@sveltejs/kit 2.52.0 → 2.52.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sveltejs/kit",
-  "version": "2.52.0",
+  "version": "2.52.2",
   "description": "SvelteKit is the fastest way to build Svelte apps",
   "keywords": [
     "framework",
@@ -23,12 +23,11 @@
     "@types/cookie": "^0.6.0",
     "acorn": "^8.14.1",
     "cookie": "^0.6.0",
-    "devalue": "^5.6.2",
+    "devalue": "^5.6.3",
     "esm-env": "^1.2.2",
     "kleur": "^4.1.5",
     "magic-string": "^0.30.5",
     "mrmime": "^2.0.0",
-    "sade": "^1.8.1",
     "set-cookie-parser": "^3.0.0",
     "sirv": "^3.0.0"
   },
@@ -41,7 +40,7 @@
     "@types/set-cookie-parser": "^2.4.7",
     "dts-buddy": "^0.6.2",
     "rollup": "^4.14.2",
-    "svelte": "^5.48.4",
+    "svelte": "^5.51.5",
     "svelte-preprocess": "^6.0.0",
     "typescript": "^5.3.3",
     "vite": "^6.3.5",

package/src/cli.js

@@ -1,7 +1,7 @@
 import fs from 'node:fs';
 import process from 'node:process';
+import { parseArgs } from 'node:util';
 import colors from 'kleur';
-import sade from 'sade';
 import { load_config } from './core/config/index.js';
 import { coalesce_to_error } from './utils/error.js';
 
@@ -20,28 +20,76 @@ function handle_error(e) {
 }
 
 const pkg = JSON.parse(fs.readFileSync(new URL('../package.json', import.meta.url), 'utf-8'));
-const prog = sade('svelte-kit').version(pkg.version);
-
-prog
-	.command('sync')
-	.describe('Synchronise generated type definitions')
-	.option('--mode', 'Specify a mode for loading environment variables', 'development')
-	.action(async ({ mode }) => {
-		const config_files = ['js', 'ts']
-			.map((ext) => `svelte.config.${ext}`)
-			.filter((f) => fs.existsSync(f));
-		if (config_files.length === 0) {
-			console.warn(`Missing Svelte config file in ${process.cwd()} — skipping`);
-			return;
-		}
-
-		try {
-			const config = await load_config();
-			const sync = await import('./core/sync/sync.js');
-			sync.all_types(config, mode);
-		} catch (error) {
-			handle_error(error);
-		}
+
+const help = `
+  Usage: svelte-kit <command> [options]
+
+  Commands:
+    sync        Synchronise generated type definitions
+
+  Options:
+    --version, -v   Show version number
+    --help, -h      Show this help message
+
+  Sync Options:
+    --mode <mode>   Specify a mode for loading environment variables (default: development)
+`;
+
+let parsed;
+try {
+	parsed = parseArgs({
+		options: {
+			version: { type: 'boolean', short: 'v' },
+			help: { type: 'boolean', short: 'h' },
+			mode: { type: 'string', default: 'development' }
+		},
+		allowPositionals: true,
+		strict: true
 	});
+} catch (err) {
+	const error = /** @type {Error} */ (err);
+	console.error(colors.bold().red(`> ${error.message}`));
+	console.log(help);
+	process.exit(1);
+}
+
+const { values, positionals } = parsed;
+
+if (values.version) {
+	console.log(pkg.version);
+	process.exit(0);
+}
 
-prog.parse(process.argv, { unknown: (arg) => `Unknown option: ${arg}` });
+if (values.help) {
+	console.log(help);
+	process.exit(0);
+}
+
+const command = positionals[0];
+
+if (!command) {
+	console.log(help);
+	process.exit(0);
+}
+
+if (command === 'sync') {
+	const config_files = ['js', 'ts']
+		.map((ext) => `svelte.config.${ext}`)
+		.filter((f) => fs.existsSync(f));
+	if (config_files.length === 0) {
+		console.warn(`Missing Svelte config file in ${process.cwd()} — skipping`);
+		process.exit(0);
+	}
+
+	try {
+		const config = await load_config();
+		const sync = await import('./core/sync/sync.js');
+		sync.all_types(config, values.mode);
+	} catch (error) {
+		handle_error(error);
+	}
+} else {
+	console.error(colors.bold().red(`> Unknown command: ${command}`));
+	console.log(help);
+	process.exit(1);
+}

package/src/core/adapt/builder.js

@@ -19,7 +19,7 @@ import { find_server_assets } from '../generate_manifest/find_server_assets.js';
 import { reserved } from '../env.js';
 
 const pipe = promisify(pipeline);
-const extensions = ['.html', '.js', '.mjs', '.json', '.css', '.svg', '.xml', '.wasm'];
+const extensions = ['.html', '.js', '.mjs', '.json', '.css', '.svg', '.xml', '.wasm', '.txt'];
 
 /**
  * Creates the Builder which is passed to adapters for building the application.

package/src/exports/vite/build/build_server.js

@@ -1,6 +1,6 @@
 import fs from 'node:fs';
 import { mkdirp } from '../../../utils/filesystem.js';
-import { filter_fonts, find_deps, resolve_symlinks } from './utils.js';
+import { create_function_as_string, filter_fonts, find_deps, resolve_symlinks } from './utils.js';
 import { s } from '../../../utils/misc.js';
 import { normalizePath } from 'vite';
 import { basename } from 'node:path';
@@ -78,8 +78,9 @@ export function build_server_nodes(
 
 				// only convert to a function if we have adjusted any URLs
 				if (css !== transformed_css) {
-					return `function css(assets, base) { return \`${s(transformed_css).slice(1, -1)}\`; }`;
+					return create_function_as_string('css', ['assets', 'base'], transformed_css);
 				}
+
 				return s(css);
 			};
 		}

package/src/exports/vite/build/utils.js

@@ -1,6 +1,7 @@
 import fs from 'node:fs';
 import path from 'node:path';
 import { normalizePath } from 'vite';
+import { s } from '../../../utils/misc.js';
 
 /**
  * Adds transitive JS and CSS dependencies to the js and css inputs.
@@ -129,3 +130,18 @@ export function filter_fonts(assets) {
 export function assets_base(config) {
 	return (config.paths.assets || config.paths.base || '.') + '/';
 }
+
+/**
+ * Writes a function with arguments used by a template literal.
+ * This helps us store strings in a module and inject values at runtime.
+ * @param {string} name The name of the function
+ * @param {string[]} placeholder_names The names of the placeholders in the string
+ * @param {string} str A string with placeholders such as "Hello ${arg0}".
+ * 										 It must have backticks and dollar signs escaped.
+ * @returns {string} The function written as a string
+ */
+export function create_function_as_string(name, placeholder_names, str) {
+	str = s(str).slice(1, -1);
+	const args = placeholder_names ? placeholder_names.join(', ') : '';
+	return `function ${name}(${args}) { return \`${str}\`; }`;
+}

package/src/runtime/client/remote-functions/form.svelte.js

@@ -110,6 +110,10 @@ export function form(id) {
 
 			submitted = true;
 
+			// Increment pending count immediately so that `pending` reflects
+			// the in-progress state during async preflight validation
+			pending_count++;
+
 			const validated = await preflight_schema?.['~standard'].validate(data);
 
 			if (validated?.issues) {
@@ -118,9 +122,15 @@ export function form(id) {
 					raw_issues,
 					validated.issues.map((issue) => normalize_issue(issue, false))
 				);
+				pending_count--;
 				return;
 			}
 
+			// Preflight passed - clear stale client-side preflight issues
+			if (preflight_schema) {
+				raw_issues = raw_issues.filter((issue) => issue.server);
+			}
+
 			// TODO 3.0 remove this warning
 			if (DEV) {
 				const error = () => {
@@ -174,9 +184,6 @@ export function form(id) {
 				entry.count++;
 			}
 
-			// Increment pending count when submission starts
-			pending_count++;
-
 			/** @type {Array<Query<any> | RemoteQueryOverride>} */
 			let updates = [];
 

package/src/runtime/form-utils.js

@@ -254,14 +254,30 @@ export async function deserialize_binary_form(request) {
 		const file_offsets_buffer = await get_buffer(HEADER_BYTES + data_length, file_offsets_length);
 		if (!file_offsets_buffer) throw deserialize_error('file offset table too short');
 
-		file_offsets = /** @type {Array<number>} */ (
-			JSON.parse(text_decoder.decode(file_offsets_buffer))
-		);
+		const parsed_offsets = JSON.parse(text_decoder.decode(file_offsets_buffer));
+
+		if (
+			!Array.isArray(parsed_offsets) ||
+			parsed_offsets.some((n) => typeof n !== 'number' || !Number.isInteger(n) || n < 0)
+		) {
+			throw deserialize_error('invalid file offset table');
+		}
+
+		file_offsets = /** @type {Array<number>} */ (parsed_offsets);
 		files_start_offset = HEADER_BYTES + data_length + file_offsets_length;
 	}
 
 	const [data, meta] = devalue.parse(text_decoder.decode(data_buffer), {
 		File: ([name, type, size, last_modified, index]) => {
+			if (
+				typeof name !== 'string' ||
+				typeof type !== 'string' ||
+				typeof size !== 'number' ||
+				typeof last_modified !== 'number' ||
+				typeof index !== 'number'
+			) {
+				throw deserialize_error('invalid file metadata');
+			}
 			if (files_start_offset + file_offsets[index] + size > content_length) {
 				throw deserialize_error('file data overflow');
 			}

package/src/utils/css.js

@@ -1,5 +1,6 @@
 import MagicString from 'magic-string';
 import * as svelte from 'svelte/compiler';
+import { escape_for_interpolation } from './escape.js';
 
 /** @typedef {ReturnType<typeof import('svelte/compiler').parseCss>['children']} StyleSheetChildren */
 
@@ -59,6 +60,8 @@ export function fix_css_urls({
 		return css;
 	}
 
+	css = escape_for_interpolation(css);
+
 	// safe guard in case of trailing slashes (but this should never happen)
 	if (paths_assets.endsWith('/')) {
 		paths_assets = paths_assets.slice(0, -1);

package/src/utils/escape.js

@@ -60,3 +60,12 @@ export function escape_html(str, is_attr) {
 
 	return escaped_str;
 }
+
+/**
+ * Escapes backticks and dollar signs so that they can be safely used in template literals.
+ * @param {string} str
+ * @returns {string} escaped string
+ */
+export function escape_for_interpolation(str) {
+	return str.replaceAll('`', '\\`').replaceAll('$', '\\$');
+}

package/src/version.js

@@ -1,4 +1,4 @@
 // generated during release, do not modify
 
 /** @type {string} */
-export const VERSION = '2.52.0';
+export const VERSION = '2.52.2';