Bump the npm_and_yarn group across 1 directory with 6 updates

[dependabot]

Bumps the npm_and_yarn group with 5 updates in the /frontend directory:

Package	From	To
svelte	3.59.2	5.25.6
@sveltejs/vite-plugin-svelte	1.4.0	5.0.3
svelte-check	2.10.3	4.1.5
svelte-preprocess	4.10.7	6.0.3
vite	3.2.11	6.2.5

Updates svelte from 3.59.2 to 5.25.6

Release notes

Sourced from svelte's releases.

svelte@5.25.6

Patch Changes

• fix: ignore generic type arguments while creating AST (#15659)

• fix: better consider component and its snippets during css pruning (#15630)

svelte@5.25.5

Patch Changes

• fix: add setters to $derived class properties (#15628)

• fix: silence assignment warning on more function bindings (#15644)

• fix: make sure CSS is preserved during SSR with bindings (#15645)

svelte@5.25.4

Patch Changes

• fix: support TS type assertions (#15642)

• fix: ensure undefined class still applies scoping class, if necessary (#15643)

svelte@5.25.3

Patch Changes

• fix: prevent state runes from being called with spread (#15585)

svelte@5.25.2

Patch Changes

• feat: migrate reassigned deriveds to $derived (#15581)

svelte@5.25.1

Patch Changes

• fix: prevent dev server from throwing errors when attempting to retrieve the proxied value of an iframe's contentWindow (#15577)

svelte@5.25.0

Minor Changes

• feat: make deriveds writable (#15570)

svelte@5.24.1

Patch Changes

• fix: use get in constructor for deriveds (#15300)

• fix: ensure toStore root effect is connected to correct parent effect (#15574)

... (truncated)

Changelog

Sourced from svelte's changelog.

svelte

4.2.3

Patch Changes

• fix: improve a11y-click-events-have-key-events message (#9358)

• fix: more robust hydration of html tag (#9184)

4.2.2

Patch Changes

• fix: support camelCase properties on custom elements (#9328)

• fix: add missing plaintext-only value to contenteditable type (#9242)

• chore: upgrade magic-string to 0.30.4 (#9292)

• fix: ignore trailing comments when comparing nodes (#9197)

4.2.1

Patch Changes

• fix: update style directive when style attribute is present and is updated via an object prop (#9187)

• fix: css sourcemap generation with unicode filenames (#9120)

• fix: do not add module declared variables as dependencies (#9122)

• fix: handle svelte:element with dynamic this and spread attributes (#9112)

• fix: silence false positive reactive component warning (#9094)

• fix: head duplication when binding is present (#9124)

• fix: take custom attribute name into account when reflecting property (#9140)

• fix: add indeterminate to the list of HTMLAttributes (#9180)

• fix: recognize option value on spread attribute (#9125)

4.2.0

Minor Changes

• feat: move svelteHTML from language-tools into core to load the correct svelte/element types (#9070)

... (truncated)

Commits

• 5b9053d Version Packages (#15650)
• 959f593 fix: ignore generic type arguments while creating AST (#15659)
• 3682371 chore: doc fix (#15651)
• e035e28 Fix: consider component and its snippets during css pruning (#15630)
• c822f9b Version Packages (#15649)
• ec91cac init (#15628)
• 9754204 fix: silence assignment warning on more function bindings (#15644)
• 046145f fix: make sure CSS is preserved during SSR with bindings (#15645)
• d6d99ca Version Packages (#15647)
• b93d004 fix: ensure undefined class still applies scoping class, if necessary (#15643)
• Additional commits viewable in compare view

Updates @sveltejs/vite-plugin-svelte from 1.4.0 to 5.0.3

Release notes

Sourced from @​sveltejs/vite-plugin-svelte's releases.

@​sveltejs/vite-plugin-svelte@​5.0.3

Patch Changes

• fix errorhandling to work with errors that don't have a code property (#1054)

@​sveltejs/vite-plugin-svelte@​5.0.2

Patch Changes

• adapt internal handling of warning and error code property to changes in svelte5 (#1044)

@​sveltejs/vite-plugin-svelte@​5.0.1

Patch Changes

• Fix peer dependencies warning (#1038)

@​sveltejs/vite-plugin-svelte@​5.0.0

Major Changes

• Handle Vite 6 breaking change and remove Vite 5 handling (#1020)

• Support Vite 6 (#1026)

Minor Changes

• Add esm-env to ssr.noExternal by default to resolve its conditions with Vite (#1020)

• Support ?inline query on Svelte style virtual modules (#1024)

Patch Changes

• remove vite6 beta from peer range (#1035)

• Allow script tags to span multiple lines (0db95a9)

• Updated dependencies [4fefbc2, e262266]:

  • @​sveltejs/vite-plugin-svelte-inspector@​4.0.0

@​sveltejs/vite-plugin-svelte@​5.0.0-next.0

Major Changes

• Handle Vite 6 breaking change and remove Vite 5 handling (#1020)

• Support Vite 6 (#1026)

Minor Changes

... (truncated)

Changelog

Sourced from @​sveltejs/vite-plugin-svelte's changelog.

5.0.3

Patch Changes

• fix errorhandling to work with errors that don't have a code property (#1054)

5.0.2

Patch Changes

• adapt internal handling of warning and error code property to changes in svelte5 (#1044)

5.0.1

Patch Changes

• Fix peer dependencies warning (#1038)

5.0.0

Major Changes

• Handle Vite 6 breaking change and remove Vite 5 handling (#1020)

• Support Vite 6 (#1026)

Minor Changes

• Add esm-env to ssr.noExternal by default to resolve its conditions with Vite (#1020)

• Support ?inline query on Svelte style virtual modules (#1024)

Patch Changes

• remove vite6 beta from peer range (#1035)

• Allow script tags to span multiple lines (0db95a9)

• Updated dependencies [4fefbc2, e262266]:

  • @​sveltejs/vite-plugin-svelte-inspector@​4.0.0

5.0.0-next.0

Major Changes

... (truncated)

Commits

• 2a89666 Version Packages (#1056)
• 47184d4 Use optional chaining to catch null error codes in error.js (#1054)
• d215c88 chore(deps): bump deps and update test case to match new svelte export (#1049)
• 0e8ebf3 Version Packages (#1045)
• e41edff fix: update warning codes for svelte5 (#1044)
• 1b302f1 chore(deps): update all non-major dependencies (#1042)
• 12dc87c chore(deps): update all non-major dependencies (#1041)
• 0c06e1f Version Packages (#1039)
• 5389d31 fix: handle peer dep warning (#1038)
• 5192b92 Version Packages (#1036)
• Additional commits viewable in compare view

Updates svelte-check from 2.10.3 to 4.1.5

Release notes

Sourced from svelte-check's releases.

svelte-check-4.1.5

• fix: take other snippets into account when checking for hoistability (#2668)
• fix: disambiguate render in module script (#2667)
• fix: properly transform $props.id when $props is assigned to props (#2694)
• fix: handle booleanish popover (#2702)
• chore: bump vscode-html/css-language-service (#2677)
• fix: use referenced project's compiler option to get resolution mode (#2676)

svelte-check-4.1.4

• fix: don't hoist types/snippets referencing stores or destructured variables (#2661)

svelte-check-4.1.3

• fix: move snippets to correct place when only module script present

svelte-check-4.1.2

• feat: support generics attribute for JSDoc (#2624)
• fix: better snippet/interface hoistability analysis (#2655)
• chore: TypeScript 5.7 support (#2585)

svelte-check-4.1.1

• fix: support each without as (#2615)

svelte-check-4.1.0

• fix: don't move appended content from previous node while hoisting interface (#2596)
• fix: ensure hoisted interfaces are moved after hoisted imports (#2597)
• fix: preserve bind:... mapping on elements for better source maps
• feat: prepare for some upcoming features of Svelte 5

svelte-check-4.0.9

• fix: detect shadowed variables/types during type hoisting (#2590)

svelte-check-4.0.8

• fix: fall back to any instead of unknown for untyped $props (#2582)
• fix: robustify and fix file writing (#2584)
• fix: hoist types related to $props rune if possible (#2571)

svelte-check-4.0.7

• fix: $props: infer types for $bindable, infer function type from arrow function

svelte-check-4.0.6

• chore: autotype const load = ... declarations (#2540)
• chore: provide component instance type in Svelte 5 (#2553)
• chore: support typescript 5.6 (#2545)
• fix: infer object and array shapes from fallback types (#2562)

svelte-check-4.0.5

• fix: include named exports in svelte 5 type (#2528)

svelte-check-4.0.4

• fix: relax component constructor type (#2524)

... (truncated)

Commits

• 58a86ba chore: bump to typescript 5.8 (#2704)
• 58d28ca fix: highlight type annotation in @const tags
• 59796de fix: handle booleanish popover (#2702)
• ca668e2 perf: cache files during emitDts (#2701)
• e284968 fix: correctly handle unclosed tags with same type tag inside (#2682)
• af88417 fix: use referenced project's compiler option to get resolution mode (#2676)
• 9ee7e9c fix: prevent error when the script tag is removed in nodenext projects (#2635)
• bcd6dd0 chore: bump vscode-html/css-language-service (#2677)
• c942382 fix: properly transform $props.id when $props is assigned to props (#2694)
• 8af8141 fix: don't show html tag completion with namespace component (#2685)
• Additional commits viewable in compare view

Updates svelte-preprocess from 4.10.7 to 6.0.3

Changelog

Sourced from svelte-preprocess's changelog.

6.0.3 (2024-09-26)

Bug Fixes

• add pug mixins to support svelte-5 syntax (#654) (9d49f3d)
• ignore sass deprecation warning (#657) (9b54325), closes #656

6.0.2 (2024-07-09)

Bug Fixes

• remove customConditions tsconfig option (#648) (afb80ae), closes #646

6.0.1 (2024-06-14)

Bug Fixes

• deprecate default export in favor of named export (#641) (a43de10), closes #591

6.0.0 (2024-06-12)

BREAKING CHANGES

• remove TS mixed imports support, require TS 5.0 or higher
• remove preserve option as it's unnecessary
• require Svelte 4+, Node 18+
• add exports map

Bug Fixes

• adjust globalifySelector to not split selectors with parentheses. (#632) (c435ebd), closes #501
• fix: allow TS filename to be undefined, fixes #488
• fix: adjust Svelte compiler type import
• fix: remove pug types and magic-string from dependencies
• chore: bump peer deps, fixes #553

5.1.4 (2024-04-16)

Bug Fixes

• remove pnpm version restriction (#629) (2713b82)

5.1.3 (2023-12-18)

... (truncated)

Commits

• See full diff in compare view

Updates vite from 3.2.11 to 6.2.5

Release notes

Sourced from vite's releases.

v6.2.5

Please refer to CHANGELOG.md for details.

v6.2.4

Please refer to CHANGELOG.md for details.

v6.2.3

Please refer to CHANGELOG.md for details.

v6.2.2

Please refer to CHANGELOG.md for details.

create-vite@6.2.1

Please refer to CHANGELOG.md for details.

v6.2.1

Please refer to CHANGELOG.md for details.

create-vite@6.2.0

Please refer to CHANGELOG.md for details.

v6.2.0

Please refer to CHANGELOG.md for details.

v6.2.0-beta.1

Please refer to CHANGELOG.md for details.

v6.2.0-beta.0

Please refer to CHANGELOG.md for details.

v6.1.4

Please refer to CHANGELOG.md for details.

v6.1.3

Please refer to CHANGELOG.md for details.

v6.1.2

Please refer to CHANGELOG.md for details.

create-vite@6.1.1

Please refer to CHANGELOG.md for details.

v6.1.1

Please refer to CHANGELOG.md for details.

create-vite@6.1.0

Please refer to CHANGELOG.md for details.

v6.1.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

6.2.5 (2025-04-03)

• fix: backport #19782, fs check with svg and relative paths (fdb196e), closes #19782

6.2.4 (2025-03-31)

• fix: fs check in transform middleware (#19761) (7a4faba), closes #19761

6.2.3 (2025-03-24)

• fix: fs raw query with query separators (#19702) (f234b57), closes #19702

6.2.2 (2025-03-14)

• fix: await client buildStart on top level buildStart (#19624) (b31faab), closes #19624
• fix(css): inline css correctly for double quote use strict (#19590) (d0aa833), closes #19590
• fix(deps): update all non-major dependencies (#19613) (363d691), closes #19613
• fix(indexHtml): ensure correct URL when querying module graph (#19601) (dc5395a), closes #19601
• fix(preview): use preview https config, not server (#19633) (98b3160), closes #19633
• fix(ssr): use optional chaining to prevent "undefined is not an object" happening in `ssrRewriteStac (4309755), closes #19612
• feat: show friendly error for malformed base (#19616) (2476391), closes #19616
• feat(worker): show asset filename conflict warning (#19591) (367d968), closes #19591
• chore: extend commit hash correctly when ambigious with a non-commit object (#19600) (89a6287), closes #19600

6.2.1 (2025-03-07)

• refactor: remove isBuild check from preAliasPlugin (#19587) (c9e086d), closes #19587
• refactor: restore endsWith usage (#19554) (6113a96), closes #19554
• refactor: use applyToEnvironment in internal plugins (#19588) (f678442), closes #19588
• fix(css): stabilize css module hashes with lightningcss in dev mode (#19481) (92125b4), closes #19481
• fix(deps): update all non-major dependencies (#19555) (f612e0f), closes #19555
• fix(reporter): fix incorrect bundle size calculation with non-ASCII characters (#19561) (437c0ed), closes #19561
• fix(sourcemap): combine sourcemaps with multiple sources without matched source (#18971) (e3f6ae1), closes #18971
• fix(ssr): named export should overwrite export all (#19534) (2fd2fc1), closes #19534
• feat: add *?url&no-inline type and warning for .json?inline / .json?no-inline (#19566) (c0d3667), closes #19566
• test: add glob import test case (#19516) (aa1d807), closes #19516
• test: convert config playground to unit tests (#19568) (c0e68da), closes #19568
• test: convert resolve-config playground to unit tests (#19567) (db5fb48), closes #19567
• perf: flush compile cache after 10s (#19537) (6c8a5a2), closes #19537
• chore(css): move environment destructuring after condition check (#19492) (c9eda23), closes #19492
• chore(html): remove unnecessary value check (#19491) (797959f), closes #19491

... (truncated)

Commits

• c176acf release: v6.2.5
• fdb196e fix: backport #19782, fs check with svg and relative paths
• 037f801 release: v6.2.4
• 7a4faba fix: fs check in transform middleware (#19761)
• 16869d7 release: v6.2.3
• f234b57 fix: fs raw query with query separators (#19702)
• b12911e release: v6.2.2
• 98b3160 fix(preview): use preview https config, not server (#19633)
• b31faab fix: await client buildStart on top level buildStart (#19624)
• dc5395a fix(indexHtml): ensure correct URL when querying module graph (#19601)
• Additional commits viewable in compare view

Updates esbuild from 0.15.18 to 0.25.2

Release notes

Sourced from esbuild's releases.

v0.25.2

• Support flags in regular expressions for the API (#4121)

  The JavaScript plugin API for esbuild takes JavaScript regular expression objects for the filter option. Internally these are translated into Go regular expressions. However, this translation previously ignored the flags property of the regular expression. With this release, esbuild will now translate JavaScript regular expression flags into Go regular expression flags. Specifically the JavaScript regular expression /\.[jt]sx?$/i is turned into the Go regular expression `(?i)\.[jt]sx?$` internally inside of esbuild's API. This should make it possible to use JavaScript regular expressions with the i flag. Note that JavaScript and Go don't support all of the same regular expression features, so this mapping is only approximate.

• Fix node-specific annotations for string literal export names (#4100)

  When node instantiates a CommonJS module, it scans the AST to look for names to expose via ESM named exports. This is a heuristic that looks for certain patterns such as exports.NAME = ... or module.exports = { ... }. This behavior is used by esbuild to "annotate" CommonJS code that was converted from ESM with the original ESM export names. For example, when converting the file export let foo, bar from ESM to CommonJS, esbuild appends this to the end of the file:

  // Annotate the CommonJS export names for ESM import in node:
  0 && (module.exports = {
    bar,
    foo
  });

  However, this feature previously didn't work correctly for export names that are not valid identifiers, which can be constructed using string literal export names. The generated code contained a syntax error. That problem is fixed in this release:

  // Original code
  let foo
  export { foo as "foo!" }
  // Old output (with --format=cjs --platform=node)
  ...
  0 && (module.exports = {
  "foo!"
  });
  // New output (with --format=cjs --platform=node)
  ...
  0 && (module.exports = {
  "foo!": null
  });

• Basic support for index source maps (#3439, #4109)

  The source map specification has an optional mode called index source maps that makes it easier for tools to create an aggregate JavaScript file by concatenating many smaller JavaScript files with source maps, and then generate an aggregate source map by simply providing the original source maps along with some offset information. My understanding is that this is rarely used in practice. I'm only aware of two uses of it in the wild: ClojureScript and Turbopack.

  This release provides basic support for indexed source maps. However, the implementation has not been tested on a real app (just on very simple test input). If you are using index source maps in a real app, please try this out and report back if anything isn't working for you.

  Note that this is also not a complete implementation. For example, index source maps technically allows nesting source maps to an arbitrary depth, while esbuild's implementation in this release only supports a single level of nesting. It's unclear whether supporting more than one level of nesting is important or not given the lack of available test cases.

  This feature was contributed by @​clyfish.

v0.25.1

• Fix incorrect paths in inline source maps (#4070, #4075, #4105)

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2022

This changelog documents all esbuild versions published in the year 2022 (versions 0.14.11 through 0.16.12).

0.16.12

• Loader defaults to js for extensionless files (#2776)

  Certain packages contain files without an extension. For example, the yargs package contains the file yargs/yargs which has no extension. Node, Webpack, and Parcel can all understand code that imports yargs/yargs because they assume that the file is JavaScript. However, esbuild was previously unable to understand this code because it relies on the file extension to tell it how to interpret the file. With this release, esbuild will now assume files without an extension are JavaScript files. This can be customized by setting the loader for "" (the empty string, representing files without an extension) to another loader. For example, if you want files without an extension to be treated as CSS instead, you can do that like this:

  • CLI:

    esbuild --bundle --loader:=css
    

  • JS:

    esbuild.build({
      bundle: true,
      loader: { '': 'css' },
    })

  • Go:

    api.Build(api.BuildOptions{
      Bundle: true,
      Loader: map[string]api.Loader{"": api.LoaderCSS},
    })

  In addition, the "type" field in package.json files now only applies to files with an explicit .js, .jsx, .ts, or .tsx extension. Previously it was incorrectly applied by esbuild to all files that had an extension other than .mjs, .mts, .cjs, or .cts including extensionless files. So for example an extensionless file in a "type": "module" package is now treated as CommonJS instead of ESM.

0.16.11

• Avoid a syntax error in the presence of direct eval (#2761)

  The behavior of nested function declarations in JavaScript depends on whether the code is run in strict mode or not. It would be problematic if esbuild preserved nested function declarations in its output because then the behavior would depend on whether the output was run in strict mode or not instead of respecting the strict mode behavior of the original source code. To avoid this, esbuild transforms nested function declarations to preserve the intended behavior of the original source code regardless of whether the output is run in strict mode or not:

  // Original code
  if (true) {
    function foo() {}
    console.log(!!foo)
    foo = null
    console.log(!!foo)
  }

... (truncated)

Commits

• 4475787 publish 0.25.2 to npm
• 8f56771 fix #4121: map js regexp flags to go regexp flags
• 36b458d follow-up to #4109
• 8b8437c feat: support index source map (#4109)
• 75286c1 unit test for absolute windows paths in source map
• bcc77fb fix #4100: invalid identifiers in node annotation
• 37cb6a2 fix a warning from npm publish
• 6bfc1c1 publish 0.25.1 to npm
• f9b3952 fix #4078: prepend namespaces to source map paths
• ccf3dd7 add "contributed by" in changelog
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.