chore(deps): bump @dicebear/core from 9.4.2 to 10.2.0 in /frontend

[dependabot]

Bumps @dicebear/core from 9.4.2 to 10.2.0.

Release notes

Sourced from @​dicebear/core's releases.

DiceBear 10.2 - Release Notes

After Python joined the family in 10.1, version 10.2 adds two more official implementations: DiceBear now speaks Rust 🦀 and Go 🐹

The API is the same as in JavaScript, PHP and Python, and the same seed and style definition produce byte-identical SVGs in all five languages.

🦀 Rust Support

DiceBear is now available as a Rust crate (Rust 1.80+). You need two crates: the core library dicebear-core and the avatar style definitions dicebear-styles, where each style sits behind a feature of the same name.

• https://www.dicebear.com/how-to-use/rust-library/
• https://crates.io/crates/dicebear-core
• https://crates.io/crates/dicebear-styles

Example:

cargo add dicebear-core serde_json
cargo add dicebear-styles --features lorelei

use dicebear_core::{Avatar, Style};
use serde_json::json;
let style = Style::from_str(dicebear_styles::LORELEI)?;
let avatar = Avatar::new(&style, json!({
"seed": "Felix",
// ... other options
}))?;
let svg = avatar.to_svg();

🐹 Go Support

DiceBear is also available as a Go module (Go 1.23+). Again you need two packages: the core library github.com/dicebear/dicebear-go/v10 and the avatar style definitions github.com/dicebear/styles/v10. The module paths carry the major version, so both are imported with the /v10 suffix.

• https://www.dicebear.com/how-to-use/go-library/
• https://pkg.go.dev/github.com/dicebear/dicebear-go/v10
• https://pkg.go.dev/github.com/dicebear/styles/v10

Example:

go get github.com/dicebear/dicebear-go/v10
go get github.com/dicebear/styles/v10

</tr></table> 

... (truncated)

Changelog

Sourced from @​dicebear/core's changelog.

[10.2.0] - 2026-06-10

Added

• Go library: A new Go implementation (the github.com/dicebear/dicebear-go/v10 module) that produces identical output to the JavaScript library when given the same styles and options.

Fixed

• Core: Color.luminance() now derives the sRGB linearization from a precomputed lookup table (one entry per 8-bit channel value) instead of calling pow at runtime. pow is not required to be correctly rounded and produced last-ULP differences between JS engines (V8 vs. others), the C math library (PHP, Python, Rust), and Go's pure-Go implementation, so luminance values, and in contrived cases contrast-based color ordering, could diverge across languages and even across browsers. The table holds the values the JavaScript reference produces today, so JavaScript output is unchanged; the other libraries move by at most one ULP. The Go library additionally forces intermediate rounding in the weighted sum, which the compiler could otherwise fuse into FMA instructions on arm64. Rendered SVGs are unaffected.
• Core (PHP): Avatar::toDataUri() now percent-encodes exactly like JavaScript's encodeURIComponent. Previously the PHP library used plain rawurlencode, which additionally escapes !*'(), characters that occur in every rendered SVG (e.g. url(#…) references and translate(…) transforms), so the data URI diverged byte-wise from the JavaScript, Python, Rust, and Go libraries. The decoded SVG was unaffected.
• Core (JS): The initial style variable now resolves to the full first code point of the initials. Previously the JavaScript library emitted a lone UTF-16 surrogate (ill-formed XML) when the initials started with a character outside the Basic Multilingual Plane (e.g. an emoji). The PHP, Python, Rust, and Go libraries already returned the full character; all libraries are now byte-identical for such seeds.
• Core (Rust): Avatar.to_json() now records size before title in the resolved-options snapshot, matching the JavaScript, PHP, and Python libraries. The rendered SVG was unaffected; only consumers comparing or hashing the serialized options JSON across languages were affected.
• Core (Python): Avatar.to_json() now serializes whole-number floats in the resolved-options snapshot as integers (1, not 1.0), matching the JavaScript, Rust, and PHP libraries. Previously snapshot values such as scale, rotate, translateX/translateY, borderRadius, color angles, and per-component transforms were emitted as 1.0/0.0, so the serialized JSON diverged from the other ports. The rendered SVG was unaffected. The values were already numerically equal, so only consumers comparing or hashing the serialized options JSON across languages were affected.

[10.2.0-rc.1] - 2026-06-07

Added

... (truncated)

Commits

• f1286d8 v10.2.0
• b806945 perf(docs): cut mobile LCP by unblocking the hero fade and self-hosting fonts...
• 17ab532 docs: scope the initial-variable fix to JS and reformat the changelog
• 0aab50b docs: correct the initials @-strip changelog entry
• 2f1838f docs: align CLI/Converter READMEs and link cores to their docs
• 7db8bd2 feat(docs): track playground, style-options and homepage interactions
• 88c86fc docs: align all core READMEs to a shared template
• 6d105db docs: add Go to language listings and enable Go highlighting
• ae37b4f docs(php): mark non-public core classes as @​internal
• 6f5456c ci: move all workflows onto node24-ready action releases
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[JasonW404]

@dicebear/core 从 v9 升级到 v10 是 major version bump。DiceBear v10 可能修改了 avatar 生成 API（如 createAvatar 的参数格式或返回类型）。同时注意 @dicebear/icons 仍然在 v9，两个包版本不匹配可能导致兼容性问题。建议确认：1) 项目中 dicebear 的调用代码是否需要适配？2) @dicebear/icons 是否也需要升级到 v10？