chore(deps): bump svelte from 5.55.4 to 5.55.9#185
Closed
dependabot[bot] wants to merge 1 commit into
Closed
Conversation
Bumps [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) from 5.55.4 to 5.55.9. - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.55.9/packages/svelte) --- updated-dependencies: - dependency-name: svelte dependency-version: 5.55.9 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
23 tasks
Owner
|
Superseded by #189 which consolidates this bump into a single SDK 1.0.0-beta.8 upgrade + dependabot sweep. |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
devartifex
added a commit
that referenced
this pull request
May 28, 2026
…on support (#189) * feat(sdk): upgrade to @github/copilot-sdk 1.0.0-beta.8 + remote sessions Consolidates 9 dependabot PRs and migrates to the latest beta SDK so we can expose cloud / remote-session control (the feature behind 'copilot --remote' / '/remote' in the official CLI). Dependency bumps - @github/copilot-sdk 0.2.2 -> 1.0.0-beta.8 (pinned exact; beta API) - @sveltejs/kit ^2.57.1 -> ^2.61.1 - svelte ^5.55.4 -> ^5.55.9 - vite ^8.0.8 -> ^8.0.14, ws ^8.18 -> ^8.21 - dompurify ^3.4 -> ^3.4.7, marked ^18.0.2 -> ^18.0.4 - dev-deps group: @playwright/test, vite-plugin-svelte, @types/node, @vitest/coverage-v8, jsdom, lint-staged, svelte-check SDK breaking-change migration - CopilotClient now takes a RuntimeConnection (forStdio/forUri/forTcp) - githubToken -> gitHubToken; cwd -> workingDirectory - COPILOT_HOME env -> baseDirectory option - SystemPromptSection -> SystemMessageSection - onPermissionRequest optional; getQuota({}) takes params object - hook input shapes: timestamp is Date; cwd dropped from session/error hooks; workingDirectory required on Pre/Post tool hook inputs - session-fs.ts removed (runtime writes session-state under baseDirectory) New SDK features wired in (all unit tested) - Per-session remoteSession mode (off | export | on), threaded through CreateSessionOptions and the WS new-session handler; persisted setting field added (default off). - Cloud sessions REST wrapper (cloud-sessions.ts) talking to api.individual.githubcopilot.com/agents/sessions (the same endpoint the official CLI uses for the remote-sessions view), with timeout + graceful error handling. - New GET /api/sessions/remote returns authenticated user's cloud sessions (passes through 401/403, 502 on other upstream errors). - New GET /api/sessions/last using client.getLastSessionId() + getSessionMetadata() for one-tap resume. - Graceful + forceful shutdown: destroyPoolEntry races client.stop() against a 5s timer and falls back to client.forceStop() to prevent hung CLI subs. Config - New ENABLE_REMOTE_SESSIONS env var (default true) wired into CopilotClient.enableRemoteSessions; sessions still need per-session opt-in. Verification - svelte-check: 0 errors / 0 warnings - vitest: 430 passed (41 files); +21 new tests covering cloud-sessions, /api/sessions/remote, /api/sessions/last, remoteSession threading, and forceStop fallback - npm run build succeeds; smoke boot: /health returns 200 Supersedes dependabot PRs #170, #172, #177, #178, #181, #182, #185, #186, #188. Out of scope (left open with comments): #176 (node:26-slim too new), #167 (release-please v5 breaking inputs), #187 (@github/copilot CLI is not a direct dep). Playwright E2E should be run in CI. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: drop /api/sessions/remote — endpoint does not exist in public CLI Investigating node_modules/@github/copilot/app.js (the official CLI we ship in node_modules via @github/copilot-sdk peer) showed that the hostname I guessed earlier — api.individual.githubcopilot.com — is not present anywhere in the bundle. The CLI only uses: - api.githubcopilot.com (default) - api.enterprise.githubcopilot.com (enterprise plan) And the agents endpoint is per-session (PUT/GET /agents/sessions/{id}), not a list. There is no 'list all my remote sessions' REST endpoint in the public CLI; that view is rendered on github.com using a different, internal API path that requires a Copilot bearer (exchanged from the GH OAuth token via a CLI-internal endpoint not exposed to integrators). Rather than ship a route that returns 502/empty results, I'm removing: - src/lib/server/copilot/cloud-sessions.ts - src/lib/server/copilot/cloud-sessions.test.ts - src/routes/api/sessions/remote/+server.ts - src/routes/api/sessions/remote/server.test.ts What stays (and is fully tested): - Per-session remoteSession mode wired through CreateSessionOptions and the WS new-session handler — the SDK takes care of publishing to api.githubcopilot.com under the hood when this is set. - GET /api/sessions/last (uses real SDK getLastSessionId + getSessionMetadata) - destroyPoolEntry forceStop fallback - ENABLE_REMOTE_SESSIONS env var New Playwright spec tests/sessions-endpoints.spec.ts hits the new /api/sessions/last on a real built server and verifies the 401 path end-to-end. Full suite: 57 desktop Playwright tests + 419 unit tests all pass. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(readme): SDK 1.0.0-beta.8 + remote-session publishing - Bump copilot-sdk badge & tech-stack line to v1.0.0-beta.8. - New Features bullets for remote session publishing and resume-last-session. - New 'Remote session publishing' subsection under CLI <-> Browser Sync explaining what off/export/on do AND being explicit about what's NOT in this release (no in-app remote session browser, no steering of other remote sessions) so future users don't expect that capability. - Add ENABLE_REMOTE_SESSIONS env var to the All-options table. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: address rubber-duck PR review findings - MCP server config: rename cwd → workingDirectory (SDK 1.0 rename) - /api/sessions/last: pass copilotConfigDir to createCopilotClient so the SDK reads from the correct baseDirectory - new-session handler: honor ENABLE_REMOTE_SESSIONS server kill-switch; ignore client-supplied remoteSession when the feature is disabled - destroyPoolEntry: clear timeout on stop() resolve, attach .catch() to the in-flight stop promise (no unhandled rejection), guard forceStop with a settled flag so it cannot race a clean stop Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * ci: bump e2e timeout from 15 to 30 minutes The Playwright desktop suite grew to 126 tests. With 1 CI worker and 2 retries (CI defaults from playwright.config.ts), the worst- case wall clock now exceeds the prior 15-minute budget — every recent CI run on this repo (including dependabot PRs) has been hitting the job timeout during the Playwright step. This is a narrow infra fix: extend the budget so the suite can actually finish. It does not skip, disable, or weaken any tests. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps svelte from 5.55.4 to 5.55.9.
Release notes
Sourced from svelte's releases.
... (truncated)
Changelog
Sourced from svelte's changelog.
... (truncated)
Commits
b65a3f3Version Packages (#18240)ef319edchore: bump acorn-typescript/esrap (#18248)d654db8fix: avoid false-positive batch invariant error (#18246)000c594fix:{#await await ...}and async dependencies fixes (#18243)a5df661fix: avoid unnecessary stringify in server attributes (#18232)f9440dcVersion Packages (#18239)ca3f35bfix(print): handle svelte:body and fix keyframe percentage double-printing (#...2bc3592fix: use named symbols everywhere (#18238)dc1f037fix: don't run teardown effects when deriveds are unfreezed (#18227)1e899cbfix: execute uninitialized derived even if it's destroyed (#18228)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.