Bump svelte from 5.27.2 to 5.53.5

[dependabot]

Bumps svelte from 5.27.2 to 5.53.5.

Release notes

Sourced from svelte's releases.

svelte@5.53.5

Patch Changes

• fix: escape innerText and textContent bindings of contenteditable (0df5abcae223058ceb95491470372065fb87951d)

• fix: sanitize transformError values prior to embedding in HTML comments (0298e979371bb583855c9810db79a70a551d22b9)

svelte@5.53.4

Patch Changes

• fix: set server context after async transformError (#17799)

• fix: hydrate if blocks correctly (#17784)

• fix: handle default parameters scope leaks (#17788)

• fix: prevent flushed effects from running again (#17787)

svelte@5.53.3

Patch Changes

• fix: render :catch of #await block with correct key (#17769)

• chore: pin aria-query@5.3.1 (#17772)

• fix: make string coercion consistent to toString (#17774)

svelte@5.53.2

Patch Changes

• fix: update expressions on server deriveds (#17767)

• fix: further obfuscate node:crypto import from overzealous static analysis (#17763)

svelte@5.53.1

Patch Changes

• fix: handle shadowed function names correctly (#17753)

svelte@5.53.0

Minor Changes

• feat: allow comments in tags (#17671)

• feat: allow error boundaries to work on the server (#17672)

Patch Changes

• fix: use TrustedHTML to test for customizable support, where necessary (#17743)

... (truncated)

Changelog

Sourced from svelte's changelog.

5.53.5

Patch Changes

• fix: escape innerText and textContent bindings of contenteditable (0df5abcae223058ceb95491470372065fb87951d)

• fix: sanitize transformError values prior to embedding in HTML comments (0298e979371bb583855c9810db79a70a551d22b9)

5.53.4

Patch Changes

• fix: set server context after async transformError (#17799)

• fix: hydrate if blocks correctly (#17784)

• fix: handle default parameters scope leaks (#17788)

• fix: prevent flushed effects from running again (#17787)

5.53.3

Patch Changes

• fix: render :catch of #await block with correct key (#17769)

• chore: pin aria-query@5.3.1 (#17772)

• fix: make string coercion consistent to toString (#17774)

5.53.2

Patch Changes

• fix: update expressions on server deriveds (#17767)

• fix: further obfuscate node:crypto import from overzealous static analysis (#17763)

5.53.1

Patch Changes

• fix: handle shadowed function names correctly (#17753)

5.53.0

Minor Changes

• feat: allow comments in tags (#17671)

... (truncated)

Commits

• ed14b49 Version Packages (#17802)
• 0df5abc Merge commit from fork
• 0298e97 Merge commit from fork
• 96fd3ce Version Packages (#17786)
• 1b3e660 fix: prevent flushed effects from running again (#17787)
• 673a1ab fix: set server context after async transformError (#17799)
• 3a28979 fix: handle default parameters scope leaks (#17788)
• fcdc028 fix: hydrate if blocks correctly (#17784)
• 97f3ac5 Version Packages (#17775)
• 7deedc5 fix: render :catch of #await block with correct key (#17769)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for svelte since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Greptile Summary

Updates Svelte from 5.27.2 to 5.53.5, bringing important security fixes and bug improvements. The update includes XSS prevention for contenteditable bindings and proper sanitization of error values. Several bug fixes directly benefit this codebase, particularly the fix for rendering :catch blocks in #await statements (used in upcoming/+page.svelte, completed/+page.svelte, projects/+page.svelte, and the home page). Additional improvements include fixes for hydration, effect flushing, and server-side error boundaries. As a minor version bump with no breaking changes, this update should be safe to merge.

Confidence Score: 5/5

• Safe to merge - standard dependency update with security fixes and bug improvements, no breaking changes
• Minor version bump within Svelte 5.x with no breaking changes. Includes beneficial security patches and bug fixes that directly improve features used in this codebase. Dependabot-generated PR with standard lockfile updates.
• No files require special attention

Important Files Changed

Filename	Overview
package.json	Svelte version bumped from 5.27.2 to 5.53.5 in devDependencies
pnpm-lock.yaml	Lockfile updated to reflect Svelte version bump and transitive dependencies

_{Last reviewed commit: 366e609}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
zenith	Error		Feb 28, 2026 6:27pm

[greptile-apps]

_{2 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}