chore(deps): update dependency svelte to v5.43.2

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
svelte (source)	5.43.0 -> 5.43.2

---

Release Notes

sveltejs/svelte (svelte)

v5.43.2

Compare Source

Patch Changes

• fix: treat each blocks with async dependencies as uncontrolled (#​17077)

v5.43.1

Compare Source

Patch Changes

• fix: transform $bindable after await expressions (#​17066)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

Pull Request Review - Svelte v5.43.0 → v5.43.2

Summary

This PR updates Svelte from version 5.43.0 to 5.43.2, bringing two important bug fixes to the project.

---

Code Quality ✅

APPROVED - This is a standard dependency update with no code changes required.

The changes are limited to lockfile updates:

• frontend/package-lock.json - npm lockfile
• frontend/yarn.lock - yarn lockfile

---

Changes Analysis

Svelte 5.43.2 (Patch Release)

• Fix: Treat each blocks with async dependencies as uncontrolled (#17077)
  • Impact: Bug fix for reactive {#each} blocks that depend on async data
  • Risk: Low - improves stability

Svelte 5.43.1 (Patch Release)

• Fix: Transform $bindable after await expressions (#17066)
  • Impact: Bug fix for $bindable rune when used with async operations
  • Risk: Low - fixes edge case compilation issue

---

Security Concerns ✅

No security issues identified

• No known vulnerabilities in these patch versions
• Changes are bug fixes from the Svelte maintainers
• No dependency chain additions or removals

---

Performance Considerations ✅

No performance regressions expected

• Patch releases focus on bug fixes
• No architectural changes
• The async {#each} block fix may actually improve performance in edge cases by preventing unnecessary re-renders

---

Breaking Changes ✅

None - These are patch releases following semantic versioning

---

Test Coverage

Recommendation: Run existing test suite to verify compatibility

While these are patch releases, it's good practice to:

1. Ensure all existing tests pass
2. Verify any components using {#each} blocks with async data still work correctly
3. Check any usage of $bindable with async operations

Suggested command:

cd frontend && npm test

---

Additional Lockfile Changes

Notable transitive dependency updates in yarn.lock:

• devalue: 5.4.2 → 5.3.2 (downgrade - likely peer dependency resolution)
• esrap: 2.1.0 → 2.1.2 (patch update)
• set-cookie-parser: 2.7.2 → 2.7.1 (downgrade - likely peer dependency resolution)
• sirv: 3.0.2 → 3.0.1 (downgrade - likely peer dependency resolution)
• zimmerframe: 1.1.2 → 1.1.4 (patch update)

These changes are expected lockfile synchronization updates and pose no concerns.

---

Recommendation

APPROVE and MERGE ✅

This is a safe dependency update that:

• Fixes known bugs in Svelte 5.43.0
• Follows semantic versioning (patch release)
• Contains no breaking changes
• Improves stability for async reactive patterns

The PR can be merged once CI checks pass successfully.