Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@iconify-json/lucide	1.2.39 -> 1.2.45
@iconify-json/simple-icons	1.2.33 -> 1.2.36
@unocss/preset-icons (source)	66.1.0 -> 66.1.3
@unocss/preset-uno (source)	66.1.0 -> 66.1.3
@unocss/preset-web-fonts (source)	66.1.0 -> 66.1.3
@unocss/reset (source)	66.1.0 -> 66.1.3
@unocss/transformer-directives (source)	66.1.0 -> 66.1.3
@unocss/vite (source)	66.1.0 -> 66.1.3
esbuild	0.25.3 -> 0.25.5
pnpm (source)	10.10.0 -> 10.11.0
prettier-plugin-svelte	3.3.3 -> 3.4.0
prettier-plugin-tailwindcss	0.6.11 -> 0.6.12
svelte (source)	5.28.2 -> 5.33.11
svelte-check	4.1.6 -> 4.2.1
svelte-multiselect (source)	11.0.0-rc.1 -> 11.1.1
vite (source)	6.3.4 -> 6.3.5

---

Release Notes

unocss/unocss (@​unocss/preset-icons)

v66.1.3

Compare Source

   🚀 Features

• preset-wind4: Enhance font- syntax  -  by @​zyyv in https://github.com/unocss/unocss/issues/4672 (708d5)

   🐞 Bug Fixes

• directives:
  • @apply should respect noMerge meta  -  by @​antfu in https://github.com/unocss/unocss/issues/4686 (a2256)
• playground:
  • Display all generated css first  -  by @​zyyv (d69d0)
• preset-mini, preset-wind4:
  • Enhance align- rules close #​4670  -  by @​zyyv in https://github.com/unocss/unocss/issues/4670 (57ab9)
• preset-wind4:
  • Skip properties layer in important postprocessor  -  by @​zyyv in https://github.com/unocss/unocss/issues/4692 (139c3)
  • Resolve w/h size from theme spacing close #​4693  -  by @​zyyv in https://github.com/unocss/unocss/issues/4693 (e9864)
  • Add outline-none rule  -  by @​zyyv in https://github.com/unocss/unocss/issues/4695 (804b7)
• transformer-directive:
  • Support presetWind4 in @screen transformer  -  by @​onmax and @​zyyv in https://github.com/unocss/unocss/issues/4681 (d097c)

    View changes on GitHub

v66.1.2

Compare Source

   🚀 Features

• preset-mini, preset-wind4: Enhance pseudo syntax  -  by @​zyyv in https://github.com/unocss/unocss/issues/4665 (c5514)
• virtual-shared: Update defaultPipelineInclude to support vue-vine  -  by @​zhangmo8 in https://github.com/unocss/unocss/issues/4657 (3b6ad)

   🐞 Bug Fixes

• preset-wind4:
  • Fix content rules  -  by @​zyyv (47176)
  • Strict percent validate close #​4663  -  by @​zyyv in https://github.com/unocss/unocss/issues/4663 (12661)
  • Fix outline rule close #​4650  -  by @​zyyv in https://github.com/unocss/unocss/issues/4650 (4d27c)
• unplugin:
  • Update to 2.3.4 and fix vfs iterable  -  by @​elbywan in https://github.com/unocss/unocss/issues/4666 (62ce4)
• vscode-ext:
  • Display oklch colors inline  -  by @​Ericlm in https://github.com/unocss/unocss/issues/4653 (08353)

    View changes on GitHub

v66.1.1

Compare Source

   🚀 Features

• preset-mini, preset-wind4: Add field-sizing rule  -  by @​zyyv (61dad)
• preset-wind4: Add noscript & scripting variant in Tailwind 4.1  -  by @​OverflowCat and @​zyyv in https://github.com/unocss/unocss/issues/4637 (11bb7)

   🐞 Bug Fixes

• preset-wind4:
  • Add leading-none utility  -  by @​danielwaltz in https://github.com/unocss/unocss/issues/4640 (81b49)
  • Parse ring rule with bracket close #​4618  -  by @​zyyv in https://github.com/unocss/unocss/issues/4618 (89f75)
• transformer-directives:
  • Handle nullish css ast  -  by @​antfu (c70d0)
  • Safely remove empty blocks  -  by @​zyyv in https://github.com/unocss/unocss/issues/4644 (ac4f1)
  • Patch presetWind4 parse error with @apply (2)  -  by @​Simon-He95 and @​zyyv in https://github.com/unocss/unocss/issues/4643 (30122)

    View changes on GitHub

evanw/esbuild (esbuild)

v0.25.5

Compare Source

• Fix a regression with browser in package.json (#​4187)

  The fix to #​4144 in version 0.25.3 introduced a regression that caused browser overrides specified in package.json to fail to override relative path names that end in a trailing slash. That behavior change affected the [email protected] package. This regression has been fixed, and now has test coverage.

• Add support for certain keywords as TypeScript tuple labels (#​4192)

  Previously esbuild could incorrectly fail to parse certain keywords as TypeScript tuple labels that are parsed by the official TypeScript compiler if they were followed by a ? modifier. These labels included function, import, infer, new, readonly, and typeof. With this release, these keywords will now be parsed correctly. Here's an example of some affected code:

  type Foo = [
    value: any,
    readonly?: boolean, // This is now parsed correctly
  ]

• Add CSS prefixes for the stretch sizing value (#​4184)

  This release adds support for prefixing CSS declarations such as div { width: stretch }. That CSS is now transformed into this depending on what the --target= setting includes:

  div {
    width: -webkit-fill-available;
    width: -moz-available;
    width: stretch;
  }

v0.25.4

Compare Source

• Add simple support for CORS to esbuild's development server (#​4125)

  Starting with version 0.25.0, esbuild's development server is no longer configured to serve cross-origin requests. This was a deliberate change to prevent any website you visit from accessing your running esbuild development server. However, this change prevented (by design) certain use cases such as "debugging in production" by having your production website load code from localhost where the esbuild development server is running.

  To enable this use case, esbuild is adding a feature to allow Cross-Origin Resource Sharing (a.k.a. CORS) for simple requests. Specifically, passing your origin to the new cors option will now set the Access-Control-Allow-Origin response header when the request has a matching Origin header. Note that this currently only works for requests that don't send a preflight OPTIONS request, as esbuild's development server doesn't currently support OPTIONS requests.

  Some examples:

  • CLI:

    esbuild --servedir=. --cors-origin=https://example.com
    

  • JS:

    const ctx = await esbuild.context({})
    await ctx.serve({
      servedir: '.',
      cors: {
        origin: 'https://example.com',
      },
    })

  • Go:

    ctx, _ := api.Context(api.BuildOptions{})
    ctx.Serve(api.ServeOptions{
      Servedir: ".",
      CORS: api.CORSOptions{
        Origin: []string{"https://example.com"},
      },
    })

  The special origin * can be used to allow any origin to access esbuild's development server. Note that this means any website you visit will be able to read everything served by esbuild.

• Pass through invalid URLs in source maps unmodified (#​4169)

  This fixes a regression in version 0.25.0 where sources in source maps that form invalid URLs were not being passed through to the output. Version 0.25.0 changed the interpretation of sources from file paths to URLs, which means that URL parsing can now fail. Previously URLs that couldn't be parsed were replaced with the empty string. With this release, invalid URLs in sources should now be passed through unmodified.

• Handle exports named __proto__ in ES modules (#​4162, #​4163)

  In JavaScript, the special property name __proto__ sets the prototype when used inside an object literal. Previously esbuild's ESM-to-CommonJS conversion didn't special-case the property name of exports named __proto__ so the exported getter accidentally became the prototype of the object literal. It's unclear what this affects, if anything, but it's better practice to avoid this by using a computed property name in this case.

  This fix was contributed by @​magic-akari.

pnpm/pnpm (pnpm)

v10.11.0

Compare Source

Minor Changes

• A new setting added for pnpm init to create a package.json with type=module, when init-type is module. Works as a flag for the init command too #​9463.

• Added support for Nushell to pnpm setup #​6476.

• Added two new flags to the pnpm audit command, --ignore and --ignore-unfixable #​8474.

  Ignore all vulnerabilities that have no solution:

  > pnpm audit --ignore-unfixable

  Provide a list of CVE's to ignore those specifically, even if they have a resolution.

  > pnpm audit --ignore=CVE-2021-1234 --ignore=CVE-2021-5678

• Added support for recursively running pack in every project of a workspace #​4351.

  Now you can run pnpm -r pack to pack all packages in the workspace.

Patch Changes

• pnpm version management should work, when dangerouslyAllowAllBuilds is set to true #​9472.
• pnpm link should work from inside a workspace #​9506.
• Set the default workspaceConcurrency to Math.min(os.availableParallelism(), 4) #​9493.
• Installation should not exit with an error if strictPeerDependencies is true but all issues are ignored by peerDependencyRules #​9505.
• Read updateConfig from pnpm-workspace.yaml #​9500.
• Add support for recursive pack
• Remove url.parse usage to fix warning on Node.js 24 #​9492.
• pnpm run should be able to run commands from the workspace root, if ignoreScripts is set tot true #​4858.

sveltejs/prettier-plugin-svelte (prettier-plugin-svelte)

v3.4.0

Compare Source

tailwindlabs/prettier-plugin-tailwindcss (prettier-plugin-tailwindcss)

v0.6.12

Compare Source

• Add internal (unsupported) option to load Tailwind CSS using a different package name (#​366)

sveltejs/svelte (svelte)

v5.33.11

Compare Source

Patch Changes

• fix: treat transitive dependencies of each blocks as mutable in legacy mode if item is mutated (#​16038)

v5.33.10

Compare Source

Patch Changes

• fix: use fill: 'forwards' on transition animations to prevent flicker (#​16035)

v5.33.9

Compare Source

Patch Changes

• fix: put expressions in effects unless known to be static (#​15792)

v5.33.8

Compare Source

Patch Changes

• fix: only select_option if 'value' is in next (#​16032)

v5.33.7

Compare Source

Patch Changes

• fix: bind:value to select with stores (#​16028)

v5.33.6

Compare Source

Patch Changes

• fix: falsy attachments on components (#​16021)

• fix: correctly mark elements as selected during SSR (#​16017)

v5.33.5

Compare Source

Patch Changes

• fix: handle derived destructured iterators (#​16015)

• fix: avoid rerunning attachments when unrelated spread attributes change (#​15961)

v5.33.4

Compare Source

Patch Changes

• fix: narrow defaultChecked to boolean (#​16009)

• fix: warn when using rest or identifier in custom elements without props option (#​16003)

v5.33.3

Compare Source

Patch Changes

• fix: allow using typescript in customElement.extend option (#​16001)

• fix: cleanup event handlers on media elements (#​16005)

v5.33.2

Compare Source

Patch Changes

• fix: correctly parse escaped unicode characters in css selector (#​15976)

• fix: don't mark deriveds as clean if updating during teardown (#​15997)

v5.33.1

Compare Source

Patch Changes

• fix: make deriveds on the server lazy again (#​15964)

v5.33.0

Compare Source

Minor Changes

• feat: XHTML compliance (#​15538)

• feat: add fragments: 'html' | 'tree' option for wider CSP compliance (#​15538)

v5.32.2

Compare Source

Patch Changes

• chore: simplify <pre> cleaning (#​15980)

• fix: attach __svelte_meta correctly to elements following a CSS wrapper (#​15982)

• fix: import untrack directly from client in svelte/attachments (#​15974)

v5.32.1

Compare Source

Patch Changes

• Warn when an invalid <select multiple> value is given (#​14816)

v5.32.0

Compare Source

Minor Changes

• feat: warn on implicitly closed tags (#​15932)

• feat: attachments fromAction utility (#​15933)

Patch Changes

• fix: only re-run directly applied attachment if it changed (#​15962)

v5.31.1

Compare Source

Patch Changes

• fix: avoid auto-parenthesis for special-keywords-only MediaQuery (#​15937)

v5.31.0

Compare Source

Minor Changes

• feat: allow state fields to be declared inside class constructors (#​15820)

Patch Changes

• fix: Add missing AttachTag in Tag union type inside the AST namespace from "svelte/compiler" (#​15946)

v5.30.2

Compare Source

Patch Changes

• fix: falsy attachments types (#​15939)

• fix: handle more hydration mismatches (#​15851)

v5.30.1

Compare Source

Patch Changes

• fix: add typeParams to SnippetBlock for legacy parser (#​15921)

v5.30.0

Compare Source

Minor Changes

• feat: allow generics on snippets (#​15915)

v5.29.0

Compare Source

Minor Changes

• feat: attachments (#​15000)

v5.28.7

Compare Source

Patch Changes

• fix: remove unncessary guards that require CSP privilege when removing event attributes (#​15846)

• fix: rewrite destructuring logic to handle iterators (#​15813)

v5.28.6

Compare Source

Patch Changes

• fix: use transform.read for ownership_validator.mutation array (#​15848)

• fix: don't redeclare $slots (#​15849)

v5.28.5

Compare Source

Patch Changes

• fix: proxify the value in assignment shorthands to the private field (#​15862)

• fix: more frequently update bind:buffered to actual value (#​15874)

v5.28.4

Compare Source

Patch Changes

• fix: treat nullish expression as empty string (#​15901)

• fix: prevent invalid BigInt calls from blowing up at compile time (#​15900)

• fix: warn on bidirectional control characters (#​15893)

• fix: emit right error for a shadowed invalid rune (#​15892)

v5.28.3

Compare Source

Patch Changes

• chore: avoid microtasks when flushing sync (#​15895)

• fix: improve error message for migration errors when slot would be renamed (#​15841)

• fix: allow characters in the supplementary special-purpose plane (#​15823)

sveltejs/language-tools (svelte-check)

v4.2.1

Compare Source

• feat: support generics on snippets (#​2761)

v4.2.0

Compare Source

• feat: support attachments (#​2760)
• fix: deduplicate definition for rune-mode components (#​2759)

v4.1.7

Compare Source

• fix: robustify hoisting logic around prop types (#​2740)
• fix: ensure typed exports are marked as used (#​2746)
• chore: bump vscode-html/css-language-service (#​2752)
• fix: ensure eligible snippets can be referenced in module script (#​2753)
• fix: prevent error with unclosed tag followed by LF or end of file (#​2750)

janosh/svelte-multiselect (svelte-multiselect)

v11.1.1

Compare Source

20 May 2025

• more playwright tests for active+inactive portal 66ebd8d
• pnpm remove svelte-multiselect bc6ee6c
• replace browser from @​app/env import with typeof window check in portal() action to support non-sveltekit apps 2a8f116
• remove unused link-check-config.json c4f26ef

v11.1.0

Compare Source

17 May 2025

• Multiselect portal #306
• Multiselect portal (#​306) #301

v11.0.0

Compare Source

15 May 2025

• Prevent empty style attributes on ul.selected > li and ul.options > li #304
• Breaking: Svelte 5 #295
• update and fix linting, fix 2 dead readme links 91f22d0

v11.0.0-rc.1

24 October 2024

• update MultiSelect.svelte for Svelte5 compatibility #293

v10.3.0

8 April 2024

• MultiSelect fix form validation not resetting when required prop changes #286
• Update readme.md #283
• Housekeeping #282
• Improve docs around Events #280
• Add props style, inputStyle, liOptionStyle, liSelectedStyle, ulSelectedStyle, ulOptionsStyle #279
• Add props liUserMsgClass and liUserMsgActiveClass #274
• link check treat 403 http status as alive, update deps 1b04c15

v10.2.0

21 September 2023

• Breaking: rename focusInputOnSelect to closeDropdownOnSelect #267
• Fix empty event.detail.options payload on removeAll #266
• update deps 58cee43

v10.1.0

18 July 2023

• Always show createOptionMsg if allowUserOptions is truthy and user entered text #254
• Add key style to ObjectOption for per-option inline CSS #252
• Make selected and value each reactive to each other #250
• [pre-commit.ci] pre-commit autoupdate #246

vitejs/vite (vite)

v6.3.5

Compare Source

• fix(ssr): handle uninitialized export access as undefined (#​19959) (fd38d07), closes #​19959

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.