chore(deps): @auth0/auth0-vue, @fortawesome/fontawesome-svg-core, @fortawesome/free-solid-svg-icons, @fortawesome/vue-fontawesome, @microsoft/applicationinsights-web, @vue/tsconfig, axios, prettier, vue, vue-router, @rushstack/eslint-patch, @semantic-release/github, @semantic-release/npm, @semantic-release/release-notes-generator, @types/lodash, @types/node, @vitejs/plugin-vue, @vitest/coverage-v8, @vue/eslint-config-typescript, @vue/test-utils, eslint, eslint-plugin-prettier, eslint-plugin-vue, jsdom, msw, semantic-release, typescript, vite, vitest, vue-tsc

[dependabot]

Bumps the npm-dependencies group with 30 updates in the / directory:

Package	From	To
@auth0/auth0-vue	2.5.0	2.7.0
@fortawesome/fontawesome-svg-core	7.1.0	7.2.0
@fortawesome/free-solid-svg-icons	7.1.0	7.2.0
@fortawesome/vue-fontawesome	3.1.3	3.2.0
@microsoft/applicationinsights-web	3.3.11	3.4.1
@vue/tsconfig	0.8.1	0.9.1
axios	1.13.4	1.16.1
prettier	3.8.1	3.8.3
vue	3.5.27	3.5.35
vue-router	4.6.4	5.1.0
@rushstack/eslint-patch	1.15.0	1.16.1
@semantic-release/github	12.0.2	12.0.8
@semantic-release/npm	13.1.3	13.1.5
@semantic-release/release-notes-generator	14.1.0	14.1.1
@types/lodash	4.17.23	4.17.24
@types/node	25.1.0	25.9.1
@vitejs/plugin-vue	6.0.3	6.0.7
@vitest/coverage-v8	4.0.18	4.1.8
@vue/eslint-config-typescript	14.6.0	14.7.0
@vue/test-utils	2.4.6	2.4.10
eslint	9.39.2	10.4.1
eslint-plugin-prettier	5.5.5	5.5.6
eslint-plugin-vue	10.7.0	10.9.1
jsdom	27.4.0	29.1.1
msw	2.12.7	2.14.6
semantic-release	25.0.2	25.0.3
typescript	5.9.3	6.0.3
vite	7.3.1	8.0.15
vitest	4.0.18	4.1.8
vue-tsc	3.2.4	3.3.3

Updates @auth0/auth0-vue from 2.5.0 to 2.7.0

Release notes

Sourced from @​auth0/auth0-vue's releases.

v2.7.0

Added

• feat: add custom token exchange support #618 (yogeshchoudhary147)

Fixed

• fix: respect appState.target when no router is present #619 (yogeshchoudhary147)

v2.6.1

Fixed

• fix: ensure to use pathname instead of '/' when clearing query parameters #544 (frederikprijck)
• fix: merge appState in Auth Guard #543 (frederikprijck)

v2.6.0

Added

• feat: add Multi-Factor Authentication (MFA) support #602 (yogeshchoudhary147)
• feat: add support for vue-router v5 #541 (frederikprijck)

Changelog

Sourced from @​auth0/auth0-vue's changelog.

v2.7.0 (2026-05-07)

Full Changelog

Added

• feat: add custom token exchange support #618 (yogeshchoudhary147)

Fixed

• fix: respect appState.target when no router is present #619 (yogeshchoudhary147)

v2.6.1 (2026-05-04)

Full Changelog

Fixed

• fix: ensure to use pathname instead of '/' when clearing query parameters #544 (frederikprijck)
• fix: merge appState in Auth Guard #543 (frederikprijck)

v2.6.0 (2026-04-28)

Full Changelog

Added

• feat: add Multi-Factor Authentication (MFA) support #602 (yogeshchoudhary147)
• feat: add support for vue-router v5 #541 (frederikprijck)

Commits

• a8b8752 Release v2.7.0 (#621)
• e5ba9c7 fix: convert typedoc config to ESM (#620)
• 2cd3474 fix: respect appState.target when no router is present (#619)
• bc0ae40 fix: add type module and use .cjs extension for CJS output (#472)
• 65b4fc6 feat: add custom token exchange support (#618)
• e60ba36 Release v2.6.1 (#617)
• 1b8d511 chore: replace BrowserStack with Cypress cross-browser matrix (#615)
• eb400e1 fix: ensure to use pathname instead of '/' when clearing query parameters (#544)
• 5e9641c chore: inline setup-node@v6 and remove setup-node-npm composite action (#616)
• 4beac4c chore: remove package-lock.json (#612)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​auth0/auth0-vue since your current version.

Updates @fortawesome/fontawesome-svg-core from 7.1.0 to 7.2.0

Release notes

Sourced from @​fortawesome/fontawesome-svg-core's releases.

Release 7.2.0

Change log available at https://fontawesome.com/changelog

Commits

• 337dd20 Release 7.2.0 (#21465)
• 16ac6af Simplifying icon request titles (#21360)
• ce49420 Simplifying icon request template name (to avoid redundancy)
• 3dba69f Modify bug report template for versioning and labels (#21264)
• f40da32 Update web bug report template
• 89f17b4 Modify bug report template for version and labels
• 14b8429 Adding feature requests to discussions
• eceb155 Updating links to the new icon request templates
• b544f79 Update contribution guidelines for icon requests
• f811bcf Revise icon wizard request template
• Additional commits viewable in compare view

Updates @fortawesome/free-solid-svg-icons from 7.1.0 to 7.2.0

Release notes

Sourced from @​fortawesome/free-solid-svg-icons's releases.

Release 7.2.0

Change log available at https://fontawesome.com/changelog

Commits

• 337dd20 Release 7.2.0 (#21465)
• 16ac6af Simplifying icon request titles (#21360)
• ce49420 Simplifying icon request template name (to avoid redundancy)
• 3dba69f Modify bug report template for versioning and labels (#21264)
• f40da32 Update web bug report template
• 89f17b4 Modify bug report template for version and labels
• 14b8429 Adding feature requests to discussions
• eceb155 Updating links to the new icon request templates
• b544f79 Update contribution guidelines for icon requests
• f811bcf Revise icon wizard request template
• Additional commits viewable in compare view

Updates @fortawesome/vue-fontawesome from 3.1.3 to 3.2.0

Release notes

Sourced from @​fortawesome/vue-fontawesome's releases.

Release 3.2.0

Added

• Support for custom gradient fills

Changelog

Sourced from @​fortawesome/vue-fontawesome's changelog.

3.2.0 - 2026-04-14

Added

• Support for custom gradient fills

---

Commits

• 1b7d20d Release 3.2.0
• 832c2f8 update DEVELOPMENT.md doc - add npm install step to sync package-lock.json du...
• f710c05 support custom gradient fills (#553)
• a829523 add layers-text tests and remove dead code (#546)
• 342423a Bump lodash from 4.17.21 to 4.17.23 (#543)
• See full diff in compare view

Updates @microsoft/applicationinsights-web from 3.3.11 to 3.4.1

Release notes

Sourced from @​microsoft/applicationinsights-web's releases.

3.4.1

This is the first full supported release of the 3.4.x version line. While a 3.4.0-beta was previously released for early testing and validation, version 3.4.0 was not released as a standard supported version — 3.4.1 is the first production-ready release in this series. The @microsoft/1ds-post-js channel is numbered 4.4.1 and requires v3.4.1.

Significant Changes (since 3.3.11)

The following are the significant changes since the previous full release (3.3.11). Some of these changes were previously included in the 3.4.0-beta release.

• W3C Trace State Support: Added full support for managing W3C Trace State and sending headers in distributed tracing, including new distributed tracing modes AI_AND_W3C_TRACE and W3C_TRACE that enable the tracestate header to be sent with requests when trace state information is available, the existing states will continue to not send the header.

• New Distributed Tracing Modes: Added new eDistributedTracingModes enum values:

  • AI_AND_W3C_TRACE (17): Sends Application Insights headers + W3C traceparent + W3C tracestate headers (if state value is present)
  • W3C_TRACE (18): Sends only W3C traceparent + W3C tracestate headers (if state value is present)

• Enhanced Distributed Tracing: Refactored the distributed tracing implementation to provide better support for the W3C Trace Context specification and prepare for future OpenTelemetry Span-style API integration.

• New W3C TraceState API: Introduced the IW3cTraceState interface that provides a mutable, ordered list of key/value pairs for trace state information with proper parent-child relationships.

• OpenTelemetry Integration Preparation: Added foundational OpenTelemetry interfaces (IOTelSpanContext, IOTelTraceState) to provide OpenTelemetry API compatibility.

• Additional Configuration: Added new configuration properties for W3C trace state support:

  • traceHdrMode: Controls if the SDK should look for the traceparent and/or tracestate values from service timing headers or meta tags from the initial page load (in IConfiguration)
  • Enhanced distributedTracingMode property to support the new W3C trace state modes (in ICorrelationConfig)

• Dependencies Extension: The dependency tracking extension now includes additional logic for W3C trace state handling, which may affect custom dependency listeners or initializers. The following interfaces and functions have been enhanced with W3C trace state support:

  • IDependencyListenerDetails interface now also includes a readonly traceState along with the previous traceId, spanId, traceFlags properties
  • addDependencyListener() function now provides access to W3C trace state information through the enhanced details object
  • addDependencyInitializer() function continues to work with existing dependency telemetry processing
  • Custom dependency listeners can now access and modify W3C trace state information before requests are sent

• Enhanced Cookie Management: Cookie values are now cached in memory when cookies are disabled instead of being lost, enabling support for consent banner workflows where cookies must be temporarily disabled until user approval. Automatic flushing occurs when cookies are re-enabled.

• OsPlugin Reliability Improvements: Improved OsPlugin with proactive OS retrieval, unload handling, and session caching for more reliable OS detection.

• URL Redaction Enhancements: Made URL redaction more dynamic for improved flexibility in field redaction scenarios.

Package Deprecation

The following packages have been merged into @microsoft/applicationinsights-core-js and are now deprecated. They continue to be published as backward-compatible shims (re-exporting from Core) so existing code will not break, but they are no longer used as dependencies by the main SDK packages. You should stop importing from these packages and migrate to @microsoft/applicationinsights-core-js directly.

• @microsoft/applicationinsights-common — All exports have been merged into @microsoft/applicationinsights-core-js. The package is now a compatibility shim that re-exports from Core. See the Migration Guide for details on updating your imports. This package will be removed in a future major release (4.0.0).

• @microsoft/1ds-core-js — All exports have been merged into @microsoft/applicationinsights-core-js. The package is now a compatibility shim that re-exports from Core. See the 1DS Core Migration Guide for class/import name changes and migration steps. Consumers should update their imports to reference @microsoft/applicationinsights-core-js directly. This package will be removed in a future major release (4.0.0).

Breaking Changes

The following is a list of known breaking changes for anyone attempting to implement the interfaces, for end-users / consumers of the existing interface this is considered to be only a potential breaking change as the existing functions are still provided and provide the same level of functionality. The breaking nature of these changes is for anyone attempting to provide their own implementation of these changes.

Interface Changes

• The IDistributedTraceContext interface has been significantly expanded to include W3C trace state management capabilities, which may affect custom telemetry processors that interact with distributed tracing context.

... (truncated)

Changelog

Sourced from @​microsoft/applicationinsights-web's changelog.

3.4.1 (April 7th, 2026)

This is the first full supported release of the 3.4.x version line. While a 3.4.0-beta was previously released for early testing and validation, version 3.4.0 was not released as a standard supported version — 3.4.1 is the first production-ready release in this series. The @microsoft/1ds-post-js channel is numbered 4.4.1 and requires v3.4.1.

Commits

• 2d5271b [Release] Increase version to 3.4.1 (#2720)
• dd66e91 Improve OsPlugin reliability: proactive OS retrieval, unload handling, and se...
• a598f47 Address issue with the AppInsightsExtCore using the wrong version number (#2718)
• 847c292 Make URL Redaction more dynamic (#2716)
• 2a15b82 [Main] Merge 1ds-core-js into applicationinsights-core-ts (#2712)
• 37eec11 [Main] Merge Trace API Features from Beta (#2710)
• 73d40dc Bump: @​microsoft/rush to 5.169.3 (#2709)
• b6de144 Enable compression in CDN config (#2701)
• 6185620 chore: Update Component versions and remove vulnerable dependency usage (#2700)
• a137ab6 Update vulnerable dependencies (#2692)
• See full diff in compare view

Updates @vue/tsconfig from 0.8.1 to 0.9.1

Release notes

Sourced from @​vue/tsconfig's releases.

v0.9.1

Notable Changes

• Align the TypeScript peer dependency requirement with the documentation (>= 5.8, including TypeScript 6)

Full Changelog: vuejs/tsconfig@v0.9.0...v0.9.1

v0.9.0

Noticeable Changes

• feat: update lib to ES2022 by @​Slessi in vuejs/tsconfig#41
• chore: move noUncheckedIndexedAccess from base config to the lib config [fa4423b]
  • This is because noUncheckedIndexedAccess may have false positives, making it hard for existing codebases to upgrade.
  • But for new codebases, it’s still recommended to enable this flag from the beginning.

New Contributors

• @​Slessi made their first contribution in vuejs/tsconfig#41

Full Changelog: vuejs/tsconfig@v0.8.1...v0.9.0

Commits

• dc7af0b 0.9.1
• e73ef3c fix: align typescript peer dependency with documentation
• 3569685 0.9.0
• fa4423b chore: move noUncheckedIndexedAccess from base config to the lib config
• 051d720 docs: update TypeScript version requirement
• 3db886a feat: update lib to ES2022 (#41)
• df9d3d4 docs: note the default value of types in TS 6+ has been changed to []
• 0e39087 docs: note that strict mode is on by default in TS 6
• ae3b1dc chore: make GitHub render tsconfig.*.json as JSONC
• See full diff in compare view

Updates axios from 1.13.4 to 1.16.1

Release notes

Sourced from axios's releases.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

• Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
• Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
• CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

• Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
• Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
• XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
• Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
• Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
• URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

• Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)
• composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)
• AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)
• Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)
• Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)
• Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​hpinmetaverse (#10836)
• @​tommyhgunz14 (#7413)
• @​abhu85 (#10829)
• @​divyanshuraj1095 (#10853)
• @​sagodi97 (#10856)
• @​rkdfx (#10868)
• @​Liuwei1125 (#10866)

Full Changelog

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

... (truncated)

Changelog

Sourced from axios's changelog.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

• Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
• Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
• CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

• Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
• Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
• XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
• Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
• Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
• URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

• Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)
• composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)
• AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)
• Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)
• Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)
• Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​hpinmetaverse (#10836)
• @​tommyhgunz14 (#7413)
• @​abhu85 (#10829)
• @​divyanshuraj1095 (#10853)
• @​sagodi97 (#10856)
• @​rkdfx (#10868)
• @​Liuwei1125 (#10866)

Full Changelog

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

... (truncated)

Commits

• 1337d6b chore(release): prepare release 1.16.1 (#10877)
• 858a790 fix: remove all caches (#10882)
• 34adfd9 revert: "fix: support URL object as config.url input (#10866)" (#10874)
• 847d89b fix: support URL object as config.url input (#10866)
• 4094886 fix(progress): guard malformed XHR upload events (#10868)
• 44f0c5b chore: change sponsorship link and add Twicsy advertisement (#10869)
• 64e1095 chore: update PR and issue template to use h2 (#10865)
• 3e6b4e1 fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...
• c4453ba fix: add the ability to add additional sponsors to the process sponsors scrip...
• caa00a9 fix: https data in cleartext to proxy (#10858)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates prettier from 3.8.1 to 3.8.3

Release notes

Sourced from prettier's releases.

3.8.3

• SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @​kovsu)

🔗 Changelog

3.8.2

• Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.3

diff

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
);
// Prettier 3.8.3
$value: if(sass(false): 1; else: -1);

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

</tr></table> 

... (truncated)

Commits

• d7108a7 Release 3.8.3
• 177f908 Prevent trailing comma in SCSS if() function (#18471)
• 1cd4066 Release @​prettier/plugin-oxc@​0.1.4
• a8700e2 Update oxc-parser to v0.125.0
• 752157c Fix tests
• 053fd41 Bump Prettier dependency to 3.8.2
• 904c636 Clean changelog_unreleased
• dc1f7fc Update dependents count
• b31557c Release 3.8.2
• 96bbaed Support Angular v21.2 (#18722)
• Additional commits viewable in compare view

Updates vue from 3.5.27 to 3.5.35

Release notes

Sourced from vue's releases.

v3.5.35

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.34

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.33

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.32

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.31

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.30

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.29

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.28

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.35 (2026-05-27)

Bug Fixes

• compiler-core: avoid double processing v-for keys with v-memo (#14861) (34a0ded), closes #14859
• compiler-sfc: resolve top-level exports from files registered as global types (#14805) (3d077f2), closes nuxt/nuxt#33694
• runtime-core: avoid repeated hydration mismatch checks (#14857) (170fc95), closes #14855
• runtime-core: skip idle persisted transition hooks in keep-alive moves (#14865) (80fc139), closes #14031
• server-renderer: propagate sync errors from ssrRenderSuspense (#14804) (4760997), closes nuxt/nuxt#28162
• teleport: skip child unmount when pending mount discarded (#14876) (#14877) (584beb1)

Performance Improvements

• reactivity: skip type checks for cached proxies (#14860) (5734fe9)
• runtime-dom: optimize array event handler dispatch (#14828) (bb18dc8)
• server-renderer: avoid materializing iterables in ssrRenderList (#14821) (1b7a2cc)

3.5.34 (2026-05-06)

Bug Fixes

• compiler-sfc: infer Vue ref wrapper types when source is unresolvable (#14758) (7f46fd4), closes #14729
• compiler-sfc: preserve hash hrefs on <image> elements (#14756) (090b2e3)
• compiler-sfc: resolve type re-exports inside declare global (#14766) (acfffe3)
• reactivity: prevent orphan effect when created in a stopped scope (#14778) (c8e2d4a), closes #14777
• runtime-core: avoid symbol coercion during props validation (#8539) (23d4fb5), closes #8487
• suspense: avoid DOM leak with out-in transition in v-if fragment (#14762) (9667e0d), closes #14761

3.5.33 (2026-04-22)

Bug Fixes

• compiler-sfc: handle nested :deep in selector pseudos (#14725) (bb9d265), closes #14724
• reactivity: unlink effect scopes on out-of-order off (#14734) (e7659be), closes #14733
• runtime-dom: preserve textarea resize dimensions (#14747) (11fb2fd), closes #14741
• teleport: don't move teleport children if not mounted (#14702) (6a61f44), closes #14701
• transition: preserve placeholder for conditional explicit default slots (#14748) (45990ce), closes #14727

3.5.32 (2026-04-03)

Bug Fixes

• runtime-core: prevent currentInstance leak into sibling render during async setup re-entry (#14668) (f166353), closes #14667

... (truncated)

Commits

• 8be32d6 release: v3.5.35
• 80fc139 fix(runtime-core): skip idle persisted transition hooks in keep-alive moves (...
• d6c7371 ci: use backup action for size report comments
• bb18dc8 perf(runtime-dom): optimize array event handler dispatch (#14828)
• 5734fe9 perf(reactivity): skip type checks for cached proxies (#14860)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud