chore(deps-dev): bump svelte from 3.50.1 to 5.53.5 in /examples/svelte/localized-sveltekit

[dependabot]

Bumps svelte from 3.50.1 to 5.53.5.

Release notes

Sourced from svelte's releases.

svelte@5.53.5

Patch Changes

• fix: escape innerText and textContent bindings of contenteditable (0df5abcae223058ceb95491470372065fb87951d)

• fix: sanitize transformError values prior to embedding in HTML comments (0298e979371bb583855c9810db79a70a551d22b9)

svelte@5.53.4

Patch Changes

• fix: set server context after async transformError (#17799)

• fix: hydrate if blocks correctly (#17784)

• fix: handle default parameters scope leaks (#17788)

• fix: prevent flushed effects from running again (#17787)

svelte@5.53.3

Patch Changes

• fix: render :catch of #await block with correct key (#17769)

• chore: pin aria-query@5.3.1 (#17772)

• fix: make string coercion consistent to toString (#17774)

svelte@5.53.2

Patch Changes

• fix: update expressions on server deriveds (#17767)

• fix: further obfuscate node:crypto import from overzealous static analysis (#17763)

svelte@5.53.1

Patch Changes

• fix: handle shadowed function names correctly (#17753)

svelte@5.53.0

Minor Changes

• feat: allow comments in tags (#17671)

• feat: allow error boundaries to work on the server (#17672)

Patch Changes

• fix: use TrustedHTML to test for customizable support, where necessary (#17743)

... (truncated)

Changelog

Sourced from svelte's changelog.

svelte

4.2.3

Patch Changes

• fix: improve a11y-click-events-have-key-events message (#9358)

• fix: more robust hydration of html tag (#9184)

4.2.2

Patch Changes

• fix: support camelCase properties on custom elements (#9328)

• fix: add missing plaintext-only value to contenteditable type (#9242)

• chore: upgrade magic-string to 0.30.4 (#9292)

• fix: ignore trailing comments when comparing nodes (#9197)

4.2.1

Patch Changes

• fix: update style directive when style attribute is present and is updated via an object prop (#9187)

• fix: css sourcemap generation with unicode filenames (#9120)

• fix: do not add module declared variables as dependencies (#9122)

• fix: handle svelte:element with dynamic this and spread attributes (#9112)

• fix: silence false positive reactive component warning (#9094)

• fix: head duplication when binding is present (#9124)

• fix: take custom attribute name into account when reflecting property (#9140)

• fix: add indeterminate to the list of HTMLAttributes (#9180)

• fix: recognize option value on spread attribute (#9125)

4.2.0

Minor Changes

• feat: move svelteHTML from language-tools into core to load the correct svelte/element types (#9070)

... (truncated)

Commits

• ed14b49 Version Packages (#17802)
• 0df5abc Merge commit from fork
• 0298e97 Merge commit from fork
• 96fd3ce Version Packages (#17786)
• 1b3e660 fix: prevent flushed effects from running again (#17787)
• 673a1ab fix: set server context after async transformError (#17799)
• 3a28979 fix: handle default parameters scope leaks (#17788)
• fcdc028 fix: hydrate if blocks correctly (#17784)
• 97f3ac5 Version Packages (#17775)
• 7deedc5 fix: render :catch of #await block with correct key (#17769)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for svelte since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Note

Medium Risk
Major Svelte upgrade (v3→v5) can break the SvelteKit example build/runtime and introduces a higher Node.js minimum (>=18). Lockfile dependency range changes (e.g., @sveltejs/kit recorded as *) could cause non-deterministic installs if not aligned with package.json.

Overview
Upgrades the examples/svelte/localized-sveltekit dev dependency svelte from ^3.44.0/3.50.1 to ^5.53.5 and regenerates package-lock.json accordingly (new transitive deps and svelte now requiring Node >=18).

The lockfile also changes how SvelteKit deps are recorded at the root (e.g., @sveltejs/kit/@sveltejs/adapter-auto shown as * instead of next), which may affect install reproducibility if it diverges from package.json.

^{Written by Cursor Bugbot for commit 8dcde12. This will update automatically on new commits. Configure here.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: 8dcde12

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Svelte 5 upgrade breaks incompatible v3/v4 toolchain ecosystem

High Severity

Bumping svelte from v3 to v5 without upgrading the rest of the toolchain will break the project. eslint-plugin-svelte3 requires svelte ^3.2.0, svelte-hmr@0.15.3 requires svelte ^3.19.0 || ^4.0.0, and @sveltejs/vite-plugin-svelte-inspector@1.0.4 requires svelte ^3.54.0 || ^4.0.0 — none of which match v5. @sveltejs/kit@1.30.4 is SvelteKit 1.x, which was not designed for Svelte 5. The companion packages (@sveltejs/kit, @sveltejs/vite-plugin-svelte, eslint-plugin-svelte3, prettier-plugin-svelte) all need to be updated to Svelte 5-compatible versions.

Additional Locations (2)

• examples/svelte/localized-sveltekit/package-lock.json#L1066-L1071
• examples/svelte/localized-sveltekit/package-lock.json#L2022-L2026

 

[cursor]

Lockfile version specifier mismatches package.json for @sveltejs/kit

Medium Severity

The lockfile's root package metadata (packages[""]) now lists @sveltejs/kit as "*", but package.json still specifies "@sveltejs/kit": "next". These are semantically different — "next" resolves to a specific dist-tag on npm, while "*" matches any version. This mismatch means the lockfile is out of sync with package.json, which can cause npm install to behave inconsistently or regenerate the lockfile unexpectedly.

 

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 8dcde12

Command	Status	Duration	Result
nx test @e2e/nextjs-sdk-next-app	✅ Succeeded	7m 5s	View ↗
nx test @e2e/qwik-city	✅ Succeeded	7m 10s	View ↗
nx test @e2e/angular-17	✅ Succeeded	6m 37s	View ↗
nx test @e2e/nuxt	✅ Succeeded	5m 40s	View ↗
nx test @e2e/react-sdk-next-15-app	✅ Succeeded	5m 11s	View ↗
nx test @e2e/hydrogen	✅ Succeeded	5m 10s	View ↗
nx test @e2e/angular-19-ssr	✅ Succeeded	5m 10s	View ↗
nx test @e2e/angular-17-ssr	✅ Succeeded	5m 8s	View ↗
Additional runs (37)	✅ Succeeded	...	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-02-28 14:37:59 UTC