deps: bump the app-dependencies group with 5 updates

[dependabot]

Bumps the app-dependencies group with 5 updates:

Package	From	To
@biomejs/biome	2.4.8	2.4.16
ultracite	7.3.2	7.8.1
svelte	5.55.10	5.56.0
svelte-check	4.4.8	4.5.0
vite	8.0.14	8.0.16

Updates @biomejs/biome from 2.4.8 to 2.4.16

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.16

2.4.16

Patch Changes

• #10329 ef764d5 Thanks @​Conaclos! - Fixed an issue where diagnostics showed an incorrect location in Astro files.

• #10363 50aa415 Thanks @​dyc3! - Fixed HTML formatting for a case where comments could cause the formatter to split up a closing tag, which would cause the resulting HTML to be syntactically invalid.

  Input:

  <span
    ><!-- 1
  --><span>a</span
    ><!-- 2
  --><span>b</span
    ><!-- 3
  --></span>

  Output:

    <span
  	  ><!-- 1
  - --> <span>a</span<!-- 2
  - --> ><span>b</span><!-- 3
  + --><span>a</span><!-- 2
  + --><span>b</span><!-- 3
    --></span
    >

• #10465 0c718da Thanks @​dfedoryshchev! - Fixed diagnostics emitted by the noUntrustedLicenses rule.

• #10358 05c2617 Thanks @​dyc3! - Fixed #10356: biome rage --linter now displays rules enabled through linter domains in the enabled rules list.

• #10300 950247c Thanks @​dyc3! - Fixed #10265: Svelte function bindings such as bind:value={get, set} are now parsed more precisely, so noCommaOperator won't emit false positives for that syntax anymore.

• #9786 e71f584 Thanks @​MeGaNeKoS! - Fixed #8480: useDestructuring now provides variableDeclarator and assignmentExpression options to control which contexts enforce destructuring, matching ESLint's prefer-destructuring configuration. Both default to {array: true, object: true}. The diagnostic for object destructuring in assignment expressions now instructs users to wrap the assignment in parentheses.

• #10425 1948b72 Thanks @​sjh9714! - Fixed #10244: The useOptionalChain rule now detects negated guard inequality chains like !foo || foo.bar !== "x".

• #10442 001f94f Thanks @​ematipico! - Fixed #10411: noMisusedPromises no longer causes a stack overflow when a nested function returns an object with shorthand properties that shadow destructured variables from an outer scope.

• #10318 9b1577f Thanks @​dyc3! - Added support for formatter.trailingCommas in overrides. This option was previously available in the top-level formatter configuration but missing from formatter overrides.

• #10319 2e37709 Thanks @​dyc3! - Fixed Vue and Svelte formatting for standalone interpolations in inline elements. Biome now preserves existing newlines in cases like:

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.16

Patch Changes

• #10329 ef764d5 Thanks @​Conaclos! - Fixed an issue where diagnostics showed an incorrect location in Astro files.

• #10363 50aa415 Thanks @​dyc3! - Fixed HTML formatting for a case where comments could cause the formatter to split up a closing tag, which would cause the resulting HTML to be syntactically invalid.

  Input:

  <span
    ><!-- 1
  --><span>a</span
    ><!-- 2
  --><span>b</span
    ><!-- 3
  --></span>

  Output:

    <span
  	  ><!-- 1
  - --> <span>a</span<!-- 2
  - --> ><span>b</span><!-- 3
  + --><span>a</span><!-- 2
  + --><span>b</span><!-- 3
    --></span
    >

• #10465 0c718da Thanks @​dfedoryshchev! - Fixed diagnostics emitted by the noUntrustedLicenses rule.

• #10358 05c2617 Thanks @​dyc3! - Fixed #10356: biome rage --linter now displays rules enabled through linter domains in the enabled rules list.

• #10300 950247c Thanks @​dyc3! - Fixed #10265: Svelte function bindings such as bind:value={get, set} are now parsed more precisely, so noCommaOperator won't emit false positives for that syntax anymore.

• #9786 e71f584 Thanks @​MeGaNeKoS! - Fixed #8480: useDestructuring now provides variableDeclarator and assignmentExpression options to control which contexts enforce destructuring, matching ESLint's prefer-destructuring configuration. Both default to {array: true, object: true}. The diagnostic for object destructuring in assignment expressions now instructs users to wrap the assignment in parentheses.

• #10425 1948b72 Thanks @​sjh9714! - Fixed #10244: The useOptionalChain rule now detects negated guard inequality chains like !foo || foo.bar !== "x".

• #10442 001f94f Thanks @​ematipico! - Fixed #10411: noMisusedPromises no longer causes a stack overflow when a nested function returns an object with shorthand properties that shadow destructured variables from an outer scope.

• #10318 9b1577f Thanks @​dyc3! - Added support for formatter.trailingCommas in overrides. This option was previously available in the top-level formatter configuration but missing from formatter overrides.

• #10319 2e37709 Thanks @​dyc3! - Fixed Vue and Svelte formatting for standalone interpolations in inline elements. Biome now preserves existing newlines in cases like:

... (truncated)

Commits

• 5f4ea56 ci: release (#10326)
• de2a33c fix(core): regression in emitted types (#10478)
• d835303 docs: remove redundant default phrase in useConsistentObjectDefinitions rul...
• 4f1aaf2 fix: incorrect build when using build or test (#10426)
• dc73b6b refactor: make plugins opt-in via feature gate (#10418)
• e71f584 feat(useDestructuring): add options for assignment/declaration and improve di...
• 9b1577f fix(config): support trailingCommas in overrides (#10318)
• 9dd3271 ci: release (#10210)
• 7b8d4e1 feat(lint/html/vue): add useVueValidVFor (#10195)
• ba3480e feat(lint/js): add useTestHooksInOrder (#9394)
• Additional commits viewable in compare view

Updates ultracite from 7.3.2 to 7.8.1

Release notes

Sourced from ultracite's releases.

ultracite@7.8.1

Patch Changes

• 8335be7: Build the CLI with bun build and a tsgo type-check gate instead of tsup.
• f747449: Fix the Oxlint TanStack preset so route files under routes/ and app/routes/ are exempt from unicorn/filename-case, matching the documented 7.8.0 behavior.
• 092597e: Fix generated oxlint.config.ts to be pre-formatted according to oxfmt rules, so ultracite check passes immediately after ultracite init without requiring a separate format step.
• 81da6e8: Generate agent and editor hook commands through nypm's package-manager script helper.
• 81da6e8: Keep hyphen-prefixed file operands from being forwarded to linters as options.

ultracite@7.8.0

Minor Changes

• 4e2fea0: Add a dedicated tanstack framework preset for Biome, ESLint, and Oxlint. The ESLint preset layers @tanstack/eslint-plugin-query, @tanstack/eslint-plugin-router, and @tanstack/eslint-plugin-start, while the Biome and Oxlint presets relax file-naming conventions for routes/ directories and the generated routeTree.gen.ts. Framework detection now maps @tanstack/react-query, @tanstack/react-router, and @tanstack/react-start to the new tanstack preset.

  Two behavior changes for existing consumers: TanStack Query rules now live in the tanstack preset instead of react, so projects that relied on Query rules must opt into tanstack; and TanStack Router projects now resolve to the tanstack preset rather than remix.

Patch Changes

• 51a2af0: Recognize .biome.json and .biome.jsonc as valid Biome config files across the CLI. detectLinter, the doctor command, and the Biome config resolver now match the dot-prefixed names alongside biome.json/biome.jsonc, following Biome's documented configuration file resolution order. Closes #700.

• 14b557c: Harden the generated standalone Husky hook by using git add -- "$file" when restaging formatted files. This prevents option-shaped filenames from being interpreted as Git options during the hook.

• baa3dd0: Add ignorePatterns to the generated oxlint config at the root level so they are actually applied. Oxlint does not merge ignorePatterns through extends (see oxc-project/oxc#10223), so patterns set in the core preset were silently ignored. The generated config now sets ignorePatterns: core.ignorePatterns at the top level, reusing the patterns from the imported core preset.

• bd27fd4: Add newly supported Oxlint rules from the latest release to the core, React, and Vitest presets:

  • Core: id-match, no-implicit-globals, no-implied-eval, prefer-arrow-callback, prefer-regex-literals, import/newline-after-import, jsdoc/require-throws-description, jsdoc/require-throws-type, and jsdoc/require-yields-type
  • React: jsx-a11y/control-has-associated-label, jsx-a11y/no-interactive-element-to-noninteractive-role, jsx-a11y/no-noninteractive-element-interactions, jsx-a11y/no-noninteractive-element-to-interactive-role, react/no-object-type-as-default-prop, and react/no-unstable-nested-components
  • Vitest: vitest/padding-around-after-all-blocks

• 14b557c: Reject symlinked generated config targets before writing project files. CLI config writers now route through a shared project-file write guard that checks for symlinks and project-root escapes before mutating files.

• 14b557c: Validate package-manager names before generating agent and editor hook commands. Hook configuration now only uses supported package-manager prefixes, preventing unsafe values from being persisted into later-executed hook commands.

• 14b557c: Reject unsupported package-manager names during ultracite init. Explicit --pm values and detected packageManager metadata are now runtime-validated against the supported package managers before dependency installation, preventing malicious project metadata from selecting an arbitrary executable.

ultracite@7.7.0

Minor Changes

• 24b0d27: Wire up the nestjs ESLint preset to actually enforce rules. Previously the preset exported an empty const config = [], meaning users who imported ultracite/eslint/nestjs got nothing. It now layers @darraghor/eslint-plugin-nestjs-typed (22 rules covering NestJS conventions, dependency injection correctness, and class-validator/Swagger usage) using the same dynamic-enable pattern as the other framework presets.

  Consumers who already had the empty preset in their config may see new violations on first run.

Patch Changes

• 161418a: Add missing Biome stable rules to the core config:

  • suspicious/noDuplicateDependencies → "error" — flags a dependency listed multiple times in the same group, or across dependencies and devDependencies, in package.json.
  • suspicious/useDeprecatedDate → "off" — GraphQL-only convention requiring a deletionDate argument on @deprecated; too opinionated for the default preset.

... (truncated)

Commits

• e98d16d Version Packages (#711)
• 092597e fix: pre-format generated oxlint.config.ts to match oxfmt rules (#707)
• f747449 fix(oxlint): relax filename-case for TanStack route files (#710)
• 3d6ea4a Remove SVGs from bundle
• 8335be7 Migrate from tsup to bun + tsgo
• 304160d Update README.md
• 81da6e8 Misc fixes
• 02e79d9 Version Packages (#705)
• 37210dd Revert "fix: move mockFs to module scope for unicorn/consistent-function-scop...
• cc16ca2 fix: move mockFs to module scope for unicorn/consistent-function-scoping (#708)
• Additional commits viewable in compare view

Updates svelte from 5.55.10 to 5.56.0

Release notes

Sourced from svelte's releases.

svelte@5.56.0

Minor Changes

• feat: allow declarations in the template (#18282)

Patch Changes

• perf: use createElement instead of createElementNS for HTML elements (#18262)

• perf: store current_sources as a Set for O(1) membership checks (#18278)

• perf: deduplicate identical hoisted templates within a component (#18320)

• perf: hoist rest_props exclude list as a module-scope Set (#18252)

Changelog

Sourced from svelte's changelog.

5.56.0

Minor Changes

• feat: allow declarations in the template (#18282)

Patch Changes

• perf: use createElement instead of createElementNS for HTML elements (#18262)

• perf: store current_sources as a Set for O(1) membership checks (#18278)

• perf: deduplicate identical hoisted templates within a component (#18320)

• perf: hoist rest_props exclude list as a module-scope Set (#18252)

Commits

• 70afafe Version Packages (#18315)
• 6d26dce allow class/function expressions in tags (#18324)
• 2fae91a perf: deduplicate identical hoisted templates within a component (#18320)
• a40c745 perf: hoist rest_props exclude list as a module-scope Set (#18252)
• 980c7e2 fix: don't error on {type} in declaration tags (#18321)
• 5300843 chore: bump playwright (#18319)
• 59d3a36 feat: allow declarations in the template (#18282)
• a9e82dd chore: remove on_fork_commit (#18318)
• a991605 perf: use createElement instead of createElementNS for HTML elements (#18262)
• 27e74c4 docs: add auto-generated browser support page (#18276)
• Additional commits viewable in compare view

Updates svelte-check from 4.4.8 to 4.5.0

Release notes

Sourced from svelte-check's releases.

svelte-check@4.5.0

Minor Changes

• feat: support Svelte 5 declaration tags (#3033)

Patch Changes

• fix: properly handle props with the name slot inside Svelte 5 snippets (#3030)

• feat: add support for svelte config ts/mts files (#3009)

Commits

• 67fbcae Version Packages (#3018)
• 3474048 fix(emitDts): drop declarations emitted outside declarationDir (#2965)
• e9f4ce9 feat: support Svelte 5 declaration tags (#3033)
• 6bd8b17 fix: take into account component references when calculating snippet hoistabi...
• 86fafb1 fix: handle prop named "slot" inside Svelte 5 snippets (#3030)
• f53efb3 feat: add support for svelte config ts/mts files (#3009)
• 6d19b08 fix: tweak "show compiled" icon (#3019)
• 6e31da3 fix: prevent > in expression affects HTML folding (#3029)
• 1521b92 fix: support prettier.useEditorConfig setting (#3026)
• eb3fba7 feat: support CSS completions in nested style tags (#3022)
• Additional commits viewable in compare view

Updates vite from 8.0.14 to 8.0.16

Release notes

Sourced from vite's releases.

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.16 (2026-06-01)

Bug Fixes

• deps: reject UNC paths for launch-editor-middleware (#22571) (50b9512)
• reject windows alternate paths (#22572) (dc245c7)

8.0.15 (2026-06-01)

Features

• send 408 on request timeout (#22476) (c85c9ee)
• update rolldown to 1.0.3 (#22538) (646dbed)

Bug Fixes

• capitalize error messages and remove spurious space in parse error (#22488) (85a0eff)
• deps: update all non-major dependencies (#22511) (2686d7d)
• dev: fix html-proxy cache key mismatch for /@fs/ HTML paths (#21762) (47c4213)
• glob: error on relative glob in virtual module when no files match (#22497) (5c8e98f)
• optimizer: close the rolldown bundle when write() rejects (#22528) (e3cfb9d)
• resolve: provide onWarn for viteResolvePlugin in JS plugin containers (#22509) (40985f1)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#22566) (3052a67)

Code Refactoring

• correct logic in collectAllModules function (#22562) (6978a9c)

Commits

• f94df87 release: v8.0.16
• dc245c7 fix: reject windows alternate paths (#22572)
• 50b9512 fix(deps): reject UNC paths for launch-editor-middleware (#22571)
• 8d1b019 release: v8.0.15
• 2686d7d fix(deps): update all non-major dependencies (#22511)
• 3052a67 chore(deps): update rolldown-related dependencies (#22566)
• e3cfb9d fix(optimizer): close the rolldown bundle when write() rejects (#22528)
• 6978a9c refactor: correct logic in collectAllModules function (#22562)
• 646dbed feat: update rolldown to 1.0.3 (#22538)
• 85a0eff fix: capitalize error messages and remove spurious space in parse error (#22488)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
cable-intel-web	Ready	Preview, Comment	Jun 1, 2026 10:01pm