Skip to content

Update dependency svelte to v4.2.20#45

Open
anomiex wants to merge 5 commits intotrunkfrom
renovate/svelte-4.x
Open

Update dependency svelte to v4.2.20#45
anomiex wants to merge 5 commits intotrunkfrom
renovate/svelte-4.x

Conversation

@anomiex
Copy link
Owner

@anomiex anomiex commented Nov 19, 2025

This PR contains the following updates:

Package Change Age Confidence
svelte (source) 4.2.19 -> 4.2.20 age confidence

Release Notes

sveltejs/svelte (svelte)

v4.2.20

Compare Source

Patch Changes
  • fix: properly remove event listeners in Component's removeEventListener (#​13556)

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 02:59 AM, on day 1 of the month ( * 0-2 1 * * ) in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

anomiex and others added 5 commits November 19, 2025 12:18
@anomiex
Update pnpm configuration
15d5bdd 
Pnpm 11 will move most configuration from `.npmrc` to
`pnpm-workspace.yaml`. We may as well get a head start on that.

Then let's make some changes too:
* save-exact - We stopped having Renovate pin in Automattic#27087. May as well
  have this match.
* minimumReleaseAge - New setting in 10.16, intended to help avoid
  installing compromised packages by waiting a day before upgrading.
* trustPolicy - New setting in 10.21, intended to help avoid installing
  compromised packages by rejecting installation when the new version
  has no provenance and an older version does.
* trustPolicyExclude - New setting in 10.22, to override trustPolicy
  when there's a legitimate reason.

This also takes the opportunity to clean up a few things:
* public-hoist-pattern was set to the default value.
* resolution-mode was only changed from 8.0.0–8.6.12.
  The current value is the default since then.
* use-lockfile-v6 is obsolete.
* Versions of `swiper` we use no longer have a build script.
@anomiex
Fix CI build
f2b09fd
@anomiex
Work around a bug in jest-playwright-preset, which the pending upgrad…
163a448 
…e of @storybook/test-runner stops using
@anomiex
Trim workflows
c7d2302
@renovate-bot
Update dependency svelte to v4.2.20
3d66d09
@anomiex
Copy link
Owner Author

anomiex commented Nov 19, 2025

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml
Scope: all 100 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 59, reused 0, downloaded 0, added 0
Progress: resolved 97, reused 0, downloaded 0, added 0
Progress: resolved 145, reused 0, downloaded 0, added 0
/tmp/renovate/repos/github/anomiex/jetpack/projects/js-packages/image-guide:
 ERR_PNPM_TRUST_DOWNGRADE  High-risk trust downgrade for "svelte@4.2.20" (possible package takeover)

This error happened while installing a direct dependency of /tmp/renovate/repos/github/anomiex/jetpack/projects/js-packages/image-guide

Earlier versions had provenance attestation, but this version has no trust evidence. A trust downgrade may indicate a supply chain incident.
File name: undefined
Command failed: /tmp/monorepo/.github/files/renovate-post-upgrade-run.sh renovate/svelte-4.x
warning: unable to access '/home/ubuntu/.config/git/attributes': Permission denied
warning: unable to access '/home/ubuntu/.config/git/ignore': Permission denied
 WARN  Issue while reading "/home/ubuntu/.npmrc". EACCES: permission denied, open '/home/ubuntu/.npmrc'
 WARN  Issue while reading "/home/ubuntu/.config/pnpm/rc". EACCES: permission denied, open '/home/ubuntu/.config/pnpm/rc'
warning: unable to access '/home/ubuntu/.config/git/ignore': Permission denied

@anomiex anomiex mentioned this pull request Nov 19, 2025
Merged
3 tasks
@anomiex anomiex force-pushed the trunk branch 3 times, most recently from b387cb0 to 137380f Compare November 26, 2025 19:30
@anomiex anomiex force-pushed the trunk branch 2 times, most recently from 45221d2 to ea5eb20 Compare December 1, 2025 19:28
@anomiex
Copy link
Owner Author

anomiex commented Dec 1, 2025

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@anomiex anomiex force-pushed the trunk branch 8 times, most recently from 9a227f0 to 7bcdbee Compare December 1, 2025 21:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

[Status] Needs Review [Type] Janitorial

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anomiex @renovate-bot