chore(deps): bump the npm group in /frontend/app with 7 updates

[dependabot]

Bumps the npm group in /frontend/app with 7 updates:

Package	From	To
@tailwindcss/typography	0.5.19	0.5.20
dompurify	3.4.7	3.4.8
marked	18.0.4	18.0.5
@sveltejs/kit	2.62.0	2.64.0
@types/node	25.9.1	25.9.2
svelte	5.56.1	5.56.3
svelte-check	4.5.0	4.6.0

Updates @tailwindcss/typography from 0.5.19 to 0.5.20

Release notes

Sourced from @​tailwindcss/typography's releases.

v0.5.20

Fixed

• Support installing with stable versions of Tailwind CSS v4 (#424)

Changelog

Sourced from @​tailwindcss/typography's changelog.

[0.5.20] - 2026-06-08

Fixed

• Support installing with stable versions of Tailwind CSS v4 (#424)

Commits

• e3714a3 0.5.20
• f34283d Update tailwindcss peer dependency version (#424)
• 543de42 bump Node.js
• 881b048 Setup OIDC (#423)
• 74a3da7 Fix typo in README.md (#413)
• 3963dfe Bump js-yaml from 3.14.1 to 3.14.2 (#410)
• abf85cc className instead of classname (#406)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tailwindcss/typography since your current version.

Updates dompurify from 3.4.7 to 3.4.8

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.8

• Cleaned up the repository root, renamed some and removed unneeded files
• Fixed an issue with handling of Trusted Types policies, thanks @​fulstadev
• Fixed the node iterator for better template scrubbing, thanks @​IamLeandrooooo
• Included formerly missing LICENSE-MPL in published npm package, thanks @​asamuzaK
• Bumped several dependencies where possible

Commits

• bcdd828 release: 3.4.8 (#1439)
• See full diff in compare view

Updates marked from 18.0.4 to 18.0.5

Release notes

Sourced from marked's releases.

v18.0.5

18.0.5 (2026-06-04)

Bug Fixes

• parse empty list item with trailing space (#3984) (b55410f)

Commits

• 4063c63 chore(release): 18.0.5 [skip ci]
• b55410f fix: parse empty list item with trailing space (#3984)
• c6e667b chore(deps-dev): bump eslint from 10.4.0 to 10.4.1 (#3986)
• 95f98ec chore(deps-dev): bump @​arethetypeswrong/cli from 0.18.2 to 0.18.3 (#3985)
• c1a86f0 Add Node.js usage example to README (#3983)
• 763f729 chore(deps-dev): bump marked-man from 2.1.0 to 2.1.1 (#3978)
• 2cf1fd0 chore(deps-dev): bump markdown-it from 14.1.1 to 14.2.0 (#3977)
• See full diff in compare view

Updates @sveltejs/kit from 2.62.0 to 2.64.0

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.64.0

Minor Changes

• feat: allow commands to receive File objects (#15978)

Patch Changes

• fix: avoid server components from being bundled if SSR is turned off for a route (#15982)

@​sveltejs/kit@​2.63.1

Patch Changes

• fix: use SSE for query.live (#15957)

• fix: use forward slashes in the generated env.d.ts import path on Windows (#15977)

• fix: allow $app/environment with a warning when explicitEnvironmentVariables is enabled (#15980)

• fix: avoid importing Vite while validating explicit environment variables (#15953)

• docs: adjust the release version of explicit env vars (#15968)

• fix: ensure version is defined when importing from $app/env with explicit environment variables (#15971)

@​sveltejs/kit@​2.63.0

Minor Changes

• feat: explicit env vars (#15934)

Patch Changes

• fix: remove check for svelte.config.js before running sync (#15946)

• fix: generate a placeholder tsconfig.json to squelch sync-time warnings (#15948)

• fix: allow use of $app/env/public in service workers (#15950)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.64.0

Minor Changes

• feat: allow commands to receive File objects (#15978)

Patch Changes

• fix: avoid server components from being bundled if SSR is turned off for a route (#15982)

2.63.1

Patch Changes

• fix: use SSE for query.live (#15957)

• fix: use forward slashes in the generated env.d.ts import path on Windows (#15977)

• fix: allow $app/environment with a warning when explicitEnvironmentVariables is enabled (#15980)

• fix: avoid importing Vite while validating explicit environment variables (#15953)

• docs: adjust the release version of explicit env vars (#15968)

• fix: ensure version is defined when importing from $app/env with explicit environment variables (#15971)

2.63.0

Minor Changes

• feat: explicit env vars (#15934)

Patch Changes

• fix: remove check for svelte.config.js before running sync (#15946)

• fix: generate a placeholder tsconfig.json to squelch sync-time warnings (#15948)

• fix: allow use of $app/env/public in service workers (#15950)

Commits

• 1c30797 Version Packages (#15984)
• c630529 feat: allow commands to receive File objects (#15978)
• 1a2c1fd fix: avoid adding the component to the server node if SSR is turned off (#15982)
• 33dec0e Version Packages (#15962)
• 0fd507c fix: allow $app/environment with a warning when `explicitEnvironmentVariabl...
• a31fdc6 docs: fix explicit env vars docs version (#15968)
• 98ab0e2 chore: better internal types for page options (#15976)
• f57a4bc fix: use forward slashes in generated env.d.ts import path on Windows (#15977)
• 17fadaa fix: ensure version is defined when using $app/env with explicit env vars (#1...
• f0ba6e0 fix: keep vite out of the $app/env runtime validator (#15953)
• Additional commits viewable in compare view

Updates @types/node from 25.9.1 to 25.9.2

Commits

• See full diff in compare view

Updates svelte from 5.56.1 to 5.56.3

Release notes

Sourced from svelte's releases.

svelte@5.56.3

Patch Changes

• fix: ignore errors that occur in destroyed effects (#18384)

• fix: type BigInts in $state.snapshot(...) return values (#18388)

svelte@5.56.2

Patch Changes

• fix: properly track effect end node for async sibling component (#18371)

• fix: prevent false-positive reactivity loss warning (#18373)

• chore: bump esrap dependency (#18372)

• fix: ignore declaration tags for animation directive (#18366)

• fix: reject pending async deriveds on discard (#18308)

Changelog

Sourced from svelte's changelog.

5.56.3

Patch Changes

• fix: ignore errors that occur in destroyed effects (#18384)

• fix: type BigInts in $state.snapshot(...) return values (#18388)

5.56.2

Patch Changes

• fix: properly track effect end node for async sibling component (#18371)

• fix: prevent false-positive reactivity loss warning (#18373)

• chore: bump esrap dependency (#18372)

• fix: ignore declaration tags for animation directive (#18366)

• fix: reject pending async deriveds on discard (#18308)

Commits

• a9f4854 Version Packages (#18389)
• 71a6515 fix: check boundary exists before calling error handler in async derived (#18...
• 3d83c9a fix: add bigint to Primitive type for $state.snapshot (#18388)
• 51baf1c Version Packages (#18357)
• 3d5c4ab fix: prevent false-positive reactivity loss warning (#18373)
• bdb1a0f fix: ensure async block assigns correct nodes to effect (#18371)
• e4bfc5f chore: bump esrap dependency (#18372)
• 1b4c43b fix: ignore declaration tags for animation directive (#18366)
• 85dcb91 chore: upgrade to vitest v4 (#18265)
• a81f965 fix: reject pending async deriveds on discard (#18308)
• See full diff in compare view

Updates svelte-check from 4.5.0 to 4.6.0

Release notes

Sourced from svelte-check's releases.

svelte-check@4.6.0

Minor Changes

• feat: support reading Svelte config from vite.config.js/ts (#3031)

Patch Changes

• Updated dependencies [151cf45]:
  • @​sveltejs/load-config@​0.1.1

Commits

• 20d5ab2 Version Packages (#3040)
• 0ecf6c3 fix: adjust rollup config (#3047)
• 151cf45 fix: adjust paths in PKG.json (#3046)
• 6099462 chore: fix changeset (#3045)
• 5b13da1 feat: support reading Svelte config from vite.config.js/ts (#3031)
• f2bcbda fix: mark optional members with a trailing ? in completion labels (#3043) (#3...
• e5ed88f fix: don't show type inlay hint for component inside snippets (#3041)
• b118dd3 fix: correct 'occured' typo in svelte:boundary onerror description (#3039)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.