deps(npm): bump the npm-all group with 10 updates

[dependabot]

Bumps the npm-all group with 10 updates:

Package	From	To
@tauri-apps/api	2.10.1	2.11.0
@tauri-apps/plugin-opener	2.5.3	2.5.4
@threlte/core	8.5.9	8.5.11
@threlte/extras	9.14.9	9.15.1
bits-ui	2.18.0	2.18.1
marked	18.0.2	18.0.3
@biomejs/biome	2.4.13	2.4.14
@sveltejs/kit	2.58.0	2.59.0
@tauri-apps/cli	2.10.1	2.11.0
svelte-check	4.4.6	4.4.7

Updates @tauri-apps/api from 2.10.1 to 2.11.0

Release notes

Sourced from @​tauri-apps/api's releases.

@​tauri-apps/api v2.11.0

No known vulnerabilities found

[2.11.0]

New Features

• 074299c08 (#14307) Add Bring All to Front predefined menu item type
• a12142a48 (#14357) Add macos support for setting the icon and icon template state in the same step of the main thread, to prevent flickering.
• 001c8fe3d (#14722) Add a WebView option to control browser-level general autofill behavior. This option does not disable password or credit card autofill. On Windows (WebView2), setting it to true disables the general autofill "Suggestions" UI, which may appear even when autocomplete="off" is specified on input elements. On Linux, macOS, iOS, and Android, this option is currently unsupported and performs no operation.
• eb0312ea9 (#15199) Propagates the Event::Suspended and Event::Resumed events from tao when they are emitted on mobile targets.

> @tauri-apps/api@2.11.0 npm-publish /home/runner/work/tauri/tauri/packages/api
> pnpm build && cd ./dist && pnpm publish --access public --loglevel silly --no-git-checks
> @​tauri-apps/api@​2.11.0 build /home/runner/work/tauri/tauri/packages/api
> rollup -c --configPlugin typescript
�[36m
�[1m./src/app.ts, ./src/core.ts, ./src/dpi.ts, ./src/event.ts, ./src/image.ts, ./src/index.ts, ./src/menu.ts, ./src/mocks.ts, ./src/path.ts, ./src/tray.ts, ./src/webview.ts, ./src/webviewWindow.ts, ./src/window.ts�[22m → �[1m./dist, ./dist�[22m...�[39m
�[32mcreated �[1m./dist, ./dist�[22m in �[1m1s�[22m�[39m
�[36m
�[1msrc/index.ts�[22m → �[1m../../crates/tauri/scripts/bundle.global.js�[22m...�[39m
�[32mcreated �[1m../../crates/tauri/scripts/bundle.global.js�[22m in �[1m1.6s�[22m�[39m
npm verbose cli /opt/hostedtoolcache/node/24.14.1/x64/bin/node /opt/hostedtoolcache/node/24.14.1/x64/bin/npm
npm info using npm@11.11.0
npm info using node@v24.14.1
npm silly config load:file:/opt/hostedtoolcache/node/24.14.1/x64/lib/node_modules/npm/npmrc
npm silly config load:file:/tmp/62753b73fd2498862aee9b07ed29cc21/.npmrc
npm silly config load:file:/home/runner/.npmrc
npm silly config load:file:/home/runner/.config/pnpm/rc
npm verbose title npm publish tauri-apps-api-2.11.0.tgz
npm verbose argv "publish" "--ignore-scripts" "tauri-apps-api-2.11.0.tgz" "--access" "public" "--loglevel" "silly"
npm verbose logfile logs-max:10 dir:/home/runner/.npm/_logs/2026-04-30T15_51_13_171Z-
npm verbose logfile /home/runner/.npm/_logs/2026-04-30T15_51_13_171Z-debug-0.log
npm warn Unknown env config "verify-deps-before-run". This will stop working in the next major version of npm. See npm help npmrc for supported config options.
npm warn Unknown env config "npm-globalconfig". This will stop working in the next major version of npm. See npm help npmrc for supported config options.
npm warn Unknown env config "_jsr-registry". This will stop working in the next major version of npm. See npm help npmrc for supported config options.
</tr></table>

... (truncated)

Commits

• e60834f Apply Version Updates From Current Changes (#15041)
• df05c00 chore: minor bump for codegen crate
• 13bea17 chore: fmt
• 9808236 fix(macOS): correct value for work_area.position.y (#14655)
• eb0312e feat(mobile): Propagate tao::Event::Suspended and tao::Event::Resumed to the ...
• 4ef5797 feat(ios): add --no-sign and --archive-only flags to ios build (#15061)
• 110336c fix(macOS): fix incorrect window position on multi-monitor setups (#15250)
• c00a3db feat(macros): add support for rename command macro in tauri-macros #14173 (#1...
• 764b913 feat(cli): restart Android emulator if it is disconnected from adb (#14313)
• 1035f12 fix(windows): tauri-bundler detect arm system (#14923)
• Additional commits viewable in compare view

Updates @tauri-apps/plugin-opener from 2.5.3 to 2.5.4

Release notes

Sourced from @​tauri-apps/plugin-opener's releases.

opener-js v2.5.4

[2.5.4]

• c1fd33b3 (#3343 by @​Legend-Master) Fix revealItemInDir/reveal_items_in_dir can't reveal network paths like \\wsl.localhost\Ubuntu\etc on Windows

npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm warn publish npm auto-corrected some errors in your package.json when publishing.  Please run "npm pkg fix" to address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an object
npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦  @tauri-apps/plugin-opener@2.5.4
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 4.2kB README.md
npm notice 3.1kB dist-js/index.cjs
npm notice 2.0kB dist-js/index.d.ts
npm notice 3.1kB dist-js/index.js
npm notice 11B dist-js/init.d.ts
npm notice 730B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-opener
npm notice version: 2.5.4
npm notice filename: tauri-apps-plugin-opener-2.5.4.tgz
npm notice package size: 3.5 kB
npm notice unpacked size: 14.1 kB
npm notice shasum: b37883e4d36125b8c5a0c74f683395958a65bd7d
npm notice integrity: sha512-1HnPkb+AmgO29[...]aUJtT57lfO9CQ==
npm notice total files: 7
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
npm notice publish Signed provenance statement with source and build information from GitHub Actions
npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=1429011743
+ @tauri-apps/plugin-opener@2.5.4

opener v2.5.4

[2.5.4]

• c1fd33b3 (#3343 by @​Legend-Master) Fix revealItemInDir/reveal_items_in_dir can't reveal network paths like \\wsl.localhost\Ubuntu\etc on Windows

... (truncated)

Commits

• e7a68fa publish new versions (#3068)
• b5550a3 chore: temp delete updater changefile
• 93426f8 fix: fix docsrs builds
• 4ee61e0 Revert "chore: temp delete updater changefile"
• See full diff in compare view

Updates @threlte/core from 8.5.9 to 8.5.11

Release notes

Sourced from @​threlte/core's releases.

@​threlte/core@​8.5.11

Patch Changes

• 5588329: Perf: replace internal useThrelte() calls with more lightweight fragment contexts
• 4544308: Perf: rework parent contexts to use lightweight getter-backed current values internally

@​threlte/core@​8.5.10

Patch Changes

• d639f30: Narrow T event handler payloads per event-key on Object3D, and give Threlte.UserProps precedence over auto-derived EventProps for shared keys

Changelog

Sourced from @​threlte/core's changelog.

8.5.11

Patch Changes

• 5588329: Perf: replace internal useThrelte() calls with more lightweight fragment contexts
• 4544308: Perf: rework parent contexts to use lightweight getter-backed current values internally

8.5.10

Patch Changes

• d639f30: Narrow T event handler payloads per event-key on Object3D, and give Threlte.UserProps precedence over auto-derived EventProps for shared keys

Commits

• 54a9daa Version Packages
• 2914dea Merge pull request #1800 from michealparks/core-perf-1
• 17375c5 better compat
• 7f474b9 better compat
• 1af0bf2 rework parenting
• c7a568c use internal hooks
• 8ad7924 Version Packages
• d639f30 type fixes
• See full diff in compare view

Updates @threlte/extras from 9.14.9 to 9.15.1

Release notes

Sourced from @​threlte/extras's releases.

@​threlte/extras@​9.15.1

Patch Changes

• c487de8: Fix keyboard input getting stuck after Meta/Cmd shortcuts when the browser suppresses the modified key's keyup event.

@​threlte/extras@​9.15.0

Minor Changes

• a5d66a1: Add useFollow hook

Patch Changes

• 6555144: Fix Grid radius clipping for circular and polar grids, including polar divider rays extending past the outer radius.
• 6555144: Avoid applying PointsMaterial tone mapping and color space shader chunks twice.
• 6555144: Fix Wireframe material recompilation, backface coloring, barycentric attribute sizing, cleanup, and screen-space thickness consistency.

Changelog

Sourced from @​threlte/extras's changelog.

9.15.1

Patch Changes

• c487de8: Fix keyboard input getting stuck after Meta/Cmd shortcuts when the browser suppresses the modified key's keyup event.

9.15.0

Minor Changes

• a5d66a1: Add useFollow hook

Patch Changes

• 6555144: Fix Grid radius clipping for circular and polar grids, including polar divider rays extending past the outer radius.
• 6555144: Avoid applying PointsMaterial tone mapping and color space shader chunks twice.
• 6555144: Fix Wireframe material recompilation, backface coloring, barycentric attribute sizing, cleanup, and screen-space thickness consistency.

Commits

• ede9e5e Version Packages
• c487de8 fix meta keys
• a30b28c Version Packages
• 55b9d3b format
• aeb9af4 fix exports
• 944179f cleanup
• 625baa4 refactor
• c3a9b9b cleanup
• 4636715 cleanup
• 1ffac25 merge main
• Additional commits viewable in compare view

Updates bits-ui from 2.18.0 to 2.18.1

Release notes

Sourced from bits-ui's releases.

bits-ui@2.18.1

Patch Changes

• fix(text-selection-layer): snapshot enabled and pointer handlers for listeners (#2041)

• fix(Tooltip): set wrapper pointer-events when hoverable content is disabled (#2041)

• fix(Menu): prevent page scroll-jump on item hover when scroll-padding is set (#2035)

Commits

• 25f8137 Version Packages (#2042)
• 158364e fix(menu): use preventScroll when focusing items on hover and content on item...
• 5a3f7ce fix(Tooltip): pointer event handling (#2041)
• 788fc03 chore: update workflows to Node 24 and latest action versions (#2032)
• See full diff in compare view

Updates marked from 18.0.2 to 18.0.3

Release notes

Sourced from marked's releases.

v18.0.3

18.0.3 (2026-05-01)

Bug Fixes

• avoid task checkbox for setext heading text (#3960) (2608e81)

Commits

• e8dc395 chore(release): 18.0.3 [skip ci]
• 2608e81 fix: avoid task checkbox for setext heading text (#3960)
• dba76f6 chore(deps-dev): bump eslint from 10.2.0 to 10.2.1 (#3953)
• 015f1eb chore(deps-dev): bump typescript from 6.0.2 to 6.0.3 (#3954)
• 17c06e9 chore: fix building license for docs (#3952)
• 55a54b5 chore: Rename LICENSE.md to LICENSE for better compatibility with Bazel tooli...
• See full diff in compare view

Updates @biomejs/biome from 2.4.13 to 2.4.14

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.14

2.4.14

Patch Changes

• #9393 491b171 Thanks @​dyc3! - Added the nursery rule useTestHooksOnTop in the test domain. The rule flags lifecycle hooks (beforeEach, beforeAll, afterEach, afterAll) that appear after test cases in the same block, enforcing that hooks are defined before any test case.

• #10157 eefc5ab Thanks @​dyc3! - Fixed #7882: The HTML parser will now emit better diagnostics when it encounters a void element with a closing tag, such as <br></br>. Previously, the parser would emit multiple diagnostics with conflicting advice. Now it emits a single diagnostic that clearly states that void elements should not have closing tags.

• #10054 0e9f569 Thanks @​minseong0324! - noMisleadingReturnType no longer misses widening from concrete object types, class instances, object literals, tuples, functions, and regular expressions to : object.

  A function annotated : object returning an object literal:

  function f(): object {
    return { retry: true };
  }

• #10116 53269eb Thanks @​jiwon79! - Fixed #6201: noUselessEscapeInRegex no longer flags an escaped backslash followed by - as a useless escape. Patterns like /[\\-]/ are now considered valid because the second \ is the escaped backslash, not an unnecessary escape of the trailing dash.

• #10092 33d8543 Thanks @​Conaclos! - Fixed #9097: organizeImports no longer adds a blank line between a never-matched group and a matched group.

  Given the following organizeImports options:

  {
    "groups": [":NODE:", ":BLANK_LINE:", ":PACKAGE:", ":BLANK_LINE:", ":PATH:"]
  }

  The following code...

  // Comment
  import "package";
  import "./file.js";

  ...was organized as:

  +
    // Comment
    import "package";
  +
    import "./file.js";

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.14

Patch Changes

• #9393 491b171 Thanks @​dyc3! - Added the nursery rule useTestHooksOnTop in the test domain. The rule flags lifecycle hooks (beforeEach, beforeAll, afterEach, afterAll) that appear after test cases in the same block, enforcing that hooks are defined before any test case.

• #10157 eefc5ab Thanks @​dyc3! - Fixed #7882: The HTML parser will now emit better diagnostics when it encounters a void element with a closing tag, such as <br></br>. Previously, the parser would emit multiple diagnostics with conflicting advice. Now it emits a single diagnostic that clearly states that void elements should not have closing tags.

• #10054 0e9f569 Thanks @​minseong0324! - noMisleadingReturnType no longer misses widening from concrete object types, class instances, object literals, tuples, functions, and regular expressions to : object.

  A function annotated : object returning an object literal:

  function f(): object {
    return { retry: true };
  }

• #10116 53269eb Thanks @​jiwon79! - Fixed #6201: noUselessEscapeInRegex no longer flags an escaped backslash followed by - as a useless escape. Patterns like /[\\-]/ are now considered valid because the second \ is the escaped backslash, not an unnecessary escape of the trailing dash.

• #10092 33d8543 Thanks @​Conaclos! - Fixed #9097: organizeImports no longer adds a blank line between a never-matched group and a matched group.

  Given the following organizeImports options:

  {
    "groups": [":NODE:", ":BLANK_LINE:", ":PACKAGE:", ":BLANK_LINE:", ":PATH:"]
  }

  The following code...

  // Comment
  import "package";
  import "./file.js";

  ...was organized as:

  +
    // Comment
    import "package";
  +
    import "./file.js";

  A blank line was added even though the group ':NODE:' doesn't match any imports here. :BLANK_LINE: between never-matched groups and matched groups are now ignored.

... (truncated)

Commits

• 46393e0 ci: release (#10100)
• ae659dd feat(lint/js): add noExcessiveNestedCallbacks (#10188)
• d62b331 feat(lint/js): add useMathMinMax (#9926)
• 7acf1e0 feat(lint/js): add noReactStringRefs (#9922)
• 491b171 feat(lint/js): add useTestHooksOnTop (#9393)
• 4a664c1 fix(noShadow): make sure it doesn't shadow types (#10083)
• See full diff in compare view

Updates @sveltejs/kit from 2.58.0 to 2.59.0

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.59.0

Minor Changes

• feat: support query.batch in requested(...) (#15751)

• breaking: on the server, make the promise returned from refresh represent adding the refresh to the map, not the time it takes to run the remote function (#15705)

• feat: experimental query.live function (#15705)

Patch Changes

• fix: unwrap Promise in RemoteCommand output type (#15771)

• fix: empty call to .updates() on a command/form invocation means "don't update anything" (#15705)

• fix: form.fields.foo.as('checkbox', default_value) now works (#15752)

• fix: remote forms with default values defined by field.as('text', defaultValue) now correctly reset to the provided default values once submitted (#15753)

• fix: make sure queries always get started correctly (#15705)

• fix: allow plain functions as overrides in updates (#15705)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.59.0

Minor Changes

• feat: support query.batch in requested(...) (#15751)

• breaking: on the server, make the promise returned from refresh represent adding the refresh to the map, not the time it takes to run the remote function (#15705)

• feat: experimental query.live function (#15705)

Patch Changes

• fix: unwrap Promise in RemoteCommand output type (#15771)

• fix: empty call to .updates() on a command/form invocation means "don't update anything" (#15705)

• fix: form.fields.foo.as('checkbox', default_value) now works (#15752)

• fix: remote forms with default values defined by field.as('text', defaultValue) now correctly reset to the provided default values once submitted (#15753)

• fix: make sure queries always get started correctly (#15705)

• fix: allow plain functions as overrides in updates (#15705)

Commits

• 522ac32 Version Packages (#15769)
• a416bb0 docs: improve description for read config parameter (#15673)
• af248a7 fix: unwrap Promise in RemoteCommand output type (#15771)
• 1c8e573 fix: remote forms with default values defined by `field.as('text', defaultVal...
• 5b28e23 feat: support query.batch in requested (#15751)
• a074dc1 fix: .as('checkbox', value) was completely broken (#15752)
• 055ac24 feat: experimental query.live remote function (#15705)
• c1d3633 chore: fix IDE typescript errors (#15756)
• See full diff in compare view

Updates @tauri-apps/cli from 2.10.1 to 2.11.0

Release notes

Sourced from @​tauri-apps/cli's releases.

@​tauri-apps/cli v2.11.0

[2.11.0]

New Features

• 926a57bb0 (#15201) Added uninstaller icon and uninstaller header image support for NSIS installer.

  Notes:

  • For tauri-bundler lib users, the NsisSettings now has 2 new fields uninstaller_icon and uninstaller_header_image which can be a breaking change
  • When bundling with NSIS, users can add uninstallerIcon and uninstallerHeaderImage under bundle > windows > nsis to configure them.

• 764b9139a (#14313) Prompt to restart the Android emulator if it is not connected to adb.

• 5dc2cee60 (#14793) Added support for minimumWebview2Version option support for the MSI (Wix) installer, the old bundle > windows > nsis > minimumWebview2Version is now deprecated in favor of bundle > windows > minimumWebview2Version

  Notes:

  • For anyone relying on the WVRTINSTALLED Property tag in main.wxs, it is now renamed to INSTALLED_WEBVIEW2_VERSION
  • For tauri-bundler lib users, the WindowsSettings now has a new field minimum_webview2_version which can be a breaking change

Enhancements

• be0e4bd2d (#15218) Added Vietnamese translations for the NSIS installer
• 8718d0816 (#15033) Show the context before prompting for updater signing key password

Bug Fixes

• fcb702ec4 (#14954) Fix build --bundles to allow nsis arg in linux+macOS
• 80c1425af (#14921) Fix iOS build failure when Metal Toolchain is installed by using explicit $(DEVELOPER_DIR)/Toolchains/XcodeDefault.xctoolchain path instead of $(TOOLCHAIN_DIR) for Swift library search paths.

What's Changed

• 9979cde1c (#15175) Update NSIS installer Italian translations

Dependencies

• Upgraded to tauri-cli@2.11.0

Commits

• e60834f Apply Version Updates From Current Changes (#15041)
• df05c00 chore: minor bump for codegen crate
• 13bea17 chore: fmt
• 9808236 fix(macOS): correct value for work_area.position.y (#14655)
• eb0312e feat(mobile): Propagate tao::Event::Suspended and tao::Event::Resumed to the ...
• 4ef5797 feat(ios): add --no-sign and --archive-only flags to ios build (#15061)
• 110336c fix(macOS): fix incorrect window position on multi-monitor setups (#15250)
• c00a3db feat(macros): add support for rename command macro in tauri-macros #14173 (#1...
• 764b913 feat(cli): restart Android emulator if it is disconnected from adb (#14313)
• 1035f12 fix(windows): tauri-bundler detect arm system (#14923)
• Additional commits viewable in compare view

Updates svelte-check from 4.4.6 to 4.4.7

Release notes

Sourced from svelte-check's releases.

svelte-check@4.4.7

Patch Changes

• fix: flush stdout/stderr before exit (#3014)

• fix: report diagnostics in tsconfig.json (#3005)

Commits

• d99bb34 Version Packages (#2999)
• 35428ae fix: flush stdout/stderr before exit in svelte-check (#3014)
• a553963 fix: report diagnostics in tsconfig.json (#3005)
• 4c306eb fix: prevent incorrect $types imports being injected in update import (#3010)
• 31488f9 fix: properly place svelte-ignore comment in quickfix when \<script module> ...
• 5be821d fix: prevent duplicate diagnostics (#3000)
• 8b103ba fix: hoist self-referenced props interface (#2998)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions