chore(deps-dev): bump the development-dependencies group with 8 updates

[dependabot]

Bumps the development-dependencies group with 8 updates:

Package	From	To
@farmfe/cli	1.0.4	1.0.5
@farmfe/core	1.7.5	1.7.6
parcel	2.15.2	2.15.4
@rollup/plugin-typescript	12.1.2	12.1.3
rollup	4.42.0	4.44.0
@sveltejs/kit	2.21.3	2.22.0
svelte	5.33.18	5.34.7
svelte-check	4.2.1	4.2.2

Updates @farmfe/cli from 1.0.4 to 1.0.5

Release notes

Sourced from @​farmfe/cli's releases.

@​farmfe/cli@​1.0.5

Patch Changes

• c7bcfa0f: Fix #2176 --base does not work

Commits

• 6f28e62 Version Packages (#2186)
• c7bcfa0 chore: test hmr host check (#2190)
• d034f87 chore: update readme (#2187)
• 83342ef fix(core): Add origin check to the HMR server (#2173)
• 869522a chore: resolve typo (#2185)
• 9bf1b08 fix: handle Windows long path issue in base64_decode function (#2182)
• 072d07d Version Packages (#2167)
• 722a1d5 fix: tree shake issue when handling cross module top level variables … (#2166)
• 6edf48d Version Packages (#2164)
• 36fea66 fix: resolve the relative path of projects (#2161)
• Additional commits viewable in compare view

Updates @farmfe/core from 1.7.5 to 1.7.6

Release notes

Sourced from @​farmfe/core's releases.

@​farmfe/core@​1.7.6

Patch Changes

• 83342ef0: Added origin validation to HMR server

  BREAKING CHANGE: The HMR server now rejects all connections with unrecognized Origin headers. Clients need to update their configured ports and hosts if they want external apps to be able to connect to the HMR server.

• c7bcfa0f: Fix #2188 lazy compilation should respect publicPath

Commits

• 6f28e62 Version Packages (#2186)
• c7bcfa0 chore: test hmr host check (#2190)
• d034f87 chore: update readme (#2187)
• 83342ef fix(core): Add origin check to the HMR server (#2173)
• 869522a chore: resolve typo (#2185)
• 9bf1b08 fix: handle Windows long path issue in base64_decode function (#2182)
• See full diff in compare view

Updates parcel from 2.15.2 to 2.15.4

Release notes

Sourced from parcel's releases.

v2.15.3

Fixed

• JavaScript

  • Expose line and column number to macros – Details

• React Server Components

  • Invalidate cache in ReactStaticPackager when pages are added or client components change – Details
  • Fix lazy mode with React Server Components – Details
  • Fix @parcel/rsc duplicate types – Details
  • Ensure publicUrl ends with a slash in react-static packager – Details
  • Fix hash reference replacement in react-static packager – Details

Changelog

Sourced from parcel's changelog.

Changelog

All notable changes to Parcel will be documented in this file.

The format is based on Keep a Changelog and Parcel adheres to Semantic Versioning.

[2.15.3] – 2025-06-20

Fixed

• JavaScript

  • Expose line and column number to macros – Details

• React Server Components

  • Invalidate cache in ReactStaticPackager when pages are added or client components change – Details
  • Fix lazy mode with React Server Components – Details
  • Fix @parcel/rsc duplicate types – Details
  • Ensure publicUrl ends with a slash in react-static packager – Details
  • Fix hash reference replacement in react-static packager – Details

Commits

• See full diff in compare view

Updates @rollup/plugin-typescript from 12.1.2 to 12.1.3

Changelog

Sourced from @​rollup/plugin-typescript's changelog.

v12.1.3

2025-06-17

Bugfixes

• fix: fixes #1652 compile when source exists anywhere in the working directory (#1653)

Commits

• a209058 chore(release): typescript v12.1.3
• 40a38b1 fix(typescript): fixes #1652 compile when source exists anywhere in the worki...
• See full diff in compare view

Updates rollup from 4.42.0 to 4.44.0

Release notes

Sourced from rollup's releases.

v4.44.0

4.44.0

2025-06-19

Features

• Remove limit on maxParallelFileOps as this could break watch mode with the commonjs plugin (#5986)

Bug Fixes

• Provide better source mappings when coarse intermediate maps are used (#5985)

Pull Requests

• #5984: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #5985: Improve approximation of coarse sourcemap segments (@​TrickyPi)
• #5986: Remove limit on max parallel file ops (@​lukastaegert)

v4.43.0

4.43.0

2025-06-11

Features

• Provide new fs option and this.fs API to replace file system (#5944)

Pull Requests

• #5944: feat(options): Add an option for overriding the file system module in the JS API (@​EggDice, @​lukastaegert)

Changelog

Sourced from rollup's changelog.

4.44.0

2025-06-19

Features

• Remove limit on maxParallelFileOps as this could break watch mode with the commonjs plugin (#5986)

Bug Fixes

• Provide better source mappings when coarse intermediate maps are used (#5985)

Pull Requests

• #5984: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #5985: Improve approximation of coarse sourcemap segments (@​TrickyPi)
• #5986: Remove limit on max parallel file ops (@​lukastaegert)

4.43.0

2025-06-11

Features

• Provide new fs option and this.fs API to replace file system (#5944)

Pull Requests

• #5944: feat(options): Add an option for overriding the file system module in the JS API (@​EggDice, @​lukastaegert)

Commits

• fa4b284 4.44.0
• 0b3e6bf Remove limit on max parallel file ops (#5986)
• 95b53ee Improve approximation of coarse sourcemap segments (#5985)
• 5dcce11 fix(deps): lock file maintenance minor/patch updates (#5984)
• 72858cb 4.43.0
• eeca11a feat(options): Add an option for overriding the file system module in the JS ...
• See full diff in compare view

Updates @sveltejs/kit from 2.21.3 to 2.22.0

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.22.0

Minor Changes

• feat: add support for Vite 7 and Rolldown. See https://vite.dev/guide/rolldown.html#how-to-try-rolldown for details about how to try experimental Rolldown support. You will also need vite-plugin-svelte@^6.0.0-next.0 and vite@^7.0.0-beta.0. Compilation should be faster using Rolldown, but with larger bundle sizes until additional tree-shaking is implemented in Rolldown. See #13738 for ongoing work. (#13747)

@​sveltejs/kit@​2.21.5

Patch Changes

• fix: correctly set the sequential focus navigation point when using hash routing (#13884)

• fix: regression when resetting focus and the URL hash contains selector combinators or separators (#13884)

@​sveltejs/kit@​2.21.4

Patch Changes

• fix: correctly access transport decoders on the client when building for a single or inline output app (#13871)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.22.0

Minor Changes

• feat: add support for Vite 7 and Rolldown. See https://vite.dev/guide/rolldown.html#how-to-try-rolldown for details about how to try experimental Rolldown support. You will also need vite-plugin-svelte@^6.0.0-next.0 and vite@^7.0.0-beta.0. Compilation should be faster using Rolldown, but with larger bundle sizes until additional tree-shaking is implemented in Rolldown. See #13738 for ongoing work. (#13747)

2.21.5

Patch Changes

• fix: correctly set the sequential focus navigation point when using hash routing (#13884)

• fix: regression when resetting focus and the URL hash contains selector combinators or separators (#13884)

2.21.4

Patch Changes

• fix: correctly access transport decoders on the client when building for a single or inline output app (#13871)

Commits

• 5cedf89 Version Packages (#13908)
• aaa4a31 feat: support Rolldown (#13747)
• 8e27c71 Version Packages (#13885)
• f86f33b fix: sequential focus navigation starting point regression and hash routing (...
• 211e78c feat: Respect abort signals during serverside fetch optimization (#13877)
• 6ba4917 chore: update Vitest to 3.2.3 (#13865)
• ee3600d Version Packages (#13872)
• b451705 fix: correctly access app.decoders in inline and single output apps (#13871)
• See full diff in compare view

Updates svelte from 5.33.18 to 5.34.7

Release notes

Sourced from svelte's releases.

svelte@5.34.7

Patch Changes

• fix: address css class matching regression (#16204)

svelte@5.34.6

Patch Changes

• fix: match class and style directives against attribute selector (#16179)

svelte@5.34.5

Patch Changes

• fix: keep spread non-delegated event handlers up to date (#16180)

• fix: remove undefined attributes on hydration (#16178)

• fix: ensure sources within nested effects still register correctly (#16193)

• fix: avoid shadowing a variable in dynamic components (#16185)

svelte@5.34.4

Patch Changes

• fix: don't set state withing with_parent in proxy (#16176)

• fix: use compiler-driven reactivity in legacy mode template expressions (#16100)

svelte@5.34.3

Patch Changes

• fix: don't eagerly execute deriveds on resume (#16150)

• fix: prevent memory leaking signals in legacy mode (#16145)

• fix: don't define error.message if it's not configurable (#16149)

svelte@5.34.2

Patch Changes

• fix: add missing typings for some dimension bindings (#16142)

• fix: prune typescript class field declarations (#16154)

svelte@5.34.1

Patch Changes

• fix: correctly tag private class state fields (#16132)

svelte@5.34.0

... (truncated)

Changelog

Sourced from svelte's changelog.

5.34.7

Patch Changes

• fix: address css class matching regression (#16204)

5.34.6

Patch Changes

• fix: match class and style directives against attribute selector (#16179)

5.34.5

Patch Changes

• fix: keep spread non-delegated event handlers up to date (#16180)

• fix: remove undefined attributes on hydration (#16178)

• fix: ensure sources within nested effects still register correctly (#16193)

• fix: avoid shadowing a variable in dynamic components (#16185)

5.34.4

Patch Changes

• fix: don't set state withing with_parent in proxy (#16176)

• fix: use compiler-driven reactivity in legacy mode template expressions (#16100)

5.34.3

Patch Changes

• fix: don't eagerly execute deriveds on resume (#16150)

• fix: prevent memory leaking signals in legacy mode (#16145)

• fix: don't define error.message if it's not configurable (#16149)

5.34.2

Patch Changes

• fix: add missing typings for some dimension bindings (#16142)

• fix: prune typescript class field declarations (#16154)

... (truncated)

Commits

• 669a223 Version Packages (#16205)
• 659198a fix: address css class matching regression (#16204)
• d941cf5 Version Packages (#16196)
• 2b20a2d fix: match class and style directives against attribute selector (#16179)
• 402434e Version Packages (#16195)
• de90fc8 Test array sort in effect to prevent regressions of this use-case (#16175)
• 579d0e6 fix: ensure undefined attributes are removed during hydration (#16178)
• a5f500e fix: keep spread non-delegated event handlers up to date (#16180)
• 838f881 fix: avoid shadowing a variable in dynamic components (#16185)
• 061ab31 fix: ensure sources within nested effects still register correctly (#16193)
• Additional commits viewable in compare view

Updates svelte-check from 4.2.1 to 4.2.2

Release notes

Sourced from svelte-check's releases.

svelte-check-4.2.2

• fix: invalidate project file cache and handle watcher race condition (#2779)
• fix: prevent error with bind:this={get, set} (#2781)
• fix: don't treat derived imported from svelte/store as a potential store (#2780)
• fix: key block can have its own block scope (#2768)

Commits

• 291b484 feat: workspace symbols support (#2769)
• 5493844 fix: invalidate project file cache and handle watcher race condition (#2779)
• 75eb2bb fix: key block can have its own block scope (#2768)
• 1301e80 fix: don't treat derived imported from svelte/store as a potential store (#2780)
• 33f7e7f fix: prevent error with bind:this={get, set} (#2781)
• ef92ff3 perf: bail on giant export maps when initializing auto import cache
• d57bae2 chore: remove "Run tests with debugger" task. (#2764)
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[tbouffard]

✔️ Tested locally with the artifact built by GH Actions
✔️ All checks pass
✔️ Changelog and release-notes reviewed. Nothing impactful for us.

@dependabot squash and merge