Update dependency svelte to v4.2.20 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
svelte (source)	4.1.1 → 4.2.20

---

Release Notes

sveltejs/svelte (svelte)

v4.2.20

Compare Source

Patch Changes

• fix: properly remove event listeners in Component's removeEventListener (#​13556)

v4.2.19

Compare Source

Patch Changes

• fix: ensure typings for <svelte:options> are picked up (#​12902)

• fix: escape < in attribute strings (#​12989)

v4.2.18

Compare Source

Patch Changes

• chore: speed up regex (#​11922)

v4.2.17

Compare Source

Patch Changes

• fix: correctly handle falsy values of style directives in SSR mode (#​11584)

v4.2.16

Compare Source

Patch Changes

• fix: check if svelte component exists on custom element destroy (#​11489)

v4.2.15

Compare Source

Patch Changes

• support attribute selector inside :global() (#​11135)

v4.2.14

Compare Source

Patch Changes

• fix parsing camelcase container query name (#​11131)

v4.2.13

Compare Source

Patch Changes

• fix: applying :global for +,~ sibling combinator when slots are present (#​9282)

v4.2.12

Compare Source

Patch Changes

• fix: properly update svelte:component props when there are spread props (#​10604)

v4.2.11

Compare Source

Patch Changes

• fix: check that component wasn't instantiated in connectedCallback (#​10466)

v4.2.10

Compare Source

Patch Changes

• fix: add scrollend event type (#​10336)

• fix: add fetchpriority attribute type (#​10390)

• fix: Add miter-clip and arcs to stroke-linejoin attribute (#​10377)

• fix: make inline doc links valid (#​10366)

v4.2.9

Compare Source

Patch Changes

• fix: add types for popover attributes and events (#​10042)

• fix: add gamepadconnected and gamepaddisconnected events (#​9864)

• fix: make @types/estree a dependency (#​10149)

• fix: bump axobject-query (#​10167)

v4.2.8

Compare Source

Patch Changes

• fix: port over props that were set prior to initialization (#​9701)

v4.2.7

Compare Source

Patch Changes

• fix: handle spreads within static strings (#​9554)

v4.2.6

Compare Source

Patch Changes

• fix: adjust static attribute regex (#​9551)

v4.2.5

Compare Source

Patch Changes

• fix: ignore expressions in top level script/style tag attributes (#​9498)

v4.2.4

Compare Source

Patch Changes

• fix: handle closing tags inside attribute values (#​9486)

v4.2.3

Compare Source

Patch Changes

• fix: improve a11y-click-events-have-key-events message (#​9358)

• fix: more robust hydration of html tag (#​9184)

v4.2.2

Compare Source

Patch Changes

• fix: support camelCase properties on custom elements (#​9328)

• fix: add missing plaintext-only value to contenteditable type (#​9242)

• chore: upgrade magic-string to 0.30.4 (#​9292)

• fix: ignore trailing comments when comparing nodes (#​9197)

v4.2.1

Compare Source

Patch Changes

• fix: update style directive when style attribute is present and is updated via an object prop (#​9187)

• fix: css sourcemap generation with unicode filenames (#​9120)

• fix: do not add module declared variables as dependencies (#​9122)

• fix: handle svelte:element with dynamic this and spread attributes (#​9112)

• fix: silence false positive reactive component warning (#​9094)

• fix: head duplication when binding is present (#​9124)

• fix: take custom attribute name into account when reflecting property (#​9140)

• fix: add indeterminate to the list of HTMLAttributes (#​9180)

• fix: recognize option value on spread attribute (#​9125)

v4.2.0

Compare Source

Minor Changes

• feat: move svelteHTML from language-tools into core to load the correct svelte/element types (#​9070)

v4.1.2

Compare Source

Patch Changes

• fix: allow child element with slot attribute within svelte:element (#​9038)

• fix: Add data-* to svg attributes (#​9036)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	svelte@​4.1.1 ⏵ 4.2.20		+6	+1	+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm svelte is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: package.json → npm/svelte@4.2.20 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/svelte@4.2.20. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report