chore(deps): batch-bump biome, commitlint, svelte, playwright, +2#160
Merged
Conversation
consolidate the routine dependabot bumps onto one branch so ci runs against a single coherent lockfile instead of stalling per-pr on the github-token lockfile-sync that never re-triggers checks. biome 2.5.0->2.5.1, commitlint 21.0.2->21.1.0, svelte 5.56.3->5.56.4, axe-core/playwright 4.11.3->4.12.1, playwright/test 1.61.0->1.61.1, testing-library/svelte 5.4.1->5.4.2, fast-xml-parser 5.9.0->5.9.3. the astro 6->7 major (dependabot #134) is held back: astro 7 breaks the static build (rollupOptions.input SSR-entry error under the pinned vite override) and needs a dedicated migration, not a batch bump.
This was referenced Jul 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Consolidates the routine open Dependabot npm bumps onto one branch. Per the established pattern, individual Dependabot npm PRs stall in
action_required: CI'sdependabot-lockfile.ymlautofixes their drifted lockfile but pushes withGITHUB_TOKEN, which by design doesn't re-triggerpr.yml— so each PR sits on a corrected lockfile with no checks. A single maintainer-authored batch runs CI normally against one coherent lockfile.Bumps (supersedes #132, #133, #135, #136, #137, #138)
Held back: astro 6 → 7 (#134)
Not a mechanical bump — astro 7 breaks the static build with
rollupOptions.input should not be an html file when building for SSRunder the pinnedvite: 7.3.6override. This is a real major-version migration (config/adapter changes) and needs its own PR; #134 stays open.Validation (local)
bun install --frozen-lockfile✓ ·bun run lint✓ ·bun run typecheck✓ ·bun run test1655 pass ✓ ·bun run build✓. e2e runs in this PR's CI.