsayed96 in #​24343)

Use Subscription

• Replace the implementation with the use-sync-external-store shim. (@​gaearon in #​24289)

sveltejs/svelte (svelte)

v5.36.8

Compare Source

Patch Changes

• fix: keep effect in the graph if it has an abort controller (#​16430)

• chore: Switch payload.out to an array (#​16428)

v5.36.7

Compare Source

Patch Changes

• fix: allow instrinsic <svelte:...> elements to inherit from SvelteHTMLElements (#​16424)

v5.36.6

Compare Source

Patch Changes

• fix: delegate functions with shadowed variables if declared locally (#​16417)

• fix: handle error in correct boundary after reset (#​16171)

• fix: make <svelte:boundary> reset function a noop after the first call (#​16171)

v5.36.5

Compare Source

Patch Changes

• fix: silence $inspect errors when the effect is about to be destroyed (#​16391)

• fix: more informative error when effects run in an infinite loop (#​16405)

v5.36.4

Compare Source

Patch Changes

• fix: avoid microtask in flushSync (#​16394)

• fix: ensure compiler state is reset before compilation (#​16396)

v5.36.3

Compare Source

Patch Changes

• fix: don't log await_reactivity_loss warning when signal is read in untrack (#​16385)

• fix: better handle $inspect on array mutations (#​16389)

• fix: leave proxied array length untouched when deleting properties (#​16389)

• fix: update $effect.pending() immediately after a batch is removed (#​16382)

v5.36.2

Compare Source

Patch Changes

• fix: add $effect.pending() to types (#​16376)

• fix: add pending snippet to <svelte:boundary> types (#​16379)

v5.36.1

Compare Source

Patch Changes

• fix: only skip updating bound <input> if the input was the source of the change (#​16373)

v5.36.0

Compare Source

Minor Changes

• feat: support await in components when using the experimental.async compiler option (#​15844)

Patch Changes

• fix: silence a11y warning for inert elements (#​16339)

• chore: clean up a11y analysis code (#​16345)

v5.35.7

Compare Source

Patch Changes

• fix: silence autofocus a11y warning inside <dialog> (#​16341)

• fix: don't show adjusted error messages in boundaries (#​16360)

• chore: replace inline regex with variable (#​16340)

v5.35.6

Compare Source

Patch Changes

• chore: simplify reaction/source ownership tracking (#​16333)

• chore: simplify internal component pop() (#​16331)

v5.35.5

Compare Source

Patch Changes

• fix: associate sources in Spring/Tween/SvelteMap/SvelteSet with correct reaction (#​16325)

• fix: re-evaluate derived props during teardown (#​16278)

v5.35.4

Compare Source

Patch Changes

• fix: abort and reschedule effect processing after state change in user effect (#​16280)

v5.35.3

Compare Source

Patch Changes

• fix: account for mounting when select_option in attribute_effect (#​16309)

• fix: do not proxify the value assigned to a derived (#​16302)

v5.35.2

Compare Source

Patch Changes

• fix: bump esrap (#​16295)

v5.35.1

Compare Source

Patch Changes

• feat: add parent hierarchy to __svelte_meta objects (#​16255)

v5.35.0

Compare Source

Minor Changes

• feat: add getAbortSignal() (#​16266)

Patch Changes

• chore: simplify props (#​16270)

v5.34.9

Compare Source

Patch Changes

• fix: ensure unowned deriveds can add themselves as reactions while connected (#​16249)

v5.34.8

Compare Source

Patch Changes

• fix: untrack $inspect.with and add check for unsafe mutation (#​16209)

• fix: use fine grained for template if the component is not explicitly in legacy mode (#​16232)

• lift unsafe_state_mutation constraints for SvelteSet, SvelteMap, SvelteDate, SvelteURL and SvelteURLSearchParams created inside the derived (#​16221)

v5.34.7

Compare Source

Patch Changes

• fix: address css class matching regression (#​16204)

v5.34.6

Compare Source

Patch Changes

• fix: match class and style directives against attribute selector (#​16179)

v5.34.5

Compare Source

Patch Changes

• fix: keep spread non-delegated event handlers up to date (#​16180)

• fix: remove undefined attributes on hydration (#​16178)

• fix: ensure sources within nested effects still register correctly (#​16193)

• fix: avoid shadowing a variable in dynamic components (#​16185)

v5.34.4

Compare Source

Patch Changes

• fix: don't set state withing with_parent in proxy (#​16176)

• fix: use compiler-driven reactivity in legacy mode template expressions (#​16100)

v5.34.3

Compare Source

Patch Changes

• fix: don't eagerly execute deriveds on resume (#​16150)

• fix: prevent memory leaking signals in legacy mode (#​16145)

• fix: don't define error.message if it's not configurable (#​16149)

v5.34.2

Compare Source

Patch Changes

• fix: add missing typings for some dimension bindings (#​16142)

• fix: prune typescript class field declarations (#​16154)

v5.34.1

Compare Source

Patch Changes

• fix: correctly tag private class state fields (#​16132)

v5.34.0

Compare Source

Minor Changes

• feat: add source name logging to $inspect.trace (#​16060)

Patch Changes

• fix: add command and commandfor to HTMLButtonAttributes (#​16117)

• fix: better $inspect.trace() output (#​16131)

• fix: properly hydrate dynamic css props components and remove element removal (#​16118)

v5.33.19

Compare Source

Patch Changes

• fix: reset is_flushing if flushSync is called and there's no scheduled effect (#​16119)

v5.33.18

Compare Source

Patch Changes

• chore: bump esrap dependency (#​16106)

• fix: destructuring state in ssr (#​16102)

v5.33.17

Compare Source

Patch Changes

• chore: update acorn parser ecmaVersion to parse import attributes (#​16098)

v5.33.16

Compare Source

Patch Changes

• fix: visit expression when destructuring state declarations (#​16081)

• fix: move xmlns attribute from SVGAttributes to to DOMAttributes (#​16080)

v5.33.15

Compare Source

Patch Changes

• fix: invoke parent boundary of deriveds that throw (#​16091)

v5.33.14

Compare Source

Patch Changes

• Revert "feat: enable TS autocomplete for Svelte HTML element definitions" (#​16063)

• fix: destructuring snippet arguments (#​16068)

v5.33.13

Compare Source

Patch Changes

• fix: avoid recursion error in EachBlock visitor (#​16058)

v5.33.12

Compare Source

Patch Changes

• fix: correctly transform reassignments to class fields in SSR mode (#​16051)

v5.33.11

Compare Source

Patch Changes

• fix: treat transitive dependencies of each blocks as mutable in legacy mode if item is mutated (#​16038)

v5.33.10

Compare Source

Patch Changes

• fix: use fill: 'forwards' on transition animations to prevent flicker (#​16035)

v5.33.9

Compare Source

Patch Changes

• fix: put expressions in effects unless known to be static (#​15792)

v5.33.8

Compare Source

Patch Changes

• fix: only select_option if 'value' is in next (#​16032)

v5.33.7

Compare Source

Patch Changes

• fix: bind:value to select with stores (#​16028)

v5.33.6

Compare Source

Patch Changes

• fix: falsy attachments on components (#​16021)

• fix: correctly mark elements as selected during SSR (#​16017)

v5.33.5

Compare Source

Patch Changes

• fix: handle derived destructured iterators (#​16015)

• fix: avoid rerunning attachments when unrelated spread attributes change (#​15961)

v5.33.4

Compare Source

Patch Changes

• fix: narrow defaultChecked to boolean (#​16009)

• fix: warn when using rest or identifier in custom elements without props option (#​16003)

v5.33.3

Compare Source

Patch Changes

• fix: allow using typescript in customElement.extend option (#​16001)

• fix: cleanup event handlers on media elements (#​16005)

v5.33.2

Compare Source

Patch Changes

• fix: correctly parse escaped unicode characters in css selector (#​15976)

• fix: don't mark deriveds as clean if updating during teardown (#​15997)

v5.33.1

Compare Source

Patch Changes

• fix: reset is_flushing if flushSync is called and there's no scheduled effect (#​16119)

v5.33.0

Compare Source

Minor Changes

• feat: XHTML compliance (#​15538)

• feat: add fragments: 'html' | 'tree' option for wider CSP compliance (#​15538)

v5.32.2

Compare Source

Patch Changes

• chore: simplify <pre> cleaning (#​15980)

• fix: attach __svelte_meta correctly to elements following a CSS wrapper (#​15982)

• fix: import untrack directly from client in svelte/attachments (#​15974)

v5.32.1

Compare Source

Patch Changes

• Warn when an invalid <select multiple> value is given (#​14816)

v5.32.0

Compare Source

Minor Changes

• feat: warn on implicitly closed tags (#​15932)

• feat: attachments fromAction utility (#​15933)

Patch Changes

• fix: only re-run directly applied attachment if it changed (#​15962)

v5.31.1

Compare Source

Patch Changes

• fix: avoid auto-parenthesis for special-keywords-only MediaQuery (#​15937)

v5.31.0

Compare Source

Minor Changes

• feat: allow state fields to be declared inside class constructors (#​15820)

Patch Changes

• fix: Add missing AttachTag in Tag union type inside the AST namespace from "svelte/compiler" (#​15946)

v5.30.2

Compare Source

Patch Changes

• fix: falsy attachments types (#​15939)

• fix: handle more hydration mismatches (#​15851)

v5.30.1

Compare Source

Patch Changes

• fix: add typeParams to SnippetBlock for legacy parser (#​15921)

v5.30.0

Compare Source

Minor Changes

• feat: allow generics on snippets (#​15915)

v5.29.0

---

Configuration

📅 Schedule: Branch creation - "after 2am and before 3am" (UTC), Automerge - "after 1am and before 2am" (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Bundle Size Analysis

File	Size	Gzipped Size	Size Diff	Gzipped Size Diff
Client	11 kB (11266 B)	4.6 kB (4687 B)	0.00% (0 B)	0.00% ( 0 B)
Server	8.2 kB (8444 B)	3.5 kB (3569 B)	0.00% (0 B)	0.00% ( 0 B)