chore(deps)(deps): bump vue from 3.5.28 to 3.5.34 in /webui

[dependabot]

Bumps vue from 3.5.28 to 3.5.34.

Release notes

Sourced from vue's releases.

v3.5.34

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.33

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.32

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.31

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.30

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.29

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.34 (2026-05-06)

Bug Fixes

• compiler-sfc: infer Vue ref wrapper types when source is unresolvable (#14758) (7f46fd4), closes #14729
• compiler-sfc: preserve hash hrefs on <image> elements (#14756) (090b2e3)
• compiler-sfc: resolve type re-exports inside declare global (#14766) (acfffe3)
• reactivity: prevent orphan effect when created in a stopped scope (#14778) (c8e2d4a), closes #14777
• runtime-core: avoid symbol coercion during props validation (#8539) (23d4fb5), closes #8487
• suspense: avoid DOM leak with out-in transition in v-if fragment (#14762) (9667e0d), closes #14761

3.5.33 (2026-04-22)

Bug Fixes

• compiler-sfc: handle nested :deep in selector pseudos (#14725) (bb9d265), closes #14724
• reactivity: unlink effect scopes on out-of-order off (#14734) (e7659be), closes #14733
• runtime-dom: preserve textarea resize dimensions (#14747) (11fb2fd), closes #14741
• teleport: don't move teleport children if not mounted (#14702) (6a61f44), closes #14701
• transition: preserve placeholder for conditional explicit default slots (#14748) (45990ce), closes #14727

3.5.32 (2026-04-03)

Bug Fixes

• runtime-core: prevent currentInstance leak into sibling render during async setup re-entry (#14668) (f166353), closes #14667
• teleport: handle updates before deferred mount (#14642) (32b44f1), closes #14640
• types: allow customRef to have different getter/setter types (#14639) (e20ddb0)
• types: use private branding for shallowReactive (#14641) (302c47a), closes #14638 #14493

Reverts

• Revert "fix(server-renderer): cleanup component effect scopes after SSR render" (#14674) (219d83b), closes #14674 #14669

3.5.31 (2026-03-25)

Bug Fixes

• compiler-sfc: allow Node.js subpath imports patterns in asset urls (#13045) (95c3356), closes #9919
• compiler-sfc: support template literal as defineModel name (#14622) (bd7eef0), closes #14621
• reactivity: normalize toRef property keys before dep lookup + improve types (#14625) (1bb28d0), closes #12427 #12431

... (truncated)

Commits

• 57545e9 release: v3.5.34
• a3b2617 chore(deps): update dependency jsdom to ^29.1.1 (#14775)
• 23d4fb5 fix(runtime-core): avoid symbol coercion during props validation (#8539)
• 090b2e3 fix(compiler-sfc): preserve hash hrefs on \<image> elements (#14756)
• 9667e0d fix(suspense): avoid DOM leak with out-in transition in v-if fragment (#14762)
• c8e2d4a fix(reactivity): prevent orphan effect when created in a stopped scope (#14778)
• 7f46fd4 fix(compiler-sfc): infer Vue ref wrapper types when source is unresolvable (#...
• acfffe3 fix(compiler-sfc): resolve type re-exports inside declare global (#14766)
• a037385 chore(deps): update build (#14759)
• 0bc56ff chore(deps): update pnpm to v10.33.3 (#14760)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, frontend. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[ZeroPointSix]

总体结论：这个 PR 是 Vue 3.5.28 -> 3.5.34 的 patch 级升级，变更方向总体合理，但当前没有有效 review 覆盖，且仓库 PR CI 没有构建 webui，建议合并前补前端验证。

关键发现：

• 中：.github/workflows/ci.yml 只覆盖 Python lint/test，没有执行 webui 的 npm ci、npm run type-check 或 npm run build。Vue patch 升级的主要风险在 SFC 编译、类型检查、运行时渲染/响应式行为，当前 CI 无法覆盖。建议在本 PR head 上跑 cd webui && npm ci && npm run build，并把 webui build 加入 PR CI。
• 中：diff 中不仅升级了 vue，还随 Vue 子包更新了 @vue/compiler-*、@vue/runtime-*、postcss、@babel/parser 等 lockfile 条目。虽然这符合 Vue patch 升级预期，但仍应通过实际 SFC 编译确认没有模板或类型回归。
• 低：package-lock.json 同时包含根包版本 0.1.0 -> 0.2.1 和若干 peer 标记变化。建议确认这些是基于当前 master lockfile 的正常再生成结果，避免无关 lockfile 噪声混入依赖升级。

优先级建议：

• 阻塞：无明确阻塞缺陷。
• 中：合并前补 webui 安装、类型检查和构建验证。
• 低：确认 lockfile metadata 变化是否预期。

后续建议：

• 建议新增独立 webui CI job，后续 Vue/Vite/router/TypeScript 这类前端依赖升级都可以自动获得实际门禁。