chore(deps): bump the patch-updates group with 6 updates

[dependabot]

Bumps the patch-updates group with 6 updates:

Package	From	To
@astrojs/svelte	7.1.0	7.1.1
@fontsource-variable/jetbrains-mono	5.2.6	5.2.7
@fontsource/roboto	5.2.6	5.2.7
astro	5.13.5	5.13.7
svelte	5.38.7	5.38.10
@biomejs/biome	2.2.3	2.2.4

Updates @astrojs/svelte from 7.1.0 to 7.1.1

Release notes

Sourced from @​astrojs/svelte's releases.

@​astrojs/svelte@​7.1.1

Patch Changes

• #14326 c24a8f4 Thanks @​jsparkdev! - Updates vite version to fix CVE

Changelog

Sourced from @​astrojs/svelte's changelog.

7.1.1

Patch Changes

• #14326 c24a8f4 Thanks @​jsparkdev! - Updates vite version to fix CVE

Commits

• aa7bebd [ci] release (#14295)
• d0d7225 chore(deps): update dependency svelte to ^5.38.7 (#14322)
• c24a8f4 fix(vite): update vite to fix CVE (#14326)
• 0b0d9ed fix(deps): update astro client runtimes (#14184)
• c984507 docs: remove experimental notice (#14266)
• 540f27e fix(deps): update astro client runtimes (#14024)
• f1ac805 fix(deps): update astro client runtimes (#13912)
• 07e982d fix(deps): update astro client runtimes (#13882)
• f42ffac fix(deps): update astro client runtimes (#13853)
• See full diff in compare view

Updates @fontsource-variable/jetbrains-mono from 5.2.6 to 5.2.7

Commits

• See full diff in compare view

Updates @fontsource/roboto from 5.2.6 to 5.2.7

Commits

• See full diff in compare view

Updates astro from 5.13.5 to 5.13.7

Release notes

Sourced from astro's releases.

astro@5.13.7

Patch Changes

• #14330 72e14ab Thanks @​ascorbic! - Removes pinned package that is no longer needed.

• #14335 17c7b03 Thanks @​florian-lefebvre! - Bumps sharp minimal version to 0.34.0

astro@5.13.6

Patch Changes

• #14294 e005855 Thanks @​martrapp! - Restores the ability to use Google Analytics History change trigger with the <ClientRouter />.

• #14326 c24a8f4 Thanks @​jsparkdev! - Updates vite version to fix CVE

• #14108 218e070 Thanks @​JusticeMatthew! - Updates dynamic route split regex to avoid infinite retries/exponential complexity

• #14327 c1033be Thanks @​ascorbic! - Pins simple-swizzle to avoid compromised version

Changelog

Sourced from astro's changelog.

5.13.7

Patch Changes

• #14330 72e14ab Thanks @​ascorbic! - Removes pinned package that is no longer needed.

• #14335 17c7b03 Thanks @​florian-lefebvre! - Bumps sharp minimal version to 0.34.0

5.13.6

Patch Changes

• #14294 e005855 Thanks @​martrapp! - Restores the ability to use Google Analytics History change trigger with the <ClientRouter />.

• #14326 c24a8f4 Thanks @​jsparkdev! - Updates vite version to fix CVE

• #14108 218e070 Thanks @​JusticeMatthew! - Updates dynamic route split regex to avoid infinite retries/exponential complexity

• #14327 c1033be Thanks @​ascorbic! - Pins simple-swizzle to avoid compromised version

Commits

• 468c845 [ci] release (#14336)
• 72e14ab fix: remove the pinned simple-swizzle (#14330)
• 17c7b03 feat: update sharp (#14335)
• aa7bebd [ci] release (#14295)
• c1033be fix: pin simple-swizzle (#14327)
• c24a8f4 fix(vite): update vite to fix CVE (#14326)
• 218e070 Fix: Dynamic route split regex (#14108)
• 0eba233 fix(deps): update astro dependencies (#14308)
• d63f6bb fix(deps): update astro dependencies (#13749)
• bdc8ce2 fix(deps): update astro dependencies (#14305)
• Additional commits viewable in compare view

Updates svelte from 5.38.7 to 5.38.10

Release notes

Sourced from svelte's releases.

svelte@5.38.10

Patch Changes

• fix: flush effects scheduled during boundary's pending phase (#16738)

svelte@5.38.9

Patch Changes

• chore: generate CSS hash using the filename (#16740)

• fix: correctly analyze <object.property> components (#16711)

• fix: clean up scheduling system (#16741)

• fix: transform input defaults from spread (#16481)

• fix: don't destroy contents of svelte:boundary unless the boundary is an error boundary (#16746)

svelte@5.38.8

Patch Changes

• fix: send $effect.pending count to the correct boundary (#16732)

Changelog

Sourced from svelte's changelog.

5.38.10

Patch Changes

• fix: flush effects scheduled during boundary's pending phase (#16738)

5.38.9

Patch Changes

• chore: generate CSS hash using the filename (#16740)

• fix: correctly analyze <object.property> components (#16711)

• fix: clean up scheduling system (#16741)

• fix: transform input defaults from spread (#16481)

• fix: don't destroy contents of svelte:boundary unless the boundary is an error boundary (#16746)

5.38.8

Patch Changes

• fix: send $effect.pending count to the correct boundary (#16732)

Commits

• df13be8 Version Packages (#16754)
• 72ce753 fix: flush effects scheduled during boundary's pending phase (#16738)
• 96a4b16 Version Packages (#16744)
• 558a3c9 fix: transform input defaults from spread (#16481)
• 2743cd0 fix: correctly analyze \<object.property> components (#16711)
• f09f25e fix: Don't destroy boundary contents on error unless the boundary is an error...
• 68d27f1 chore: generate CSS hash using the filename (#16740)
• f343b00 fix: clean up scheduling system (#16741)
• f778975 Version Packages (#16734)
• 18dd456 fix: send $effect.pending count to the correct boundary (#16732)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for svelte since your current version.

Updates @biomejs/biome from 2.2.3 to 2.2.4

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.2.4

2.2.4

Patch Changes

• #7453 aa8cea3 Thanks @​arendjr! - Fixed #7242: Aliases specified in package.json's imports section now support having multiple targets as part of an array.

• #7454 ac17183 Thanks @​arendjr! - Greatly improved performance of noImportCycles by eliminating allocations.

  In one repository, the total runtime of Biome with only noImportCycles enabled went from ~23s down to ~4s.

• #7447 7139aad Thanks @​rriski! - Fixes #7446. The GritQL $... spread metavariable now correctly matches members in object literals, aligning its behavior with arrays and function calls.

• #6710 98cf9af Thanks @​arendjr! - Fixed #4723: Type inference now recognises index signatures and their accesses when they are being indexed as a string.

  Example

  type BagOfPromises = {
    // This is an index signature definition. It declares that instances of type
    // `BagOfPromises` can be indexed using arbitrary strings.
    [property: string]: Promise<void>;
  };
  let bag: BagOfPromises = {};
  // Because bag.iAmAPromise is equivalent to bag[&quot;iAmAPromise&quot;], this is
  // considered an access to the string index, and a Promise is expected.
  bag.iAmAPromise;

• #7415 d042f18 Thanks @​qraqras! - Fixed #7212, now the useOptionalChain rule recognizes optional chaining using typeof (e.g., typeof foo !== 'undefined' && foo.bar).

• #7419 576baf4 Thanks @​Conaclos! - Fixed #7323. noUnusedPrivateClassMembers no longer reports as unused TypeScript private members if the rule encounters a computed access on this.

  In the following example, member as previously reported as unused. It is no longer reported.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.2.4

Patch Changes

• #7453 aa8cea3 Thanks @​arendjr! - Fixed #7242: Aliases specified in package.json's imports section now support having multiple targets as part of an array.

• #7454 ac17183 Thanks @​arendjr! - Greatly improved performance of noImportCycles by eliminating allocations.

  In one repository, the total runtime of Biome with only noImportCycles enabled went from ~23s down to ~4s.

• #7447 7139aad Thanks @​rriski! - Fixes #7446. The GritQL $... spread metavariable now correctly matches members in object literals, aligning its behavior with arrays and function calls.

• #6710 98cf9af Thanks @​arendjr! - Fixed #4723: Type inference now recognises index signatures and their accesses when they are being indexed as a string.

  Example

  type BagOfPromises = {
    // This is an index signature definition. It declares that instances of type
    // `BagOfPromises` can be indexed using arbitrary strings.
    [property: string]: Promise<void>;
  };
  let bag: BagOfPromises = {};
  // Because bag.iAmAPromise is equivalent to bag[&quot;iAmAPromise&quot;], this is
  // considered an access to the string index, and a Promise is expected.
  bag.iAmAPromise;

• #7415 d042f18 Thanks @​qraqras! - Fixed #7212, now the useOptionalChain rule recognizes optional chaining using typeof (e.g., typeof foo !== 'undefined' && foo.bar).

• #7419 576baf4 Thanks @​Conaclos! - Fixed #7323. noUnusedPrivateClassMembers no longer reports as unused TypeScript private members if the rule encounters a computed access on this.

  In the following example, member as previously reported as unused. It is no longer reported.

  class TsBioo {
    private member: number;
  set_with_name(name: string, value: number) {
  this[name] = value;
  }
  }

... (truncated)

Commits

• 5d212c5 ci: release (#7450)
• 351bccd chore: restore release files
• 32dbfa1 ci: release (#7413)
• 75b6a0d feat(linter): add rule noJsxLiterals (#7248)
• 53ff5ae feat(analyse/json): add noDuplicateDependencies rule (#7142)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions