build(deps-dev): Bump svelte-check from 4.1.5 to 4.4.1 in /frontend

[dependabot]

Bumps svelte-check from 4.1.5 to 4.4.1.

Release notes

Sourced from svelte-check's releases.

svelte-check@4.4.1

Patch Changes

• fix: handle relative imports reaching outside working directory when using --incremental/--tsgo flags (#2942)

• fix: support SvelteKit zero types in svelte-check --incremental (#2939)

svelte-check@4.4.0

Minor Changes

• feat: provide --incremental and --tsgo flags (#2932)

Patch Changes

• fix: ignore Unix domain sockets in file watcher to prevent crashes (#2931)

• fix: properly use machine output by default for Claude Code (e9f58d2)

svelte-check@4.3.6

Patch Changes

• fix: don't hoist type/snippet referencing $store (#2926)

svelte-check@4.3.5

Patch Changes

• fix: ensure await-block type is preserved in the latest Svelte version (#2895)

svelte-check@4.3.4

Patch Changes

• chore: use machine format when run by Claude Code (#2870)

svelte-check@4.3.3

Patch Changes

• fix: prevent file watcher issue (#2859)

• fix: allow undefined and null values for #each in Svelte 5 (#2863)

• perf: check if file content changed in tsconfig file watch (#2859)

svelte-check@4.3.2

Patch Changes

• perf: tweak some snapshot hot paths (#2852)

• perf: more precise module cache invalidation (#2853)

• fix: properly handle runes={false} in <svelte:options> (#2847)

... (truncated)

Commits

• c14bf1d Version Packages (#2940)
• 9b7025a chore: remove outdated "experimental-modules" runtime flag (#2898)
• 6a04679 fix: rewrite relative imports reaching outside root (#2942)
• c82f540 fix: extract style/script tag followed by destructuring in the template (#2921)
• b914d01 fix: support SvelteKit zero-types with svelte-check --incremental (#2939)
• 3b17f20 Version Packages (#2929)
• 2142753 feat: add links to diagnostic error codes via codeDescription (#2936)
• 8f4fe71 fix(svelte-check): ignore Unix domain sockets in file watcher (#2931)
• 0b8af82 feat: svelte-check --incremental / --tsgo (#2932)
• e9f58d2 fix: properly use machine output by default for Claude Code
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for svelte-check since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[roborev-ci]

roborev: Combined Review (4dd6191)

Verdict: Changes are mostly clean, but there is 1 Medium-severity security issue that should be addressed before merge.

Medium

1. Vulnerable svelte runtime remains pinned
   • Files: frontend/package.json:25, frontend/package-lock.json:22
   • Issue: svelte is still at 5.20.5, which falls within affected ranges for SSR vulnerabilities GHSA-f7gr-6p89-r883 / CVE-2026-27121 and GHSA-crpf-4hrx-3jrp / CVE-2026-27125 (affected: <=5.51.4).
   • Recommended fix: Upgrade svelte to >=5.51.5, regenerate package-lock.json, and run SSR regression tests (especially around attribute spreading from untrusted objects).
   • References:
     • GHSA-f7gr-6p89-r883
     • GHSA-crpf-4hrx-3jrp

---

Synthesized from 4 reviews (agents: codex, gemini | types: default, security)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.