build(deps-dev): Bump sveltekit-superforms from 2.27.4 to 2.29.1

[dependabot]

Bumps sveltekit-superforms from 2.27.4 to 2.29.1.

Release notes

Sourced from sveltekit-superforms's releases.

v2.29.1

Fixed

• Fixed TypeScript type inference for discriminated unions in ValidationErrors. #653
• Fixed FormData parsing for discriminated unions, so they work properly without requiring dataType: 'json'. #655
• reset() function didn't preserve tainted state for fields that are not being reset when using partial data. #656
• Fixed FormData parsing incorrectly coercing empty strings to literal values (e.g., z.literal("bar")). Empty strings now properly fail validation instead of being replaced with the literal value. #664
• Fixed ReferenceError when using customValidity with validateForm({ update: true }). #669

Changed

• Replaced deprecated @finom/zod-to-json-schema with zod-v3-to-json-schema. #660
• Migrated Valibot adapter to use the official @valibot/to-json-schema package. #668

v2.28.1

Fixed

• Zod 4 adapter: Allow top-level .transform() and .refine() in schemas. #646.
• Zod 4 adapter now respects global customError configuration when no explicit error map is provided. The adapter prioritizes customError over localeError. #618.
• Zod 4 adapter: Fixed Default Date values in nested objects. #650.

v2.28.0

Changed

• TypeBox adapter has been bumped to 1.0! Check the migration guide to upgrade. Note that if you must stay on 0.x for a while, you cannot upgrade to this version of Superforms.

Added

• Added support for Zod 4 stringbools. #610
• booleanProxy now supports the empty option.

Fixed

• Fixed loading timers when the timeoutMS setting is triggered and a redirect response is returned. #622
• filesStore initialValue now matches fileStore. #637
• Fixed JSON Schema for some non-representable types in Zod 4 adapter, it now handles set and map properly. #617
• Possibly fixed the SuperDebug broken import on Svelte 5 in enforced runes mode #599
• Zod 4 error messages should now take the current locale into account as default. #618, #639
• Zod 3 fix for URL parsing - A default boolean value of true returned false when parsing a URL with superValidate. #633

Changelog

Sourced from sveltekit-superforms's changelog.

[2.29.1] - 2025-12-16

Fixed

• Fixed TypeScript type inference for discriminated unions in ValidationErrors. #653
• Fixed FormData parsing for discriminated unions, so they work properly without requiring dataType: 'json'. #655
• reset() function didn't preserve tainted state for fields that are not being reset when using partial data. #656
• Fixed FormData parsing incorrectly coercing empty strings to literal values (e.g., z.literal("bar")). Empty strings now properly fail validation instead of being replaced with the literal value. #664
• Fixed ReferenceError when using customValidity with validateForm({ update: true }). #669

Changed

• Replaced deprecated @finom/zod-to-json-schema with zod-v3-to-json-schema. #660
• Migrated Valibot adapter to use the official @valibot/to-json-schema package. #668

[2.28.1] - 2025-10-19

Fixed

• Zod 4 adapter: Allow top-level .transform() and .refine() in schemas. #646.
• Zod 4 adapter now respects global customError configuration when no explicit error map is provided. The adapter prioritizes customError over localeError. #618.
• Zod 4 adapter: Fixed Default Date values in nested objects. #650.

[2.28.0] - 2025-10-19

Changed

• TypeBox adapter has been bumped to 1.0! Check the migration guide to upgrade. Note that if you must stay on 0.x for a while, you cannot upgrade to this version of Superforms.

Added

• Added support for Zod 4 stringbools. #610
• booleanProxy now supports the empty option.

Fixed

• Fixed loading timers when the timeoutMS setting is triggered and a redirect response is returned. #622
• filesStore initialValue now matches fileStore. #637
• Fixed JSON Schema for some non-representable types in Zod 4 adapter, it now handles set and map properly. #617
• Possibly fixed the SuperDebug broken import on Svelte 5 in enforced runes mode #599
• Zod 4 error messages should now take the current locale into account as default. #618, #639
• Zod 3 fix for URL parsing - A default boolean value of true returned false when parsing a URL with superValidate. #633

Commits

• 22319df 2.29.1 changelog
• c1b4430 2.29.1
• 9408124 Incorrect dependency fix
• 887aeb6 2.29.0
• ce701fb 2.29.0 changelog
• 58b41b1 Linter
• fbbdb90 Fixed build warning
• 44a40c6 Fixed SvelteKit reference warnings
• 12bb4d5 Using pnpm 10 for build
• f7c87d8 Package updates
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dependabot]

Dependabot can't authenticate to a private package registry. Because of this, Dependabot cannot update this pull request.

[KATO-Hiro]

@coderabbitai

v2.27.4からv2.29.1の間に、かなりインパクトのある破壊的な変更があったと思うけど、その影響の有無を調べて
便利な新機能があれば推薦して

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash

# Find all files importing from sveltekit-superforms
echo "=== Files using sveltekit-superforms ==="
rg -n --type=ts --type=js -C3 "from ['\"]sveltekit-superforms"

echo -e "\n=== Check for TypeBox usage ==="
rg -n --type=ts --type=js "typebox|TypeBox"

echo -e "\n=== Check for Zod adapter usage ==="
rg -n --type=ts --type=js "from ['\"]sveltekit-superforms/adapters"

echo -e "\n=== Check for Valibot usage ==="
rg -n --type=ts --type=js "valibot|Valibot"

echo -e "\n=== Check package.json dependencies ==="
cat package.json | jq '.dependencies + .devDependencies' | grep -E "(zod|typebox|valibot|superforms)"

Length of output: 3965

---

🏁 Script executed:

#!/bin/bash

# Check for discriminated unions usage (z.discriminatedUnion)
echo "=== Check for discriminated unions ==="
rg -n --type=ts --type=js "discriminatedUnion|discriminated"

# Check for reset() function usage
echo -e "\n=== Check for reset() function usage ==="
rg -n --type=ts --type=js "\.reset\(" -A2 -B2

# Check for z.literal usage
echo -e "\n=== Check for literal values in schemas ==="
rg -n --type=ts --type=js "\.literal\("

# Check for customValidity usage
echo -e "\n=== Check for customValidity ==="
rg -n --type=ts --type=js "customValidity"

# Check for validateForm usage
echo -e "\n=== Check for validateForm ==="
rg -n --type=ts --type=js "validateForm"

# Check for booleanProxy usage
echo -e "\n=== Check for booleanProxy ==="
rg -n --type=ts --type=js "booleanProxy"

# Look at the Zod schemas to understand structure
echo -e "\n=== Check Zod schema files ==="
fd -e ts -e js schema

Length of output: 3150

---

🏁 Script executed:

#!/bin/bash

# Check the main schema file
echo "=== Main Zod schema file ==="
cat src/lib/zod/schema.ts

# Check for boolean field usage in schemas
echo -e "\n=== Check for boolean fields ==="
rg -n --type=ts "z\.boolean\(\)" -C2

# Check for URL or string parsing with booleans
echo -e "\n=== Check for coerce usage ==="
rg -n --type=ts "\.coerce\."

Length of output: 3869

---

@KATO-Hiro

コードベースを調査した結果をお知らせします。

破壊的変更の影響について

影響なし ✅

v2.28.0でTypeBoxアダプターが1.0にアップグレードされましたが、このリポジトリでは**Zodアダプター（Zod 3.25.76）**のみを使用しているため、破壊的変更による影響はありません。

バグ修正の恩恵

以下のファイルでsveltekit-superformsを使用しています：

• src/routes/workbooks/create/+page.server.ts
• src/routes/workbooks/edit/[slug]/+page.server.ts
• src/lib/utils/auth_forms.ts
• src/routes/(admin)/account_transfer/+page.server.ts
• src/test/lib/utils/auth_forms.test.ts

スキーマ（src/lib/zod/schema.ts）にはisPublished、isOfficial、isReplenishedというboolean型フィールドがあります。以下の修正が役立つ可能性があります：

1. v2.28.0 (⬆️ Bump playwright from 1.42.1 to 1.43.0 #633): Zod 3でのURL解析時のboolean型デフォルト値の不具合修正
2. v2.29.1 (📚 Improve alt text in submission status and README (#652) #664): FormData解析時の空文字列処理の改善 - 空文字列がリテラル値に誤って変換される問題を修正

推奨する新機能

booleanProxy（v2.28.0でemptyオプション追加）

現在、ワークブックの作成・編集フォームでboolean型フィールドを使用されています。booleanProxyを使うと、チェックボックスとの双方向バインディングがより簡潔に記述できます：

import { booleanProxy } from 'sveltekit-superforms';

// コンポーネント内で
const isPublished = booleanProxy(form, 'isPublished', { empty: 'value' });

これにより、チェックボックスの状態管理が簡単になります。

結論

このアップグレードは安全に適用可能です。既存コードへの悪影響はなく、boolean型フィールドに関するバグ修正の恩恵を受けられます。

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.