⬆️(deps): Bump the minor-and-patch group across 1 directory with 16 updates

[dependabot]

Bumps the minor-and-patch group with 15 updates in the / directory:

Package	From	To
@codemirror/autocomplete	6.20.2	6.20.3
@sentry/vue	10.53.1	10.56.0
dompurify	3.4.5	3.4.8
js-yaml	4.1.1	4.2.0
simple-icons	16.20.0	16.22.0
vue	3.5.34	3.5.35
@vitest/ui	4.1.7	4.1.8
@vue/test-utils	2.4.10	2.4.11
eslint	10.4.0	10.4.1
eslint-plugin-vue	10.9.1	10.9.2
happy-dom	20.9.0	20.10.1
vite	6.4.2	6.4.3
vitest	4.1.7	4.1.8
vue-eslint-parser	10.4.0	10.4.1
vue-tsc	3.3.1	3.3.3

Updates @codemirror/autocomplete from 6.20.2 to 6.20.3

Commits

• See full diff in compare view

Updates @sentry/vue from 10.53.1 to 10.56.0

Release notes

Sourced from @​sentry/vue's releases.

10.56.0

Important Changes

• feat(deno): Redis diagnostics channel based integration for Deno (#21087)

  Adds Redis integration support for Deno, covering both redis and ioredis clients.

Other Changes

• feat(cloudflare): Only capture workflow step error on final retry attempt (#21025)
• feat(hono): Emit warning if @sentry/node was imported instead of @sentry/hono/node (#21240)
• feat(node): Use ioredis tracing channels (#21187)
• fix(browser): Correctly parse sampleRate when consistentTraceSampling is enabled (#21281)
• fix(cloudflare): Fix instrumentDurableObjectWithSentry breaking Cloudflare Agents (#21101)
• fix(cloudflare): Wait for span links to be set (#21167)
• fix(core): Use WeakRef for Span-Scope circular references (#21242)
• fix(node): Vendor InstrumentationNodeModuleFile to fix Bun --bytecode crash (#21262)
• fix(profiling-node): Ensure node version support warning includes latest 26 (#21229)

• chore: Ignore scheduled_tasks.lock (#21252)
• chore: Promote lint warnings to errors (#21213)
• chore(docs): Document how to support a new node version (#21228)
• chore(size-limit): Weekly auto-bump (#21243)
• chore(skills): Add linear-project-status skill (#21214)
• chore(skills): Add linear-project-update skill (#21233)
• chore(skills): Improve triage-issue skill (#21257)
• chore(skills): Update linear-project-status skill with more details & context (#21234)
• feat(deps): Bump axios from 1.15.0 to 1.16.0 in /dev-packages/e2e-tests/test-applications/nestjs-basic (#21263)
• feat(server-utils): Initial scaffolding (#21200)
• ref(cloudflare): Move D1 instrumentation (#21266)
• ref(node): Refactor usage of hrTime utilities from @opentelemetry/core (#21191)
• ref(node): Stop mutating OTel RPC metadata to set http.route (#21193)
• ref(opentelemetry): Vendor minimal TraceState implementation (#21192)
• test(browser): Add unit test for http client header collection behavior (#21273)
• test(browser): Move browser integration tests to dataCollection (#21282)
• test(cloudflare): Remove vitest in CF e2e tests (#21259)

Bundle size 📦

Path	Size
@​sentry/browser	26.57 KB
@​sentry/browser - with treeshaking flags	25.05 KB
@​sentry/browser (incl. Tracing)	44.19 KB
@​sentry/browser (incl. Tracing + Span Streaming)	46.37 KB

... (truncated)

Changelog

Sourced from @​sentry/vue's changelog.

10.56.0

Important Changes

• feat(deno): Redis diagnostics channel based integration for Deno (#21087)

  Adds Redis integration support for Deno, covering both redis and ioredis clients.

Other Changes

• feat(cloudflare): Only capture workflow step error on final retry attempt (#21025)
• feat(hono): Emit warning if @sentry/node was imported instead of @sentry/hono/node (#21240)
• feat(node): Use ioredis tracing channels (#21187)
• fix(browser): Correctly parse sampleRate when consistentTraceSampling is enabled (#21281)
• fix(cloudflare): Fix instrumentDurableObjectWithSentry breaking Cloudflare Agents (#21101)
• fix(cloudflare): Wait for span links to be set (#21167)
• fix(core): Use WeakRef for Span-Scope circular references (#21242)
• fix(node): Vendor InstrumentationNodeModuleFile to fix Bun --bytecode crash (#21262)
• fix(profiling-node): Ensure node version support warning includes latest 26 (#21229)

• chore: Ignore scheduled_tasks.lock (#21252)
• chore: Promote lint warnings to errors (#21213)
• chore(docs): Document how to support a new node version (#21228)
• chore(size-limit): Weekly auto-bump (#21243)
• chore(skills): Add linear-project-status skill (#21214)
• chore(skills): Add linear-project-update skill (#21233)
• chore(skills): Improve triage-issue skill (#21257)
• chore(skills): Update linear-project-status skill with more details & context (#21234)
• feat(deps): Bump axios from 1.15.0 to 1.16.0 in /dev-packages/e2e-tests/test-applications/nestjs-basic (#21263)
• feat(server-utils): Initial scaffolding (#21200)
• ref(cloudflare): Move D1 instrumentation (#21266)
• ref(node): Refactor usage of hrTime utilities from @opentelemetry/core (#21191)
• ref(node): Stop mutating OTel RPC metadata to set http.route (#21193)
• ref(opentelemetry): Vendor minimal TraceState implementation (#21192)
• test(browser): Add unit test for http client header collection behavior (#21273)
• test(browser): Move browser integration tests to dataCollection (#21282)
• test(cloudflare): Remove vitest in CF e2e tests (#21259)

10.55.0

Important Changes

• feat(hono): Promote @sentry/hono to stable and deprecate honoIntegration (#21208)

  The @sentry/hono SDK is now stable. See the Sentry Hono SDK docs to get started.

... (truncated)

Commits

• 29b276c release: 10.56.0
• f94a87b Merge pull request #21291 from getsentry/prepare-release/10.56.0
• 165c82a meta(changelog): Update changelog for 10.56.0
• a7cb7e6 fix(cloudflare): Fix instrumentDurableObjectWithSentry breaking Cloudflare Ag...
• d8015e2 feat(deps): Bump axios from 1.15.0 to 1.16.0 in /dev-packages/e2e-tests/test-...
• 01104fb fix(browser): Correctly parse sampleRate when consistentTraceSampling is en...
• 0613ef7 test(browser): Move browser integration tests to dataCollection (#21282)
• 231e1f5 test(browser): Add unit test for http client header collection behavior (#21273)
• ec5f82c feat(server-utils): initial scaffolding (#21200)
• dfeeb11 fix(cloudflare): Wait for span links to be set (#21167)
• Additional commits viewable in compare view

Updates dompurify from 3.4.5 to 3.4.8

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.8

• Cleaned up the repository root, renamed some and removed unneeded files
• Fixed an issue with handling of Trusted Types policies, thanks @​fulstadev
• Fixed the node iterator for better template scrubbing, thanks @​IamLeandrooooo
• Included formerly missing LICENSE-MPL in published npm package, thanks @​asamuzaK
• Bumped several dependencies where possible

DOMPurify 3.4.7

• Hardened the handling of Shadow Roots when using IN_PLACE, thanks @​GameZoneHacker
• Removed a problem leading to permanent hook pollution, thanks @​offset
• Refactored the test suite and expanded test coverage significantly

DOMPurify 3.4.6

• Fixed several issues with DOM Clobbering in IN_PLACE mode, thanks @​offset & @​Bankde
• Hardened the checks for cross-realm IN_PLACE and Shadow DOM sanitization, thanks @​offset & @​Bankde
• Added more test coverage for IN_PLACE and general DOM Clobbering attacks
• Bumped several dependencies where possible

Commits

• bcdd828 release: 3.4.8 (#1439)
• ca30f07 release: 3.4.7 (#1414)
• bb7739e release: 3.4.6 (#1394)
• See full diff in compare view

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

• Added docs/safety.md with notes about processing untrusted YAML.
• Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
• Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
• Added sourcemaps to dist/ builds.

Changed

• Stop resolving numbers with underscores as numeric scalars, #627.
• Switched dev toolchains to Vite / neostandard.
• Updated demo.
• Reorganized tests.
• dist/ files are no longer kept in the repository.

Fixed

• Fix parsing of properties on the first implicit block mapping key, #62.
• Fix trailing whitespace handling when folding flow scalar lines, #307.
• Reject top-level block scalars without content indentation, #280.
• Ensure numbers survive round-trip, #737.
• Fix test coverage for issue #221.
• Fix flow scalar trailing whitespace folding, #307.
• Fix digits in YAML named tag handles.

Security

• Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

Commits

• See full diff in compare view

Updates simple-icons from 16.20.0 to 16.22.0

Release notes

Sourced from simple-icons's releases.

Release 16.22.0

2 new icons

• Apache Arrow (#14468) (@​esadek)
• Claude Code (#14585) (@​cscnk52)

Release 16.21.0

3 new icons

• Await (#14743) (@​LitoMore)
• LM Studio (#14717) (@​azisislm, @​cscnk52)
• OpenTUI (#14740) (@​LitoMore)

Commits

• 4e20018 Replace README CDN theme image links
• f076d6f Release 16.22.0
• b8f9227 Bump version to 16.22.0
• fd14b05 Add Claude Code icon (#14585)
• 9ad5480 Add Apache Arrow icon (#14468)
• 278ae07 Release 16.21.0
• b09be23 Bump version to 16.21.0
• 74e887a Add LM Studio icon (#14717)
• 362a16e Add OpenTUI icon (#14740)
• 8e9193a Update dependencies (#14670)
• Additional commits viewable in compare view

Updates vue from 3.5.34 to 3.5.35

Release notes

Sourced from vue's releases.

v3.5.35

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.35 (2026-05-27)

Bug Fixes

• compiler-core: avoid double processing v-for keys with v-memo (#14861) (34a0ded), closes #14859
• compiler-sfc: resolve top-level exports from files registered as global types (#14805) (3d077f2), closes nuxt/nuxt#33694
• runtime-core: avoid repeated hydration mismatch checks (#14857) (170fc95), closes #14855
• runtime-core: skip idle persisted transition hooks in keep-alive moves (#14865) (80fc139), closes #14031
• server-renderer: propagate sync errors from ssrRenderSuspense (#14804) (4760997), closes nuxt/nuxt#28162
• teleport: skip child unmount when pending mount discarded (#14876) (#14877) (584beb1)

Performance Improvements

• reactivity: skip type checks for cached proxies (#14860) (5734fe9)
• runtime-dom: optimize array event handler dispatch (#14828) (bb18dc8)
• server-renderer: avoid materializing iterables in ssrRenderList (#14821) (1b7a2cc)

Commits

• 8be32d6 release: v3.5.35
• 80fc139 fix(runtime-core): skip idle persisted transition hooks in keep-alive moves (...
• d6c7371 ci: use backup action for size report comments
• bb18dc8 perf(runtime-dom): optimize array event handler dispatch (#14828)
• 5734fe9 perf(reactivity): skip type checks for cached proxies (#14860)
• 584beb1 fix(teleport): skip child unmount when pending mount discarded (#14876) (#14877)
• 34a0ded fix(compiler-core): avoid double processing v-for keys with v-memo (#14861)
• 170fc95 fix(runtime-core): avoid repeated hydration mismatch checks (#14857)
• 1b7a2cc perf(server-renderer): avoid materializing iterables in ssrRenderList (#14821)
• 3d077f2 fix(compiler-sfc): resolve top-level exports from files registered as global ...
• Additional commits viewable in compare view

Updates @vitest/ui from 4.1.7 to 4.1.8

Release notes

Sourced from @​vitest/ui's releases.

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

Commits

• e61f2dd chore: release v4.1.8
• See full diff in compare view

Updates @vue/compiler-sfc from 3.5.34 to 3.5.35

Release notes

Sourced from @​vue/compiler-sfc's releases.

v3.5.35

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from @​vue/compiler-sfc's changelog.

3.5.35 (2026-05-27)

Bug Fixes

• compiler-core: avoid double processing v-for keys with v-memo (#14861) (34a0ded), closes #14859
• compiler-sfc: resolve top-level exports from files registered as global types (#14805) (3d077f2), closes nuxt/nuxt#33694
• runtime-core: avoid repeated hydration mismatch checks (#14857) (170fc95), closes #14855
• runtime-core: skip idle persisted transition hooks in keep-alive moves (#14865) (80fc139), closes #14031
• server-renderer: propagate sync errors from ssrRenderSuspense (#14804) (4760997), closes nuxt/nuxt#28162
• teleport: skip child unmount when pending mount discarded (#14876) (#14877) (584beb1)

Performance Improvements

• reactivity: skip type checks for cached proxies (#14860) (5734fe9)
• runtime-dom: optimize array event handler dispatch (#14828) (bb18dc8)
• server-renderer: avoid materializing iterables in ssrRenderList (#14821) (1b7a2cc)

Commits

• 8be32d6 release: v3.5.35
• 3d077f2 fix(compiler-sfc): resolve top-level exports from files registered as global ...
• 5fb14e1 chore(deps): update all non-major dependencies (#14796)
• 6e2bf14 fix(deps): update dependency postcss to ^8.5.15 (#14878)
• See full diff in compare view

Updates @vue/test-utils from 2.4.10 to 2.4.11

Release notes

Sourced from @​vue/test-utils's releases.

v2.4.11

compare changes

🩹 Fixes

• Drop legacy Mutation Event listener entries (#2844)
• Handle setData() correctly for components using both setup() and data() (#2846)
• Export GlobalMountOptions type (#2851)
• Set spec-compliant event.code on keydown/keyup (#2850)

❤️ Contributors

• Cédric Exbrayat (@​cexbrayat)
• Renato de Leão (@​renatodeleao)
• Matt Van Horn (@​mvanhorn)
• Carsten Brachem (@​cbrachem)
• Ahmad Hanan (@​AhmadHannan037)
• Paul Cochrane (@​paultcochrane)
• Arpit Jain (@​arpitjain099)

Commits

• 5e48e1e v2.4.11
• b73ee1d chore(deps): update dependency oxfmt to v0.53.0
• 39e32ec chore(deps): update all non-major dependencies to v17.0.7 (#2881)
• 0621772 chore(deps): update actions/checkout digest to df4cb1c (#2880)
• 81fde07 chore(deps): update all non-major dependencies (#2879)
• 4ad4255 chore(deps): update dependency oxfmt to v0.52.0 (#2878)
• 8d3d26e chore(deps): update pnpm to v11.3.0 (#2877)
• bc79eff chore(deps): update all non-major dependencies (#2876)
• 58db8f7 chore(deps): update all non-major dependencies (#2874)
• 9ad31cb chore: enable renovate minimum release age for npm
• Additional commits viewable in compare view

Updates eslint from 10.4.0 to 10.4.1

Release notes

Sourced from eslint's releases.

v10.4.1

Bug Fixes

• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)
• d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)
• c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)
• 27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)

Documentation

• 61b0add docs: remove deprecated rule from related rules of max-params (#20921) (Tanuj Kanti)
• 305d5b9 docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)
• 49b0202 docs: fix display: none of ad (#20901) (Tanuj Kanti)
• 9067f94 docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)
• c91b041 docs: Update README (GitHub Actions Bot)
• e349265 docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)

Chores

• b0e466b test: add data property to invalid tests cases for rules (#20924) (Tanuj Kanti)
• f78838b test: add CodePath type coverage (#20904) (Pixel998)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20922) (Francesco Trotta)
• 002942c ci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)
• 64bca24 chore: update ecosystem plugins (#20912) (ESLint Bot)
• 6d7c832 chore: ignore fflate updates in renovate (#20908) (Pixel998)
• b2c8638 ci: bump pnpm/action-setup from 6.0.7 to 6.0.8 (#20889) (dependabot[bot])
• a9b8d7f chore: increase maxBuffer for ecosystem tests (#20881) (sethamus)
• b702ead chore: update ecosystem update PR settings (#20884) (Pixel998)
• 507f60e chore: update ecosystem plugins (#20882) (ESLint Bot)
• 92f5c5b test: add unit test for message-count (#20878) (kuldeep kumar)
• df32108 chore: add @​eslint/markdown and typescript-eslint ecosystem tests (#20837) (sethamus)
• 327f91d chore: use includeIgnoreFile internally (#20876) (Kirk Waiblinger)
• f0dc4bd chore: pin fflate@0.8.2 (#20877) (Milos Djermanovic)
• 0f4bd25 ci: run Discord alert for ecosystem test failures (#20873) (Copilot)

Commits

• 4a3d15a 10.4.1
• 43e7e2b Build: changelog update for 10.4.1
• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930)
• b0e466b test: add data property to invalid tests cases for rules (#20924)
• d4ce898 fix: propagate failures from delegated commands (#20917)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916)
• f78838b test: add CodePath type coverage (#20904)
• 61b0add docs: remove deprecated rule from related rules of max-params (#20921)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20...
• 002942c ci: declare contents:read on update-readme workflow (#20919)
• Additional commits viewable in compare view

Updates eslint-plugin-vue from 10.9.1 to 10.9.2

Release notes

Sourced from eslint-plugin-vue's releases.

v10.9.2

Patch Changes

• Fixed vue/custom-event-name-casing to check segments of colon-separated event names like update:foo-bar (#3079)
• Fixed vue/one-component-per-file to not report functions not imported from Vue (#3063)
• Fixed vue/prefer-import-from-vue to not report imports/exports of names that are not re-exported by vue (#3081)
• Fixed vue/return-in-computed-property and vue/require-render-return to not report exhaustive switch statements when TypeScript type information is available (#3067)

Changelog

Sourced from eslint-plugin-vue's changelog.

10.9.2

Patch Changes

• Fixed vue/custom-event-name-casing to check segments of colon-separated event names like update:foo-bar (#3079)
• Fixed vue/one-component-per-file to not report functions not imported from Vue (#3063)
• Fixed vue/prefer-import-from-vue to not report imports/exports of names that are not re-exported by vue (#3081)
• Fixed vue/return-in-computed-property and vue/require-render-return to not report exhaustive switch statements when TypeScript type information is available (#3067)

Commits

• 9aa463a Version Packages (#3080)
• 517347c Add error positions (#3085)
• b582b7e fix: false positive for returns in exhaustive switch (#3067)
• 91a136c fix(one-component-per-file): Ignore members imported from elsewhere (#3063)
• d37d17b fix(prefer-import-from-vue): don't report names not exported by vue (#3081)
• 836aa95 fix(custom-event-name-casing): check segments of colon-separated names (#3079)
• See full diff in compare view

Updates happy-dom from 20.9.0 to 20.10.1

Release notes

Sourced from happy-dom's releases.

v20.10.0

🎨 Features

• Adds support for setting a canvas adapter for handling the canvas rendering using the browser setting canvasAdapter - By @​RAprogramm and @​capricorn86 in task #241
• Adds new package @​happy-dom/node-canvas-adapter - By @​RAprogramm and @​capricorn86 in task #241
  • @​happy-dom/node-canvas-adapter is a pluggable canvas adapter for Happy DOM using node-canvas.
• Adds support for loading image files when enabling the browser setting enableImageFileLoading - By @​capricorn86 in task #241
• Adds support for loading image data URLs - By @​capricorn86 in task #241
• Adds support for ImageData - By @​capricorn86 in task #241
• Adds support for ImageBitmap - By @​capricorn86 in task #241
• Adds support for Window.createImageBitmap() - By @​capricorn86 in task #241

Commits

• 20f89aa fix: #2180 Try to fix publish workflow (#2181)
• f08c3fa chore: #2177 Update happy-conventional-commit (#2179)
• df504c0 chore: #2177 Update happy-conventional-commit (#2178)
• c3db9e2 chore: #2174 Fix NPM cache issue (#2175)
• 5a50f8a chore: #2171 Fix canvas adapter peer dependency to happy-dom (#2173)
• 090183a chore: #2171 Fix canvas adapter peer dependency to happy-dom (#2172)
• e5b81b1 feat: #241 Adds canvas adapter package (#2069)
• cd6f87f fix: #0 Fix github release workflow (#2141)
• See full diff in compare view

Updates vite from 6.4.2 to 6.4.3

Release notes

Sourced from vite's releases.

v6.4.3

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.4.3 (2026-06-01)

• fix: backport #22572, reject windows alternate paths (#22576) (96b0c10), closes #22572 #22576
• fix(deps): backport #22571, reject UNC paths for launch-editor-middleware (#22575) (8fed5cf), closes #22571 #22575

Commits

• 6c2c881 release: v6.4.3
• 96b0c10 fix: backport #22572, reject windows alternate paths (#22576)
• 8fed5cf fix(deps): backport #22571, reject UNC paths for launch-editor-middleware (#2...
• See full diff in compare view

Updates vitest from 4.1.7 to 4.1.8

Release notes

Sourced from vitest's releases.

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)