Bump the updates group across 1 directory with 9 updates

[dependabot]

Bumps the updates group with 9 updates in the /frontend/app directory:

Package	From	To
zod	4.3.2	4.3.6
@playwright/test	1.57.0	1.58.1
@sveltejs/kit	2.49.2	2.50.2
eslint-plugin-svelte	3.13.1	3.14.0
prettier	3.7.4	3.8.1
publint	0.3.16	0.3.17
svelte	5.46.1	5.49.1
svelte-check	4.3.5	4.3.6
vite	7.3.0	7.3.1

Updates zod from 4.3.2 to 4.3.6

Release notes

Sourced from zod's releases.

v4.3.6

Commits:

• 9977fb0868432461de265a773319e80a90ba3e37 Add brand.dev to sponsors
• f4b7bae3468f6188b8f004e007d722148fc91d77 Update pullfrog.yml (#5634)
• 251d7163a0ac7740fee741428d913e3c55702ace Clean up workflow_call
• edd4132466da0f5065a8e051b599d01fdd1081d8 fix: add missing User-agent to robots.txt and allow all (#5646)
• 85db85e9091d0706910d60c7eb2e9c181edd87bd fix: typo in codec.test.ts file (#5628)
• cbf77bb12bdfda2e054818e79001f5cb3798ce76 Avoid non null assertion (#5638)
• dfbbf1c1ae0c224b8131d80ddf0a264262144086 Avoid re-exported star modules (#5656)
• 762e911e5773f949452fd6dd4e360f2362110e8e Generalize numeric key handling
• ca3c8629c0c2715571f70b44c2433cad3db7fe4e v4.3.6

v4.3.5

Commits:

• 21afffdb42ccab554036312e33fed0ea3cb8f982 [Docs] Update migration guide docs for deprecation of message (#5595)
• e36743e513aadb307b29949a80d6eb0dcc8fc278 Improve mini treeshaking
• 0cdc0b8597999fd9ca99767b912c1e82c1ff2d6c 4.3.5

v4.3.4

Commits:

• 1a8bea3b474eada6f219c163d0d3ad09fadabe72 Add integration tests
• e01cd02b2f23d7e9078d3813830b146f8a2258b4 Support patternProperties for looserecord (#5592)
• 089e5fbb0f58ce96d2c4fb34cd91724c78df4af5 Improve looseRecord docs
• decef9c418d9a598c3f1bada06891ba5d922c5cd Fix lint
• 9443aab00d44d5d5f4a7eada65fc0fc851781042 Drop iso time in fromJSONSchema
• 66bda7491a1b9eab83bdeec0c12f4efc7290bd48 Remove .refine() from ZodMiniType
• b4ab94ca608cd5b581bfc12b20dd8d95b35b3009 4.3.4

v4.3.3

Commits:

• f3b2151959d215d405f54dff3c7ab3bf1fd887ca v4.3.3

Commits

• ca3c862 v4.3.6
• 762e911 Generalize numeric key handling
• dfbbf1c Avoid re-exported star modules (#5656)
• cbf77bb Avoid non null assertion (#5638)
• 85db85e fix: typo in codec.test.ts file (#5628)
• edd4132 fix: add missing User-agent to robots.txt and allow all (#5646)
• 251d716 Clean up workflow_call
• f4b7bae Update pullfrog.yml (#5634)
• 9977fb0 Add brand.dev to sponsors
• 0cdc0b8 4.3.5
• Additional commits viewable in compare view

Updates @playwright/test from 1.57.0 to 1.58.1

Release notes

Sourced from @​playwright/test's releases.

v1.58.1

Highlights

#39036 fix(msedge): fix local network permissions #39037 chore: update cft download location #38995 chore(webkit): disable frame sessions on fronzen builds

Browser Versions

• Chromium 145.0.7632.6
• Mozilla Firefox 146.0.1
• WebKit 26.0

v1.58.0

📣 Playwright CLI+SKILLs 📣

We are adding a new token-efficient CLI mode of operation to Playwright with the skills located at playwright-cli. This brings the long-awaited official SKILL-focused CLI mode to our story and makes it more coding agent-friendly.

It is the first snapshot with the essential command set (which is already larger than the original MCP!), but we expect it to grow rapidly. Unlike the token use, that one we expect to go down since snapshots are no longer forced into the LLM!

Timeline

If you're using merged reports, the HTML report Speedboard tab now shows the Timeline:

UI Mode and Trace Viewer Improvements

• New 'system' theme option follows your OS dark/light mode preference
• Search functionality (Cmd/Ctrl+F) is now available in code editors
• Network details panel has been reorganized for better usability
• JSON responses are now automatically formatted for readability

Thanks to @​cpAdm for contributing these improvements!

Miscellaneous

browserType.connectOverCDP() now accepts an isLocal option. When set to true, it tells Playwright that it runs on the same host as the CDP server, enabling file system optimizations.

Breaking Changes ⚠️

• Removed _react and _vue selectors. See locators guide for alternatives.
• Removed :light selector engine suffix. Use standard CSS selectors instead.
• Option devtools from browserType.launch() has been removed. Use args: ['--auto-open-devtools-for-tabs'] instead.
• Removed macOS 13 support for WebKit. We recommend to upgrade your macOS version, or keep using an older Playwright version.

Browser Versions

• Chromium 145.0.7632.6
• Mozilla Firefox 146.0.1
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 144

... (truncated)

Commits

• 97bc385 cherry-pick(#38995): chore(webkit): disable frame sessions on fronzen builds
• ad625fe chore: mark v1.58.1 (#39055)
• f07234d cherry-pick(#39036): fix(msedge): fix local network permissions (#39053)
• ab8136c cherry-pick(#39037): chore: update cft download location (#39052)
• aa6ffeb cherry-pick(#39014): docs: add 1.58 release notes for Java, Python, and C#
• 961381e chore: mark 1.58.0 (#38921)
• 0c1b64c chore: hide stuff (#38882)
• b1fd5d0 test: unflake some ui-mode tests (#38907)
• faf317c chore: tune press/type via cli (#38898)
• ba4b983 docs: add v1.58 release notes (#38879)
• Additional commits viewable in compare view

Updates @sveltejs/kit from 2.49.2 to 2.50.2

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.50.2

Patch Changes

• fix: ensure inlined CSS follows paths.assets and paths.relative settings (#15153)

• fix: emit script CSP nonces when unsafe-inline is present if strict-dynamic is also present (#15221)

• fix: re-export browser/dev from esm-env (#15206)

• fix: use validated args in batch resolver in both csr and ssr (#15215)

• fix: ensure CSS inlining includes components that are conditionally rendered (#15153)

• fix: only match rest params with matchers when the matcher matches (#15216)

• fix: properly handle percent-encoded anchors (e.g. <a href="#sparkles-%E2%9C%A8">) during prerendering. (#15231)

@​sveltejs/kit@​2.50.1

Patch Changes

• fix: include hooks.server and hooks.universal as explicit Vite build inputs to ensure assets imported by hooks files are correctly discovered (#15178)

• fix: improves fields type for generic components (#14974)

• fix: preload links if href changes (#15191)

@​sveltejs/kit@​2.50.0

Minor Changes

• breaking: remove buttonProps from experimental remote form functions; use e.g. <button {...myForm.fields.action.as('submit', 'register')}>Register</button> button instead (#15144)

@​sveltejs/kit@​2.49.5

Patch Changes

• fix: avoid overriding Vite default base when running Vitest 4 (#14866)

• fix: ensure url decoded pathnames are not mistaken as rerouted requests (d9ae9b0)

• fix: add length checks to remote forms (8ed8155)

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.50.2

Patch Changes

• fix: ensure inlined CSS follows paths.assets and paths.relative settings (#15153)

• fix: emit script CSP nonces when unsafe-inline is present if strict-dynamic is also present (#15221)

• fix: re-export browser/dev from esm-env (#15206)

• fix: use validated args in batch resolver in both csr and ssr (#15215)

• fix: ensure CSS inlining includes components that are conditionally rendered (#15153)

• fix: only match rest params with matchers when the matcher matches (#15216)

• fix: properly handle percent-encoded anchors (e.g. <a href="#sparkles-%E2%9C%A8">) during prerendering. (#15231)

2.50.1

Patch Changes

• fix: include hooks.server and hooks.universal as explicit Vite build inputs to ensure assets imported by hooks files are correctly discovered (#15178)

• fix: improves fields type for generic components (#14974)

• fix: preload links if href changes (#15191)

2.50.0

Minor Changes

• breaking: remove buttonProps from experimental remote form functions; use e.g. <button {...myForm.fields.action.as('submit', 'register')}>Register</button> button instead (#15144)

2.49.5

Patch Changes

• fix: avoid overriding Vite default base when running Vitest 4 (#14866)

• fix: ensure url decoded pathnames are not mistaken as rerouted requests (d9ae9b0)

... (truncated)

Commits

• 765d978 Version Packages (#15207)
• dc629d5 fix(kit): properly handle percent-encoded anchors during prerendering (#15231)
• 2e64488 fix: emit script CSP nonces when is present if is also present (#15221)
• d25a853 chore: restore previous explicit version for magic-string dependency in packa...
• 2164e20 fix: only match rest params with matchers when the matcher matches (#15216)
• 10e70d6 chore(deps): update dependency set-cookie-parser to v3 (#15155)
• 43bfc6f fix: use validated args in batch resolver (#15215)
• 52965cf fix: ensure CSS URLs are correct when inlining client stylesheets (#15153)
• 77213e7 fix: reexport browser/dev from esm-env (#15206)
• 398a909 chore: add closing angle bracket (#15205)
• Additional commits viewable in compare view

Updates eslint-plugin-svelte from 3.13.1 to 3.14.0

Release notes

Sourced from eslint-plugin-svelte's releases.

eslint-plugin-svelte@3.14.0

Minor Changes

• #1443 18266fc Thanks @​marekdedic! - feat(no-navigation-without-resolve): ignoring links with rel=external

Changelog

Sourced from eslint-plugin-svelte's changelog.

3.14.0

Minor Changes

• #1443 18266fc Thanks @​marekdedic! - feat(no-navigation-without-resolve): ignoring links with rel=external

Commits

• 0108aea chore: release eslint-plugin-svelte (#1456)
• 18266fc feat(no-navigation-without-resolve): ignoring links with rel=external (#1443)
• See full diff in compare view

Updates prettier from 3.7.4 to 3.8.1

Release notes

Sourced from prettier's releases.

3.8.1

• Include available printers in plugin type declarations (#18706 by @​porada)

🔗 Changelog

3.8.0

• Support Angular v21.1

diff

🔗 Release note "Prettier 3.8: Support for Angular v21.1"

Changelog

Sourced from prettier's changelog.

3.8.1

diff

Include available printers in plugin type declarations (#18706 by @​porada)

// Input
import * as prettierPluginEstree from "prettier/plugins/estree";
// Prettier 3.8.0
// Property 'printers' does not exist on type 'typeof import("prettier/plugins/estree")'. ts(2339)
prettierPluginEstree.printers.estree; //=> any
// Prettier 3.8.1
prettierPluginEstree.printers.estree; //=> Printer
prettierPluginEstree.printers["estree-json"]; //=> Printer

3.8.0

diff

🔗 Release Notes

Commits

• 90983f4 Release 3.8.1
• 57f702f Include available printers in plugin type declarations (#18706)
• bece827 Revert change in release script
• 82a4ab2 Bump Prettier dependency to 3.8.0
• 5213ee4 Clean changelog_unreleased
• f95ad0f Comment out finished steps
• b2034e8 Fix release script
• 5824b15 Release 3.8.0
• 0433601 Add blog post for v3.8.0 (#18639)
• b04d05b Remove lint step from release script (#18415)
• Additional commits viewable in compare view

Updates publint from 0.3.16 to 0.3.17

Release notes

Sourced from publint's releases.

publint@0.3.17

Patch Changes

• Fix packing packages with pnpm when publishConfig.directory is set (#216)

• Updated dependencies [2dcb107]:

  • @​publint/pack@​0.1.3

Changelog

Sourced from publint's changelog.

0.3.17

Patch Changes

• Fix packing packages with pnpm when publishConfig.directory is set (#216)

• Updated dependencies [2dcb107]:

  • @​publint/pack@​0.1.3

Commits

• 0b5c272 Release packages (#217)
• 2dcb107 Support pnpm publishConfig.directory config (#216)
• 9927d7e Update dependencies
• See full diff in compare view

Updates svelte from 5.46.1 to 5.49.1

Release notes

Sourced from svelte's releases.

svelte@5.49.1

Patch Changes

• fix: merge consecutive large text nodes (#17587)

• fix: only create async functions in SSR output when necessary (#17593)

• fix: properly separate multiline html blocks from each other in print() (#17319)

• fix: prevent unhandled exceptions arising from dangling promises in (#17591)

svelte@5.49.0

Minor Changes

• feat: allow passing ShadowRootInit object to custom element shadow option (#17088)

Patch Changes

• fix: throw for unset createContext get on the server (#17580)

• fix: reset effects inside skipped branches (#17581)

• fix: preserve old dependencies when updating reaction inside fork (#17579)

• fix: more conservative assignment_value_stale warnings (#17574)

• fix: disregard popover elements when determining whether an element has content (#17367)

• fix: fire introstart/outrostart events after delay, if specified (#17567)

• fix: increment signal versions when discarding forks (#17577)

svelte@5.48.5

Patch Changes

• fix: run boundary onerror callbacks in a microtask, in case they result in the boundary's destruction (#17561)

• fix: prevent unintended exports from namespaces (#17562)

• fix: each block breaking with effects interspersed among items (#17550)

svelte@5.48.4

Patch Changes

• fix: avoid duplicating escaped characters in CSS AST (#17554)

svelte@5.48.3

Patch Changes

• fix: hydration failing with settled async blocks (#17539)

... (truncated)

Changelog

Sourced from svelte's changelog.

5.49.1

Patch Changes

• fix: merge consecutive large text nodes (#17587)

• fix: only create async functions in SSR output when necessary (#17593)

• fix: properly separate multiline html blocks from each other in print() (#17319)

• fix: prevent unhandled exceptions arising from dangling promises in (#17591)

5.49.0

Minor Changes

• feat: allow passing ShadowRootInit object to custom element shadow option (#17088)

Patch Changes

• fix: throw for unset createContext get on the server (#17580)

• fix: reset effects inside skipped branches (#17581)

• fix: preserve old dependencies when updating reaction inside fork (#17579)

• fix: more conservative assignment_value_stale warnings (#17574)

• fix: disregard popover elements when determining whether an element has content (#17367)

• fix: fire introstart/outrostart events after delay, if specified (#17567)

• fix: increment signal versions when discarding forks (#17577)

5.48.5

Patch Changes

• fix: run boundary onerror callbacks in a microtask, in case they result in the boundary's destruction (#17561)

• fix: prevent unintended exports from namespaces (#17562)

• fix: each block breaking with effects interspersed among items (#17550)

5.48.4

Patch Changes

• fix: avoid duplicating escaped characters in CSS AST (#17554)

... (truncated)

Commits

• 92e6721 Version Packages (#17585)
• 8933653 fix: merge consecutive text nodes during hydration for large text content (#1...
• ebe583f fix: only create async functions in SSR output when necessary (#17593)
• 5656dd5 fix: handle renderer.run rejections (#17591)
• 704d0cd chore: allow testing in production env 2 (#17590)
• 26b09ec chore: bump playwright (#17565)
• ffd65e9 chore: allow testing in production env (#16840)
• 82fde88 fix: print() multiline behaviour (#17319)
• 9d1dd2e Version Packages (#17564)
• 2d62ffe fix: throw for unset createContext get on the server (#17580)
• Additional commits viewable in compare view

Updates svelte-check from 4.3.5 to 4.3.6

Release notes

Sourced from svelte-check's releases.

svelte-check@4.3.6

Patch Changes

• fix: don't hoist type/snippet referencing $store (#2926)

Commits

• 6b83202 Version Packages (#2919)
• 9c05c1a fix: compatibility with prettier-plugin-tailwindcss in monorepo (#2925)
• e2f09eb fix: don't hoist type/snippet referencing $store (#2926)
• e891ace perf: only parse html once in a batch update (#2923)
• 8c11665 fix: remove outdated documentation with --ignore (#2920)
• fb00777 feat: support emmet.extensionsPath config (#2918)
• eb2fa2a feat: Use custom element's JSDoc as doc for completion/hover (#2879)
• f8f40c5 fix: add tokenTypes config for JSDoc completion (#2916)
• See full diff in compare view

Updates vite from 7.3.0 to 7.3.1

Release notes

Sourced from vite's releases.

v7.3.1

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.3.1 (2026-01-07)

Features

• add ignoreOutdatedRequests option to optimizeDeps (#21364) (9d39d37)

Commits

• 95e8923 release: v7.3.1
• 9d39d37 feat: add ignoreOutdatedRequests option to optimizeDeps (#21364)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions