chore: Update dependencies

[sea-snake]

Update dependencies.

Changes

• Remove no longer used dependencies:
  • @astrojs/*, astro previously used for legacy showcase.
  • @icp-sdk/auth only used in demo projects, moved to deps there.
  • @types/ua-parser-js, ua-parser-js previously used in legacy frontend.
• Update dependencies to latest version:
  • @eslint/*, eslint, eslint-plugin-*
  • @lingui/*
  • @sveltejs/*, svelte, svelte-check
  • @tailwindcss/*, tailwindcss
  • @vitejs/*, vite, vitest, vite-plugin-node-polyfills
  • @icp-sdk/*
  • @noble/hashes
  • @lucide/svelte
  • typescript, typescript-eslint
  • prettier, prettier-plugin-*
  • devtools-protocol
  • jsdom
  • magic-string
• Implement ./scripts/rewrite-dfinity-imports to rewrite @dfinity/* imports to @icp-sdk/core/* for now.
• Update and pinned various deps in child projects/demos to fix compatibility with root deps during npm install.
• Update node version to 24.14.0 (latest LTS) and add .nvmrc.
• Update DFX version to 0.30.2 (latest) to be compatible with latest @icp-sdk/*.
• Fix eslint configuration for svelte, .svelte and related extensions are now linted correctly.
• Updated base64 utils to avoid arg spread error with larger inputs.
• Added hex utils since @noble/* no longer exports these.
• Fix TS errors across various files as a result of TS version update.
• Fix Uint8Array/ArrayBuffer TS errors as a result of @icp-sdk/* version update.
• Specify reporter explicitly in e2e workflow so that we get both html output (default) and console output, showing failed tests immediately in e2e logs without having to wait for a shard to complete.

Tests

All tests should pass as-is.

[Copilot]

Pull request overview

Updates the project’s JS/TS toolchain and IC SDK integration (moving generated/imported types from @dfinity/* to @icp-sdk/core/*), while also refactoring WebAuthn/credential handling to use Uint8Array more consistently and adjusting the local Vite dev-server proxying behavior.

Changes:

• Upgrade Node/Vite/Svelte/ESLint/Vitest (and related deps) and update TS libs/ESLint TS project config.
• Introduce an import-rewrite script and update type generation to emit @icp-sdk/core/* imports; refactor multiple frontend utilities to prefer Uint8Array + new hex/base64 helpers.
• Modify Vite replica-forward/proxy logic and update dev-server middleware behavior.

Reviewed changes

Copilot reviewed 46 out of 49 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
tsconfig.eslint.json	Adds a dedicated TS project for ESLint (includes .svelte-kit + src globs).
tsconfig.base.json	Updates TS lib target from ES2021 to ES2022.
src/vite-plugins/src/utils.ts	Changes request forwarding header handling/logging (now uses :authority).
src/vite-plugins/src/index.ts	Updates compression plugin config + adjusts replica-forward middleware (uses :authority, adds logging, enforce: pre).
src/vite-plugins/package.json	Bumps Vite + vite-plugin-compression2 + utils dependency versions.
src/vc-api/src/generated/vc_issuer_types.ts	Generated types switch imports from @dfinity/* to @icp-sdk/core/*.
src/vc-api/package.json	Updates @dfinity/utils version (but does not add @icp-sdk/core).
src/sig-verifier-js/package.json	Bumps Vite/vitest/vite-plugin-wasm versions.
src/frontend/src/routes/(new-styling)/self-service/+page.svelte	Switches hex encoding usage from noble to $lib/utils/utils helpers.
src/frontend/src/routes/(new-styling)/manage/(authenticated)/(access-and-recovery)/access/utils.ts	Switches key derivation hex encoding to toHex.
src/frontend/src/routes/(new-styling)/manage/(authenticated)/(access-and-recovery)/access/utils.test.ts	Updates tests to use toHex.
src/frontend/src/routes/(new-styling)/+page.svelte	Text formatting changes only.
src/frontend/src/routes/(new-styling)/(channel)/authorize/(panel)/+layout.svelte	Removes an onoutrostart aria-hidden handler.
src/frontend/src/lib/utils/webAuthnIdentity.ts	Refactors WebAuthn identity to prefer Uint8Array, switches hex helpers, updates CBOR decode inputs.
src/frontend/src/lib/utils/webAuthn.ts	Replaces local buffer equality with uint8Equals from @icp-sdk/core/candid.
src/frontend/src/lib/utils/utils.ts	Adds fromHex/toHex + reworks base64 helpers with platform feature-detection.
src/frontend/src/lib/utils/trackWindowSession.test.ts	Simplifies callback typing in tests.
src/frontend/src/lib/utils/recoveryPhrase.ts	Switches to toHex and normalizes crypto.subtle inputs to Uint8Array.
src/frontend/src/lib/utils/recoveryPhrase.test.ts	Switches to fromHex helper.
src/frontend/src/lib/utils/multiWebAuthnIdentity.ts	Refactors signing flow toward Uint8Array and uses uint8Equals.
src/frontend/src/lib/utils/iiConnection.ts	Updates rawId typing to Uint8Array and improves error construction with cause.
src/frontend/src/lib/utils/iiConnection.test.ts	Updates mocks to match Uint8Array-based key/signature types.
src/frontend/src/lib/utils/findWebAuthnFlows.test.ts	Updates credentialId test data to Uint8Array.
src/frontend/src/lib/utils/discoverablePasskeyIdentity.ts	Refactors CBOR decode inputs + credentialId typing to Uint8Array.
src/frontend/src/lib/utils/discoverableDummyIdentity.ts	Updates credentialId typing to Uint8Array.
src/frontend/src/lib/utils/credential-devices.ts	Moves credential IDs and DER key handling to Uint8Array.
src/frontend/src/lib/utils/authentication/passkey.ts	Switches to toHex and removes redundant Uint8Array(...) wrapping.
src/frontend/src/lib/utils/animation-dispatcher.ts	Exports TriggerFunction type for external/test use.
src/frontend/src/lib/utils/animation-dispatcher.test.ts	Adjusts tests to use exported TriggerFunction.
src/frontend/src/lib/stores/authorization.store.ts	Normalizes sessionPublicKey storage to a Uint8Array.
src/frontend/src/lib/legacy/storage/index.ts	Normalizes HMAC inputs to Uint8Array for crypto.subtle.sign.
src/frontend/src/lib/legacy/flows/verifiableCredentials/index.ts	Adds unknown as Principal casts to bridge Principal type mismatch after import changes.
src/frontend/src/lib/generated/internet_identity_types.d.ts	Generated types switch imports from @dfinity/* to @icp-sdk/core/*.
src/frontend/src/lib/flows/registerAccessMethodFlow.svelte.ts	Uses SvelteURL/SvelteDate reactivity wrappers.
src/frontend/src/lib/flows/recoverWithPhraseFlow.svelte.ts	Removes the legacy recovery phrase flow implementation.
src/frontend/src/lib/flows/migrationFlow.svelte.ts	Uses SvelteDate for TTL timestamp creation.
src/frontend/src/lib/flows/confirmAccessMethodFlow.svelte.ts	Uses SvelteURL reactivity wrapper.
src/frontend/src/lib/flows/authLastUsedFlow.svelte.ts	Uses SvelteMap for reactive map state.
src/frontend/src/lib/components/layout/AuthPanel.svelte	Removes an onoutrostart aria-hidden handler.
scripts/rewrite-dfinity-imports	Adds a sed-based import rewrite helper for generated files.
package.json	Updates generation scripts to rewrite imports; bumps large set of toolchain deps; updates engines to Node 24/npm 11.
eslint.config.js	ESLint now targets tsconfig.eslint.json; expands svelte file globs; disables a svelte lint rule due to upstream issue.
dfx.json	Bumps dfx version to 0.30.2.
demos/vc_issuer/package.json	Updates deps/tooling versions (Vite 7, @icp-sdk/core/auth versions, etc.).
demos/test-app/package.json	Pins @icp-sdk/core version and bumps Vite tooling.
.nvmrc	Sets Node version to 24.14.0.
.node-version	Updates Node version to 24.14.0.
.github/workflows/canister-tests.yml	Adds playwright reporters (line,html) to the e2e run command.

Comments suppressed due to low confidence (2)

src/vite-plugins/src/utils.ts:99

• authority is read from req.headers[':authority'], but Vite/connect dev server requests are regular HTTP/1 IncomingMessages where host is the standard header and :authority is typically absent. This will make logs misleading and (more importantly) the later manual host header injection can end up duplicated because the original host header is no longer skipped in the copy loop. Suggest: keep skipping host (case-insensitive) when copying headers, and derive the displayed/request host from req.headers.host (optionally falling back to :authority when present).
  src/frontend/src/lib/utils/webAuthnIdentity.ts:86
• _createChallengeBuffer now takes challenge: string, but the implementation still has an else { return challenge; } branch. With challenge typed as string, the typeof challenge === 'string' check is always true and the else branch returns a string where a Uint8Array is expected, which should fail type-checking. Recommend removing the unreachable branch and simplifying the return type to a non-generic Uint8Array (or whatever typed-array type the rest of the file expects).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[aterga]

LGTM