build(deps): bump the frontend-dependencies group with 8 updates

[dependabot]

Bumps the frontend-dependencies group with 8 updates:

Package	From	To
@lucide/svelte	1.20.0	1.21.0
@tauri-apps/api	2.11.0	2.11.1
@sveltejs/kit	2.65.2	2.67.0
@tauri-apps/cli	2.11.2	2.11.3
@types/node	25.9.3	26.0.0
svelte	5.56.3	5.56.4
svelte-check	4.6.0	4.7.0
vite	8.0.16	8.1.0

Updates @lucide/svelte from 1.20.0 to 1.21.0

Release notes

Sourced from @​lucide/svelte's releases.

Version 1.21.0

What's Changed

• ci(release.yml): Remove new-version in release flow by @​ericfennis in lucide-icons/lucide#4478
• ci(release.yml): Fix workflow and remove version scripts in package scripts by @​ericfennis in lucide-icons/lucide#4479
• fix(docs): rename navigation category label by @​Hsiii in lucide-icons/lucide#4483
• feat(icons): added broken-bone icon by @​Patolord in lucide-icons/lucide#4131

New Contributors

• @​Hsiii made their first contribution in lucide-icons/lucide#4483
• @​Patolord made their first contribution in lucide-icons/lucide#4131

Full Changelog: lucide-icons/lucide@1.20.0...1.21.0

Commits

• 5ff536e ci(release.yml): Fix workflow and remove version scripts in package scripts...
• See full diff in compare view

Updates @tauri-apps/api from 2.11.0 to 2.11.1

Release notes

Sourced from @​tauri-apps/api's releases.

@​tauri-apps/api v2.11.1

No known vulnerabilities found

[2.11.1]

Enhancements

• 916782601 (#15520 by @​polw1) Document that Monitor.size, Monitor.position and Monitor.workArea are in physical pixels, with examples showing how to convert them to the logical pixels expected by window creation options via toLogical(monitor.scaleFactor).

> @tauri-apps/api@2.11.1 npm-publish /home/runner/work/tauri/tauri/packages/api
> pnpm build && cd ./dist && pnpm publish --access public --loglevel silly --no-git-checks
> @​tauri-apps/api@​2.11.1 build /home/runner/work/tauri/tauri/packages/api
> rollup -c --configPlugin typescript
�[36m
�[1m./src/app.ts, ./src/core.ts, ./src/dpi.ts, ./src/event.ts, ./src/image.ts, ./src/index.ts, ./src/menu.ts, ./src/mocks.ts, ./src/path.ts, ./src/tray.ts, ./src/webview.ts, ./src/webviewWindow.ts, ./src/window.ts�[22m → �[1m./dist, ./dist�[22m...�[39m
�[32mcreated �[1m./dist, ./dist�[22m in �[1m883ms�[22m�[39m
�[36m
�[1msrc/index.ts�[22m → �[1m../../crates/tauri/scripts/bundle.global.js�[22m...�[39m
�[32mcreated �[1m../../crates/tauri/scripts/bundle.global.js�[22m in �[1m1.4s�[22m�[39m
npm verbose cli /opt/hostedtoolcache/node/24.16.0/x64/bin/node /opt/hostedtoolcache/node/24.16.0/x64/bin/npm
npm info using npm@11.13.0
npm info using node@v24.16.0
npm silly config load:file:/opt/hostedtoolcache/node/24.16.0/x64/lib/node_modules/npm/npmrc
npm silly config load:file:/tmp/286e8dee195254a4370e608b672019b0/.npmrc
npm silly config load:file:/home/runner/.npmrc
npm silly config load:file:/home/runner/.config/pnpm/rc
npm verbose title npm publish tauri-apps-api-2.11.1.tgz
npm verbose argv "publish" "--ignore-scripts" "tauri-apps-api-2.11.1.tgz" "--access" "public" "--loglevel" "silly"
npm verbose logfile logs-max:10 dir:/home/runner/.npm/_logs/2026-06-17T13_41_23_851Z-
npm verbose logfile /home/runner/.npm/_logs/2026-06-17T13_41_23_851Z-debug-0.log
npm warn Unknown env config "verify-deps-before-run". This will stop working in the next major version of npm. See npm help npmrc for supported config options.
npm warn Unknown env config "npm-globalconfig". This will stop working in the next major version of npm. See npm help npmrc for supported config options.
npm warn Unknown env config "overrides". This will stop working in the next major version of npm. See npm help npmrc for supported config options.
npm warn Unknown env config "_jsr-registry". This will stop working in the next major version of npm. See npm help npmrc for supported config options.
npm silly logfile done cleaning log files
npm verbose publish [ 'tauri-apps-api-2.11.1.tgz' ]
</tr></table>

... (truncated)

Commits

• 6f6ab12 apply version updates (#15409)
• 728c8d4 fix(cli): skip building bundles when using tauri android run (#15473)
• e25f45c refactor: remove impl clone on inner menus (#15553)
• fbcf1b0 chore(deps): update dependency eslint-plugin-security to v4.0.1 (#15545)
• 828f710 fix(cli): respect src/bin required-features (fix: #15325) (#15427)
• ed8fd41 chore(cli): lesser verbose ureq_proto log (#15552)
• 50b0237 fix(android): escape special characters in strings.xml (#15549)
• 800223d docs: fix some missing and wrong docs (#15548)
• 5075c81 fix: check is_maximizable in internal_toggle_maximize (#15550)
• 532c22a chore(deps-dev): bump vite from 8.0.5 to 8.0.16 (#15547)
• Additional commits viewable in compare view

Updates @sveltejs/kit from 2.65.2 to 2.67.0

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.67.0

Minor Changes

• feat: add prerender.handleInvalidUrl option for invalid URLs discovered while crawling (#16088)

Patch Changes

• fix: support exactOptionalPropertyTypes for optional form schema fields (#15866)

• fix: avoid unnecessarily overriding a user's Vite 8 codeSplitting setting (#16118)

@​sveltejs/kit@​2.66.0

Minor Changes

• feat: precompress prerendered .md and .mdx files (#15893)

• feat: warn the user when they forget to make boolean inputs optional in their form schemas (#15804)

Patch Changes

• fix: blur active element before component update during navigation so that blur/focusout handlers fire while old component data is still valid (#15452)

• fix: ensure base is available from $service-worker during development (#15882)

• fix: use correct relative asset paths when rendering an error page for a missing __data.json request (#15884)

• fix: preserve active for await consumers across query.live reconnects (#16022)

• fix: settle query.live reconnect promise on all exit paths, preventing invalidateAll() from deadlocking when a live query is offline or interrupted (#16022)

• fix: preserve last value when a query.live stream completes without yielding on reconnect (#16022)

• fix: remove types: ['node'] from generated tsconfig to avoid errors when @types/node is not installed (#15709)

• fix: prefer pages over endpoints when prerendering (#16076)

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.67.0

Minor Changes

• feat: add prerender.handleInvalidUrl option for invalid URLs discovered while crawling (#16088)

Patch Changes

• fix: support exactOptionalPropertyTypes for optional form schema fields (#15866)

• fix: avoid unnecessarily overriding a user's Vite 8 codeSplitting setting (#16118)

2.66.0

Minor Changes

• feat: precompress prerendered .md and .mdx files (#15893)

• feat: warn the user when they forget to make boolean inputs optional in their form schemas (#15804)

Patch Changes

• fix: blur active element before component update during navigation so that blur/focusout handlers fire while old component data is still valid (#15452)

• fix: ensure base is available from $service-worker during development (#15882)

• fix: use correct relative asset paths when rendering an error page for a missing __data.json request (#15884)

• fix: preserve active for await consumers across query.live reconnects (#16022)

• fix: settle query.live reconnect promise on all exit paths, preventing invalidateAll() from deadlocking when a live query is offline or interrupted (#16022)

• fix: preserve last value when a query.live stream completes without yielding on reconnect (#16022)

• fix: remove types: ['node'] from generated tsconfig to avoid errors when @types/node is not installed (#15709)

• fix: prefer pages over endpoints when prerendering (#16076)

... (truncated)

Commits

• c5d0e83 Version Packages (#16086)
• cf15fa0 fix: add handleInvalidUrl prerender option for non-HTTP URL schemes (#16088)
• 2992e17 fix: avoid overwriting codeSplitting for split apps (#16118)
• d71dabb chore: fix internal types export target (#16113)
• 7b43b29 chore: fix more flaky tests (#16061)
• 5c76121 fix: allow optional remote form schema fields under `{exactOptionalPropertyTy...
• 4c9b8f1 Version Packages (#16062)
• 276744d fix: preflight schemas apply correctly when chained before for (#15863)
• e8c8d84 chore: DRY out __sveltekit_xyz123 stuff (#16085)
• 4eabadc fix: fail early if a route with +page and +server is marked as prerendera...
• Additional commits viewable in compare view

Updates @tauri-apps/cli from 2.11.2 to 2.11.3

Release notes

Sourced from @​tauri-apps/cli's releases.

@​tauri-apps/cli v2.11.3

[2.11.3]

Bug Fixes

• 50b0237ed (#15549 by @​Legend-Master) Escape special characters in productName when generating Android strings.xml

• 728c8d4a5 (#15473 by @​Legend-Master) Skip building bundles when using tauri android run

• be0cb0d43 (#15344 by @​raglady) Fix NDK_HOME environment variable not honored when set

• ed8fd411f (#15552 by @​Legend-Master) Make ureq_proto show trace level logs only on -vvv instead of -vv

• fca4a31f9 (#15454 by @​fallintoplace) Fix tauri migrate generating invalid namespace imports for aliased pluginified imports from @tauri-apps/api.

  Inputs like import { cli as superCli } from "@tauri-apps/api" now migrate to import * as superCli from "@tauri-apps/plugin-cli" instead of producing invalid ESM syntax. The migration tests also reparse migrated JS, Svelte, and Vue output so syntax regressions are caught directly.

Dependencies

• Upgraded to tauri-cli@2.11.3

Commits

• 6f6ab12 apply version updates (#15409)
• 728c8d4 fix(cli): skip building bundles when using tauri android run (#15473)
• e25f45c refactor: remove impl clone on inner menus (#15553)
• fbcf1b0 chore(deps): update dependency eslint-plugin-security to v4.0.1 (#15545)
• 828f710 fix(cli): respect src/bin required-features (fix: #15325) (#15427)
• ed8fd41 chore(cli): lesser verbose ureq_proto log (#15552)
• 50b0237 fix(android): escape special characters in strings.xml (#15549)
• 800223d docs: fix some missing and wrong docs (#15548)
• 5075c81 fix: check is_maximizable in internal_toggle_maximize (#15550)
• 532c22a chore(deps-dev): bump vite from 8.0.5 to 8.0.16 (#15547)
• Additional commits viewable in compare view

Updates @types/node from 25.9.3 to 26.0.0

Commits

• See full diff in compare view

Updates svelte from 5.56.3 to 5.56.4

Release notes

Sourced from svelte's releases.

svelte@5.56.4

Patch Changes

• fix: include wrapping parentheses in {@const} declarator end position (#18436)

• fix: always unset reactivity context after restoring it (#18453)

• fix: don't notify searchParams subscribers when the URL changes without affecting the search string (#18425)

• fix: strip ? from optional parameters in <script lang="ts"> so generated JavaScript is valid (#18448)

Changelog

Sourced from svelte's changelog.

5.56.4

Patch Changes

• fix: include wrapping parentheses in {@const} declarator end position (#18436)

• fix: always unset reactivity context after restoring it (#18453)

• fix: don't notify searchParams subscribers when the URL changes without affecting the search string (#18425)

• fix: strip ? from optional parameters in <script lang="ts"> so generated JavaScript is valid (#18448)

Commits

• eae50df Version Packages (#18435)
• 36ae062 fix: always unset reactivity context after restoring it (#18453)
• a6985bc fix: strip ? from optional parameters in svelte lang ts (#18448)
• c4daa49 fix: include wrapping parentheses in {@const} declarator end (#18436)
• 0510174 fix: make SvelteURLSearchParams notifications accurate (#18425)
• 8ea3ee8 chore(deps-dev): bump esbuild from 0.25.11 to 0.28.1 (#18427)
• See full diff in compare view

Updates svelte-check from 4.6.0 to 4.7.0

Release notes

Sourced from svelte-check's releases.

svelte-check@4.7.0

Minor Changes

• feat: add --config option (#3066)

• feat: svelte-check tsgo support with experimental api (#3036)

Patch Changes

• fix: load esm version of Vite (#3065)

• fix: stop excluding workspaces under dot-prefixed ancestors (#3037)

• Updated dependencies [7a3464b, a2561fc]:

  • @​sveltejs/load-config@​0.2.0

Commits

• fbb1291 Version Packages (#3059)
• 3a1e384 feat: svelte-check tsgo support with experimental api (#3036)
• 8a6f155 fix(svelte-check): stop excluding workspaces under dot-prefixed ancestors (#3...
• 7659b0f perf: remove lodash (#3038)
• a2561fc feat: enable passing Svelte config file paths (#3066)
• 7a3464b fix: load esm version of Vite (#3065)
• 459d031 fix(svelte2tsx): don't crash on array binding holes in destructured exports (...
• 9407413 build: bump mocha to v11.7.6 (#3042)
• 201c9ae Merge pull request #3051 from ghostdevv/lint
• 240d3ad chore: fix lint
• Additional commits viewable in compare view

Updates vite from 8.0.16 to 8.1.0

Release notes

Sourced from vite's releases.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.1.0-beta.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.0 (2026-06-23)

Features

• extend server.fs.deny list with common files (#22707) (61ba8fd)
• update rolldown to 1.1.2 (#22695) (4f008a6)
• use ~ for Rolldown (#22693) (9928722)

Bug Fixes

• bundled-dev: errors should be kept when incremental build fails (#22617) (9a0dd48)
• cache falsy values in perEnvironmentState (#22715) (0e91e79)
• glob: respect caseSensitive option in hmr matcher (#22711) (65f525e)
• html: omit nonce on import map when cspNonce is unset (#22713) (8340bb5)
• optimizer: skip null-valued exports in expandGlobIds glob resolution (#22611) (8b9f5cd)
• resolved build options should be kept as a getter (#22691) (3527191)
• server: handle malformed URI in memory files middleware (#22714) (df9e0a5)
• use literal envPrefix queries for Vite Task (#22706) (da72733)
• warn on deprecated envFile (#22555) (ed7b283)

Code Refactoring

• client: inline dev-id value in CSS selector (#22736) (57f59bc)
• remove unused removeRawQuery util (#22724) (403cc60)
• use rolldownOptions property for chunkImportMap (#22692) (8e8816c)

8.1.0-beta.0 (2026-06-15)

Features

• import.meta.glob support caseSensitive option (#21707) (2ad6737)
• add warning to discourage Vite with yarn pnp (#21906) (3fbb55a)
• build: chunk importmap (#21580) (e180312)
• css: support lightningcss plugin dependency (#21748) (0b7aaed)
• deps: bump @​vitejs/devtools peer dependency version (#22542) (d2c2bc0)
• html: add html.additionalAssetSources option (#21412) (a41404b)
• integrate with Vite Task for zero-config build caching (#22453) (f8d75f7)
• rename server.hmr options to server.ws options (#21357) (9ce3036)
• server: support multiple hosts in __VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS (#21501) (735f9a1)
• track dependencies when loading config with native (#22602) (a7e2da8)
• types: add more precise typing for known query types to match known as types (#21863) (cc39e55)
• update rolldown to 1.1.1 (#22593) (8a13d63)
• wasm: direct .wasm imports (WASM ESM Integration) (#21779) (c23d85b)

Bug Fixes

• apply correct fs restrictions for pnpm gvs (#22415) (092320b)
• css: support external CSS with lightningcss (#18389) (d64a1a5)
• deps: update all non-major dependencies (#22637) (44bb9d9)
• deps: update all non-major dependencies (#22681) (f4f0633)
• html: insert import map before modulepreload that is not self-close tag (#21409) (e399c89)
• optimizer: preserve sourcemaps for transformed optimized deps with follow-up transforms (#22428) (1298951)

... (truncated)

Commits

• 5909efd fix: allow multiple bindCLIShortcuts calls with shortcut merging (#21103)
• 39a0a15 chore(deps): update rolldown-related dependencies (#21095)
• 6a34ac3 fix(deps): update all non-major dependencies (#21096)
• 02ceaec chore(deps): update dependency @​rollup/plugin-commonjs to v29 (#21099)
• 572aaca release: v7.2.2
• 728c8ee fix: revert "refactor: use fs.cpSync (#21019)" (#21081)
• a532e68 release: v7.2.1
• 82d2d6c fix(worker): some worker asset was missing (#21074)
• f83264f refactor(build): rename indexOfMatchInSlice to findPreloadMarker (#21054)
• 8293de0 release: v7.2.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

⚠️ This is a major update. Please review breaking changes and test thoroughly before merging.