chore(deps): bump the npm-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the npm-dependencies group with 7 updates in the / directory:

Package	From	To
@playwright/test	1.60.0	1.61.0
puppeteer	24.43.1	25.1.0
@tauri-apps/api	2.11.0	2.11.1
@sveltejs/vite-plugin-svelte	5.1.1	7.1.2
@tauri-apps/cli	2.11.2	2.11.3
svelte	5.56.1	5.56.3
vite	6.4.3	8.0.16

Updates @playwright/test from 1.60.0 to 1.61.0

Release notes

Sourced from @​playwright/test's releases.

v1.61.0

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

const context = await browser.newContext();
// Seed a passkey your backend provisioned for a test user.
await context.credentials.create('example.com', {
id: credentialId,
userHandle,
privateKey,
publicKey,
});
await context.credentials.install();
const page = await context.newPage();
await page.goto('https://example.com/login');
// The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with credentials.get(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via page.localStorage and page.sessionStorage, reads and writes the page's storage for the current origin:

await page.localStorage.setItem('token', 'abc');
const token = await page.localStorage.getItem('token');
const items = await page.sessionStorage.items();

New APIs

Network

• apiResponse.securityDetails() and apiResponse.serverAddr() mirror the browser-side response.securityDetails() and response.serverAddr().

Browser and Screencast

• New option artifactsDir in browserType.connectOverCDP() controls where artifacts such as traces and downloads are stored when attached to an existing browser.
• New option cursor in screencast.showActions() controls the cursor decoration rendered for pointer actions.
• The onFrame callback in screencast.start() now receives a timestamp of when the frame was presented by the browser.

Test runner

• The testOptions.video option now supports the same set of modes as trace: new 'on-all-retries', 'retain-on-first-failure' and 'retain-on-failure-and-retries' values. See the video modes table for which runs are recorded and kept in each mode.
• Supported expect.soft.poll(...).
• New fullConfig.argv — a snapshot of process.argv from the runner process, handy for reading custom arguments passed after the -- separator.
• New fullConfig.failOnFlakyTests mirrors the config option, so reporters can explain why a flaky run failed.
• testInfo.errors now lists each sub-error of an AggregateError as a separate entry.

... (truncated)

Commits

• 1cc5a90 cherry-pick(#41295): chore: PLAYWRIGHT_TRACING_NO_WEBSOCKET_FRAMES and PLAYWR...
• a6772bd cherry-pick(#41280): Revert "fix(trace-viewer): add keyboard navigation to `N...
• 8133dcf cherry-pick(#41283): docs: add Ubuntu 26.04 and Node.js 26.x to system requir...
• 812432e chore: mark v1.61.0 (#41277)
• ac05145 fix(fetch): report serverAddr and securityDetails for reused sockets (#41267)
• 056efc9 fix(trace-viewer): add keyboard navigation to NetworkFilters component (#41...
• 41f7b9a chore: fixes uncovered by the .NET 1.61 roll (#41266)
• ba50778 fix(mcp): assign caps as array for legacy --vision flag (#41253)
• b8ee5ae docs: release notes for v1.61 (#41261)
• 49c1f69 fix(trace viewer): load trace from a local file (#41263)
• Additional commits viewable in compare view

Updates puppeteer from 24.43.1 to 25.1.0

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v25.1.0

25.1.0 (2026-05-26)

🎉 Features

• roll to Chrome 149.0.7827.2 (af1b9be)
• roll to Firefox 151.0 (#15013) (767ea54)

🛠️ Fixes

• roll to Chrome 148.0.7778.178 (#15014) (59764ac)

📄 Documentation

• use ESM and top level await (#15030) (34ecc62)

🏗️ Refactor

• remove debug dependency (#15023) (94d1e1c)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​puppeteer/browsers bumped from 3.0.3 to 3.0.4

puppeteer: v25.1.0

25.1.0 (2026-05-26)

🎉 Features

• roll to Chrome 149.0.7827.2 (af1b9be)

🛠️ Fixes

• improve progress bar and install (#15042) (51db32a)
• support concurrency in progress bars (#15045) (ab0171d)

🏗️ Refactor

• replace cosmiconfig with lilconfig (#15031) (4a1c2ff)

... (truncated)

Changelog

Sourced from puppeteer's changelog.

25.1.0 (2026-05-26)

🎉 Features

• roll to Chrome 149.0.7827.2 (af1b9be)
• roll to Firefox 151.0 (#15013) (767ea54)

🛠️ Fixes

• roll to Chrome 148.0.7778.178 (#15014) (59764ac)

🏗️ Refactor

• remove debug dependency (#15023) (94d1e1c)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​puppeteer/browsers bumped from 3.0.3 to 3.0.4

📄 Documentation

• use ESM and top level await (#15030) (34ecc62)

25.0.4 (2026-05-18)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 25.0.3 to 25.0.4

🛠️ Fixes

• Throw TargetCloseError when session ID not found (#15002) (611abef)

... (truncated)

Commits

• ede6669 chore: release main (#15056)
• 7bc09e7 chore(deps): bump the all group with 5 updates (#15052)
• 8c81170 chore(deps): bump the all group in /website with 3 updates (#15051)
• 09eced5 chore: update lock
• 53b9fda chore(deps): bump the dependencies group with 2 updates (#15049)
• d842411 chore(deps): bump node from 050bf2b to 8530f76 in /docker in the all grou...
• 1d2a569 docs: document read-only Docker directories (#15048)
• ab0171d fix: support concurrency in progress bars (#15045)
• 51db32a fix: improve progress bar and install (#15042)
• d32384b chore(deps): bump qs and express in /website (#15040)
• Additional commits viewable in compare view

Updates @tauri-apps/api from 2.11.0 to 2.11.1

Release notes

Sourced from @​tauri-apps/api's releases.

@​tauri-apps/api v2.11.1

No known vulnerabilities found

[2.11.1]

Enhancements

• 916782601 (#15520 by @​polw1) Document that Monitor.size, Monitor.position and Monitor.workArea are in physical pixels, with examples showing how to convert them to the logical pixels expected by window creation options via toLogical(monitor.scaleFactor).

> @tauri-apps/api@2.11.1 npm-publish /home/runner/work/tauri/tauri/packages/api
> pnpm build && cd ./dist && pnpm publish --access public --loglevel silly --no-git-checks
> @​tauri-apps/api@​2.11.1 build /home/runner/work/tauri/tauri/packages/api
> rollup -c --configPlugin typescript
�[36m
�[1m./src/app.ts, ./src/core.ts, ./src/dpi.ts, ./src/event.ts, ./src/image.ts, ./src/index.ts, ./src/menu.ts, ./src/mocks.ts, ./src/path.ts, ./src/tray.ts, ./src/webview.ts, ./src/webviewWindow.ts, ./src/window.ts�[22m → �[1m./dist, ./dist�[22m...�[39m
�[32mcreated �[1m./dist, ./dist�[22m in �[1m883ms�[22m�[39m
�[36m
�[1msrc/index.ts�[22m → �[1m../../crates/tauri/scripts/bundle.global.js�[22m...�[39m
�[32mcreated �[1m../../crates/tauri/scripts/bundle.global.js�[22m in �[1m1.4s�[22m�[39m
npm verbose cli /opt/hostedtoolcache/node/24.16.0/x64/bin/node /opt/hostedtoolcache/node/24.16.0/x64/bin/npm
npm info using npm@11.13.0
npm info using node@v24.16.0
npm silly config load:file:/opt/hostedtoolcache/node/24.16.0/x64/lib/node_modules/npm/npmrc
npm silly config load:file:/tmp/286e8dee195254a4370e608b672019b0/.npmrc
npm silly config load:file:/home/runner/.npmrc
npm silly config load:file:/home/runner/.config/pnpm/rc
npm verbose title npm publish tauri-apps-api-2.11.1.tgz
npm verbose argv "publish" "--ignore-scripts" "tauri-apps-api-2.11.1.tgz" "--access" "public" "--loglevel" "silly"
npm verbose logfile logs-max:10 dir:/home/runner/.npm/_logs/2026-06-17T13_41_23_851Z-
npm verbose logfile /home/runner/.npm/_logs/2026-06-17T13_41_23_851Z-debug-0.log
npm warn Unknown env config "verify-deps-before-run". This will stop working in the next major version of npm. See npm help npmrc for supported config options.
npm warn Unknown env config "npm-globalconfig". This will stop working in the next major version of npm. See npm help npmrc for supported config options.
npm warn Unknown env config "overrides". This will stop working in the next major version of npm. See npm help npmrc for supported config options.
npm warn Unknown env config "_jsr-registry". This will stop working in the next major version of npm. See npm help npmrc for supported config options.
npm silly logfile done cleaning log files
npm verbose publish [ 'tauri-apps-api-2.11.1.tgz' ]
</tr></table>

... (truncated)

Commits

• 6f6ab12 apply version updates (#15409)
• 728c8d4 fix(cli): skip building bundles when using tauri android run (#15473)
• e25f45c refactor: remove impl clone on inner menus (#15553)
• fbcf1b0 chore(deps): update dependency eslint-plugin-security to v4.0.1 (#15545)
• 828f710 fix(cli): respect src/bin required-features (fix: #15325) (#15427)
• ed8fd41 chore(cli): lesser verbose ureq_proto log (#15552)
• 50b0237 fix(android): escape special characters in strings.xml (#15549)
• 800223d docs: fix some missing and wrong docs (#15548)
• 5075c81 fix: check is_maximizable in internal_toggle_maximize (#15550)
• 532c22a chore(deps-dev): bump vite from 8.0.5 to 8.0.16 (#15547)
• Additional commits viewable in compare view

Updates @sveltejs/vite-plugin-svelte from 5.1.1 to 7.1.2

Release notes

Sourced from @​sveltejs/vite-plugin-svelte's releases.

@​sveltejs/vite-plugin-svelte@​7.1.2

Patch Changes

• fix: correctly resolve compiled CSS on the server for dependencies with Svelte files (#1342)

@​sveltejs/vite-plugin-svelte@​7.1.1

Patch Changes

• fix: pass typescript.onlyRemoveTypeImports to transformWithOxc in vitePreprocess so that value imports are not dropped when they are only referenced in Svelte template markup (#1326)

• fix: correctly resolve compiled CSS for optimised Svelte dependencies on the server (#1336)

@​sveltejs/vite-plugin-svelte@​7.1.0

Minor Changes

• feat: enable optimizer for server environments during dev (#1328)

@​sveltejs/vite-plugin-svelte@​7.0.0

Major Changes

• breaking(deps): require vite 8 (#1266)

• breaking(options): remove deprecated options (#1274)

  • vitePlugin.hot in svelte.config.js use compilerOptions.hmr instead
  • vitePlugin.ignorePluginPreprocessors in svelte.config.js no longer needed
  • api.idFilter of vite-plugin-svelte:api use api.filter instead
  • plugin.api.sveltePreprocess of other vite plugins Update affected plugins to a newer version or remove them. See docs for more information.

• breaking(dev): no longer overrides compilerOptions.cssHash because Svelte now produces a stable css hash by itself (#1271)

• breaking(inspector): integrate vite-plugin-svelte-inspector into vite-plugin-svelte to avoid circular dependency (#1270)

• breaking(deps): require svelte 5.46.4 or later (#1271)

Patch Changes

• chore: upgrade vitefu to compatible peer dependency range (#1286)

• remove author field from package.json (#1281)

... (truncated)

Changelog

Sourced from @​sveltejs/vite-plugin-svelte's changelog.

7.1.2

Patch Changes

• fix: correctly resolve compiled CSS on the server for dependencies with Svelte files (#1342)

7.1.1

Patch Changes

• fix: pass typescript.onlyRemoveTypeImports to transformWithOxc in vitePreprocess so that value imports are not dropped when they are only referenced in Svelte template markup (#1326)

• fix: correctly resolve compiled CSS for optimised Svelte dependencies on the server (#1336)

7.1.0

Minor Changes

• feat: enable optimizer for server environments during dev (#1328)

7.0.0

Major Changes

• breaking(deps): require vite 8 (#1266)

• breaking(options): remove deprecated options (#1274)

  • vitePlugin.hot in svelte.config.js use compilerOptions.hmr instead
  • vitePlugin.ignorePluginPreprocessors in svelte.config.js no longer needed
  • api.idFilter of vite-plugin-svelte:api use api.filter instead
  • plugin.api.sveltePreprocess of other vite plugins Update affected plugins to a newer version or remove them. See docs for more information.

• breaking(dev): no longer overrides compilerOptions.cssHash because Svelte now produces a stable css hash by itself (#1271)

• breaking(inspector): integrate vite-plugin-svelte-inspector into vite-plugin-svelte to avoid circular dependency (#1270)

• breaking(deps): require svelte 5.46.4 or later (#1271)

Patch Changes

... (truncated)

Commits

• 471f822 Version Packages (#1344)
• 1a9bc08 fix: always retrieve CSS using component filename first (#1342)
• 508d91b Version Packages (#1339)
• 990e58c fix: correctly resolve Svelte CSS on the server during development (#1336)
• d5458a9 fix: restore value imports stripped by oxc in script preprocessing (#1326)
• 1c85126 Version Packages (#1331)
• 1a4d225 feat: enable optimizer for server environments during dev (#1328)
• d91be5f fix: use correct pnpm catalog syntax
• 4d3afb4 chore: fix audit CI (#1327)
• 8b3687b use modern JSDoc imports (#1309)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​sveltejs/vite-plugin-svelte since your current version.

Updates @tauri-apps/cli from 2.11.2 to 2.11.3

Release notes

Sourced from @​tauri-apps/cli's releases.

@​tauri-apps/cli v2.11.3

[2.11.3]

Bug Fixes

• 50b0237ed (#15549 by @​Legend-Master) Escape special characters in productName when generating Android strings.xml

• 728c8d4a5 (#15473 by @​Legend-Master) Skip building bundles when using tauri android run

• be0cb0d43 (#15344 by @​raglady) Fix NDK_HOME environment variable not honored when set

• ed8fd411f (#15552 by @​Legend-Master) Make ureq_proto show trace level logs only on -vvv instead of -vv

• fca4a31f9 (#15454 by @​fallintoplace) Fix tauri migrate generating invalid namespace imports for aliased pluginified imports from @tauri-apps/api.

  Inputs like import { cli as superCli } from "@tauri-apps/api" now migrate to import * as superCli from "@tauri-apps/plugin-cli" instead of producing invalid ESM syntax. The migration tests also reparse migrated JS, Svelte, and Vue output so syntax regressions are caught directly.

Dependencies

• Upgraded to tauri-cli@2.11.3

Commits

• 6f6ab12 apply version updates (#15409)
• 728c8d4 fix(cli): skip building bundles when using tauri android run (#15473)
• e25f45c refactor: remove impl clone on inner menus (#15553)
• fbcf1b0 chore(deps): update dependency eslint-plugin-security to v4.0.1 (#15545)
• 828f710 fix(cli): respect src/bin required-features (fix: #15325) (#15427)
• ed8fd41 chore(cli): lesser verbose ureq_proto log (#15552)
• 50b0237 fix(android): escape special characters in strings.xml (#15549)
• 800223d docs: fix some missing and wrong docs (#15548)
• 5075c81 fix: check is_maximizable in internal_toggle_maximize (#15550)
• 532c22a chore(deps-dev): bump vite from 8.0.5 to 8.0.16 (#15547)
• Additional commits viewable in compare view

Updates svelte from 5.56.1 to 5.56.3

Release notes

Sourced from svelte's releases.

svelte@5.56.3

Patch Changes

• fix: ignore errors that occur in destroyed effects (#18384)

• fix: type BigInts in $state.snapshot(...) return values (#18388)

svelte@5.56.2

Patch Changes

• fix: properly track effect end node for async sibling component (#18371)

• fix: prevent false-positive reactivity loss warning (#18373)

• chore: bump esrap dependency (#18372)

• fix: ignore declaration tags for animation directive (#18366)

• fix: reject pending async deriveds on discard (#18308)

Changelog

Sourced from svelte's changelog.

5.56.3

Patch Changes

• fix: ignore errors that occur in destroyed effects (#18384)

• fix: type BigInts in $state.snapshot(...) return values (#18388)

5.56.2

Patch Changes

• fix: properly track effect end node for async sibling component (#18371)

• fix: prevent false-positive reactivity loss warning (#18373)

• chore: bump esrap dependency (#18372)

• fix: ignore declaration tags for animation directive (#18366)

• fix: reject pending async deriveds on discard (#18308)

Commits

• a9f4854 Version Packages (#18389)
• 71a6515 fix: check boundary exists before calling error handler in async derived (#18...
• 3d83c9a fix: add bigint to Primitive type for $state.snapshot (#18388)
• 51baf1c Version Packages (#18357)
• 3d5c4ab fix: prevent false-positive reactivity loss warning (#18373)
• bdb1a0f fix: ensure async block assigns correct nodes to effect (#18371)
• e4bfc5f chore: bump esrap dependency (#18372)
• 1b4c43b fix: ignore declaration tags for animation directive (#18366)
• 85dcb91 chore: upgrade to vitest v4 (#18265)
• a81f965 fix: reject pending async deriveds on discard (#18308)
• See full diff in compare view

Updates vite from 6.4.3 to 8.0.16

Release notes

Sourced from vite's releases.

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

v8.0.14

Please refer to CHANGELOG.md for details.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.16 (2026-06-01)

Bug Fixes

• deps: reject UNC paths for launch-editor-middleware (#22571) (50b9512)
• reject windows alternate paths (#22572) (dc245c7)

8.0.15 (2026-06-01)

Features

• send 408 on request timeout (#22476) (c85c9ee)
• update rolldown to 1.0.3 (#22538) (646dbed)

Bug Fixes

• capitalize error messages and remove spurious space in parse error (#22488) (85a0eff)
• deps: update all non-major dependencies (#22511) (2686d7d)
• dev: fix html-proxy cache key mismatch for /@fs/ HTML paths (#21762) (47c4213)
• glob: error on relative glob in virtual module when no files match (#22497) (5c8e98f)
• optimizer: close the rolldown bundle when write() rejects (#22528) (e3cfb9d)
• resolve: provide onWarn for viteResolvePlugin in JS plugin containers (#22509) (40985f1)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#22566) (3052a67)

Code Refactoring

• correct logic in collectAllModules function (#22562) (6978a9c)

8.0.14 (2026-05-21)

Features

• update rolldown to 1.0.2 (#22484) (96efc88)

Bug Fixes

• deps: update all non-major dependencies (#22471) (98b8163)
• dev: handle errors when sending messages to vite server (#22450) (e8e9a34)
• html: handle trailing slash paths in transformIndexHtml (#22480) (5d94d1b)
• optimizer: pass oxc jsx options to transformSync in dependency scan (#22342) (b3132da)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#22470) (7cb728e)
• remove irrelevant commits from changelog (2c69495)

Code Refactoring

• glob: do not rewrite import path for absolute base (#22310) (0ae2844)

... (truncated)

Commits

• f94df87 release: v8.0.16
• dc245c7 fix: reject windows alternate paths (#22572)
• 50b9512 fix(deps): reject UNC paths for launch-editor-middleware (#22571)
• 8d1b019 release: v8.0.15
• 2686d7d fix(deps): update all non-major dependencies (#22511)
• 3052a67 chore(deps): update rolldown-related dependencies (#22566)
• e3cfb9d fix(optimizer): close the rolldown bundle when write() rejects (#22528)
• 6978a9c refactor: correct logic in collectAllModules function (#22562)
• 646dbed feat: update rolldown to 1.0.3 (#22538)
• 85a0eff fix: capitalize error messages and remove spurious space in parse error (#22488)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions