deps(client)(deps): bump web-vitals from 3.5.2 to 5.3.0 in /app/client

[dependabot]

Bumps web-vitals from 3.5.2 to 5.3.0.

Changelog

Sourced from web-vitals's changelog.

v5.3.0 (2026-05-28)

• Remove getFirstHiddenTimePolyfill (#729)
• Fixed issue where the same configuration object to multiple metric functions can result in errors (#731)
• Add more robust interactionTarget setting for INP (#744)

v5.2.0 (2026-03-25)

• Replace filter()[0] with find() for better performance (#658)
• Use queueMicrotask for microtask scheduling (#660)
• Simplify the event and LoAF entry clean up logic (#662)
• Remove obsolete FID polyfill types (#675)
• Use LargestContentfulPaint.id as fallback when element is removed from DOM (#676)
• Fix bug for onLCP when attached late (#697)
• FHandle initially hidden pages and onLCP registered on visibility change (#698)
• Ensure we clear idle callbacks in whenIdleOrHidden (#707)
• Limit pending events to conserve memory (#710)
• Add includeProcessedEventEntries option (#714)
• Reduce bundle size by refactoring (#713)

v5.1.0 (2025-07-31)

• Register visibility-change early (#637)
• Only finalize LCP on user events (isTrusted=true) (#635)
• Fallback to default getSelector if custom function is null or undefined (#634)

v5.0.3 (2025-06-11)

• Remove visibilitychange event listeners when no longer required (#627)

v5.0.2 (2025-05-29)

• Handle layout shifts with no sources (#623)

v5.0.1 (2025-05-13)

• Fix missing FCP and LCP for prerendered pages (#621)

v5.0.0 (2025-05-07)

[!NOTE] See the upgrading to v5 guide for a complete list of all API changes in version 5.

• [BREAKING] Remove the deprecated onFID() function (#519)
• [BREAKING] Change browser support policy to Baseline Widely available (#525)
• [BREAKING] Sort the classes that appear in attribution selectors to reduce cardinality (#518)
• Extend INP attribution with extra LoAF information: longest script and buckets (#592)

... (truncated)

Commits

• a6a5846 Release v5.3.0
• fe42cba Prep changelog for v.5.3.0 (#745)
• c8a1419 Add better target selector attempts for INP (#744)
• 91ae2cb Bump fast-xml-parser from 5.5.7 to 5.7.1 (#730)
• 8e35542 fix: key initUnique instanceMap by class to prevent cross-class instance coll...
• 5595f31 Remove getFirstHiddenTimePolyfill (#729)
• 331486c Bump lodash from 4.17.23 to 4.18.1 (#723)
• 7917d30 Bump basic-ftp from 5.2.0 to 5.2.2 (#727)
• 7b7c84c Fix flakey test (#721)
• a86518a Bump picomatch from 2.3.1 to 2.3.2 (#720)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)