chore(deps): bump the npm_and_yarn group across 2 directories with 3 updates

[dependabot]

Bumps the npm_and_yarn group with 1 update in the /docs directory: vitest.
Bumps the npm_and_yarn group with 2 updates in the /frontend directory: @sveltejs/kit and svelte.

Updates vitest from 3.2.6 to 4.1.8

Release notes

Sourced from vitest's releases.

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

• runner: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by @​hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

• browser: Provide project reference in ToMatchScreenshotResolvePath  -  by @​macarie and @​sheremet-va in vitest-dev/vitest#10138 (31882)
• Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options  -  by @​hi-ogawa, Codex and @​sheremet-va in vitest-dev/vitest#10196 (2847d)
• browser: Simplify orchestrator otel carrier  -  by @​hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

• Stringify diff objects only once  -  by @​sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

• coverage: Istanbul to support instrumenter option  -  by @​BartWaardenburg and @​AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

• --project negation excludes browser instances  -  by @​felamaslen in vitest-dev/vitest#10131 (9423d)
• Project color label on html reporter  -  by @​hi-ogawa in vitest-dev/vitest#10142 (596f7)
• Fix vi.defineHelper called as object method  -  by @​hi-ogawa in vitest-dev/vitest#10163 (122c2)
• Alias agent reporter to minimal  -  by @​sheremet-va in vitest-dev/vitest#10157 (663b9)
• Respect diff config options in soft assertions  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#8696 (9787d)
• Respect diff config options in soft assertions "  -  by @​sheremet-va in vitest-dev/vitest#8696 (7dc6d)
• ast-collect: Recognize _vi_import prefix in static test discovery  -  by @​Yejneshwar in vitest-dev/vitest#10129 (32546)
• coverage: Descriptive error message when reports directory is removed during test run  -  by @​DaveT1991 and @​AriPerkkio in vitest-dev/vitest#10117 (14133)
• snapshot: Increase default snapshot max output length  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)
• ui: Fix jsx/tsx syntax highlight  -  by @​hi-ogawa in vitest-dev/vitest#10152 (f1b1f)
• web-worker: Support MessagePort objects referenced inside postMessage data  -  by @​whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)
• api: Make test-specification options writable  -  by @​sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

... (truncated)

Commits

• e61f2dd chore: release v4.1.8
• e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
• a09d472 chore: release v4.1.7
• a8fd24c chore: release v4.1.6
• 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
• 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
• e399846 chore: release v4.1.5
• 7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
• 9787ded fix: respect diff config options in soft assertions (#8696)
• 325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
• Additional commits viewable in compare view

Updates @sveltejs/kit from 2.58.0 to 2.61.1

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.61.1

Patch Changes

• fix: regression where routes starting and ending with a route group are not matched correctly (#15903)

@​sveltejs/kit@​2.61.0

Minor Changes

• breaking: the .run() method has been removed from remote queries on both the client and the server. Use await query() directly instead — it now works everywhere (#15779)

• feat: remote queries can now be awaited in any context (event handlers, module scope, async callbacks), not just inside reactive contexts. The cache is shared across reactive and non-reactive subscribers, so awaiting a query in an event handler will dedupe with components that have already subscribed to the same query. (#15779)

• feat: live query instances are now themselves async-iterable (#15878)

• feat: add programmatic submit method to form remote function instances (#15657)

• feat: pass form remote function instance into enhance callback (#15657)

Patch Changes

• fix: resolve the app payload without using process.env.NODE_ENV (#15852)

• fix: support exactOptionalPropertyTypes for optional route params (#15825)

• fix: correctly send true value to the server for 'submit' and 'hidden' form fields (#15858)

• fix: avoid build warnings about undefined universal hooks (#15895)

• fix: prefer default error page when failing to decode the URL pathname (#15744)

• fix: disable link prefetching on slow internet connections (#15885)

• fix: allow routes ending with optional parameters next to more specific routes (#15861)

• fix: remove reliance on Content-Length header in deserialize_binary_form, which caused failures when proxies (e.g. Vercel, Azure) strip the header and use chunked transfer encoding (#15796)

@​sveltejs/kit@​2.60.1

Patch Changes

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.61.1

Patch Changes

• fix: regression where routes starting and ending with a route group are not matched correctly (#15903)

2.61.0

Minor Changes

• breaking: the .run() method has been removed from remote queries on both the client and the server. Use await query() directly instead — it now works everywhere (#15779)

• feat: remote queries can now be awaited in any context (event handlers, module scope, async callbacks), not just inside reactive contexts. The cache is shared across reactive and non-reactive subscribers, so awaiting a query in an event handler will dedupe with components that have already subscribed to the same query. (#15779)

• feat: live query instances are now themselves async-iterable (#15878)

• feat: add programmatic submit method to form remote function instances (#15657)

• feat: pass form remote function instance into enhance callback (#15657)

Patch Changes

• fix: resolve the app payload without using process.env.NODE_ENV (#15852)

• fix: support exactOptionalPropertyTypes for optional route params (#15825)

• fix: correctly send true value to the server for 'submit' and 'hidden' form fields (#15858)

• fix: avoid build warnings about undefined universal hooks (#15895)

• fix: prefer default error page when failing to decode the URL pathname (#15744)

• fix: disable link prefetching on slow internet connections (#15885)

• fix: allow routes ending with optional parameters next to more specific routes (#15861)

• fix: remove reliance on Content-Length header in deserialize_binary_form, which caused failures when proxies (e.g. Vercel, Azure) strip the header and use chunked transfer encoding (#15796)

... (truncated)

Commits

• b714743 Version Packages (#15904)
• 131fdc7 fix: regression where routes starting and ending with a route group are not f...
• 4f961ab Version Packages (#15853)
• 1817da0 fix: support exactOptionalPropertyTypes for optional route params (#15825)
• 8feb2af chore: dedupe replacer code (#15877)
• 95ca921 fix: remove Content-Length dependency in binary form deserialization (#15796)
• e75024c feat: LiveQuery self-iterability (#15878)
• 0cc67d9 fix: avoid build warnings about undefined hooks on Windows (#15895)
• 1949057 chore(prefetch): disable link prefetching on slow internet connections (#15885)
• 69b5787 fix: prefer the default error page when failing to decode the URL pathname (#...
• Additional commits viewable in compare view

Updates svelte from 5.55.5 to 5.56.0

Release notes

Sourced from svelte's releases.

svelte@5.56.0

Minor Changes

• feat: allow declarations in the template (#18282)

Patch Changes

• perf: use createElement instead of createElementNS for HTML elements (#18262)

• perf: store current_sources as a Set for O(1) membership checks (#18278)

• perf: deduplicate identical hoisted templates within a component (#18320)

• perf: hoist rest_props exclude list as a module-scope Set (#18252)

svelte@5.55.10

Patch Changes

• fix: unlink errored and otherwise finished batch (#18264)

• perf: walk composedPath() directly in delegated event propagation (#18268)

• fix: transfer effects when merging batches (#18254)

• fix: allow $derived(await ...) in disconnected effect roots (#18273)

• fix: remove temporary raw-text hydration markers (#18269)

• fix: propagate async @const blockers through closure references so template expressions like {(() => host)()} correctly wait for the awaited value (#18309)

• fix: properly unlink batches (#18298)

• fix: settle discarded batch (#18290)

• fix: declare let: directives before {@const} declarations on slotted elements (#18271)

• fix: resume outro-ed branches if they were kept around (#18291)

• fix: avoid waterfall-warning when async resolves to same value (#18297)

• fix: correctly coordinate component-level effects inside async blocks (#18260)

• fix: make unnecessary commit work less likely (#18263)

• chore: add tag name to a11y_click_events_have_key_events warning (#18272)

• fix: catch rejected promises while merging/committing (#18266)

svelte@5.55.9

Patch Changes

... (truncated)

Changelog

Sourced from svelte's changelog.

5.56.0

Minor Changes

• feat: allow declarations in the template (#18282)

Patch Changes

• perf: use createElement instead of createElementNS for HTML elements (#18262)

• perf: store current_sources as a Set for O(1) membership checks (#18278)

• perf: deduplicate identical hoisted templates within a component (#18320)

• perf: hoist rest_props exclude list as a module-scope Set (#18252)

5.55.10

Patch Changes

• fix: unlink errored and otherwise finished batch (#18264)

• perf: walk composedPath() directly in delegated event propagation (#18268)

• fix: transfer effects when merging batches (#18254)

• fix: allow $derived(await ...) in disconnected effect roots (#18273)

• fix: remove temporary raw-text hydration markers (#18269)

• fix: propagate async @const blockers through closure references so template expressions like {(() => host)()} correctly wait for the awaited value (#18309)

• fix: properly unlink batches (#18298)

• fix: settle discarded batch (#18290)

• fix: declare let: directives before {@const} declarations on slotted elements (#18271)

• fix: resume outro-ed branches if they were kept around (#18291)

• fix: avoid waterfall-warning when async resolves to same value (#18297)

• fix: correctly coordinate component-level effects inside async blocks (#18260)

• fix: make unnecessary commit work less likely (#18263)

• chore: add tag name to a11y_click_events_have_key_events warning (#18272)

• fix: catch rejected promises while merging/committing (#18266)

... (truncated)

Commits

• 70afafe Version Packages (#18315)
• 6d26dce allow class/function expressions in tags (#18324)
• 2fae91a perf: deduplicate identical hoisted templates within a component (#18320)
• a40c745 perf: hoist rest_props exclude list as a module-scope Set (#18252)
• 980c7e2 fix: don't error on {type} in declaration tags (#18321)
• 5300843 chore: bump playwright (#18319)
• 59d3a36 feat: allow declarations in the template (#18282)
• a9e82dd chore: remove on_fork_commit (#18318)
• a991605 perf: use createElement instead of createElementNS for HTML elements (#18262)
• 27e74c4 docs: add auto-generated browser support page (#18276)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.