deps(frontend): bump the npm-minor-patch group across 1 directory with 10 updates

[dependabot]

Bumps the npm-minor-patch group with 10 updates in the /frontend directory:

Package	From	To
axios	1.13.2	1.13.5
@sveltejs/vite-plugin-svelte	6.2.1	6.2.4
@testing-library/svelte	5.2.10	5.3.1
@tsconfig/svelte	5.0.6	5.0.7
happy-dom	20.0.11	20.5.3
jsdom	27.3.0	27.4.0
svelte	5.45.5	5.50.0
svelte-check	4.3.4	4.3.6
vite	7.2.6	7.3.1
vitest	4.0.16	4.0.18

Updates axios from 1.13.2 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

• Fix/5657. (PR #7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #7326)
• Refactor: bump minor package versions. (PR #7356)

Documentation

• Clarify object-check comment. (PR #7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #7355)
• CI: update workflow YAMLs. (PR #7372)
• CI: fix run condition. (PR #7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
• Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

• @​sachin11063 (first contribution — PR #7323)
• @​asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

• fix: issues with version 1.13.3 (#7352) (ee90dfc)
  • Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad

... (truncated)

Commits

• 29f7542 chore(release): prepare release 1.13.5 (#7379)
• 431c3a3 ci: fix run condition (#7373)
• 9ff3a78 ci: update ymls (#7372)
• 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
• 475e75a feat: add input validation to isAbsoluteURL (#7326)
• 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
• 04cf019 docs: clarify object check comment (#7323)
• 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
• 569f028 fix: added a option to choose between legacy and the new request/response int...
• 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates @sveltejs/vite-plugin-svelte from 6.2.1 to 6.2.4

Release notes

Sourced from @​sveltejs/vite-plugin-svelte's releases.

@​sveltejs/vite-plugin-svelte@​6.2.4

Patch Changes

• fix(hmr): ensure that svelte files are recompiled and updated css modules returned correctly when reported out of order (#1258)

@​sveltejs/vite-plugin-svelte@​6.2.3

Patch Changes

• fix(filter): ignore zero-tagged ids per rollup convention (#1255)

@​sveltejs/vite-plugin-svelte@​6.2.2

Patch Changes

• Update experimental support for rolldown-vite to vite 8 beta (#1246)

• perf: switch from debug to obug (smaller, esm-only) (#1241)

Changelog

Sourced from @​sveltejs/vite-plugin-svelte's changelog.

6.2.4

Patch Changes

• fix(hmr): ensure that svelte files are recompiled and updated css modules returned correctly when reported out of order (#1258)

6.2.3

Patch Changes

• fix(filter): ignore zero-tagged ids per rollup convention (#1255)

6.2.2

Patch Changes

• Update experimental support for rolldown-vite to vite 8 beta (#1246)

• perf: switch from debug to obug (smaller, esm-only) (#1241)

Commits

• 24bf204 Version Packages (#1259)
• 599dbc1 fix: transform Svelte component first during HMR (#1258)
• 83513a8 Version Packages (#1256)
• b280447 fix(filter): ignore zero-tagged ids per rollup convention (#1255)
• 99bfe1a Version Packages (#1247)
• c4f8535 fix: update from rolldown-vite to vite-8 beta (#1246)
• cba6ae8 perf: replace debug with obug (#1241)
• fdf68ea chore: updates (#1239)
• See full diff in compare view

Updates @testing-library/svelte from 5.2.10 to 5.3.1

Release notes

Sourced from @​testing-library/svelte's releases.

@​testing-library/svelte@​5.3.1

@​testing-library/svelte 5.3.1 (2025-12-25)

Bug Fixes

• types: remove errant deprecation (#469) (dcb519b), closes #468

@​testing-library/svelte@​5.3.0

@​testing-library/svelte 5.3.0 (2025-12-23)

Features

• core: create standalone core module (#460) (e43f3c7)
• polish types, bring back pure export (#465) (fb45051)

@​testing-library/svelte@​5.3.0-next.3

@​testing-library/svelte 5.3.0-next.3 (2025-12-23)

Features

• polish types, bring back pure export (#465) (fb45051)

Dependencies

• @​testing-library/svelte-core: upgraded to 1.0.0-next.5

@​testing-library/svelte@​5.3.0-next.2

@​testing-library/svelte 5.3.0-next.2 (2025-12-22)

Dependencies

• @​testing-library/svelte-core: upgraded to 1.0.0-next.4

@​testing-library/svelte@​5.3.0-next.1

@​testing-library/svelte 5.3.0-next.1 (2025-12-20)

Features

• core: create standalone core module (#460) (e43f3c7)

Dependencies

• @​testing-library/svelte-core: upgraded to 1.0.0-next.3

Commits

• dcb519b fix(types): remove errant deprecation (#469)
• fb45051 feat: polish types, bring back pure export (#465)
• e43f3c7 feat(core): create standalone core module (#460)
• dc415ae refactor(core): move all rendering and cleanup logic into core (#459)
• be4748e chore: switch to pnpm monorepo (#457)
• See full diff in compare view

Updates @tsconfig/svelte from 5.0.6 to 5.0.7

Commits

• See full diff in compare view

Updates happy-dom from 20.0.11 to 20.5.3

Release notes

Sourced from happy-dom's releases.

v20.5.3

👷‍♂️ Patch fixes

• Node.replaceWith does not throw w/o parent - By @​lukeed

v20.5.2

👷‍♂️ Patch fixes

• Use entities package for HTML/XML encoding and decoding - By @​TrevorBurnham in task #1947

v20.5.1

👷‍♂️ Patch fixes

• Fixes logic in HTMLInputElement.stepUp() and HTMLInputElement.stepDown() to work according to spec - By @​stevematney in task #1955

v20.5.0

👷‍♂️ Patch fixes

• Removes circular dependencies internally - By @​capricorn86 in task #2055
  • Compilers can handle simpler circular dependencies, but warnings may be outputted
• Changes naming of types used internally to follow a consistent pattern - By @​capricorn86 in task #2055
• Enforces use of the "type" modifier internally in the source code (e.g. import type and export type) - By @​capricorn86 in task #2055

v20.4.0

🎨 Features

• Adds support for caching the compiled code of EcmaScript modules - By @​capricorn86 in task #2049
• Improves the way nodes are destroyed and garbage collected - By @​capricorn86 in task #2049

v20.3.9

👷‍♂️ Patch fixes

• Accept Document nodes as valid boundary points in Selection API - By @​skoch13 in task #1952

v20.3.8

👷‍♂️ Patch fixes

• The getters for the properties focusNode and focusOffset in the Selection API returned incorrect values - By @​skoch13 in task #1850

v20.3.7

👷‍♂️ Patch fixes

• Updates README.md for the "@​happy-dom/server-renderer" package - By @​capricorn86 in task #2035

v20.3.6

👷‍♂️ Patch fixes

• Fixes issue where it wasn't possible to toggle the "open" attribute of <details> by clicking on a child of the <summary> element - By @​Nxooah in task #1928

v20.3.5

👷‍♂️ Patch fixes

• Use internal property for "location" in BrowserFrameURL to avoid mock interference - By @​marchaos in task #1964
• Add optional chaining to the "hostname" and pathname" properties to check if they are undefined in CookieURLUtility - By @​marchaos in task #1968

v20.3.4

👷‍♂️ Patch fixes

• Preserve attribute name case in CSS selectors for XML documents - By @​TrevorBurnham in task #1912
• Implement implicit closing of <p> elements per HTML spec - By @​TrevorBurnham in task #1949
• EventTarget should not call arbitrary on* properties - By @​TrevorBurnham in task #1895

... (truncated)

Commits

• 273ad6c fix: Node.replaceWith does not throw w/o parent (#1969)
• 7c44f48 chore: #1947 Adds unit tests for decode ' / numeric character referenc...
• 560589c fix: #1947 Use entities package for HTML/XML encoding/decoding (#2016)
• ce559c3 fix: #1955 Fixes stepUp and stepDown on HTMLInputElement according to spec ...
• f070566 feat: #2055 Changes internal types to follow a consistent pattern (#2056)
• 18e56d0 feat: #2049 Adds support for caching the compiled code of EcmaScript module...
• d8a50dc fix: #1952 Accept Document nodes as valid boundary points in Selection API ...
• 77a6cd0 fix: #1850 Selection API focusNode and focusOffset returning incorrect valu...
• aa2dbb8 fix: #2035 Updates README.md for the server-renderer package (#2037)
• 4d1c023 fix: #1928 Support details click firing the onToggle event handler (#1929)
• Additional commits viewable in compare view

Updates jsdom from 27.3.0 to 27.4.0

Release notes

Sourced from jsdom's releases.

Version 27.4.0

• Added TextEncoder and TextDecoder.
• Improved decoding of HTML bytes by using the new @exodus/bytes package; it is now much more correct. (ChALkeR)
• Improved decoding of XML bytes to use UTF-8 more often, instead of sniffing for <meta charset> or using the parent frame's encoding.
• Fixed a memory leak when Ranges were used and then the elements referred to by those ranges were removed.

Changelog

Sourced from jsdom's changelog.

27.4.0

• Added TextEncoder and TextDecoder.
• Improved decoding of HTML bytes by using the new @exodus/bytes package; it is now much more correct. (ChALkeR)
• Improved decoding of XML bytes to use UTF-8 more often, instead of sniffing for <meta charset> or using the parent frame's encoding.
• Fixed a memory leak when Ranges were used and then the elements referred to by those ranges were removed.

Commits

• 098d16d Version 27.4.0
• 1cd029e Improve asciiLowercase/asciiUppercase performance
• 83fcb62 Implement TextEncoder and TextDecoder; improve XML decoding
• ddad97d Switch from iconv-lite to exodus/bytes for decoding
• 25cb2a1 Use weak references for ranges
• ed4f5ed Add currently-failing CSS regression tests
• See full diff in compare view

Updates svelte from 5.45.5 to 5.50.0

Release notes

Sourced from svelte's releases.

svelte@5.50.0

Minor Changes

• feat: allow use of createContext when instantiating components programmatically (#17575)

Patch Changes

• fix: ensure infinite effect loops are cleared after flushing (#17601)

• fix: allow {#key NaN} (#17642)

• fix: detect store in each block expression regardless of AST shape (#17636)

• fix: treat <menu> like <ul>/<ol> for a11y role checks (#17638)

• fix: add vite-ignore comment inside dynamic crypto import (#17623)

• chore: wrap JSDoc URLs in @see and @link tags (#17617)

• fix: properly hydrate already-resolved async blocks (#17641)

• fix: emit each_key_duplicate error in production (#16724)

• fix: exit resolved async blocks on correct node when hydrating (#17640)

svelte@5.49.2

Patch Changes

• chore: remove SvelteKit data attributes from elements.d.ts (#17613)

• fix: avoid erroneous async derived expressions for blocks (#17604)

• fix: avoid Cloudflare warnings about not having the "node:crypto" module (#17612)

• fix: reschedule effects inside unskipped branches (#17604)

svelte@5.49.1

Patch Changes

• fix: merge consecutive large text nodes (#17587)

• fix: only create async functions in SSR output when necessary (#17593)

• fix: properly separate multiline html blocks from each other in print() (#17319)

• fix: prevent unhandled exceptions arising from dangling promises in (#17591)

svelte@5.49.0

Minor Changes

... (truncated)

Changelog

Sourced from svelte's changelog.

5.50.0

Minor Changes

• feat: allow use of createContext when instantiating components programmatically (#17575)

Patch Changes

• fix: ensure infinite effect loops are cleared after flushing (#17601)

• fix: allow {#key NaN} (#17642)

• fix: detect store in each block expression regardless of AST shape (#17636)

• fix: treat <menu> like <ul>/<ol> for a11y role checks (#17638)

• fix: add vite-ignore comment inside dynamic crypto import (#17623)

• chore: wrap JSDoc URLs in @see and @link tags (#17617)

• fix: properly hydrate already-resolved async blocks (#17641)

• fix: emit each_key_duplicate error in production (#16724)

• fix: exit resolved async blocks on correct node when hydrating (#17640)

5.49.2

Patch Changes

• chore: remove SvelteKit data attributes from elements.d.ts (#17613)

• fix: avoid erroneous async derived expressions for blocks (#17604)

• fix: avoid Cloudflare warnings about not having the "node:crypto" module (#17612)

• fix: reschedule effects inside unskipped branches (#17604)

5.49.1

Patch Changes

• fix: merge consecutive large text nodes (#17587)

• fix: only create async functions in SSR output when necessary (#17593)

• fix: properly separate multiline html blocks from each other in print() (#17319)

• fix: prevent unhandled exceptions arising from dangling promises in (#17591)

... (truncated)

Commits

• bb00d5b Version Packages (#17615)
• 863c9d6 chore: wrap JSDoc URLs in @​see and @​link tags (#17617)
• 57cb393 fix: allow NaN in key blocks (#17642)
• bd7b8aa chore: fix broken css test (#17644)
• f71a681 fix: treat menu element like ul/ol for a11y role checks (#17638)
• 4453e48 fix: fix spelling errors in media-query and test file (#17628)
• 0c715af fix: correct spelling errors in test files (#17630)
• 989492f fix: use "set up" (verb) instead of "setup" (noun) in comments (#17632)
• 6e5f2b1 fix: exit resolved async blocks on correct node when hydrating (#17640)
• bc44975 fix: properly hydrate already-resolved async blocks (alternative) (#17641)
• Additional commits viewable in compare view

Updates svelte-check from 4.3.4 to 4.3.6

Release notes

Sourced from svelte-check's releases.

svelte-check@4.3.6

Patch Changes

• fix: don't hoist type/snippet referencing $store (#2926)

svelte-check@4.3.5

Patch Changes

• fix: ensure await-block type is preserved in the latest Svelte version (#2895)

Commits

• 6b83202 Version Packages (#2919)
• 9c05c1a fix: compatibility with prettier-plugin-tailwindcss in monorepo (#2925)
• e2f09eb fix: don't hoist type/snippet referencing $store (#2926)
• e891ace perf: only parse html once in a batch update (#2923)
• 8c11665 fix: remove outdated documentation with --ignore (#2920)
• fb00777 feat: support emmet.extensionsPath config (#2918)
• eb2fa2a feat: Use custom element's JSDoc as doc for completion/hover (#2879)
• f8f40c5 fix: add tokenTypes config for JSDoc completion (#2916)
• 63a22b8 Version Packages (#2896)
• d0562f9 perf: only create objects for completion items for svelte syntax once (#2900)
• Additional commits viewable in compare view

Updates vite from 7.2.6 to 7.3.1

Release notes

Sourced from vite's releases.

v7.3.1

Please refer to CHANGELOG.md for details.

v7.3.0

Please refer to CHANGELOG.md for details.

v7.2.7

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.3.1 (2026-01-07)

Features

• add ignoreOutdatedRequests option to optimizeDeps (#21364) (9d39d37)

7.3.0 (2025-12-15)

Features

• deps: update esbuild from ^0.25.0 to ^0.27.0 (#21183) (cff26ec)

7.2.7 (2025-12-08)

Bug Fixes

• plugin shortcut support (#21211) (721f163)

Commits

• 95e8923 release: v7.3.1
• 9d39d37 feat: add ignoreOutdatedRequests option to optimizeDeps (#21364)
• acf7e05 release: v7.3.0
• cff26ec feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (#21183)
• 317b3b2 release: v7.2.7
• 721f163 fix: plugin shortcut support (#21211)
• See full diff in compare view

Updates vitest from 4.0.16 to 4.0.18

Release notes

Sourced from vitest's releases.

v4.0.18

   🚀 Experimental Features

• experimental: Add onModuleRunner hook to worker.init  -  by @​sheremet-va in vitest-dev/vitest#9286 (ea837)

   🐞 Bug Fixes

• Use meta.url in createRequire  -  by @​sheremet-va in vitest-dev/vitest#9441 (e0572)
• browser: Hide injected data-testid attributes  -  by @​sheremet-va in vitest-dev/vitest#9503 (f8989)
• ui: Process artifact attachments when generating HTML reporter  -  by @​macarie in vitest-dev/vitest#9472 (22543)

    View changes on GitHub

v4.0.17

   🚀 Experimental Features

• Support openTelemetry for browser mode  -  by @​hi-ogawa in vitest-dev/vitest#9180 (1ec3a)
• Support TRACEPARENT and TRACESTATE environment variables for OpenTelemetry context propagation  -  by @​Copilot, hi-ogawa and @​hi-ogawa in vitest-dev/vitest#9295 (876cb)

   🐞 Bug Fixes

• Improve asymmetric matcher diff readability by unwrapping container matchers  -  by @​Copilot, sheremet-va, hi-ogawa and @​hi-ogawa in vitest-dev/vitest#9330 (b2ec7)
• Improve runner error when importing outside of test context  -  by @​sheremet-va in vitest-dev/vitest#9335 (2dd3d)
• Replace crypto.randomUUID to allow insecure environments (fix #9…  -  by @​plusgut in vitest-dev/vitest#9339 and vitest-dev/vitest#9 (e6a3f)
• Handle null options in addEventHandler #9371  -  by @​ThibautMarechal in vitest-dev/vitest#9372 and vitest-dev/vitest#9371 (40841)
• Typo in browser.provider error  -  by @​deammer in vitest-dev/vitest#9394 (4b67f)
• browser:
  • Fix process.env and import.meta.env defines in inline project  -  by @​hi-ogawa in vitest-dev/vitest#9239 (b70c9)
  • Fix upload File instance  -  by @​hi-ogawa in vitest-dev/vitest#9294 (b6778)
  • Fix invalid project token for artifacts assets  -  by @​hi-ogawa in vitest-dev/vitest#9321 (caa7d)
  • Log ErrorEvent.message when unhandled ErrorEvent.error is null  -  by @​hi-ogawa in vitest-dev/vitest#9322 (5d84e)
  • Support fileParallelism on an instance  -  by @​sheremet-va in vitest-dev/vitest#9328 (15006)
• coverage:
  • Remove unnecessary istanbul-lib-source-maps usage  -  by @​AriPerkkio in vitest-dev/vitest#9344 (b0940)
  • Apply patch from istanbuljs/istanbuljs#837  -  by @​AriPerkkio and sapphi-red in vitest-dev/vitest#9413 and vitest-dev/vitest#837 (e05ce)
• fsModuleCache:
  • Don't store importers in cache  -  by @​sheremet-va in vitest-dev/vitest#9422 (75136)
  • Add importers alongside importedModules  -  by @​sheremet-va in vitest-dev/vitest#9423 (59f92)
• mocker:
  • Fix mock transform with class  -  by @​hi-ogawa in vitest-dev/vitest#9421 Description has been truncated

[dependabot]

Labels

The following labels could not be found: dependencies, frontend. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.