security(deps): bump @sveltejs/kit and vite to clear 5 high CVEs

Browse Source

Bumps @sveltejs/kit 2.55.0→2.60.1, vite 7.3.1→7.3.3, and all patched
transitives. Clears GHSA-3f6h-2hrp-w5wx, GHSA-2crg-3p73-43xp,
GHSA-4w7w-66w2-5vf9, GHSA-v2wj-q39q-566r, GHSA-p9ff-h696-f583.

Residual: cookie <0.7.0 (LOW) via @sveltejs/kit peer chain — upstream
fix requires @sveltejs/kit@0.0.30, a breaking downgrade. Tracked as
known residual per issue #458 acceptance criteria note.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

...

This commit is contained in:

Marcel

2026-05-19 13:53:09 +02:00

parent 8fc32f18ce

commit ff3e863032

1 changed files with 1487 additions and 1345 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

2832

frontend/package-lock.json generated

File diff suppressed because it is too large Load Diff