chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@angular/common (source)	^19.2.4 -> ^19.2.14
@angular/core (source)	^19.2.4 -> ^19.2.14
@antfu/eslint-config	^4.13.2 -> ^4.15.0
@rollup/pluginutils (source)	^5.1.4 -> ^5.2.0
bumpp	^10.1.1 -> ^10.2.0
pnpm (source)	10.11.0 -> 10.12.1
react (source)	>=18 -> >=18.3.1
svelte (source)	>=5.23.0 -> >=5.34.7
unplugin (source)	^2.3.4 -> ^2.3.5
vue (source)	>=3.5.13 -> >=3.5.17

---

Release Notes

angular/angular (@​angular/common)

v19.2.14

Compare Source

compiler

Commit	Type	Description
24bab55f0c	fix	lexer support for template literals in object literals (#​61601)

migrations

Commit	Type	Description
9e1cd49662	fix	preserve comments when removing unused imports (#​61674)

v19.2.13

Compare Source

common

Commit	Type	Description
2c876b4fc5	fix	avoid injecting ApplicationRef in FetchBackend (#​61649)

service-worker

Commit	Type	Description
b15bddfa04	fix	do not register service worker if app is destroyed before it is ready to register (#​61101)

v19.2.12

Compare Source

common

Commit	Type	Description
126efc9972	fix	cancel reader when app is destroyed (#​61528)
efda872453	fix	prevent reading chunks if app is destroyed (#​61354)

compiler

Commit	Type	Description
44bb328eae	fix	avoid conflicts between HMR code and local symbols (#​61550)

compiler-cli

Commit	Type	Description
107180260f	fix	Always retain prior results for all files (#​61487)
1191e62d70	fix	avoid ECMAScript private field metadata emit (#​61227)

core

Commit	Type	Description
2b1b14f4d3	fix	cleanup rxResource abort listener (#​58306)
8f9b05eaaa	fix	cleanup testability subscriptions (#​61261)
eb53bda470	fix	enable stashing only when withEventReplay() is invoked (#​61352)
94f5a4b4d6	fix	Testing should not throw when Zone does not patch test FW APIs (#​61376)
c0c69a5abc	fix	unregister onDestroy in toSignal. (#​61514)

platform-server

Commit	Type	Description
8edafd0559	perf	speed up resolution of base (#​61392)

v19.2.11

Compare Source

v19.2.10

Compare Source

common

Commit	Type	Description
89056a0356	fix	cleanup updateLatestValue if view is destroyed before promise resolves (#​61064)

core

Commit	Type	Description
4623b61448	fix	missing useExisting providers throwing for optional calls (#​61152)
400dbc5b89	fix	properly handle app stabilization with defer blocks (#​61056)

platform-server

Commit	Type	Description
a6f0d5bc20	fix	less aggressive ngServerMode cleanup (#​61106)

v19.2.9

Compare Source

core

Commit	Type	Description
946b844e0d	fix	async EventEmitter error should not prevent stability (#​61028)
dbb87026ca	fix	call DestroyRef on destroy callback if view is destroyed [patch] (#​61061)
2e140a136a	fix	prevent stash listener conflicts [patch] (#​61063)

v19.2.8

Compare Source

forms

Commit	Type	Description
ea4a211216	fix	make NgForm emit FormSubmittedEvent and FormResetEvent (#​60887)

v19.2.7

Compare Source

common

Commit	Type	Description
37ab6814f5	fix	issue a warning instead of an error when NgOptimizedImage exceeds the preload limit (#​60883)

core

Commit	Type	Description
b144126612	fix	inject migration: replace param with this. (#​60713)

http

Commit	Type	Description
d39e09da41	fix	Include HTTP status code and headers when HTTP requests errored in httpResource (#​60802)

v19.2.6

Compare Source

compiler

Commit	Type	Description
3441f7b914	fix	error if rawText isn't estimated correctly (#​60529) (#​60753)

compiler-cli

Commit	Type	Description
fc946c5f72	fix	ensure HMR works with different output module type (#​60797)

core

Commit	Type	Description
00bbd9b382	fix	fix docs for output migration (#​60764)
f2bfa3151e	fix	fix ng generate @​angular/core:output-migration. Fixes angular#​58650 (#​60763)
9241615ad0	fix	reduce total memory usage of various migration schematics (#​60776)

language-service

Commit	Type	Description
0e82d42774	fix	Do not provide element completions in end tag (#​60616)
fcdef1019f	fix	Ensure dollar signs are escaped in completions (#​60597)

v19.2.5

Compare Source

Commit	Type	Description
e61d06afb5	fix	step 6 tutorial docs (#​60630)

animations

Commit	Type	Description
fa48f98d9f	fix	add missing peer dependency on @angular/common (#​60660)

compiler

Commit	Type	Description
ca5aa4d55b	fix	throw for invalid "as" expression in if block (#​60580)

compiler-cli

Commit	Type	Description
f4c4b10ea8	fix	Produce fatal diagnostic on duplicate decorated properties (#​60376)
22a0e54ac4	fix	support relative imports to symbols outside rootDir (#​60555)

core

Commit	Type	Description
64da69f7b6	fix	check ngDevMode for undefined (#​60565)
8f68d1bec3	fix	fix ng generate @​angular/core:output-migration (#​60626)
bc79985c65	fix	fix regexp for event types (#​60592)
006ac7f22f	fix	fixes #​592882 ng generate @​angular/core:signal-queries-migration (#​60688)
da6e93f434	fix	preserve comments in internal inject migration (#​60588)
dbbddd1617	fix	prevent omission of deferred pipes in full compilation (#​60571)

language-service

Commit	Type	Description
0e9e0348dd	fix	Update adapter to log instead of throw errors (#​60651)

migrations

Commit	Type	Description
15f53f035b	fix	handle shorthand assignments in super call (#​60602)
4b161e6234	fix	inject migration not handling super parameter referenced via this (#​60602)

router

Commit	Type	Description
958e98e4f7	fix	Add missing types to transition (#​60307)

service-worker

Commit	Type	Description
7cd89ad2c6	fix	assign initializing client's app version, when a request is for worker script (#​58131)

antfu/eslint-config (@​antfu/eslint-config)

v4.15.0

Compare Source

   🚀 Features

• Don't use deprecated option  -  by @​9romise in https://github.com/antfu/eslint-config/issues/719 (4e0f8)
• Bring import plugin back  -  by @​9romise in https://github.com/antfu/eslint-config/issues/723 (ad23f)

    View changes on GitHub

v4.14.1

Compare Source

   🐞 Bug Fixes

• Cleanup disable usages  -  by @​antfu (f73ad)

    View changes on GitHub

v4.14.0

Compare Source

   🐞 Bug Fixes

• Remove eslint-plugin-import-x  -  by @​antfu (db5a3)

    View changes on GitHub

v4.13.3

Compare Source

No significant changes

    View changes on GitHub

rollup/plugins (@​rollup/pluginutils)

v5.2.0

2025-06-17

Features

• feat: add exactRegex and prefixRegex (#​1865)

antfu-collective/bumpp (bumpp)

v10.2.0

Compare Source

   🚀 Features

• Support npm/bun workspace  -  by @​yuzheng14 in https://github.com/antfu-collective/bumpp/issues/85 (a0901)

    View changes on GitHub

pnpm/pnpm (pnpm)

v10.12.1

Minor Changes

• Experimental. Added support for global virtual stores. When enabled, node_modules contains only symlinks to a central virtual store, rather to node_modules/.pnpm. By default, this central store is located at <store-path>/links (you can find the store path by running pnpm store path).

  In the central virtual store, each package is hard linked into a directory whose name is the hash of its dependency graph. This allows multiple projects on the system to symlink shared dependencies from this central location, significantly improving installation speed when a warm cache is available.

  This is conceptually similar to how NixOS manages packages, using dependency graph hashes to create isolated and reusable package directories.

  To enable the global virtual store, set enableGlobalVirtualStore: true in your root pnpm-workspace.yaml, or globally via:

  pnpm config -g set enable-global-virtual-store true

  NOTE: In CI environments, where caches are typically cold, this setting may slow down installation. pnpm automatically disables the global virtual store when running in CI.

  Related PR: #​8190

• The pnpm update command now supports updating catalog: protocol dependencies and writes new specifiers to pnpm-workspace.yaml.
• Added two new CLI options (--save-catalog and --save-catalog-name=<name>) to pnpm add to save new dependencies as catalog entries. catalog: or catalog:<name> will be added to package.json and the package specifier will be added to the catalogs or catalog[<name>] object in pnpm-workspace.yaml #​9425.
• Semi-breaking. The keys used for side-effects caches have changed. If you have a side-effects cache generated by a previous version of pnpm, the new version will not use it and will create a new cache instead #​9605.
• Added a new setting called ci for explicitly telling pnpm if the current environment is a CI or not.

Patch Changes

• Sort versions printed by pnpm patch using semantic versioning rules.
• Improve the way the error message displays mismatched specifiers. Show differences instead of 2 whole objects #​9598.
• Revert #​9574 to fix a regression #​9596.

v10.11.1

Compare Source

Patch Changes

• Fix an issue in which pnpm deploy --legacy creates unexpected directories when the root package.json has a workspace package as a peer dependency #​9550.
• Dependencies specified via a URL that redirects will only be locked to the target if it is immutable, fixing a regression when installing from GitHub releases. (#​9531)
• Installation should not exit with an error if strictPeerDependencies is true but all issues are ignored by peerDependencyRules #​9505.
• Use pnpm_config_ env variables instead of npm_config_ #​9571.
• Fix a regression (in v10.9.0) causing the --lockfile-only flag on pnpm update to produce a different pnpm-lock.yaml than an update without the flag.
• Let pnpm deploy work in repos with overrides when inject-workspace-packages=true #​9283.
• Fixed the problem of path loss caused by parsing URL address. Fixes a regression shipped in pnpm v10.11 via #​9502.
• pnpm -r --silent run should not print out section #​9563.

facebook/react (react)

v18.3.1

Compare Source

• Export act from react f1338f

v18.3.0

Compare Source

This release is identical to 18.2 but adds warnings for deprecated APIs and other changes that are needed for React 19.

Read the React 19 Upgrade Guide for more info.

React

• Allow writing to this.refs to support string ref codemod 909071
• Warn for deprecated findDOMNode outside StrictMode c3b283
• Warn for deprecated test-utils methods d4ea75
• Warn for deprecated Legacy Context outside StrictMode 415ee0
• Warn for deprecated string refs outside StrictMode #​25383
• Warn for deprecated defaultProps for function components #​25699
• Warn when spreading key #​25697
• Warn when using act from test-utils d4ea75

React DOM

• Warn for deprecated unmountComponentAtNode 8a015b
• Warn for deprecated renderToStaticNodeStream #​28874

v18.2.0

Compare Source

React DOM

• Provide a component stack as a second argument to onRecoverableError. (@​gnoff in #​24591)
• Fix hydrating into document causing a blank page on mismatch. (@​gnoff in #​24523)
• Fix false positive hydration errors with Suspense. (@​gnoff in #​24480 and @​acdlite in #​24532)
• Fix ignored setState in Safari when adding an iframe. (@​gaearon in #​24459)

React DOM Server

• Pass information about server errors to the client. (@​salazarm and @​gnoff in #​24551 and #​24591)
• Allow to provide a reason when aborting the HTML stream. (@​gnoff in #​24680)
• Eliminate extraneous text separators in the HTML where possible. (@​gnoff in #​24630)
• Disallow complex children inside <title> elements to match the browser constraints. (@​gnoff in #​24679)
• Fix buffering in some worker environments by explicitly setting highWaterMark to 0. (@​jplhomer in #​24641)

Server Components (Experimental)

• Add support for useId() inside Server Components. (@​gnoff in #​24172)

v18.1.0

Compare Source

React DOM

• Fix the false positive warning about react-dom/client when using UMD bundle. (@​alireza-molaee in #​24274)
• Fix suppressHydrationWarning to work in production too. (@​gaearon in #​24271)
• Fix componentWillUnmount firing twice inside of Suspense. (@​acdlite in #​24308)
• Fix some transition updates being ignored. (@​acdlite in #​24353)
• Fix useDeferredValue causing an infinite loop when passed an unmemoized value. (@​acdlite in #​24247)
• Fix throttling of revealing Suspense fallbacks. (@​sunderls in #​24253)
• Fix an inconsistency in whether the props object is the same between renders. (@​Andarist and @​acdlite in #​24421)
• Fix a missing warning about a setState loop in useEffect. (@​gaearon in #​24298)
• Fix a spurious hydration error. (@​gnoff in #​24404)
• Warn when calling setState in useInsertionEffect. (@​gaearon in #​24295)
• Ensure the reason for hydration errors is always displayed. (@​gaearon in #​24276)

React DOM Server

• Fix escaping for the bootstrapScriptContent contents. (@​gnoff in #​24385)
• Significantly improve performance of renderToPipeableStream. (@​gnoff in #​24291)

ESLint Plugin: React Hooks

• Fix false positive errors with a large number of branches. (@​scyron6 in #​24287)
• Don't consider a known dependency stable when the variable is reassigned. (@​afzalsayed96 in #​24343)

Use Subscription

• Replace the implementation with the use-sync-external-store shim. (@​gaearon in #​24289)

sveltejs/svelte (svelte)

v5.34.7

Compare Source

Patch Changes

• fix: address css class matching regression (#​16204)

v5.34.6

Compare Source

Patch Changes

• fix: match class and style directives against attribute selector (#​16179)

v5.34.5

Compare Source

Patch Changes

• fix: keep spread non-delegated event handlers up to date (#​16180)

• fix: remove undefined attributes on hydration (#​16178)

• fix: ensure sources within nested effects still register correctly (#​16193)

• fix: avoid shadowing a variable in dynamic components (#​16185)

v5.34.4

Compare Source

Patch Changes

• fix: don't set state withing with_parent in proxy (#​16176)

• fix: use compiler-driven reactivity in legacy mode template expressions (#​16100)

v5.34.3

Compare Source

Patch Changes

• fix: don't eagerly execute deriveds on resume (#​16150)

• fix: prevent memory leaking signals in legacy mode (#​16145)

• fix: don't define error.message if it's not configurable (#​16149)

v5.34.2

Compare Source

Patch Changes

• fix: add missing typings for some dimension bindings (#​16142)

• fix: prune typescript class field declarations (#​16154)

v5.34.1

Compare Source

Patch Changes

• fix: correctly tag private class state fields (#​16132)

v5.34.0

Compare Source

Minor Changes

• feat: add source name logging to $inspect.trace (#​16060)

Patch Changes

• fix: add command and commandfor to HTMLButtonAttributes (#​16117)

• fix: better $inspect.trace() output (#​16131)

• fix: properly hydrate dynamic css props components and remove element removal (#​16118)

v5.33.19

Compare Source

Patch Changes

• fix: reset is_flushing if flushSync is called and there's no scheduled effect (#​16119)

v5.33.18

Compare Source

Patch Changes

• chore: bump esrap dependency (#​16106)

• fix: destructuring state in ssr (#​16102)

v5.33.17

Compare Source

Patch Changes

• chore: update acorn parser ecmaVersion to parse import attributes (#​16098)

v5.33.16

Compare Source

Patch Changes

• fix: visit expression when destructuring state declarations (#​16081)

• fix: move xmlns attribute from SVGAttributes to to DOMAttributes (#​16080)

v5.33.15

Compare Source

Patch Changes

• fix: invoke parent boundary of deriveds that throw (#​16091)

v5.33.14

Compare Source

Patch Changes

• Revert "feat: enable TS autocomplete for Svelte HTML element definitions" (#​16063)

• fix: destructuring snippet arguments (#​16068)

v5.33.13

Compare Source

Patch Changes

• fix: avoid recursion error in EachBlock visitor (#​16058)

v5.33.12

Compare Source

Patch Changes

• fix: correctly transform reassignments to class fields in SSR mode (#​16051)

v5.33.11

Compare Source

Patch Changes

• fix: treat transitive dependencies of each blocks as mutable in legacy mode if item is mutated (#​16038)

v5.33.10

Compare Source

Patch Changes

• fix: use fill: 'forwards' on transition animations to prevent flicker (#​16035)

v5.33.9

Compare Source

Patch Changes

• fix: put expressions in effects unless known to be static (#​15792)

v5.33.8

Compare Source

Patch Changes

• fix: only select_option if 'value' is in next (#​16032)

v5.33.7

Compare Source

Patch Changes

• fix: bind:value to select with stores (#​16028)

v5.33.6

Compare Source

Patch Changes

• fix: falsy attachments on components (#​16021)

• fix: correctly mark elements as selected during SSR (#​16017)

v5.33.5

Compare Source

Patch Changes

• fix: handle derived destructured iterators (#​16015)

• fix: avoid rerunning attachments when unrelated spread attributes change (#​15961)

v5.33.4

Compare Source

Patch Changes

• fix: narrow defaultChecked to boolean (#​16009)

• fix: warn when using rest or identifier in custom elements without props option (#​16003)

v5.33.3

Compare Source

Patch Changes

• fix: allow using typescript in customElement.extend option (#​16001)

• fix: cleanup event handlers on media elements (#​16005)

v5.33.2

Compare Source

Patch Changes

• fix: correctly parse escaped unicode characters in css selector (#​15976)

• fix: don't mark deriveds as clean if updating during teardown (#​15997)

v5.33.1

Compare Source

Patch Changes

• fix: reset is_flushing if flushSync is called and there's no scheduled effect (#​16119)

v5.33.0

Compare Source

Minor Changes

• feat: XHTML compliance (#​15538)

• feat: add fragments: 'html' | 'tree' option for wider CSP compliance (#​15538)

v5.32.2

Compare Source

Patch Changes

• chore: simplify <pre> cleaning (#​15980)

• fix: attach __svelte_meta correctly to elements following a CSS wrapper (#​15982)

• fix: import untrack directly from client in svelte/attachments (#​15974)

v5.32.1

Compare Source

Patch Changes

• Warn when an invalid <select multiple> value is given (#​14816)

v5.32.0

Compare Source

Minor Changes

• feat: warn on implicitly closed tags (#​15932)

• feat: attachments fromAction utility (#​15933)

Patch Changes

• fix: only re-run directly applied attachment if it changed (#​15962)

v5.31.1

Compare Source

Patch Changes

• fix: avoid auto-parenthesis for special-keywords-only MediaQuery (#​15937)

v5.31.0

Compare Source

Minor Changes

• feat: allow state fields to be declared inside class constructors (#​15820)

Patch Changes

• fix: Add missing AttachTag in Tag union type inside the AST namespace from "svelte/compiler" (#​15946)

v5.30.2

Compare Source

Patch Changes

• fix: falsy attachments types (#​15939)

• fix: handle more hydration mismatches (#​15851)

v5.30.1

Compare Source

Patch Changes

• fix: add typeParams to SnippetBlock for legacy parser (#​15921)

v5.30.0

Compare Source

Minor Changes

• feat: allow generics on snippets (#​15915)

v5.29.0

Compare Source

Minor Changes

• feat: attachments (#​15000)

v5.28.7

Compare Source

Patch Changes

• fix: remove unncessary guards that require CSP privilege when removing event attributes (#​15846)

• fix: rewrite destructuring logic to handle iterators (#​15813)

v5.28.6

Compare Source

Patch Changes

• fix: use transform.read for ownership_validator.mutation array (#​15848)

• fix: don't redeclare $slots (#​15849)

v5.28.5

Compare Source

Patch Changes

• fix: proxify the value in assignment shorthands to the private field (#​15862)

• fix: more frequently update bind:buffered to actual value (#​15874)

[v5.28.4](https://redirect.github.com/sveltejs/svelte/blob/HEAD/packages/svelte/CHANGELO

---

Configuration

📅 Schedule: Branch creation - "after 2am and before 3am" (UTC), Automerge - "after 1am and before 2am" (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Bundle Size Analysis

File	Size	Gzipped Size	Size Diff	Gzipped Size Diff
Client	10.7 kB (10995 B)	4.5 kB (4585 B)	0.00% (0 B)	0.00% ( 0 B)
Server	8 kB (8173 B)	3.4 kB (3467 B)	0.00% (0 B)	0.00% ( 0 B)