deps: bump the app-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the app-dependencies group with 6 updates in the / directory:

Package	From	To
@biomejs/biome	2.4.8	2.4.16
ultracite	7.3.2	7.8.2
@sveltejs/kit	2.61.1	2.63.1
svelte	5.55.10	5.56.3
svelte-check	4.4.8	4.6.0
vite	8.0.14	8.0.16

Updates @biomejs/biome from 2.4.8 to 2.4.16

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.16

2.4.16

Patch Changes

• #10329 ef764d5 Thanks @​Conaclos! - Fixed an issue where diagnostics showed an incorrect location in Astro files.

• #10363 50aa415 Thanks @​dyc3! - Fixed HTML formatting for a case where comments could cause the formatter to split up a closing tag, which would cause the resulting HTML to be syntactically invalid.

  Input:

  <span
    ><!-- 1
  --><span>a</span
    ><!-- 2
  --><span>b</span
    ><!-- 3
  --></span>

  Output:

    <span
  	  ><!-- 1
  - --> <span>a</span<!-- 2
  - --> ><span>b</span><!-- 3
  + --><span>a</span><!-- 2
  + --><span>b</span><!-- 3
    --></span
    >

• #10465 0c718da Thanks @​dfedoryshchev! - Fixed diagnostics emitted by the noUntrustedLicenses rule.

• #10358 05c2617 Thanks @​dyc3! - Fixed #10356: biome rage --linter now displays rules enabled through linter domains in the enabled rules list.

• #10300 950247c Thanks @​dyc3! - Fixed #10265: Svelte function bindings such as bind:value={get, set} are now parsed more precisely, so noCommaOperator won't emit false positives for that syntax anymore.

• #9786 e71f584 Thanks @​MeGaNeKoS! - Fixed #8480: useDestructuring now provides variableDeclarator and assignmentExpression options to control which contexts enforce destructuring, matching ESLint's prefer-destructuring configuration. Both default to {array: true, object: true}. The diagnostic for object destructuring in assignment expressions now instructs users to wrap the assignment in parentheses.

• #10425 1948b72 Thanks @​sjh9714! - Fixed #10244: The useOptionalChain rule now detects negated guard inequality chains like !foo || foo.bar !== "x".

• #10442 001f94f Thanks @​ematipico! - Fixed #10411: noMisusedPromises no longer causes a stack overflow when a nested function returns an object with shorthand properties that shadow destructured variables from an outer scope.

• #10318 9b1577f Thanks @​dyc3! - Added support for formatter.trailingCommas in overrides. This option was previously available in the top-level formatter configuration but missing from formatter overrides.

• #10319 2e37709 Thanks @​dyc3! - Fixed Vue and Svelte formatting for standalone interpolations in inline elements. Biome now preserves existing newlines in cases like:

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.16

Patch Changes

• #10329 ef764d5 Thanks @​Conaclos! - Fixed an issue where diagnostics showed an incorrect location in Astro files.

• #10363 50aa415 Thanks @​dyc3! - Fixed HTML formatting for a case where comments could cause the formatter to split up a closing tag, which would cause the resulting HTML to be syntactically invalid.

  Input:

  <span
    ><!-- 1
  --><span>a</span
    ><!-- 2
  --><span>b</span
    ><!-- 3
  --></span>

  Output:

    <span
  	  ><!-- 1
  - --> <span>a</span<!-- 2
  - --> ><span>b</span><!-- 3
  + --><span>a</span><!-- 2
  + --><span>b</span><!-- 3
    --></span
    >

• #10465 0c718da Thanks @​dfedoryshchev! - Fixed diagnostics emitted by the noUntrustedLicenses rule.

• #10358 05c2617 Thanks @​dyc3! - Fixed #10356: biome rage --linter now displays rules enabled through linter domains in the enabled rules list.

• #10300 950247c Thanks @​dyc3! - Fixed #10265: Svelte function bindings such as bind:value={get, set} are now parsed more precisely, so noCommaOperator won't emit false positives for that syntax anymore.

• #9786 e71f584 Thanks @​MeGaNeKoS! - Fixed #8480: useDestructuring now provides variableDeclarator and assignmentExpression options to control which contexts enforce destructuring, matching ESLint's prefer-destructuring configuration. Both default to {array: true, object: true}. The diagnostic for object destructuring in assignment expressions now instructs users to wrap the assignment in parentheses.

• #10425 1948b72 Thanks @​sjh9714! - Fixed #10244: The useOptionalChain rule now detects negated guard inequality chains like !foo || foo.bar !== "x".

• #10442 001f94f Thanks @​ematipico! - Fixed #10411: noMisusedPromises no longer causes a stack overflow when a nested function returns an object with shorthand properties that shadow destructured variables from an outer scope.

• #10318 9b1577f Thanks @​dyc3! - Added support for formatter.trailingCommas in overrides. This option was previously available in the top-level formatter configuration but missing from formatter overrides.

• #10319 2e37709 Thanks @​dyc3! - Fixed Vue and Svelte formatting for standalone interpolations in inline elements. Biome now preserves existing newlines in cases like:

... (truncated)

Commits

• 5f4ea56 ci: release (#10326)
• de2a33c fix(core): regression in emitted types (#10478)
• d835303 docs: remove redundant default phrase in useConsistentObjectDefinitions rul...
• 4f1aaf2 fix: incorrect build when using build or test (#10426)
• dc73b6b refactor: make plugins opt-in via feature gate (#10418)
• e71f584 feat(useDestructuring): add options for assignment/declaration and improve di...
• 9b1577f fix(config): support trailingCommas in overrides (#10318)
• 9dd3271 ci: release (#10210)
• 7b8d4e1 feat(lint/html/vue): add useVueValidVFor (#10195)
• ba3480e feat(lint/js): add useTestHooksInOrder (#9394)
• Additional commits viewable in compare view

Updates ultracite from 7.3.2 to 7.8.2

Release notes

Sourced from ultracite's releases.

ultracite@7.8.2

Patch Changes

• 30971a8: Enable newly available Oxlint and Stylelint rules in the shared configs.

  For Oxlint, the core preset now enables eslint/prefer-named-capture-group, jsdoc/require-yields-description, node/callback-return, typescript/method-signature-style, and unicorn/import-style.

  The Vue preset now enables vue/component-definition-name-casing, vue/no-computed-properties-in-data, vue/no-deprecated-props-default-this, vue/no-expose-after-await, vue/no-reserved-component-names, vue/no-shared-component-data, vue/no-watch-after-await, vue/require-prop-type-constructor, vue/require-render-return, vue/require-slots-as-functions, vue/return-in-emits-validator, vue/valid-define-options, and vue/valid-next-tick.

  The Stylelint preset now enables display-notation with the short option.

ultracite@7.8.1

Patch Changes

• 8335be7: Build the CLI with bun build and a tsgo type-check gate instead of tsup.
• f747449: Fix the Oxlint TanStack preset so route files under routes/ and app/routes/ are exempt from unicorn/filename-case, matching the documented 7.8.0 behavior.
• 092597e: Fix generated oxlint.config.ts to be pre-formatted according to oxfmt rules, so ultracite check passes immediately after ultracite init without requiring a separate format step.
• 81da6e8: Generate agent and editor hook commands through nypm's package-manager script helper.
• 81da6e8: Keep hyphen-prefixed file operands from being forwarded to linters as options.

ultracite@7.8.0

Minor Changes

• 4e2fea0: Add a dedicated tanstack framework preset for Biome, ESLint, and Oxlint. The ESLint preset layers @tanstack/eslint-plugin-query, @tanstack/eslint-plugin-router, and @tanstack/eslint-plugin-start, while the Biome and Oxlint presets relax file-naming conventions for routes/ directories and the generated routeTree.gen.ts. Framework detection now maps @tanstack/react-query, @tanstack/react-router, and @tanstack/react-start to the new tanstack preset.

  Two behavior changes for existing consumers: TanStack Query rules now live in the tanstack preset instead of react, so projects that relied on Query rules must opt into tanstack; and TanStack Router projects now resolve to the tanstack preset rather than remix.

Patch Changes

• 51a2af0: Recognize .biome.json and .biome.jsonc as valid Biome config files across the CLI. detectLinter, the doctor command, and the Biome config resolver now match the dot-prefixed names alongside biome.json/biome.jsonc, following Biome's documented configuration file resolution order. Closes #700.

• 14b557c: Harden the generated standalone Husky hook by using git add -- "$file" when restaging formatted files. This prevents option-shaped filenames from being interpreted as Git options during the hook.

• baa3dd0: Add ignorePatterns to the generated oxlint config at the root level so they are actually applied. Oxlint does not merge ignorePatterns through extends (see oxc-project/oxc#10223), so patterns set in the core preset were silently ignored. The generated config now sets ignorePatterns: core.ignorePatterns at the top level, reusing the patterns from the imported core preset.

• bd27fd4: Add newly supported Oxlint rules from the latest release to the core, React, and Vitest presets:

  • Core: id-match, no-implicit-globals, no-implied-eval, prefer-arrow-callback, prefer-regex-literals, import/newline-after-import, jsdoc/require-throws-description, jsdoc/require-throws-type, and jsdoc/require-yields-type
  • React: jsx-a11y/control-has-associated-label, jsx-a11y/no-interactive-element-to-noninteractive-role, jsx-a11y/no-noninteractive-element-interactions, jsx-a11y/no-noninteractive-element-to-interactive-role, react/no-object-type-as-default-prop, and react/no-unstable-nested-components
  • Vitest: vitest/padding-around-after-all-blocks

• 14b557c: Reject symlinked generated config targets before writing project files. CLI config writers now route through a shared project-file write guard that checks for symlinks and project-root escapes before mutating files.

... (truncated)

Commits

• a9d704b Version Packages (#719)
• 1b64492 Run Ultracite
• b95fae9 Stop dependabot npm updates
• 30971a8 Upgrade Oxlint and Stylelint
• 592f224 Bump non-critical deps
• 9cb4dfa Split bumps
• 3b4ca34 Move updates to GitHub
• fe3e445 Update tweets.tsx
• e98d16d Version Packages (#711)
• 092597e fix: pre-format generated oxlint.config.ts to match oxfmt rules (#707)
• Additional commits viewable in compare view

Updates @sveltejs/kit from 2.61.1 to 2.63.1

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.63.1

Patch Changes

• fix: use SSE for query.live (#15957)

• fix: use forward slashes in the generated env.d.ts import path on Windows (#15977)

• fix: allow $app/environment with a warning when explicitEnvironmentVariables is enabled (#15980)

• fix: avoid importing Vite while validating explicit environment variables (#15953)

• docs: adjust the release version of explicit env vars (#15968)

• fix: ensure version is defined when importing from $app/env with explicit environment variables (#15971)

@​sveltejs/kit@​2.63.0

Minor Changes

• feat: explicit env vars (#15934)

Patch Changes

• fix: remove check for svelte.config.js before running sync (#15946)

• fix: generate a placeholder tsconfig.json to squelch sync-time warnings (#15948)

• fix: allow use of $app/env/public in service workers (#15950)

@​sveltejs/kit@​2.62.0

Minor Changes

• feat: support passing Svelte(Kit) config via Vite plugin (#15944)

Patch Changes

• fix: preserve multiple Set-Cookie headers on 304 responses (#15902)

• fix: preload for anchor elements that were just previously preloaded (#15915)

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.63.1

Patch Changes

• fix: use SSE for query.live (#15957)

• fix: use forward slashes in the generated env.d.ts import path on Windows (#15977)

• fix: allow $app/environment with a warning when explicitEnvironmentVariables is enabled (#15980)

• fix: avoid importing Vite while validating explicit environment variables (#15953)

• docs: adjust the release version of explicit env vars (#15968)

• fix: ensure version is defined when importing from $app/env with explicit environment variables (#15971)

2.63.0

Minor Changes

• feat: explicit env vars (#15934)

Patch Changes

• fix: remove check for svelte.config.js before running sync (#15946)

• fix: generate a placeholder tsconfig.json to squelch sync-time warnings (#15948)

• fix: allow use of $app/env/public in service workers (#15950)

2.62.0

Minor Changes

• feat: support passing Svelte(Kit) config via Vite plugin (#15944)

Patch Changes

• fix: preserve multiple Set-Cookie headers on 304 responses (#15902)

... (truncated)

Commits

• 33dec0e Version Packages (#15962)
• 0fd507c fix: allow $app/environment with a warning when `explicitEnvironmentVariabl...
• a31fdc6 docs: fix explicit env vars docs version (#15968)
• 98ab0e2 chore: better internal types for page options (#15976)
• f57a4bc fix: use forward slashes in generated env.d.ts import path on Windows (#15977)
• 17fadaa fix: ensure version is defined when using $app/env with explicit env vars (#1...
• f0ba6e0 fix: keep vite out of the $app/env runtime validator (#15953)
• e3ff1a4 chore: add parents to error nodes (#15955)
• b4942b4 feat: use SSE in query.live to avoid weird middleman quirks with normal str...
• d338dae Version Packages (#15949)
• Additional commits viewable in compare view

Updates svelte from 5.55.10 to 5.56.3

Release notes

Sourced from svelte's releases.

svelte@5.56.3

Patch Changes

• fix: ignore errors that occur in destroyed effects (#18384)

• fix: type BigInts in $state.snapshot(...) return values (#18388)

svelte@5.56.2

Patch Changes

• fix: properly track effect end node for async sibling component (#18371)

• fix: prevent false-positive reactivity loss warning (#18373)

• chore: bump esrap dependency (#18372)

• fix: ignore declaration tags for animation directive (#18366)

• fix: reject pending async deriveds on discard (#18308)

svelte@5.56.1

Patch Changes

• fix: error at compile time on duplicate snippet/declaration tag definitions (#18351)

• fix: parse declaration tag contents more robustly (#18353)

• fix: correctly transform references to earlier declarators in a declaration tag (e.g. {let a = $state(0), b = $derived(a * 2)}) (#18348)

• fix: avoid spurious state_referenced_locally warnings for $derived declarations in declaration tags (#18348)

• fix: tolerate whitespace before let/const in declaration tags (#18348)

• fix: prevent infinite loop when a tag's expression ends with a trailing / at the end of the input (#18350)

• fix: more robust parsing of declaration tags with regards to type (#18330)

• fix: preserve newlines in spread input values when the type attribute is applied after value (#18345)

• fix: update SvelteURLSearchParams when setting duplicate keys to the same joined value (#18336)

• fix: check references for blockers on server, too (#18352)

svelte@5.56.0

Minor Changes

• feat: allow declarations in the template (#18282)

Patch Changes

... (truncated)

Changelog

Sourced from svelte's changelog.

5.56.3

Patch Changes

• fix: ignore errors that occur in destroyed effects (#18384)

• fix: type BigInts in $state.snapshot(...) return values (#18388)

5.56.2

Patch Changes

• fix: properly track effect end node for async sibling component (#18371)

• fix: prevent false-positive reactivity loss warning (#18373)

• chore: bump esrap dependency (#18372)

• fix: ignore declaration tags for animation directive (#18366)

• fix: reject pending async deriveds on discard (#18308)

5.56.1

Patch Changes

• fix: error at compile time on duplicate snippet/declaration tag definitions (#18351)

• fix: parse declaration tag contents more robustly (#18353)

• fix: correctly transform references to earlier declarators in a declaration tag (e.g. {let a = $state(0), b = $derived(a * 2)}) (#18348)

• fix: avoid spurious state_referenced_locally warnings for $derived declarations in declaration tags (#18348)

• fix: tolerate whitespace before let/const in declaration tags (#18348)

• fix: prevent infinite loop when a tag's expression ends with a trailing / at the end of the input (#18350)

• fix: more robust parsing of declaration tags with regards to type (#18330)

• fix: preserve newlines in spread input values when the type attribute is applied after value (#18345)

• fix: update SvelteURLSearchParams when setting duplicate keys to the same joined value (#18336)

• fix: check references for blockers on server, too (#18352)

5.56.0

Minor Changes

... (truncated)

Commits

• a9f4854 Version Packages (#18389)
• 71a6515 fix: check boundary exists before calling error handler in async derived (#18...
• 3d83c9a fix: add bigint to Primitive type for $state.snapshot (#18388)
• 51baf1c Version Packages (#18357)
• 3d5c4ab fix: prevent false-positive reactivity loss warning (#18373)
• bdb1a0f fix: ensure async block assigns correct nodes to effect (#18371)
• e4bfc5f chore: bump esrap dependency (#18372)
• 1b4c43b fix: ignore declaration tags for animation directive (#18366)
• 85dcb91 chore: upgrade to vitest v4 (#18265)
• a81f965 fix: reject pending async deriveds on discard (#18308)
• Additional commits viewable in compare view

Updates svelte-check from 4.4.8 to 4.6.0

Release notes

Sourced from svelte-check's releases.

svelte-check@4.6.0

Minor Changes

• feat: support reading Svelte config from vite.config.js/ts (#3031)

Patch Changes

• Updated dependencies [151cf45]:
  • @​sveltejs/load-config@​0.1.1

svelte-check@4.5.0

Minor Changes

• feat: support Svelte 5 declaration tags (#3033)

Patch Changes

• fix: properly handle props with the name slot inside Svelte 5 snippets (#3030)

• feat: add support for svelte config ts/mts files (#3009)

Commits

• 20d5ab2 Version Packages (#3040)
• 0ecf6c3 fix: adjust rollup config (#3047)
• 151cf45 fix: adjust paths in PKG.json (#3046)
• 6099462 chore: fix changeset (#3045)
• 5b13da1 feat: support reading Svelte config from vite.config.js/ts (#3031)
• f2bcbda fix: mark optional members with a trailing ? in completion labels (#3043) (#3...
• e5ed88f fix: don't show type inlay hint for component inside snippets (#3041)
• b118dd3 fix: correct 'occured' typo in svelte:boundary onerror description (#3039)
• 67fbcae Version Packages (#3018)
• 3474048 fix(emitDts): drop declarations emitted outside declarationDir (#2965)
• Additional commits viewable in compare view

Updates vite from 8.0.14 to 8.0.16

Release notes

Sourced from vite's releases.

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.16 (2026-06-01)

Bug Fixes

• deps: reject UNC paths for launch-editor-middleware (#22571) (50b9512)
• reject windows alternate paths (#22572) (dc245c7)

8.0.15 (2026-06-01)

Features

• send 408 on request timeout (#22476) (c85c9ee)
• update rolldown to 1.0.3 (#22538) (646dbed)

Bug Fixes

• capitalize error messages and remove spurious space in parse error (#22488) (85a0eff)
• deps: update all non-major dependencies (#22511) (2686d7d)
• dev: fix html-proxy cache key mismatch for /@fs/ HTML paths (#21762) (47c4213)
• glob: error on relative glob in virtual module when no files match (#22497) (5c8e98f)
• optimizer: close the rolldown bundle when write() rejects (#22528) (e3cfb9d)
• resolve: provide onWarn for viteResolvePlugin in JS plugin containers (#22509) (40985f1)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#22566) (3052a67)

Code Refactoring

• correct logic in collectAllModules function (#22562) (6978a9c)

Commits

• f94df87 release: v8.0.16
• dc245c7 fix: reject windows alternate paths (#22572)
• 50b9512 fix(deps): reject UNC paths for launch-editor-middleware (#22571)
• 8d1b019 release: v8.0.15
• 2686d7d fix(deps): update all non-major dependencies (#22511)
• 3052a67 chore(deps): update rolldown-related dependencies (#22566)
• e3cfb9d fix(optimizer): close the rolldown bundle when write() rejects (#22528)
• 6978a9c refactor: correct logic in collectAllModules function (#22562)
• 646dbed feat: update rolldown to 1.0.3 (#22538)
• 85a0eff fix: capitalize error messages and remove spurious space in parse error (#22488)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
cable-intel-web	Ready	Preview, Comment	Jun 8, 2026 6:36am

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.