build(deps): bump the patch-updates group across 1 directory with 5 updates

[dependabot]

Bumps the patch-updates group with 5 updates in the / directory:

Package	From	To
@fancyapps/ui	6.1.12	6.1.13
@iconify-json/material-symbols	1.2.57	1.2.59
@iconify-json/simple-icons	1.2.71	1.2.72
svelte	5.53.3	5.53.6
@biomejs/biome	2.4.2	2.4.5

Updates @fancyapps/ui from 6.1.12 to 6.1.13

Release notes

Sourced from @​fancyapps/ui's releases.

v6.1.13

Please refer to CHANGELOG.md for details.

Changelog

Sourced from @​fancyapps/ui's changelog.

6.1.13 (2026-03-02)

Bug Fixes

• Panzoom Avoid content duplication when performing multiple reinitializations
• Panzoom Show default buttons on the toolbar if none are specified
• Fancybox Make image visible outside viewport when closing and using sidebar plugin

Features

• Fancybox Add additional CSS variables to the sidebar plugin
• Add translations into Turkish, Ukrainian and Chinese

Commits

• 70cd2c6 6.1.13
• See full diff in compare view

Updates @iconify-json/material-symbols from 1.2.57 to 1.2.59

Commits

• See full diff in compare view

Updates @iconify-json/simple-icons from 1.2.71 to 1.2.72

Commits

• See full diff in compare view

Updates svelte from 5.53.3 to 5.53.6

Release notes

Sourced from svelte's releases.

svelte@5.53.6

Patch Changes

• perf: optimize parser hot paths for faster compilation (#17811)

• fix: SvelteMap incorrectly handles keys with undefined values (#17826)

• fix: SvelteURL search setter now returns the normalized value, matching native URL behavior (#17828)

• fix: visit synthetic value node during ssr (#17824)

• fix: always case insensitive event handlers during ssr (#17822)

• chore: more efficient effect scheduling (#17808)

• perf: optimize compiler analysis phase (#17823)

• fix: skip redundant batch.apply (#17816)

• chore: null out current_batch before committing branches (#17809)

svelte@5.53.5

Patch Changes

• fix: escape innerText and textContent bindings of contenteditable (0df5abcae223058ceb95491470372065fb87951d)

• fix: sanitize transformError values prior to embedding in HTML comments (0298e979371bb583855c9810db79a70a551d22b9)

svelte@5.53.4

Patch Changes

• fix: set server context after async transformError (#17799)

• fix: hydrate if blocks correctly (#17784)

• fix: handle default parameters scope leaks (#17788)

• fix: prevent flushed effects from running again (#17787)

Changelog

Sourced from svelte's changelog.

5.53.6

Patch Changes

• perf: optimize parser hot paths for faster compilation (#17811)

• fix: SvelteMap incorrectly handles keys with undefined values (#17826)

• fix: SvelteURL search setter now returns the normalized value, matching native URL behavior (#17828)

• fix: visit synthetic value node during ssr (#17824)

• fix: always case insensitive event handlers during ssr (#17822)

• chore: more efficient effect scheduling (#17808)

• perf: optimize compiler analysis phase (#17823)

• fix: skip redundant batch.apply (#17816)

• chore: null out current_batch before committing branches (#17809)

5.53.5

Patch Changes

• fix: escape innerText and textContent bindings of contenteditable (0df5abcae223058ceb95491470372065fb87951d)

• fix: sanitize transformError values prior to embedding in HTML comments (0298e979371bb583855c9810db79a70a551d22b9)

5.53.4

Patch Changes

• fix: set server context after async transformError (#17799)

• fix: hydrate if blocks correctly (#17784)

• fix: handle default parameters scope leaks (#17788)

• fix: prevent flushed effects from running again (#17787)

Commits

• d4c7829 Version Packages (#17812)
• 361b32c fix: SvelteURL search setter uses unnormalized value (#17828)
• 1043f79 perf: optimize compiler analysis phase (#17823)
• b6faa2a fix: always case insensitive event handlers during ssr (#17822)
• e3d277b fix: visit synthetic value node during ssr (#17824)
• 18db0ca fix: SvelteMap incorrectly handles keys with undefined values (#17826)
• 3fc4bc6 chore: remove unused is_flushing variable (#17820)
• 16a1351 fix: skip redundant batch.apply (#17816)
• 04ba134 docs: flesh out attribute_invalid_sequence_expression message (#17789)
• fc67c9c chore(deps-dev): bump rollup from 4.52.5 to 4.59.0 (#17810)
• Additional commits viewable in compare view

Updates @biomejs/biome from 2.4.2 to 2.4.5

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.5

2.4.5

Patch Changes

• #9185 e43e730 Thanks @​dyc3! - Added the nursery rule useVueScopedStyles for Vue SFCs. This rule enforces that <style> blocks have the scoped attribute (or module for CSS Modules), preventing style leakage and conflicts between components.

• #9184 49c8fde Thanks @​chocky335! - Improved plugin performance by batching all plugins into a single syntax visitor with a kind-to-plugin lookup map, reducing per-node dispatch overhead from O(N) to O(1) where N is the number of plugins.

• #9283 071c700 Thanks @​dyc3! - Fixed noUndeclaredVariables erroneously flagging functions and variables defined in the <script setup> section of Vue SFCs.

• #9221 4612133 Thanks @​ematipico! - Fixed an issue where the JSON reporter didn't contain the duration of the command.

• #9294 1805c8f Thanks @​Netail! - Extra rule source reference. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #9178 101b3bb Thanks @​Bertie690! - Fixed #9172 and #9168: Biome now considers more constructs as valid test assertions.

  Previously, assert, expectTypeOf and assertType were not recognized as valid assertions by Biome's linting rules, producing false positives in lint/nursery/useExpect and other similar rules.

  Now, these rules will no longer produce errors in test cases that used these constructs instead of expect:

  import { expectTypeOf, assert, assertType } from "vitest";
  const myStr = "Hello from vitest!";
  it("should be a string", () => {
  expectTypeOf(myStr).toBeString();
  });
  test("should still be a string", () => {
  assertType<string>(myStr);
  });
  it.todo("should still still be a string", () => {
  assert(typeof myStr === "string");
  });

• #9173 32dad2d Thanks @​dyc3! - Added parsing support for Svelte's new comments-in-tags feature.

  The HTML parser will now accept JS style comments in tags in Svelte files.

  <button
    // single-line comment
    onclick={doTheThing}
  >click me</button>
  <div

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.5

Patch Changes

• #9185 e43e730 Thanks @​dyc3! - Added the nursery rule useVueScopedStyles for Vue SFCs. This rule enforces that <style> blocks have the scoped attribute (or module for CSS Modules), preventing style leakage and conflicts between components.

• #9184 49c8fde Thanks @​chocky335! - Improved plugin performance by batching all plugins into a single syntax visitor with a kind-to-plugin lookup map, reducing per-node dispatch overhead from O(N) to O(1) where N is the number of plugins.

• #9283 071c700 Thanks @​dyc3! - Fixed noUndeclaredVariables erroneously flagging functions and variables defined in the <script setup> section of Vue SFCs.

• #9221 4612133 Thanks @​ematipico! - Fixed an issue where the JSON reporter didn't contain the duration of the command.

• #9294 1805c8f Thanks @​Netail! - Extra rule source reference. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #9178 101b3bb Thanks @​Bertie690! - Fixed #9172 and #9168: Biome now considers more constructs as valid test assertions.

  Previously, assert, expectTypeOf and assertType were not recognized as valid assertions by Biome's linting rules, producing false positives in lint/nursery/useExpect and other similar rules.

  Now, these rules will no longer produce errors in test cases that used these constructs instead of expect:

  import { expectTypeOf, assert, assertType } from "vitest";
  const myStr = "Hello from vitest!";
  it("should be a string", () => {
  expectTypeOf(myStr).toBeString();
  });
  test("should still be a string", () => {
  assertType<string>(myStr);
  });
  it.todo("should still still be a string", () => {
  assert(typeof myStr === "string");
  });

• #9173 32dad2d Thanks @​dyc3! - Added parsing support for Svelte's new comments-in-tags feature.

  The HTML parser will now accept JS style comments in tags in Svelte files.

  <button
    // single-line comment
    onclick={doTheThing}
  >click me</button>
  <div
  /* block comment */
  class="foo"

... (truncated)

Commits

• 3bc07ab ci: release (#9188)
• 6b01778 feat(linter): add useUnicodeRegex rule (#8773)
• e43e730 feat(lint/html): add useVueScopedStyles (#9185)
• edf8bb6 feat(lint): add ||= to ??= detection in useNullishCoalescing (#9257)
• 9bbdf4d feat(lint): add nursery rule useNamedCaptureGroup (#9048)
• 1f2fe2e feat: prefer-array-some from eslint-plugin-unicorn (#9056)
• 1d2ca15 feat(lint): add useNullishCoalescing nursery rule (#8952)
• 101b3bb fix(lint): consider more constructs as valid test assertions (#9178)
• 3d0648f feat(biome_js_analyze): implement noVueRefAsOperand (#9063)
• 6c296ea ci: release (#9160)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[cloudflare-workers-and-pages]

Deploying firefly with    Cloudflare Pages

Latest commit:	4c39cf5
Status:	✅  Deploy successful!
Preview URL:	https://290cb0fd.firefly-6lp.pages.dev
Branch Preview URL:	https://dependabot-npm-and-yarn-patc-hxpm.firefly-6lp.pages.dev

View logs

[netlify]

✅ Deploy Preview for demo-firefly ready!

Name	Link
🔨 Latest commit	4c39cf5
🔍 Latest deploy log	https://app.netlify.com/projects/demo-firefly/deploys/69a7c997a4a1c9000848eedf
😎 Deploy Preview	https://deploy-preview-240--demo-firefly.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.