build(npm): bump the npm group in /web/app with 9 updates

[dependabot]

Bumps the npm group in /web/app with 9 updates:

Package	From	To
workbox-expiration	7.3.0	7.4.0
workbox-recipes	7.3.0	7.4.0
workbox-routing	7.3.0	7.4.0
workbox-strategies	7.3.0	7.4.0
bulma	0.9.4	1.0.4
eslint	9.39.0	9.39.1
prettier	3.6.2	3.7.3
rollup	4.52.5	4.53.3
sass	1.93.3	1.94.2

Updates workbox-expiration from 7.3.0 to 7.4.0

Release notes

Sourced from workbox-expiration's releases.

Workbox v7.4.0

v7.4.0

• Critical dependency updates.

Commits

• fa702fe v7.4.0
• c34bf28 Merge pull request #3441 from GoogleChrome/chore/npm-audit
• cf21cb6 Merge pull request #3440 from GoogleChrome/chore/update-actions
• 5083f3f Update dependencies
• cf91300 Merge pull request #3439 from GoogleChrome/dependabot/npm_and_yarn/js-yaml-3....
• b6825a9 Update upload-sarif action
• d971ff7 Update GitHub Actions to latest versions
• 076adc0 Bump js-yaml from 3.14.1 to 3.14.2
• 69478fd Merge pull request #3433 from GoogleChrome/dependabot/npm_and_yarn/packages/w...
• 0d9b8b3 Merge pull request #3434 from GoogleChrome/dependabot/npm_and_yarn/glob-11.1.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by swissspidy, a new releaser for workbox-expiration since your current version.

Updates workbox-recipes from 7.3.0 to 7.4.0

Release notes

Sourced from workbox-recipes's releases.

Workbox v7.4.0

v7.4.0

• Critical dependency updates.

Commits

• fa702fe v7.4.0
• c34bf28 Merge pull request #3441 from GoogleChrome/chore/npm-audit
• cf21cb6 Merge pull request #3440 from GoogleChrome/chore/update-actions
• 5083f3f Update dependencies
• cf91300 Merge pull request #3439 from GoogleChrome/dependabot/npm_and_yarn/js-yaml-3....
• b6825a9 Update upload-sarif action
• d971ff7 Update GitHub Actions to latest versions
• 076adc0 Bump js-yaml from 3.14.1 to 3.14.2
• 69478fd Merge pull request #3433 from GoogleChrome/dependabot/npm_and_yarn/packages/w...
• 0d9b8b3 Merge pull request #3434 from GoogleChrome/dependabot/npm_and_yarn/glob-11.1.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by swissspidy, a new releaser for workbox-recipes since your current version.

Updates workbox-routing from 7.3.0 to 7.4.0

Release notes

Sourced from workbox-routing's releases.

Workbox v7.4.0

v7.4.0

• Critical dependency updates.

Commits

• fa702fe v7.4.0
• c34bf28 Merge pull request #3441 from GoogleChrome/chore/npm-audit
• cf21cb6 Merge pull request #3440 from GoogleChrome/chore/update-actions
• 5083f3f Update dependencies
• cf91300 Merge pull request #3439 from GoogleChrome/dependabot/npm_and_yarn/js-yaml-3....
• b6825a9 Update upload-sarif action
• d971ff7 Update GitHub Actions to latest versions
• 076adc0 Bump js-yaml from 3.14.1 to 3.14.2
• 69478fd Merge pull request #3433 from GoogleChrome/dependabot/npm_and_yarn/packages/w...
• 0d9b8b3 Merge pull request #3434 from GoogleChrome/dependabot/npm_and_yarn/glob-11.1.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by swissspidy, a new releaser for workbox-routing since your current version.

Updates workbox-strategies from 7.3.0 to 7.4.0

Release notes

Sourced from workbox-strategies's releases.

Workbox v7.4.0

v7.4.0

• Critical dependency updates.

Commits

• fa702fe v7.4.0
• c34bf28 Merge pull request #3441 from GoogleChrome/chore/npm-audit
• cf21cb6 Merge pull request #3440 from GoogleChrome/chore/update-actions
• 5083f3f Update dependencies
• cf91300 Merge pull request #3439 from GoogleChrome/dependabot/npm_and_yarn/js-yaml-3....
• b6825a9 Update upload-sarif action
• d971ff7 Update GitHub Actions to latest versions
• 076adc0 Bump js-yaml from 3.14.1 to 3.14.2
• 69478fd Merge pull request #3433 from GoogleChrome/dependabot/npm_and_yarn/packages/w...
• 0d9b8b3 Merge pull request #3434 from GoogleChrome/dependabot/npm_and_yarn/glob-11.1.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by swissspidy, a new releaser for workbox-strategies since your current version.

Updates bulma from 0.9.4 to 1.0.4

Release notes

Sourced from bulma's releases.

1.0.4

New Features

• #3937: Add .has-text-weight-extrabold as a typography class.
• #3906 fixes #3895: Make variables root configurable

Bug Fixes

• #3963: Improve colour loading versions of outlined buttons
• #3950: Correct the syntax in hero is-bold colour variants

1.0.3

Bug Fixes

• Fix #3842: restore use of $easing, $radius-rounded and $speed Sass variables
• Fix #3920: migrate code to avoid Sass 1.80 deprecation warning of global built-in functions
• Fix #3822: Non-minified version of bulma-prefixed was missing
• Fix #3805: helper classes were missing prefix

Documentation Fixes

• Fix #3904, #3884: fix website horizontal overflow
• Fix #3849: fix Light Mode color swatches in Dark Mode
• Fix #3918: broken placeholder images
• Fix #3926: broken documentation hero

1.0.2

Improvements

• Smart Grid is-col-min now goes up to 32 (Fixes #3829)
• Remove need for is-variable modifier for Column gaps
• You can have a list of radio buttons or checkboxes with the radios and checkboxes classes respectively
• Add is-max-tablet modifier to the Container element
• Add currentColor and inherit as possible values for the color and background helpers
• The Section can now have a minimum height of 100vh with the is-fullheight modifier
• Add more SCSS variables:
  • $input-border-style
  • $input-border-width
  • $label-spacing
  • $field-block-spacing
• Add more CSS variables:
  • --bulma-input-border-style
  • --bulma-input-border-width
  • --bulma-label-color
  • --bulma-label-spacing
  • --bulma-label-weight
  • --bulma-help-size

... (truncated)

Changelog

Sourced from bulma's changelog.

1.0.4

New Features

• #3937: Add .has-text-weight-extrabold as a typography class.
• #3906 fixes #3895: Make variables root configurable

Bug Fixes

• #3963: Improve colour loading versions of outlined buttons
• #3950: Correct the syntax in hero is-bold colour variants

Documentation Fixes

• #3916 Fixed .skeleton-toggler issues

1.0.3

Bug Fixes

• Fix #3842: restore use of $easing, $radius-rounded and $speed Sass variables
• Fix #3920: migrate code to avoid Sass 1.80 deprecation warning of global built-in functions
• Fix #3945: add $duration Sass variable
• Fix #3822: Non-minified version of bulma-prefixed was missing
• Fix #3805: helper classes were missing prefix

Documentation Fixes

• Fix #3904, #3884: fix website horizontal overflow
• Fix #3849: fix Light Mode color swatches in Dark Mode
• Fix #3918: broken placeholder images
• Fix #3926: broken documentation hero

1.0.2

Improvements

• Smart Grid is-col-min now goes up to 32 (Fixes #3829)
• Remove need for is-variable modifier for Column gaps
• You can have a list of radio buttons or checkboxes with the radios and checkboxes classes respectively
• Add is-max-tablet modifier to the Container element
• Add currentColor and inherit as possible values for the color and background helpers
• The Section can now have a minimum height of 100vh with the is-fullheight modifier
• Add more SCSS variables:
  • $input-border-style
  • $input-border-width
  • $label-spacing
  • $field-block-spacing
• Add more CSS variables:
  • --bulma-input-border-style

... (truncated)

Commits

• e133d45 Fixes #3895
• 29e063e Merge branch 'main' of github.com:jgthms/bulma
• b03ea79 Merge pull request #3906 from gabor-kormany/main
• 9a61578 Merge branch 'main' of github.com:jgthms/bulma
• 6b4c120 Merge pull request #3946 from mickverm/initial-variables-duration
• e4daa24 Merge branch 'main' into initial-variables-duration
• 04145fb Merge branch 'main' of github.com:jgthms/bulma
• 6f49647 Merge pull request #3937 from brendon/extrabold
• a18350c Merge branch 'main' into extrabold
• b4fa908 Update changelog
• Additional commits viewable in compare view

Updates eslint from 9.39.0 to 9.39.1

Release notes

Sourced from eslint's releases.

v9.39.1

Bug Fixes

• 650753e fix: Only pass node to JS lang visitor methods (#20283) (Nicholas C. Zakas)

Documentation

• 51b51f4 docs: add a section on when to use extends vs cascading (#20268) (Tanuj Kanti)
• b44d426 docs: Update README (GitHub Actions Bot)

Chores

• 92db329 chore: update @eslint/js version to 9.39.1 (#20284) (Francesco Trotta)
• c7ebefc chore: package.json update for @​eslint/js release (Jenkins)
• 61778f6 chore: update eslint-config-eslint dependency @​eslint/js to ^9.39.0 (#20275) (renovate[bot])
• d9ca2fc ci: Add rangeStrategy to eslint group in renovate config (#20266) (唯然)
• 009e507 test: fix version tests for ESLint v10 (#20274) (Milos Djermanovic)

Commits

• e277281 9.39.1
• 4cdf397 Build: changelog update for 9.39.1
• 92db329 chore: update @eslint/js version to 9.39.1 (#20284)
• c7ebefc chore: package.json update for @​eslint/js release
• 650753e fix: Only pass node to JS lang visitor methods (#20283)
• 51b51f4 docs: add a section on when to use extends vs cascading (#20268)
• 61778f6 chore: update eslint-config-eslint dependency @​eslint/js to ^9.39.0 (#20275)
• d9ca2fc ci: Add rangeStrategy to eslint group in renovate config (#20266)
• 009e507 test: fix version tests for ESLint v10 (#20274)
• b44d426 docs: Update README
• See full diff in compare view

Updates prettier from 3.6.2 to 3.7.3

Release notes

Sourced from prettier's releases.

3.7.3

What's Changed

• Fix prettier.getFileInfo() change that breaks VSCode extension by @​fisker in prettier/prettier#18375

🔗 Changelog

3.7.2

What's Changed

• Fix string print when switching quotes by @​fisker in prettier/prettier#18351
• Preserve quote for embedded HTML attribute values by @​kovsu in prettier/prettier#18352
• Fix comment in empty type literal by @​fisker in prettier/prettier#18364

🔗 Changelog

3.7.1

• Fix performance regression in doc printer (#18342 by @​fisker)

🔗 Changelog

3.7.0

diff

🔗 Release note

Changelog

Sourced from prettier's changelog.

3.7.3

diff

API: Fix prettier.getFileInfo() change that breaks VSCode extension (#18375 by @​fisker)

An internal refactor accidentally broke the VSCode extension plugin loading.

3.7.2

diff

JavaScript: Fix string print when switching quotes (#18351 by @​fisker)

// Input
console.log("A descriptor\\'s .kind must be \"method\" or \"field\".")
// Prettier 3.7.1
console.log('A descriptor\'s .kind must be "method" or "field".');
// Prettier 3.7.2
console.log('A descriptor\'s .kind must be "method" or "field".');

JavaScript: Preserve quote for embedded HTML attribute values (#18352 by @​kovsu)

// Input
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;
// Prettier 3.7.1
const html = /* HTML */ &lt;div class=${styles.banner}&gt;&lt;/div&gt;;
// Prettier 3.7.2
const html = /* HTML */ &lt;div class=&quot;${styles.banner}&quot;&gt;&lt;/div&gt;;

TypeScript: Fix comment in empty type literal (#18364 by @​fisker)

// Input
export type XXX = {
  // tbd
};
// Prettier 3.7.1
</tr></table>

... (truncated)

Commits

• fdfa670 Release 3.7.3
• 2dce3ec Fix typo
• 27d6c64 Revert previous change to getFileInfo (#18375)
• f4a7afa Add types for config related functions (#18376)
• 9266e3e Add resolved test cases (#18358)
• 3bfc014 Bump Prettier dependency to 3.7.2
• 081b846 Clean changelog_unreleased
• 03384c9 Release 3.7.2
• 514e51a Release @​prettier/plugin-hermes & @​prettier/plugin-oxc v0.1.2
• 29a11ae Fix comment in empty type literal (#18364)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for prettier since your current version.

Updates rollup from 4.52.5 to 4.53.3

Release notes

Sourced from rollup's releases.

v4.53.3

4.53.3

2025-11-19

Bug Fixes

• Fix an error where too many modules where flagged for having an unused external import (#6182)
• Fix an error where an assignment was wrongly tree-shaken when mutating it (#6183)

Pull Requests

• #6171: Add test-install CI job to test packaging, installation and importing of rollup package (@​antoninkriz, @​lukastaegert)
• #6174: Re-enable TypeScript test (@​lukastaegert)
• #6180: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6182: Tracing the importers chain for exported variables in external module (@​TrickyPi, @​lukastaegert)
• #6183: Check if left side is included when checking if assigning to an assignment has side effects (@​lukastaegert)

v4.53.2

4.53.2

2025-11-10

Bug Fixes

• Do not throw when using invalid escape sequences in template literals (#6177)

Pull Requests

• #6177: handle TemplateElement with null cooked value (@​TrickyPi)

v4.53.1

4.53.1

2025-11-07

Bug Fixes

• Fix install script (#6172)

Pull Requests

• #6172: fix: move patch-package from postinstall to prepare script (@​mshima)

v4.53.0

4.53.0

2025-11-07

Features

... (truncated)

Changelog

Sourced from rollup's changelog.

4.53.3

2025-11-19

Bug Fixes

• Fix an error where too many modules where flagged for having an unused external import (#6182)
• Fix an error where an assignment was wrongly tree-shaken when mutating it (#6183)

Pull Requests

• #6171: Add test-install CI job to test packaging, installation and importing of rollup package (@​antoninkriz, @​lukastaegert)
• #6174: Re-enable TypeScript test (@​lukastaegert)
• #6180: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6182: Tracing the importers chain for exported variables in external module (@​TrickyPi, @​lukastaegert)
• #6183: Check if left side is included when checking if assigning to an assignment has side effects (@​lukastaegert)

4.53.2

2025-11-10

Bug Fixes

• Do not throw when using invalid escape sequences in template literals (#6177)

Pull Requests

• #6177: handle TemplateElement with null cooked value (@​TrickyPi)

4.53.1

2025-11-07

Bug Fixes

• Fix install script (#6172)

Pull Requests

• #6172: fix: move patch-package from postinstall to prepare script (@​mshima)

4.53.0

2025-11-07

Features

• Improve rendering performance by caching generated variable names (#5947)

Pull Requests

... (truncated)

Commits

• 998b595 4.53.3
• ef834c2 Tracing the importers chain for exported variables in external module (#6182)
• fb21d56 Check if left side is included when checking if assigning to an assignment ha...
• 4b4581d Add test-install CI job to test packaging, installation and importing of roll...
• 18ee41b fix(deps): lock file maintenance minor/patch updates (#6180)
• f0a80d1 Re-enable TypeScript test (#6174)
• d8b0150 4.53.2
• 4f43f03 handle TemplateElement with null cooked value (#6177)
• e3bdcdf 4.53.1
• 96b5453 fix: move patch-package from postinstall to prepare script (#6172)
• Additional commits viewable in compare view

Updates sass from 1.93.3 to 1.94.2

Release notes

Sourced from sass's releases.

Dart Sass 1.94.2

To install Sass 1.94.2, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

Command-Line Interface

• Using --fatal-deprecation <version> no longer emits warnings about deprecations that are obsolete.

Dart API

• Deprecation.forVersion now excludes obsolete deprecations from the set it returns.

JS API

• Excludes obsolete deprecations from fatalDeprecations when a Version is passed.

Node.js Embedded Host

• Fix a bug where a variable could be used before it was initialized during async compilation.

See the full changelog for changes in earlier releases.

Dart Sass 1.94.1

To install Sass 1.94.1, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• No user-visible changes.

See the full changelog for changes in earlier releases.

Dart Sass 1.94.0

To install Sass 1.94.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Potentially breaking compatibility fix: @function rules whose names begin with -- are now parsed as unknown at-rules to support the plain CSS @function rule. Within this rule, the result property is parsed as raw CSS just like custom properties.

• Potentially breaking compatibility fix: @mixin rules whose names begin with -- are now errors. These are not yet parsed as unknown at-rules because no browser currently supports CSS mixins.

... (truncated)

Changelog

Sourced from sass's changelog.

1.94.2

Command-Line Interface

• Using --fatal-deprecation <version> no longer emits warnings about deprecations that are obsolete.

Dart API

• Deprecation.forVersion now excludes obsolete deprecations from the set it returns.

JS API

• Excludes obsolete deprecations from fatalDeprecations when a Version is passed.

Node.js Embedded Host

• Fix a bug where a variable could be used before it was initialized during async compilation.

1.94.1

• No user-visible changes.

1.94.0

• Potentially breaking compatibility fix: @function rules whose names begin with -- are now parsed as unknown at-rules to support the plain CSS @function rule. Within this rule, the result property is parsed as raw CSS just like custom properties.

• Potentially breaking compatibility fix: @mixin rules whose names begin with -- are now errors. These are not yet parsed as unknown at-rules because no browser currently supports CSS mixins.

Commits

• 7af5122 Mention obsolete deprecation fix in all API surfaces (#2683)
• 82b96b0 Update pubspec/changelog for sass/embedded-host-node#399 (#2682)
• 18fddef --fatal-deprecation excludes obsolete Deprecations (#2671)
• 0356a2b Pass --provenance to npm publish (#2681)
• 52fc718 Update the repository URL for JS packages (#2679)
• bfccce8 Parse selectors in the sass-parser package (#2670)
• 795557c Add support for plain-CSS @function rules (#2655)
• 2c9d3c8 Track offsets instead of locations in InterpolationMap (#2674)
• d8d7f9c Add a separate StylesheetParser.interpolatedStringToken() method (#2675)
• 9d68793 Make sure all source spans use interpolation maps (#2673)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for sass since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[ethanjli]

@dependabot ignore bulma major version

[dependabot]

OK, I won't notify you about version 1.x.x of bulma again, unless you unignore it.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.