deps(npm): bump the npm-minor-patch group across 1 directory with 23 updates

[dependabot]

Bumps the npm-minor-patch group with 19 updates in the /frontend/taskdeck-web directory:

Package	From	To
@tanstack/vue-virtual	3.13.24	3.13.26
axios	1.16.0	1.16.1
dompurify	3.4.2	3.4.7
marked	18.0.3	18.0.4
vue	3.5.34	3.5.35
vue-router	5.0.6	5.1.0
ws	8.20.0	8.21.0
@playwright/test	1.59.1	1.60.0
@storybook/vue3-vite	10.3.6	10.4.1
@types/node	25.6.2	25.9.1
@typescript-eslint/eslint-plugin	8.59.2	8.60.0
@vitejs/plugin-vue	6.0.6	6.0.7
@vitest/coverage-v8	4.1.6	4.1.7
baseline-browser-mapping	2.10.29	2.10.32
eslint	10.3.0	10.4.0
fast-check	4.7.0	4.8.0
postcss	8.5.14	8.5.15
vite	8.0.12	8.0.14
vue-tsc	3.2.8	3.3.2

Updates @tanstack/vue-virtual from 3.13.24 to 3.13.26

Release notes

Sourced from @​tanstack/vue-virtual's releases.

@​tanstack/vue-virtual@​3.13.26

Patch Changes

• Updated dependencies [fc992ab]:
  • @​tanstack/virtual-core@​3.16.0

@​tanstack/vue-virtual@​3.13.25

Patch Changes

• Updated dependencies [99355ad, 99355ad, 99355ad, 99355ad, 99355ad, 99355ad, 99355ad]:
  • @​tanstack/virtual-core@​3.15.0

Changelog

Sourced from @​tanstack/vue-virtual's changelog.

3.13.26

Patch Changes

• Updated dependencies [fc992ab]:
  • @​tanstack/virtual-core@​3.16.0

3.13.25

Patch Changes

• Updated dependencies [99355ad, 99355ad, 99355ad, 99355ad, 99355ad, 99355ad, 99355ad]:
  • @​tanstack/virtual-core@​3.15.0

Commits

• 693d915 ci: Version Packages (#1174)
• 949180b ci: Version Packages (#1169)
• See full diff in compare view

Updates axios from 1.16.0 to 1.16.1

Release notes

Sourced from axios's releases.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

• Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
• Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
• CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

• Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
• Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
• XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
• Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
• Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
• URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

• Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)
• composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)
• AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)
• Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)
• Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)
• Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​hpinmetaverse (#10836)
• @​tommyhgunz14 (#7413)
• @​abhu85 (#10829)
• @​divyanshuraj1095 (#10853)
• @​sagodi97 (#10856)
• @​rkdfx (#10868)
• @​Liuwei1125 (#10866)

Full Changelog

Changelog

Sourced from axios's changelog.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

• Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
• Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
• CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

• Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
• Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
• XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
• Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
• Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
• URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

• Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)
• composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)
• AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)
• Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)
• Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)
• Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​hpinmetaverse (#10836)
• @​tommyhgunz14 (#7413)
• @​abhu85 (#10829)
• @​divyanshuraj1095 (#10853)
• @​sagodi97 (#10856)
• @​rkdfx (#10868)
• @​Liuwei1125 (#10866)

Full Changelog

Commits

• 1337d6b chore(release): prepare release 1.16.1 (#10877)
• 858a790 fix: remove all caches (#10882)
• 34adfd9 revert: "fix: support URL object as config.url input (#10866)" (#10874)
• 847d89b fix: support URL object as config.url input (#10866)
• 4094886 fix(progress): guard malformed XHR upload events (#10868)
• 44f0c5b chore: change sponsorship link and add Twicsy advertisement (#10869)
• 64e1095 chore: update PR and issue template to use h2 (#10865)
• 3e6b4e1 fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...
• c4453ba fix: add the ability to add additional sponsors to the process sponsors scrip...
• caa00a9 fix: https data in cleartext to proxy (#10858)
• Additional commits viewable in compare view

Updates dompurify from 3.4.2 to 3.4.7

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.7

• Hardened the handling of Shadow Roots when using IN_PLACE, thanks @​GameZoneHacker
• Removed a problem leading to permanent hook pollution, thanks @​offset
• Refactored the test suite and expanded test coverage significantly

DOMPurify 3.4.6

• Fixed several issues with DOM Clobbering in IN_PLACE mode, thanks @​offset & @​Bankde
• Hardened the checks for cross-realm IN_PLACE and Shadow DOM sanitization, thanks @​offset & @​Bankde
• Added more test coverage for IN_PLACE and general DOM Clobbering attacks
• Bumped several dependencies where possible

DOMPurify 3.4.5

• Fixed a bypass caused by the new HTML element selectedcontent added in 3.4.4, thanks @​KabirAcharya

Note that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.

DOMPurify 3.4.4

• Added the selectedcontent element to default allow-list, thanks @​lukewarlow
• Added the command and commandfor attributes to default allowed-list, thanks @​lukewarlow
• Added better template scrubbing for IN_PLACE operations, thanks @​DEMON1A
• Added stronger checks for cross-realm windows, thanks @​DEMON1A & @​fg0x0
• Updated demo website and made sure it uses the latest from main
• Updated existing workflows, fuzzer, dependabot, etc., added more tests
• Bumped several dependencies where possible

🚨 This release had been flagged as deprecated, please use DOMPurify 3.4.5 instead 🚨

DOMPurify 3.4.3

• Fixed an issue with handling of nested Shadow DOM trees, thanks @​fishjojo1
• Fixed the template regexes to be more robust against ReDoS attacks, thanks @​aleung27
• Updated the node iteration code to catch more Shadow DOM related issues
• Updated Playwright and added Node 26 to test matrix
• Updated existing workflows, fuzzer, release signing, etc., added more tests
• Bumped several dependencies where possible

Commits

• ca30f07 release: 3.4.7 (#1414)
• bb7739e release: 3.4.6 (#1394)
• 011b0c7 release: 3.4.5 (#1382)
• 5817ad9 release: 3.4.4 (#1374)
• 520edb0 release: 3.4.3 (#1352)
• See full diff in compare view

Updates marked from 18.0.3 to 18.0.4

Release notes

Sourced from marked's releases.

v18.0.4

18.0.4 (2026-05-19)

Bug Fixes

• cache list indentation regexes (#3969) (a37983f)
• fix cli not reading stdin (#3967) (11adb69)

Commits

• 0a2cd54 chore(release): 18.0.4 [skip ci]
• 11adb69 fix: fix cli not reading stdin (#3967)
• a37983f fix: cache list indentation regexes (#3969)
• d38b8c2 chore(deps-dev): bump eslint from 10.3.0 to 10.4.0 (#3976)
• 7d9b17e chore(docs): fix typo in package links (#3975)
• a7affc3 chore(deps-dev): bump @​semantic-release/release-notes-generator from 14.1.0 t...
• 47d6ba1 chore(deps-dev): bump @​semantic-release/github from 12.0.6 to 12.0.8 (#3972)
• 69257e4 chore(deps-dev): bump eslint from 10.2.1 to 10.3.0 (#3966)
• 1731d38 refactor(test): move task list output coverage to specs (#3963)
• See full diff in compare view

Updates vue from 3.5.34 to 3.5.35

Release notes

Sourced from vue's releases.

v3.5.35

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.35 (2026-05-27)

Bug Fixes

• compiler-core: avoid double processing v-for keys with v-memo (#14861) (34a0ded), closes #14859
• compiler-sfc: resolve top-level exports from files registered as global types (#14805) (3d077f2), closes nuxt/nuxt#33694
• runtime-core: avoid repeated hydration mismatch checks (#14857) (170fc95), closes #14855
• runtime-core: skip idle persisted transition hooks in keep-alive moves (#14865) (80fc139), closes #14031
• server-renderer: propagate sync errors from ssrRenderSuspense (#14804) (4760997), closes nuxt/nuxt#28162
• teleport: skip child unmount when pending mount discarded (#14876) (#14877) (584beb1)

Performance Improvements

• reactivity: skip type checks for cached proxies (#14860) (5734fe9)
• runtime-dom: optimize array event handler dispatch (#14828) (bb18dc8)
• server-renderer: avoid materializing iterables in ssrRenderList (#14821) (1b7a2cc)

Commits

• 8be32d6 release: v3.5.35
• 80fc139 fix(runtime-core): skip idle persisted transition hooks in keep-alive moves (...
• d6c7371 ci: use backup action for size report comments
• bb18dc8 perf(runtime-dom): optimize array event handler dispatch (#14828)
• 5734fe9 perf(reactivity): skip type checks for cached proxies (#14860)
• 584beb1 fix(teleport): skip child unmount when pending mount discarded (#14876) (#14877)
• 34a0ded fix(compiler-core): avoid double processing v-for keys with v-memo (#14861)
• 170fc95 fix(runtime-core): avoid repeated hydration mismatch checks (#14857)
• 1b7a2cc perf(server-renderer): avoid materializing iterables in ssrRenderList (#14821)
• 3d077f2 fix(compiler-sfc): resolve top-level exports from files registered as global ...
• Additional commits viewable in compare view

Updates vue-router from 5.0.6 to 5.1.0

Release notes

Sourced from vue-router's releases.

v5.1.0

   🚀 Features

• Typed definePage params.path  -  by @​posva in vuejs/router#2716 (d65de)
• Strict type for definePage param default  -  by @​posva (0ae10)
• Support raw param parsers  -  by @​posva (eadec)
• Force array type raw param parsers  -  by @​posva (7a68b)
• Allow overriding the global Router type  -  by @​posva (1cd93)
• Emit runtime warning for invalid format in query params  -  by @​posva (8259a)
• Override useRouter() return with experimental types config  -  by @​posva (39a34)
• Allow string as a param parser for convenience  -  by @​posva (be37b)

   🐞 Bug Fixes

• Fix auto import fixes and make experimental esm only  -  by @​posva (db3a6)
• Deterministic param parser types order  -  by @​posva (bf0fc)
• Avoid importing unused param parsers  -  by @​posva (41c00)
• Filter invalid query params without failing to match  -  by @​posva (db717)
• Detect not set format  -  by @​posva (aa89e)
• Allow undefined values for params in query  -  by @​posva (4726e)
• experimental: Repeatable params in subsegments  -  by @​posva (84664)
• types: Add vite as optional peer dependency  -  by @​ForgottenR, @​posva and shihuijie in vuejs/router#2712 (facbf)

    View changes on GitHub

v5.0.7

   🚀 Features

• Upgrade to babel 8  -  by @​posva (8d3e6)
• Make defineParamParser() more intuitive  -  by @​posva (8715b)
• Upgrade @vue/devtools-api  -  by @​posva (87c3a)
• matcher: Hint at params: {} workaround in discarded params warning  -  by @​posva and shanliuling in vuejs/router#2689 (c2b13)
• param-parsers: Add include/exclude options  -  by @​posva (91cde)

   🐞 Bug Fixes

• matcher:
  • Finalize param token before processing escaped colon  -  by @​babu-ch and @​posva in vuejs/router#2654 (20521)
• query:
  • Use Object.create(null) to prevent prototype pollution  -  by @​wdskuki, wdsmini and @​posva in vuejs/router#2661 (be88c)
• resolve:
  • Omit empty optional params from resolved params  -  by @​babu-ch and @​posva in vuejs/router#2434 (1ef09)
• types:
  • Wire RouteNamedMap via generated routes.d.ts  -  by @​posva in vuejs/router#2700 (aef99)
• unplugin:
  • Avoid generating empty routes  -  by @​FrontEndDog and @​posva in vuejs/router#2642 (10a8b)
  • Apply definePage path-param parser overrides  -  by @​posva in vuejs/router#2699 (c8074)
• volar:
  • Drop runtime @vue/language-core import  -  by @​danielroe in vuejs/router#2710 (8af50)

... (truncated)

Commits

• c0e3226 release: vue-router@5.1.0
• 9ca7672 chore: fix playgroundc usage
• 315cc09 refactor(experimental): remove defineQueryParamParser and definePathParamParser
• 7fa42f4 docs: fix gen and dead links
• 1b3a068 refactor: organize imports and exports add back Router
• 665be2d docs: links update
• 5d79bd2 chore: unused param
• 9ccf3d1 docs: experimental
• eee8ac6 chore: playground param parsers testing
• 0194b85 build: build before test:types
• Additional commits viewable in compare view

Updates ws from 8.20.0 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

• Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

• Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

8.20.1

... (truncated)

Commits

• bca91ad [dist] 8.21.0
• 2b2abd4 [security] Limit retained message parts
• 78eabe2 [security] Add latest vulnerability to SECURITY.md
• 5d9b316 [dist] 8.20.1
• c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
• ce2a3d6 [ci] Test on node 26
• 58e45b8 [ci] Do not test on node 25
• 5f26c24 [ci] Run the lint step on node 24
• See full diff in compare view

Updates @playwright/test from 1.59.1 to 1.60.0

Release notes

Sourced from @​playwright/test's releases.

v1.60.0

🌐 HAR recording on Tracing

tracing.startHar() / tracing.stopHar() expose HAR recording as a first-class tracing API, with the same content, mode and urlFilter options as recordHar. The returned Disposable makes it easy to scope a recording with await using:

await using har = await context.tracing.startHar('trace.har');
const page = await context.newPage();
await page.goto('https://playwright.dev');
// HAR is finalized when `har` goes out of scope.

🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:

await page.locator('#dropzone').drop({
  files: { name: 'note.txt', mimeType: 'text/plain', buffer: Buffer.from('hello') },
});
await page.locator('#dropzone').drop({
data: {
'text/plain': 'hello world',
'text/uri-list': 'https://example.com',
},
});

🎯 Aria snapshots

• expect(page).toMatchAriaSnapshot() now works on a Page, in addition to a Locator — equivalent to asserting against page.locator('body').
• New boxes option on locator.ariaSnapshot() / page.ariaSnapshot() appends each element's bounding box as [box=x,y,width,height], useful for AI consumption.

🛑 test.abort()

New test.abort() aborts the currently running test from a fixture, hook, or route handler with an optional message. Use it when you have detected an unrecoverable misuse and want to fail the test right away:

test('does not publish to the shared page', async ({ page }) => {
  await page.route('**/publish', route => {
    test.abort('Tests must not publish to the shared page. Use the `clone` option.');
    return route.abort();
  });
  // ...
});

New APIs

Browser, Context and Page

... (truncated)

Commits

• 87bb9dd cherry-pick(#40747): fix(yauzl): vendor yauzl with destroy-lifecycle fix
• 9a9c51c cherry-pick(#40733): chore(electron): revert #40184 (move Electron API to a s...
• 4b3b628 cherry-pick(#40736): Revert "feat(electron): add timeout option to electronAp...
• f869f96 chore: bump version to v1.60.0 (#40714)
• 7eb6918 cherry-pick(#40710): docs: release notes v1.60
• 118d2aa cherry-pick(#40693): chore(python): formdata path type
• 54012f5 chore(deps): bump ip-address and express-rate-limit (#40680)
• 9fa531d fix(screencast): unblock frame ack when an async client disconnects (#40674)
• 3649db5 chore(mcp): bump default extension protocol to v2 (#40678)
• bb6c009 chore(extension): mark 0.2.1 (#40679)
• Additional commits viewable in compare view

Updates @storybook/vue3-vite from 10.3.6 to 10.4.1

Release notes

Sourced from @​storybook/vue3-vite's releases.

v10.4.1

10.4.1

• Angular: Detect model() signal outputs (type inference + compodoc autodocs + runtime binding) - #34833, thanks @​valentinpalkovic!
• Build: Upgrade type-fest to latest version 5.6.0 - #34791, thanks @​tobiasdiez!
• CLI: Run `npx expo install --fix` after init for Expo projects - #34803, thanks @​ndelangen!
• CLI: Support `peerDependencies` in framework detection for component libraries - #34516, thanks @​zhyd1997!
• Next.js: Add useLinkStatus mock to next/link export mock - #34593, thanks @​philwolstenholme!
• Vue3: Specify a specific version for non-dev dependency - #34794, thanks @​ScopeyNZ!

v10.4.0

10.4.0

AI-assisted setup, change-aware review, and stronger framework support

Storybook 10.4 contains hundreds of fixes and improvements including:

• 🤖 Agentic Setup: New CLI workflow for AI-assisted Storybook setup and onboarding
• 🔍 Change review: Sidebar filtering to highlight new, modified, and related stories based on git changes
• 🧭 Sidebar review tools: Status filtering, URL-persisted filters, and clearer review signals in the sidebar
• ⚛️ TanStack React: New `@storybook/tanstack-react` framework with routing and server function support
• 🧩 React MCP: Faster, more accurate component docgen powered by the TypeScript Language Server
• 📱 React Native: Zero config RN project initialization
• 🤝 Sharing: Easily publish and share your local Storybook with teammates, powered by Chromatic

• A11y: Add aria-live announcements via @​react-aria/live-announcer - #33970, thanks @​copilot-swe-agent!
• A11y: Improve boolean control contrast in forced colors mode - #34204, thanks @​anchmelev!
• Actions: Fix state mutation and keep newest actions when limit reached - #34286, thanks @​Sidnioulz!
• Addon-Docs: Add Reset story button to re-render stories in docs - #34086, thanks @​6810779s!
• Addon-Docs: Avoid rerendering static Source blocks - #34206, thanks @​anchmelev!
• Addon-Vitest: Use Vitest's provide-API for injecting values - #34518, thanks @​JReinhold!
• Agentic Setup: Add --extensive for an extra prompt - #34730, thanks @​Sidnioulz!
• Agentic Setup: Allow failed stories to persist - #34717, thanks @​Sidnioulz!
• Agentic Setup: Keep sample content if users want onboarding - #34704, thanks @​Sidnioulz!
• Agentic Setup: Rework ai-init-opt-in logic - #34739, thanks @​Sidnioulz!
• Angular: Use Story ID for renderer IDs (including standalone stories) - #33982, thanks @​ValentinFunk!
• Automigration: Move RN on-device addons to `deviceAddons` - #34659, thanks @​ndelangen!
• Builder-Vite: Add onModuleGraphChange method - #34323, thanks @​ghengeveld!
• CLI: Add automigrate check for 'storybook' package name conflict - #34290, thanks @​whdjh!
• CLI: Add react-vite to tanstack-react automigration - #34718, thanks @​huang-julien!
• CLI: Change mock event detection - #34586, thanks @​yannbf!
• CLI: Explicitly tell whether smoke tests passed or failed - #34419, thanks @​Sidnioulz!
• CLI: Fix Next.js Vite automigration corrupting configs already using `@storybook/nextjs-vite` - #34249, thanks @​nathanjessen!
• CLI: Fix agentic check - #34678, thanks @​yannbf!
• CLI: Handle minimumReleaseAge conflicts across package managers - #34769, thanks @​JReinhold!
• CLI: Improve package incompatibility detection and warning - #34559, thanks @​copilot-swe-agent!
• CLI: Improve self-healing scoring observability - #34699, thanks @​yannbf!

... (truncated)

Changelog

Sourced from @​storybook/vue3-vite's changelog.

10.4.1

• Angular: Detect model() signal outputs (type inference + compodoc autodocs + runtime binding) - #34833, thanks @​valentinpalkovic!
• Build: Upgrade type-fest to latest version 5.6...

  Description has been truncated