fix: update dependencies to address security vulnerabilities

[SunDevil311]

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Description

Security

• Updated dependencies to address known vulnerabilities (notably @sveltejs/kit, vite, and related plugins).

Documentation

• Clarified CSP reporting setup in README.md:
  • Explained relationship with external CSP reporting endpoint (csp-endpoint repo).
  • Documented use of both report-uri (legacy) and report-to (modern, recommended).
  • Added example headers including Report-To definition.

Added

• New meta-check.yml GitHub Actions workflow to validate <title> and <meta> descriptions using Vitest.
  • Runs separately from Playwright to avoid hydration timing issues.
  • Ensures SEO metadata is tested in CI without blocking other jobs.
• New meta.test.js file in tests/unit/meta for testing in CI.
• New meta.test.js file in tests/unit/server for local testing.

Changed

• Cleaned up Playwright E2E tests:
  • Removed brittle toHaveTitle assertions causing CI failures.
  • Standardized footer checks to use helper function.
  • Improved test readability and consistency in app.spec.js and mobile.spec.js.
• Updated generator metadata in app.html to reflect SvelteKit 2.42.1.
• Updated Node.js version in .node-version and .nvmrc to 24.8.0.
• Updated CSP endpoint section and footer in README.md.
• Updated JSDoc linting step and sed syntax in build-and-publish.yml workflow.
• Updated npm version to 11.6.0 in GitHub Actions workflow files:
  • build-and-publish.yml
  • lighthouse.yml
  • playwright.yml
  • publish-test.yml
  • templates/publish.template.yml
• Upgraded dependencies:
  • @eslint/compat ^1.3.1 → ^1.3.2
  • @eslint/js ^9.32.0 → ^9.35.0
  • @playwright/test ^1.54.1 → ^1.55.0
  • @sveltejs/adapter-netlify ^5.1.0 → ^5.2.3
  • @sveltejs/kit 2.27.0 → 2.42.1
  • @sveltejs/vite-plugin-svelte ^6.1.0 → ^6.2.0
  • @testing-library/jest-dom ^6.6.4 → ^6.8.0
  • browserslist ^4.25.1 → ^4.26.2
  • dompurify ^3.2.6 → ^3.2.7
  • eslint ^9.32.0 → ^9.35.0
  • eslint-plugin-jsdoc ^52.0.2 → ^58.1.1
  • eslint-plugin-svelte ^3.11.0 → ^3.12.3
  • globals ^16.3.0 → ^16.4.0
  • playwright ^1.54.1 → ^1.55.0
  • posthog-js ^1.258.4 → ^1.266.0
  • stylelint ^16.23.0 → ^16.24.0
  • svelte 5.37.2 → 5.39.1
  • svelte-check ^4.3.0 → ^4.3.1
  • svelte-eslint-parser ^1.3.0 → ^1.3.2
  • vite ^7.0.6 → ^7.1.5

Removed

• Deleted src/routes/example.svx, which was unused and unneeded.
• Removed mdsvex from package.json, as it is unlikely to be used.

Notes

• Pinned jsdom to 26.1.0 due to build incompatibility in 27.x (cssstyle parsing error with Vite/Rollup).

Checklist

• I have read and followed the guidelines in the CONTRIBUTING document.
• I've checked for existing Pull Requests for the same update/change.
• My code follows the project’s coding style.
• My code has been linted locally before submission.
• All new and existing tests pass.

 

• I have updated the documentation accordingly.
• I have added tests to cover my changes, if applicable. (Optional, especially for new contributors)

Pull requests are part of a collaborative process — we welcome contributions and review each one carefully. For all but the smallest changes, you can expect maintainers to request improvements or clarifications.

Please check back after opening your PR and be responsive to feedback so we can get your contribution merged quickly.

Thanks for helping improve Network Pro Strategies!

[netlify]

✅ Deploy Preview for networkpro-web ready!

Name	Link
🔨 Latest commit	16b3df8
🔍 Latest deploy log	https://app.netlify.com/projects/networkpro-web/deploys/68cbadc74d23c100088d4096
😎 Deploy Preview	https://deploy-preview-125--networkpro-web.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[SunDevil311]

All changes look good. Merging upon successful completion of tests.

[SunDevil311]

Changes look good. Waiting on test results.

[SunDevil311]

All changes look good. Merging.

[github-actions]

⚠️ Lighthouse Budget Issues Detected

• First Contentful Paint (score: 0.96)
• Largest Contentful Paint (score: 0.32)
• Speed Index (score: 0.95)
• Time to Interactive (score: 0.8)
• Largest Contentful Paint element (score: 0)
• Links rely on color to be distinguishable. (score: 0)
• Serve static assets with an efficient cache policy (score: 0.5)
• Reduce unused CSS (score: 0)
• Reduce unused JavaScript (score: 0)
• Avoid serving legacy JavaScript to modern browsers (score: 0.5)
• Use efficient cache lifetimes (score: 0)
• Network dependency tree (score: 0)
• Render blocking requests (score: 0.5)

View the full report in the workflow artifacts or in .lighthouseci/report.html.