frontend(deps): bump the frontend-deps group across 1 directory with 44 updates

[dependabot]

Bumps the frontend-deps group with 36 updates in the /frontend directory:

Package	From	To
@codemirror/commands	6.10.1	6.10.3
@codemirror/state	6.5.4	6.6.0
@codemirror/view	6.39.11	6.43.0
@vueuse/core	13.9.0	14.3.0
jquery	3.7.1	4.0.0
vue-router	4.6.4	5.1.0
ws	8.20.0	8.21.0
y-websocket	2.1.0	3.0.0
yjs	13.6.30	13.6.31
@babel/core	7.29.0	7.29.7
@babel/eslint-parser	7.28.6	7.29.7
@babel/plugin-syntax-import-assertions	7.28.6	7.29.7
@babel/plugin-syntax-jsx	7.28.6	7.29.7
@eslint/js	9.39.4	10.0.1
@playwright/test	1.58.2	1.60.0
@storybook/addon-a11y	8.6.18	10.4.1
@storybook/addon-links	8.6.18	10.4.1
@storybook/addon-viewport	8.6.18	9.0.8
@storybook/vue3-vite	8.6.18	10.4.1
@vitejs/plugin-vue	5.2.4	6.0.7
@vitest/browser	3.2.4	4.1.8
@vitest/coverage-v8	3.2.4	4.1.8
dotenv	16.6.1	17.4.2
eslint	9.39.4	10.4.1
eslint-plugin-prettier	5.5.5	5.5.6
eslint-plugin-storybook	0.11.6	10.4.1
globals	16.5.0	17.6.0
jsdom	26.1.0	29.1.1
puppeteer	24.40.0	25.1.0
puppeteer-core	24.40.0	25.1.0
react	18.3.1	19.2.7
react-dom	18.3.1	19.2.7
storybook	8.6.18	10.4.1
vite	6.4.1	8.0.16
vite-plugin-vue-devtools	7.7.9	8.1.2
vitest	3.2.4	4.1.8

Updates @codemirror/commands from 6.10.1 to 6.10.3

Changelog

Sourced from @​codemirror/commands's changelog.

6.10.3 (2026-03-12)

Bug fixes

Make sure selection-extending commands preserve the associativity of the selection head.

6.10.2 (2026-02-06)

Bug fixes

Move the selection to a less surprising place when undoing, moving the selection, redoing, then undoing again.

Commits

• 6f83cb9 Mark version 6.10.3
• 8364073 Properly preserve selection associativity in selection-extending commands
• aa61d5c Add more tests for vertical cursor and selection motion
• dbae3a1 Mark version 6.10.2
• beecd58 Use a more reasonable start selection for the inverse of applied history events
• 0587e5d Add a test cursorLineDown skipping trailing inline widgets
• fe13f95 Add some more explicit type annotations
• 2f99b7b Use git+https format for package.json repository field
• a6196d9 Query configuration at start of line in changeLineComment
• See full diff in compare view

Updates @codemirror/lsp-client from 6.2.2 to 6.2.4

Updates @codemirror/state from 6.5.4 to 6.6.0

Changelog

Sourced from @​codemirror/state's changelog.

6.6.0 (2026-03-12)

New features

EditorSelection.range now takes an optional assoc argument.

SelectionRange.extend can now be given a third argument to specify associativity.

Commits

• 821d9b7 Mark version 6.6.0
• e035c74 Support an assoc argument to EditorSelection.range and SelectionRange.extend
• eef74db Add type conversions to asArray
• See full diff in compare view

Updates @codemirror/view from 6.39.11 to 6.43.0

Changelog

Sourced from @​codemirror/view's changelog.

6.41.0 (2026-04-01)

Bug fixes

Fix an issue where EditorView.posAtCoords could incorrectly return a position near a higher element on the line, in mixed-font-size lines.

Expand the workaround for the Webkit bug that causes nonexistent selections to stay visible to be active on non-Safari Webkit browsers.

New features

The new EditorView.cursorScrollMargin facet can now be used to configure the extra space used when scrolling the cursor into view.

6.40.0 (2026-03-12)

Bug fixes

Fix a bug that caused Shift-Enter/Backspace/Delete on iOS to lose the shift modifier when delivered to key event handlers.

Fix an issue where EditorView.moveVertically could move to the wrong place in wrapped lines with a large line height.

Make sure the selection head associativity is properly set for mouse selections made with shift held down.

New features

WidgetType.updateDOM is now called with the previous widget value as third argument.

6.39.17 (2026-03-10)

Bug fixes

Improve touch tap-selection on line wrapping boundaries.

Make drawSelection draw our own selection handles on iOS.

Fix an issue where posAtCoords, when querying line wrapping points, got confused by extra empty client rectangles produced by Safari.

6.39.16 (2026-03-02)

Bug fixes

Perform scroll stabilization on the document or wrapping scrollable elements, when the user scrolls the editor.

Fix an issue where changing decorations right before a composition could end up corrupting the visible DOM.

Fix an issue where some types of text input over a selection would be read as happening in wrong position.

6.39.15 (2026-02-20)

Bug fixes

... (truncated)

Commits

• See full diff in compare view

Updates @tabler/icons-vue from 3.40.0 to 3.44.0

Release notes

Sourced from @​tabler/icons-vue's releases.

Release 3.44.0

18 new icons:

• outline/code-ai
• outline/email-stamp
• outline/foodsteps
• outline/git-pull-request-conflict
• outline/noise-reduction
• outline/photo-alt
• outline/pointer-2
• outline/pointer-collaboration-2
• outline/pointer-collaboration
• outline/roulette
• outline/scan-cube
• outline/sketching
• outline/sparkle-2
• outline/sparkle-highlight
• outline/sparkle
• outline/sphere-2
• outline/text-scan-ai
• outline/vignette

Fixed icons: outline/air-balloon, outline/body-scan, outline/chart-sankey, outline/ear-scan, outline/grid-scan, outline/line-scan, outline/object-scan, outline/photo-scan, outline/route-scan, outline/scan-eye, outline/scan-letter-a, outline/scan-letter-t, outline/scan-position, outline/scan-traces, outline/scan, outline/text-scan-2, outline/user-scan, outline/zoom-scan

Release 3.43.0

18 new icons:

• outline/acorn
• outline/acrobatic
• outline/banana
• outline/brand-audible
• outline/building-eiffel-tower
• outline/car-door
• outline/car-lifter
• outline/chocolate
• outline/dumbbell
• outline/exercise-ball
• outline/flood
• outline/hula-hoop
• outline/leaf-maple
• outline/notdef
• outline/rugby
• outline/taiwan-dollar
• outline/target-2
• outline/unicycle

... (truncated)

Commits

• 6d128ed Release 3.44.0
• e40738b Release 3.43.0
• 076f4a9 Release 3.42.0
• 9b27b65 Release 3.41.1
• ebad60b Update homepage links in documentation and package files to point to the new ...
• 8ed617b Update README files to wrap images in anchor tags linking to the Tabler Icons...
• 6cbe885 Release 3.41.0
• See full diff in compare view

Updates @vueuse/core from 13.9.0 to 14.3.0

Release notes

Sourced from @​vueuse/core's releases.

v14.3.0

   🚀 Features

• Expose pointer event onLongPress  -  by @​mrcwbr in vueuse/vueuse#5295 (b1688)
• createInjectionState: Non-undefined return when default specified  -  by @​Laupetin in vueuse/vueuse#5306 (b0c51)
• createReusableTemplate: Add support for specifying component names  -  by @​wbolster in vueuse/vueuse#5300 (ea29d)
• nuxt: Add composable variants to auto imports  -  by @​OrbisK in vueuse/vueuse#5285 (ac2ef)
• useElementVisibility: Add controls option  -  by @​kricsleo in vueuse/vueuse#5191 (0cb03)
• useTextareaAutosize: Add optional maxHeight to limit autosize growth  -  by @​palamarchukser, @​antfu and @​9romise in vueuse/vueuse#5324 (1a3e5)

   🐞 Bug Fixes

• Add explicit ./package.json export to all packages  -  by @​babu-ch and @​OrbisK in vueuse/vueuse#5343 (0d989)
• core: Always return ssrValue in useCssSupports before mounted  -  by @​danielroe in vueuse/vueuse#5290 (76b0b)
• directive: Create disposable directive func cleanup of side effects unmounted  -  by @​kalu5, @​43081j, Raman Paulau and @​OrbisK in vueuse/vueuse#5244 (52d68)
• docs: Typos in useManualRefHistory, useFocusWithin, useStorageAsync, useIntersectionObserver  -  by @​blowsie, Sam Blowes and @​OrbisK in vueuse/vueuse#5329 (1d9c4)
• docs: Add ignoreDeprecations for twoslash TS 6.0 compat  -  by @​antfu and Claude Opus 4.6 (1M context) in vueuse/vueuse#5367 (9d1eb)
• metadata: Cleanup removed function resolveRef  -  by @​ntnyq in vueuse/vueuse#5307 (49da8)
• onClickOutside: Detect iframe inside shadow DOM with detectIframe option  -  by @​babu-ch and @​OrbisK in vueuse/vueuse#5336 (1a77b)
• shared: Align overloads order of watch functions with original version  -  by @​KazariEX in vueuse/vueuse#5288 (f1d32)
• useAxios: Handle optional response data safely  -  by @​jahnli in vueuse/vueuse#5318 (51198)
• useCached: Update comparator type and improve documentation  -  by @​IceMooncake in vueuse/vueuse#5376 (d886c)
• useClipboard: Prevents fail in Safari for async operation  -  by @​MatteoGabriele in vueuse/vueuse#5369 (5ec56)
• useSortable: Re-query DOM on every start() for string selectors  -  by @​Mini-ghost in vueuse/vueuse#5374 (3341f)
• useVirtualList: React to changes made in mutable arrays properly  -  by @​dcherman in vueuse/vueuse#5267 (7069e)
• useWakeLock: Auto-release wake lock on component unmount  -  by @​ProgrammingWithSid and @​OrbisK in vueuse/vueuse#5271 (43937)
• useWebSocket: Race condition caused by onopen/onclose events.  -  by @​DanCardin, @​antfu and @​9romise in vueuse/vueuse#5175 (6661c)
• whenever: Improve old value types  -  by @​VChet in vueuse/vueuse#5096 (979c6)

   🏎 Performance

• Replace deepRef with shallowRef where appropriate  -  by @​9romise in vueuse/vueuse#5293 (80004)

    View changes on GitHub

v14.2.1

   🚀 Features

• Add skills at the root directory for skills cli  -  by @​antfu (c005d)
• skills: Transfer @vueuse/skills  -  by @​serkodev in vueuse/vueuse#5286 (532ac)

   🐞 Bug Fixes

• useRafFn: Resolve reactive null fpsLimit not being handled  -  by @​nemanjamalesija in vueuse/vueuse#5284 (8ce0d)

    View changes on GitHub

v14.2.0

   🚀 Features

... (truncated)

Commits

• 99c5df9 chore: release v14.3.0
• 1a3e572 feat(useTextareaAutosize): add optional maxHeight to limit autosize growth ...
• d886c2f fix(useCached): update comparator type and improve documentation (#5376)
• acf182e docs(useCloned): add tip about watch flush timing (#5375)
• 5ec568d fix(useClipboard): prevents fail in Safari for async operation (#5369)
• 52d688f fix(directive): create disposable directive func cleanup of side effects unmo...
• df72450 chore: update deps
• 1aa211e Make demo of useElementSize readonly (#5365)
• 0d98998 fix: add explicit ./package.json export to all packages (#5343)
• 8c252c3 refactor: change primitive to shallowReadonly, rename readonly usage to `...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​vueuse/core since your current version.

Updates axios from 1.13.6 to 1.16.1

Release notes

Sourced from axios's releases.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

• Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
• Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
• CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

• Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
• Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
• XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
• Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
• Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
• URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

• Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)
• composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)
• AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)
• Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)
• Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)
• Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​hpinmetaverse (#10836)
• @​tommyhgunz14 (#7413)
• @​abhu85 (#10829)
• @​divyanshuraj1095 (#10853)
• @​sagodi97 (#10856)
• @​rkdfx (#10868)
• @​Liuwei1125 (#10866)

Full Changelog

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

... (truncated)

Changelog

Sourced from axios's changelog.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

• Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
• Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
• CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

• Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
• Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
• XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
• Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
• Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
• URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

• Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)
• composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)
• AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)
• Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)
• Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)
• Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​hpinmetaverse (#10836)
• @​tommyhgunz14 (#7413)
• @​abhu85 (#10829)
• @​divyanshuraj1095 (#10853)
• @​sagodi97 (#10856)
• @​rkdfx (#10868)
• @​Liuwei1125 (#10866)

Full Changelog

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

... (truncated)

Commits

• 1337d6b chore(release): prepare release 1.16.1 (#10877)
• 858a790 fix: remove all caches (#10882)
• 34adfd9 revert: "fix: support URL object as config.url input (#10866)" (#10874)
• 847d89b fix: support URL object as config.url input (#10866)
• 4094886 fix(progress): guard malformed XHR upload events (#10868)
• 44f0c5b chore: change sponsorship link and add Twicsy advertisement (#10869)
• 64e1095 chore: update PR and issue template to use h2 (#10865)
• 3e6b4e1 fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...
• c4453ba fix: add the ability to add additional sponsors to the process sponsors scrip...
• caa00a9 fix: https data in cleartext to proxy (#10858)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates jquery from 3.7.1 to 4.0.0

Release notes

Sourced from jquery's releases.

Release 4.0.0

Changelog

https://blog.jquery.com/2026/01/17/jquery-4-0-0/

Ajax

• Don't treat array data as binary (992a1911)
• Allow processData: true even for binary data (ce264e07)
• Support binary data (including FormData) (a7ed9a7b)
• Support headers for script transport even when cross-domain (#5142, 6d136443)
• Support null as success functions in jQuery.get (#4989, 74978b7e)
• Don't auto-execute scripts unless dataType provided (#4822, 025da4dd)
• Make responseJSON work for erroneous same-domain JSONP requests (68b4ec59)
• Execute JSONP error script responses (#4771, a1e619b0)
• Avoid CSP errors in the script transport for async requests (#3969, 07a8e4a1)
• Drop the json to jsonp auto-promotion logic (#1799, #3376, e7b3bc48)
• Overwrite s.contentType with content-type header value, if any (#4119, 7fb90a6b)
• Deprecate AJAX event aliases, inline event/alias into deprecated (23d53928)
• Do not execute scripts for unsuccessful HTTP responses (#4250, 50871a5a)
• Simplify jQuery.ajaxSettings.xhr (#1967, abdc89ac)

Attributes

• Make .attr( name, false ) remove for all non-ARIA attrs (#5388, 063831b6)
• Shave off a couple of bytes (b40a4807)
• Don't stringify attributes in the setter (#4948, 4250b628)
• Drop the toggleClass(boolean|undefined) signature (#3388, a4421101)
• Refactor val(): don't strip carriage return, isolate IE workarounds (ff281991)
• Don't set the type attr hook at all outside of IE (9e66fe9a)

CSS

• Fix dimensions of table <col> elements (#5628, eca2a564)
• Drop the cache in finalPropName (640d5825)
• Tests: Fix tests & support tests under CSS Zoom (#5489, 071f6dba)
• Fix reliableTrDimensions support test for initially hidden iframes (b1e66a5f)
• Selector: Align with 3.x, remove the outer selector.js wrapper (53cf7244)
• Make the reliableTrDimensions support test work with Bootstrap CSS (#5270, 65b85031)
• Make offsetHeight( true ), etc. include negative margins (#3982, bce13b72)
• Return undefined for whitespace-only CSS variable values (#5120) (7eb00196)
• Don’t trim whitespace of undefined custom property (#5105, ed306c02)
• Skip falsy values in addClass( array ), compress code (#4998, a338b407)
• Justify use of rtrim on CSS property values (655c0ed5)
• Trim whitespace surrounding CSS Custom Properties values (#4926, efadfe99)
• Include show, hide & toggle methods in the jQuery slim build (297d18dd)
• Remove the opacity CSS hook (865469f5)
• Workaround buggy getComputedStyle on table rows in IE/Edge (#4490, 26415e08)
• Don't automatically add "px" to properties with a few exceptions (#2795, 00a9c2e5)

... (truncated)

Commits

• 4f2fae0 Release: 4.0.0
• c838cfb Release: remove dist files from main branch
• 9752519 Release: 4.0.0-rc.2
• c128d5d Release: Update AUTHORS.txt
• 5fe9c29 Build: De-dupe three authors via mailmap
• afdd032 Build: Post beta browser tests errors to jquery/dev on Matrix
• 546a1eb Build: Bump the github-actions group with 4 updates
• ec738b3 Build: Fix Chrome beta tests
• c28c26a Build: Add periodic tests on beta versions of browsers
• f513413 Build: Bump the github-actions group with 2 updates
• Additional commits viewable in compare view

Updates vue from 3.5.31 to 3.5.35

Release notes

Sourced from vue's releases.

v3.5.35

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.34

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.33

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.32

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.35 (2026-05-27)

Bug Fixes

• compiler-core: avoid double processing v-for keys with v-memo (#14861) (34a0ded), closes #14859
• compiler-sfc: resolve top-level exports from files registered as global types (#14805) (3d077f2), closes nuxt/nuxt#33694
• runtime-core: avoid repeated hydration mismatch checks (#14857) (170fc95), closes #14855
• runtime-core: skip idle persisted transition hooks in keep-alive moves (#14865) (80fc139), closes #14031
• server-renderer: propagate sync errors from ssrRenderSuspense (#14804) (4760997), closes nuxt/nuxt#28162
• teleport: skip child unmount when pending mount discarded (#14876) (#14877) (584beb1)

Performance Improvements

• reactivity: skip type checks for cached proxies (#14860) (5734fe9)
• runtime-dom: optimize array event handler dispatch (#14828) (bb18dc8)
• server-renderer: avoid materializing iterables in ssrRenderList (#14821) (1b7a2cc)

3.5.34 (2026-05-06)

Bug Fixes

• compiler-sfc: infer Vue ref wrapper types when source is unresolvable (#14758) (7f46fd4), closes #14729
• compiler-sfc: preserve hash hrefs on <image> elements (#14756) (090b2e3)
• compiler-sfc: resolve type re-exports inside declare global (#14766) (acfffe3)
• reactivity: prevent orphan effect when created in a stopped scope (#14778) (c8e2d4a), closes #14777
• runtime-core: avoid symbol coercion during props validation (#8539) (23d4fb5), closes #8487
• suspense: avoid DOM leak with out-in transition in v-if fragment (#14762) (9667e0d), closes #14761

3.5.33 (2026-04-22)

Bug Fixes

• compiler-sfc: handle nested :deep in selector pseudos (#14725) (bb9d265), closes #14724
• reactivity: unlink effect scopes on out-of-order off (#14734) (e7659be), closes #14733
• runtime-dom: preserve textarea resize dimensions (#14747) (11fb2fd), closes #14741
• teleport: don't move teleport children if not mounted (#14702) (6a61f44), closes #14701
• transition: preserve placeholder for conditional explicit default slots (#14748) (45990ce), closes #14727

3.5.32 (2026-04-03)

Bug Fixes

• runtime-core: prevent currentInstance leak into sibling render during async setup re-entry (#14668) (f166353), closes #14667

... (truncated)

Commits

• 8be32d6 release: v3.5.35
• 80fc139 fix(runtime-core): skip idle persisted transition hooks in keep-alive moves (...
• d6c7371 ci: use backup action for size report comments

[dependabot]

Labels

The following labels could not be found: dependencies, frontend. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[netlify]

❌ Deploy Preview for rsm-studio-frontend failed.

Name	Link
🔨 Latest commit	30f24c3
🔍 Latest deploy log	https://app.netlify.com/projects/rsm-studio-frontend/deploys/6a1e4a7c3373e60008d94ca1

[netlify]

✅ Deploy Preview for rsm-studio-site canceled.

Name	Link
🔨 Latest commit	30f24c3
🔍 Latest deploy log	https://app.netlify.com/projects/rsm-studio-site/deploys/6a1e4a7caf87d700083c60bc