build(deps-dev): Bump the npm-dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the npm-dependencies group with 4 updates in the /internal/gui/frontend directory: @biomejs/biome, @playwright/test, svelte and svelte-check.

Updates @biomejs/biome from 2.3.11 to 2.3.13

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.13

2.3.13

Patch Changes

• #8815 f924f23 Thanks @​dyc3! - Improved useVueValidVOn to be more closely aligned with the source rule. It will now properly allow modifiers for all possible keyboard events. It should have better performance when there are no violations of the rule as well.

  Now treated valid:

  <div @keydown.arrow-down="handler"></div>
  <div @keydown.a="handler"></div>
  <div @keydown.b="handler"></div>
  <div @keydown.27="foo"></div>

• #8856 85f81f9 Thanks @​dyc3! - Fixed #8710: Biome now parses Vue dynamic slot shorthand arguments that use template literals in [].

• #8850 2a190e0 Thanks @​dyc3! - Fixed #8708: Tailwind @utility directives now parse functional utility names like px-* when Tailwind directives are enabled.

• #8863 79386e0 Thanks @​dyc3! - Fixed an issue with biome migrate eslint where it couldn't detect rules for CSS, GraphQL, and HTML.

• #8771 6f56b6e Thanks @​lghuahua! - Fix the --reporter=summary output incorrectly merging and displaying wrong issue counts for different rules. Fixes #8730

• #8714 ac3a71f Thanks @​Netail! - Added new nursery rule use-consistent-enum-value-type. This rule disallows enums from having both number and string members.

What's Changed

• fix(dx/codegen): don't insert module into biome_rule_options/src/lib.rs if it already exists by @​dyc3 in biomejs/biome#8847
• feat(js_analyze): implement useConsistentEnumValueType by @​Netail in biomejs/biome#8714
• fix(parse/html/vue): parse dynamic slot directives that contain quotes by @​dyc3 in biomejs/biome#8856
• fix(parse/css): improve parsing of @utility names by @​dyc3 in biomejs/biome#8850
• fix(cli): improve RuleName ordering and update summary snapshots close #8730 by @​lghuahua in biomejs/biome#8771
• fix(useVueValidVOn): align more with source rule, also use phf hash sets for perf by @​dyc3 in biomejs/biome#8815
• fix(migrate): fix migrate command not picking up rules for css, graphql, html by @​dyc3 in biomejs/biome#8863
• chore(deps): update dependency tombi to v0.7.23 by @​renovate[bot] in biomejs/biome#8865
• chore(deps): update pnpm to v10.28.1 by @​renovate[bot] in biomejs/biome#8866
• chore(deps): update rust crate proc-macro2 to 1.0.106 by @​renovate[bot] in biomejs/biome#8867
• chore(deps): update rust crate quote to 1.0.44 by @​renovate[bot] in biomejs/biome#8868
• fix(deps): update @​biomejs packages by @​renovate[bot] in biomejs/biome#8869
• chore(deps): update rust crate schemars to 1.2.0 by @​renovate[bot] in biomejs/biome#8875
• chore(deps): update @​biomejs packages by @​renovate[bot] in biomejs/biome#8872
• chore(deps): update github-actions by @​renovate[bot] in biomejs/biome#8873
• chore(deps): update typescript-eslint monorepo to v8.53.1 by @​renovate[bot] in biomejs/biome#8877
• fix(deps): update dependency prettier to v3.8.1 by @​renovate[bot] in biomejs/biome#8878
• chore(deps): update rust crate tokio to 1.49.0 by @​renovate[bot] in biomejs/biome#8876
• ci: release by @​github-actions[bot] in biomejs/biome#8853

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.13

Patch Changes

• #8815 f924f23 Thanks @​dyc3! - Improved useVueValidVOn to be more closely aligned with the source rule. It will now properly allow modifiers for all possible keyboard events. It should have better performance when there are no violations of the rule as well.

  Now treated valid:

  <div @keydown.arrow-down="handler"></div>
  <div @keydown.a="handler"></div>
  <div @keydown.b="handler"></div>
  <div @keydown.27="foo"></div>

• #8856 85f81f9 Thanks @​dyc3! - Fixed #8710: Biome now parses Vue dynamic slot shorthand arguments that use template literals in [].

• #8850 2a190e0 Thanks @​dyc3! - Fixed #8708: Tailwind @utility directives now parse functional utility names like px-* when Tailwind directives are enabled.

• #8863 79386e0 Thanks @​dyc3! - Fixed an issue with biome migrate eslint where it couldn't detect rules for CSS, GraphQL, and HTML.

• #8771 6f56b6e Thanks @​lghuahua! - Fix the --reporter=summary output incorrectly merging and displaying wrong issue counts for different rules. Fixes #8730

• #8714 ac3a71f Thanks @​Netail! - Added new nursery rule use-consistent-enum-value-type. This rule disallows enums from having both number and string members.

2.3.12

Patch Changes

• #8653 047576d Thanks @​dyc3! - Added new nursery rule noDuplicateAttributes to forbid duplicate attributes in HTML elements.

• #8648 96d09f4 Thanks @​BaeSeokJae! - Added a new nursery rule noVueOptionsApi.

  Biome now reports Vue Options API usage, which is incompatible with Vue 3.6's Vapor Mode. This rule detects Options API patterns in <script> blocks, defineComponent(), and createApp() calls, helping prepare codebases for Vapor Mode adoption.

  For example, the following now triggers this rule:

  <script>
  export default {
    data() {
      return { count: 0 };
    },
  };
  </script>

• #8832 b08270b Thanks @​Exudev! - Fixed #8809, #7985, and #8136: the noSecrets rule no longer reports false positives on common CamelCase identifiers like paddingBottom, backgroundColor, unhandledRejection, uncaughtException, and IngestGatewayLogGroup.

... (truncated)

Commits

• 2c5e505 ci: release (#8853)
• ac3a71f feat(js_analyze): implement useConsistentEnumValueType (#8714)
• fd33f86 ci: release (#8671)
• a53fc75 chore: update sponsors (#8844)
• 4ee3bda feat(graphql_analyze): implement useLoneAnonymousOperation (#8616)
• 71b5c6e feat(js_analyze): implement noExcessiveClassesPerFile (#8753)
• d6b2bda feat(js_analyze): implement noFloatingClasses (#8754)
• 17ed9d3 feat(js_analyze): implement noDivRegex (#8757)
• 291c9f2 feat(biome_js_analyze): port useInlineScriptId from Next.js (#8624)
• 96d09f4 feat(lint): add noVueOptionsApi rule (#8648)
• Additional commits viewable in compare view

Updates @playwright/test from 1.57.0 to 1.58.1

Release notes

Sourced from @​playwright/test's releases.

v1.58.1

Highlights

#39036 fix(msedge): fix local network permissions #39037 chore: update cft download location #38995 chore(webkit): disable frame sessions on fronzen builds

Browser Versions

• Chromium 145.0.7632.6
• Mozilla Firefox 146.0.1
• WebKit 26.0

v1.58.0

📣 Playwright CLI+SKILLs 📣

We are adding a new token-efficient CLI mode of operation to Playwright with the skills located at playwright-cli. This brings the long-awaited official SKILL-focused CLI mode to our story and makes it more coding agent-friendly.

It is the first snapshot with the essential command set (which is already larger than the original MCP!), but we expect it to grow rapidly. Unlike the token use, that one we expect to go down since snapshots are no longer forced into the LLM!

Timeline

If you're using merged reports, the HTML report Speedboard tab now shows the Timeline:

UI Mode and Trace Viewer Improvements

• New 'system' theme option follows your OS dark/light mode preference
• Search functionality (Cmd/Ctrl+F) is now available in code editors
• Network details panel has been reorganized for better usability
• JSON responses are now automatically formatted for readability

Thanks to @​cpAdm for contributing these improvements!

Miscellaneous

browserType.connectOverCDP() now accepts an isLocal option. When set to true, it tells Playwright that it runs on the same host as the CDP server, enabling file system optimizations.

Breaking Changes ⚠️

• Removed _react and _vue selectors. See locators guide for alternatives.
• Removed :light selector engine suffix. Use standard CSS selectors instead.
• Option devtools from browserType.launch() has been removed. Use args: ['--auto-open-devtools-for-tabs'] instead.
• Removed macOS 13 support for WebKit. We recommend to upgrade your macOS version, or keep using an older Playwright version.

Browser Versions

• Chromium 145.0.7632.6
• Mozilla Firefox 146.0.1
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 144

... (truncated)

Commits

• 97bc385 cherry-pick(#38995): chore(webkit): disable frame sessions on fronzen builds
• ad625fe chore: mark v1.58.1 (#39055)
• f07234d cherry-pick(#39036): fix(msedge): fix local network permissions (#39053)
• ab8136c cherry-pick(#39037): chore: update cft download location (#39052)
• aa6ffeb cherry-pick(#39014): docs: add 1.58 release notes for Java, Python, and C#
• 961381e chore: mark 1.58.0 (#38921)
• 0c1b64c chore: hide stuff (#38882)
• b1fd5d0 test: unflake some ui-mode tests (#38907)
• faf317c chore: tune press/type via cli (#38898)
• ba4b983 docs: add v1.58 release notes (#38879)
• Additional commits viewable in compare view

Updates svelte from 5.46.4 to 5.49.1

Release notes

Sourced from svelte's releases.

svelte@5.49.1

Patch Changes

• fix: merge consecutive large text nodes (#17587)

• fix: only create async functions in SSR output when necessary (#17593)

• fix: properly separate multiline html blocks from each other in print() (#17319)

• fix: prevent unhandled exceptions arising from dangling promises in (#17591)

svelte@5.49.0

Minor Changes

• feat: allow passing ShadowRootInit object to custom element shadow option (#17088)

Patch Changes

• fix: throw for unset createContext get on the server (#17580)

• fix: reset effects inside skipped branches (#17581)

• fix: preserve old dependencies when updating reaction inside fork (#17579)

• fix: more conservative assignment_value_stale warnings (#17574)

• fix: disregard popover elements when determining whether an element has content (#17367)

• fix: fire introstart/outrostart events after delay, if specified (#17567)

• fix: increment signal versions when discarding forks (#17577)

svelte@5.48.5

Patch Changes

• fix: run boundary onerror callbacks in a microtask, in case they result in the boundary's destruction (#17561)

• fix: prevent unintended exports from namespaces (#17562)

• fix: each block breaking with effects interspersed among items (#17550)

svelte@5.48.4

Patch Changes

• fix: avoid duplicating escaped characters in CSS AST (#17554)

svelte@5.48.3

Patch Changes

• fix: hydration failing with settled async blocks (#17539)

... (truncated)

Changelog

Sourced from svelte's changelog.

5.49.1

Patch Changes

• fix: merge consecutive large text nodes (#17587)

• fix: only create async functions in SSR output when necessary (#17593)

• fix: properly separate multiline html blocks from each other in print() (#17319)

• fix: prevent unhandled exceptions arising from dangling promises in (#17591)

5.49.0

Minor Changes

• feat: allow passing ShadowRootInit object to custom element shadow option (#17088)

Patch Changes

• fix: throw for unset createContext get on the server (#17580)

• fix: reset effects inside skipped branches (#17581)

• fix: preserve old dependencies when updating reaction inside fork (#17579)

• fix: more conservative assignment_value_stale warnings (#17574)

• fix: disregard popover elements when determining whether an element has content (#17367)

• fix: fire introstart/outrostart events after delay, if specified (#17567)

• fix: increment signal versions when discarding forks (#17577)

5.48.5

Patch Changes

• fix: run boundary onerror callbacks in a microtask, in case they result in the boundary's destruction (#17561)

• fix: prevent unintended exports from namespaces (#17562)

• fix: each block breaking with effects interspersed among items (#17550)

5.48.4

Patch Changes

• fix: avoid duplicating escaped characters in CSS AST (#17554)

... (truncated)

Commits

• 92e6721 Version Packages (#17585)
• 8933653 fix: merge consecutive text nodes during hydration for large text content (#1...
• ebe583f fix: only create async functions in SSR output when necessary (#17593)
• 5656dd5 fix: handle renderer.run rejections (#17591)
• 704d0cd chore: allow testing in production env 2 (#17590)
• 26b09ec chore: bump playwright (#17565)
• ffd65e9 chore: allow testing in production env (#16840)
• 82fde88 fix: print() multiline behaviour (#17319)
• 9d1dd2e Version Packages (#17564)
• 2d62ffe fix: throw for unset createContext get on the server (#17580)
• Additional commits viewable in compare view

Updates svelte-check from 4.3.5 to 4.3.6

Release notes

Sourced from svelte-check's releases.

svelte-check@4.3.6

Patch Changes

• fix: don't hoist type/snippet referencing $store (#2926)

Commits

• 6b83202 Version Packages (#2919)
• 9c05c1a fix: compatibility with prettier-plugin-tailwindcss in monorepo (#2925)
• e2f09eb fix: don't hoist type/snippet referencing $store (#2926)
• e891ace perf: only parse html once in a batch update (#2923)
• 8c11665 fix: remove outdated documentation with --ignore (#2920)
• fb00777 feat: support emmet.extensionsPath config (#2918)
• eb2fa2a feat: Use custom element's JSDoc as doc for completion/hover (#2879)
• f8f40c5 fix: add tokenTypes config for JSDoc completion (#2916)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions