chore(deps): bump the vue group across 1 directory with 2 updates#107
Closed
dependabot[bot] wants to merge 1 commit into
Closed
chore(deps): bump the vue group across 1 directory with 2 updates#107dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/vue-b465e51571
branch
4 times, most recently
from
July 13, 2026 23:45
261703a to
e8011c7
Compare
Bumps the vue group with 2 updates in the / directory: [vue](https://github.com/vuejs/core) and [vue-router](https://github.com/vuejs/router). Updates `vue` from 3.5.32 to 3.5.40 - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](vuejs/core@v3.5.32...v3.5.40) Updates `vue-router` from 5.0.4 to 5.2.0 - [Release notes](https://github.com/vuejs/router/releases) - [Commits](vuejs/router@v5.0.4...v5.2.0) --- updated-dependencies: - dependency-name: vue dependency-version: 3.5.39 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: vue - dependency-name: vue-router dependency-version: 5.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: vue ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/vue-b465e51571
branch
from
July 17, 2026 12:14
e8011c7 to
562b86c
Compare
Member
|
Superseded by #158 — the vue group bump (vue 3.5.40, vue-router 5.2.0) is folded into the consolidated security refresh, gates green. |
Contributor
Author
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
ABB65
added a commit
that referenced
this pull request
Jul 17, 2026
…d pending bumps (#158) * chore(deps): security refresh — resolve critical/high advisories, fold pending bumps Aggressive dependency pass closing the Dependabot backlog (66 alerts on main). Direct + toolchain bumps (folds the passing/fixable Dependabot group PRs into one reviewable change): - @anthropic-ai/sdk 0.80 -> 0.112, sharp 0.34.5 -> 0.35.3, marked -> 18.0.2, vue 3.5.40, vue-router 5.2.0 - testing group (vitest 4.1.10, @vue/test-utils 2.4.11, playwright-core 1.61.1, ...) - linting group (@nuxt/eslint 1.16, eslint 10.7, @commitlint 21, lint-staged 17) - tsx 4.23 pnpm overrides for runtime-reachable transitives whose parents pin old versions: hono ^4.12.25 (MCP loopback server), fast-uri ^3.1.2, fast-xml-parser ^5.7.0, ws ^8.21.0, qs ^6.15.2, js-cookie ^3.0.7. A lockfile refresh alone clears the stale advisories on main (shell-quote 1.9.0, nuxt 4.4.8, vite 7.3.6, devalue 5.8.1, dompurify 3.4.11, tar 7.5.19, ...). Result: the one critical (shell-quote) and every high are resolved. The only remaining flagged package is uuid — its advisory needs uuid.v3/v5/v6 called with a `buf` argument, which Studio's transitive usage (@aws-sdk, uuid.v4) never does, so a risky cross-SDK major override is deliberately skipped. The @nuxt/eslint 1.16 bump surfaced real code smells (no-useless-assignment, preserve-caught-error) — fixed in migrate-postgres, anthropic-ai, cdn-builder, and the Polar webhook handler. Supersedes #107, #108, #109, #110, #111. * fix(deps): revert sharp to 0.34.5 — 0.35.3 fails to load on CI Linux sharp 0.35.3 crashed the Nuxt server at boot on the CI runner ("Server process exited before becoming ready", sharp.mjs:171 install error) — its native binary doesn't resolve on linux-x64 there, though it built fine on darwin-arm64 locally (which is why the local smoke was a false green). sharp is not a security advisory, so 0.34.5 (known-good on CI) loses nothing. This also confirms #111's e2e failure was sharp, not a stale base. --------- Co-authored-by: Contentrain <mcp@contentrain.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the vue group with 2 updates in the / directory: vue and vue-router.
Updates
vuefrom 3.5.32 to 3.5.40Release notes
Sourced from vue's releases.
Changelog
Sourced from vue's changelog.
... (truncated)
Commits
fa2885drelease: v3.5.4020c9d26fix(compiler-core): avoid leaking slot branch keys (#15051)7da6334Revert "fix(runtime-core): pause tracking when invoking function refs" (#15094)90aecb1chore(deps): update all non-major dependencies (#15026)97f3525fix(runtime-core): skip lazy hydration for detached roots (#15092)fe1c0f8chore(deps): update test (#15025)e41c45achore(deps): update dependency conventional-changelog to v8 (#15078)3eb66a9chore(deps): update actions/cache action to v6 (#15076)40178ddchore(deps): update lint (#15075)7f122b9chore(deps): update dependency conventional-changelog-angular to v9 (#15079)Updates
vue-routerfrom 5.0.4 to 5.2.0Release notes
Sourced from vue-router's releases.
... (truncated)
Commits
6e5f8d2release: vue-router@5.2.01653533fix: allow pinia 4f634b2fdocs: improve compatd4319bechore: up ts where possibleb5b5f94ci: pin image680e905ci: update playwright image385ca6bchore: up lint, babel and others92ff264chore: up deps minor and patchesfeed382ci: bump the actions group with 3 updates (#2745)4d96741fix(unplugin): reject invalid hex digits in [x+hh] character codes (#2744)