chore(deps): bump the management-production group across 1 directory with 8 updates

[dependabot]

Bumps the management-production group with 8 updates in the /management directory:

Package	From	To
@dnd-kit/abstract	0.1.21	0.4.0
@dnd-kit/dom	0.1.21	0.4.0
@internationalized/date	3.12.1	3.12.2
date-fns	4.3.0	4.4.0
dompurify	3.4.5	3.4.7
markdown-it	14.1.1	14.2.0
vue	3.5.34	3.5.35
vue-router	5.0.4	5.1.0

Updates @dnd-kit/abstract from 0.1.21 to 0.4.0

Release notes

Sourced from @​dnd-kit/abstract's releases.

@​dnd-kit/abstract@​0.4.0

Minor Changes

• #1923 cde61e4 Thanks @​clauderic! - Batch entity identity changes to prevent collision oscillation during virtualized sorting.

  When entities swap ids (e.g. as react-window recycles DOM nodes during a drag), multiple registry updates could fire in an interleaved order, causing the collision detector to momentarily see stale or duplicate entries and oscillate between targets.

  Entity id changes are now deferred to a microtask and flushed atomically in a single batch(), ensuring:

  • The collision notifier skips detection while id changes are pending
  • The registry cleans up ghost registrations (stale keys left behind after an id swap)

• #1915 9b24dff Thanks @​clauderic! - Redesign event type system to follow the DOM EventMap pattern. Introduces DragDropEventMap for event object types and DragDropEventHandlers for event handler signatures, replacing the ambiguously named DragDropEvents. Event type aliases (CollisionEvent, DragStartEvent, etc.) now derive directly from DragDropEventMap rather than using Parameters<> extraction.

  Migration guide

  • DragDropEvents has been split into two types:
    • DragDropEventMap — maps event names to event object types (like WindowEventMap)
    • DragDropEventHandlers — maps event names to (event, manager) => void handler signatures
  • If you were importing DragDropEvents to type event objects, use DragDropEventMap instead:

    // Before
    type MyEvent = Parameters<DragDropEvents<D, P, M>['dragend']>[0];
    // After
    type MyEvent = DragDropEventMap<D, P, M>['dragend'];

  • If you were importing DragDropEvents to type event handlers, use DragDropEventHandlers instead:

    // Before
    const handler: DragDropEvents<D, P, M>['dragend'] = (event, manager) => {};
    // After
    const handler: DragDropEventHandlers<D, P, M>['dragend'] = (
      event,
      manager
    ) => {};

  • The DragDropEvents re-export from @dnd-kit/react and @dnd-kit/solid has been removed. Import DragDropEventMap or DragDropEventHandlers from @dnd-kit/abstract directly if needed.
  • Convenience aliases (CollisionEvent, DragStartEvent, DragEndEvent, etc.) are unchanged and continue to work as before.

• #1938 e69387d Thanks @​clauderic! - Added per-entity plugin configuration and moved feedback from the Draggable entity to the Feedback plugin.

  Draggable entities now accept a plugins property for per-entity plugin configuration, using the existing Plugin.configure() pattern. Plugins can read per-entity options via source.pluginConfig(PluginClass).

  The feedback property ('default' | 'move' | 'clone' | 'none') has been moved from the Draggable entity to FeedbackOptions. Drop animation can also now be configured per-draggable.

  Plugins listed in an entity's plugins array are auto-registered on the manager if not already present. The Sortable class now uses this generic mechanism instead of its own custom registration logic.

  Migration guide

  The feedback property has been moved from the draggable/sortable hook input to per-entity Feedback plugin configuration.

... (truncated)

Commits

• ebc564e Merge pull request #1907 from clauderic/changeset-release/main
• 4f071cb Version Packages
• 5e7735f Merge pull request #2001 from lixiaoyan/feat/feedback-callback
• 412047b Merge pull request #2007 from clauderic/chore/upgrade-turborepo
• cf33af0 chore: remove turborepo agent skill from repo
• 7a02b46 chore: upgrade turborepo from 2.5.2 to 2.9.0
• fab49db Merge pull request #2006 from clauderic/claude/docs-mobile-fixes
• 2d2bb7a Add GitHub icon to mobile header
• 671a95a Pure CSS CodeGroup tabs — zero JavaScript for tab switching
• f1423c0 Fix CodeGroup: SSR-only Shiki with DOM-based tab switching
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​dnd-kit/abstract since your current version.

Updates @dnd-kit/dom from 0.1.21 to 0.4.0

Release notes

Sourced from @​dnd-kit/dom's releases.

@​dnd-kit/dom@​0.4.0

Minor Changes

• #1909 87bf1e6 Thanks @​clauderic! - Add acceleration and threshold options to the AutoScroller plugin.

  • acceleration controls the base scroll speed multiplier (default: 25).
  • threshold controls the percentage of container dimensions that defines the scroll activation zone (default: 0.2). Accepts a single number for both axes or { x, y } for per-axis control. Setting an axis to 0 disables auto-scrolling on that axis.

  AutoScroller.configure({
    acceleration: 15,
    threshold: {x: 0, y: 0.3},
  });

• #1966 521f760 Thanks @​lixiaoyan! - Sortable plugins now accepts Customizable<Plugins>, allowing a function that receives the default plugins to extend them rather than replace them.

  This prevents accidentally losing the default Sortable plugins (SortableKeyboardPlugin, OptimisticSortingPlugin) when adding per-entity plugin configuration such as Feedback.configure().

  // Extend defaults
  useSortable({
    id: 'item',
    index: 0,
    plugins: (defaults) => [
      ...defaults,
      Feedback.configure({feedback: 'clone'}),
    ],
  });
  // Replace defaults (same behavior as before)
  useSortable({
  id: 'item',
  index: 0,
  plugins: [MyPlugin],
  });

• #1938 c001272 Thanks @​clauderic! - The DropAnimationFunction context now includes source, providing access to the draggable entity for conditional animation logic.

  Feedback.configure({
    dropAnimation: async (context) => {
      if (context.source.type === 'service-draggable') return;
      // custom animation...
    },
  });

• #1923 cde61e4 Thanks @​clauderic! - Batch entity identity changes to prevent collision oscillation during virtualized sorting.

... (truncated)

Commits

• ebc564e Merge pull request #1907 from clauderic/changeset-release/main
• 4f071cb Version Packages
• 5e7735f Merge pull request #2001 from lixiaoyan/feat/feedback-callback
• 412047b Merge pull request #2007 from clauderic/chore/upgrade-turborepo
• cf33af0 chore: remove turborepo agent skill from repo
• 7a02b46 chore: upgrade turborepo from 2.5.2 to 2.9.0
• fab49db Merge pull request #2006 from clauderic/claude/docs-mobile-fixes
• 2d2bb7a Add GitHub icon to mobile header
• 671a95a Pure CSS CodeGroup tabs — zero JavaScript for tab switching
• f1423c0 Fix CodeGroup: SSR-only Shiki with DOM-based tab switching
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​dnd-kit/dom since your current version.

Updates @internationalized/date from 3.12.1 to 3.12.2

Release notes

Sourced from @​internationalized/date's releases.

React Spectrum S2 v1.3.0

In this release we are excited to announce support for expandable rows in TableView, highlight selection in TreeView, and window scrolling in collection components! Window scrolling enables virtualized collections to automatically scroll with the rest of the page – no height needed. In addition, we've updated the set of available workflow icons, and reduced the number of dependencies installed when using S2 by over 90% – see the full release notes for details.

To help assist with migrations from S1 to S2, we've added a new end to end migration Agent skill that you can use with your agent of choice. Our existing S2 Agent skill has also been updated to greatly improve its ability to select the proper S2 component to use from context, so be sure to update.

Full release notes

React Spectrum S2 v1.2.0

In this release, we are excited to announce that ListView and unavailable menu items are now available! In addition, we have added ActionBar support for TreeView and custom renderer support for the Picker's display value. We also shipped multiple TableView fixes and a set of documentation improvements including a Typography search view now available in the main search menu.

Thanks to all of our contributors for the updates in this release.

Full release notes

React Spectrum S2 v1.1.0

It’s our first release of the new year and we’ve got plenty of exciting treats we’re bringing to the table. We’ve added a variety of new features to our documentation site including a new dark/light mode switch in the site header. Our search menu also now features a Colors section where you can browse the Spectrum-defined colors and search by name or hex value to find close or exact matches. We also now offer our docs in the form of Agent Skills that can be installed locally and used by your favorite AI coding tools.

This release also includes several bugs fixes, such as properly rendering menus when rendered from within a popover and updates to TreeView disabledBehavior styling to match the latest designs.

Full Release Notes

Commits

• 791377f Publish
• 7840603 chore: update test util page badges (#10123)
• 2cea5b5 chore: update circleci resource classes (#10119)
• 83e5b53 chore: Omit calendar features from v3 (#10122)
• 2c18eb6 fix: Custom 454 Calendar month (#10115)
• ed9170f fix: ensure Tableview and ListView render their dividers and borders with the...
• 6206fc3 chore: Only export DragPreview from useDragAndDrop subpath (#10114)
• 8e4498f docs: add api section with slots to DragPreview (#10113)
• 719ebb2 fix: optimize locales not tree-shaking react-stately intl messages (#10111)
• 3547c08 fix: stabilise our flaky CI jobs (#10106)
• Additional commits viewable in compare view

Updates date-fns from 4.3.0 to 4.4.0

Release notes

Sourced from date-fns's releases.

v4.4.0

This release revisits the approach to CDN usage and introduces a new package, @date-fns/cdn and deprecates the date-fns CDN scripts. It allowed reducing the zipped package size from 5.83 MB down to 3.96 MB without introducing any breaking changes.

In v5.0.0-alpha.0 where CDN scripts are completely removed from date-fns the change is more significant and brings the zipped package size down to 2.89 MB.

It is just the first step in optimizing the package size. Expect further size reduction in the future v4 and v5 versions.

Changed

• DEPRECATED: The date-fns CDN scripts are now deprecated and will be removed in the next major release. Please switch to the new @date-fns/cdn package for CDN usage.

• Removed CDN source maps to reduce the package size. If you rely on them, please switch to the new @date-fns/cdn package that still includes them.

Commits

• cd53d25 Promote to v4.4.0
• d948ec1 Preserve but deprecate CDN versions for v4, set up v5 with polyfills
• ee65753 Add root mise :format task
• 9f5bdf5 Add positional argument to test/smoke.sh script
• 651ead6 Split CDN bundles into separate @​date-fns/cdn package
• 224c1a2 Deprecate type tests as attw hangs on date-fns package
• 7bb2842 Switch PACKAGE_OUTPUT_PATH to --dist flag in the package build script
• b6ad5ac Add flags to control package build script
• 424a783 Fix docs release after moving to monorepo setup
• See full diff in compare view

Updates dompurify from 3.4.5 to 3.4.7

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.7

• Hardened the handling of Shadow Roots when using IN_PLACE, thanks @​GameZoneHacker
• Removed a problem leading to permanent hook pollution, thanks @​offset
• Refactored the test suite and expanded test coverage significantly

DOMPurify 3.4.6

• Fixed several issues with DOM Clobbering in IN_PLACE mode, thanks @​offset & @​Bankde
• Hardened the checks for cross-realm IN_PLACE and Shadow DOM sanitization, thanks @​offset & @​Bankde
• Added more test coverage for IN_PLACE and general DOM Clobbering attacks
• Bumped several dependencies where possible

Commits

• ca30f07 release: 3.4.7 (#1414)
• bb7739e release: 3.4.6 (#1394)
• See full diff in compare view

Updates markdown-it from 14.1.1 to 14.2.0

Changelog

Sourced from markdown-it's changelog.

[14.2.0] - 2026-05-24

Added

• isPunctCharCode to utilities.

Fixed

• Don't end HTML comment blocks on a blank line, #1155.
• Properly recognize astral chars (surrogates) in delimiter scans for emphasis-like markers, #1072. Big thanks to @​tats-u for his global efforts with improving CJK support.
• Preserve unicode whitespaces when trimm headings/paragraphs, #1074.
• More strict entities decode to avoid false positives ;, #1096.
• Restore block parser state on fail in lheading rule, #1131.

Security

• Fixed poor smartquotes perfomance on > 70k quotes in single block
• Bumped linkify-it to 5.0.1 with fixed potential perfomance issues.

Commits

• 829797a 14.2.0 released
• 9ce2087 Fix smartquotes perfomance
• 02e73b8 linkify-it bump
• 68cfb8c fix: don't end HTML comment blocks on a blank line (#1155)
• 1083137 Readme cleanup
• 97c7ca2 Update funding info
• c471b55 Changelog update
• 7769621 isPunctChar => isPunctCharCode
• aa2aa70 fix: always reset parentType in lheading rule (#1131)
• 59955f2 Polish PRs #1072, #1074
• Additional commits viewable in compare view

Updates vue from 3.5.34 to 3.5.35

Release notes

Sourced from vue's releases.

v3.5.35

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.35 (2026-05-27)

Bug Fixes

• compiler-core: avoid double processing v-for keys with v-memo (#14861) (34a0ded), closes #14859
• compiler-sfc: resolve top-level exports from files registered as global types (#14805) (3d077f2), closes nuxt/nuxt#33694
• runtime-core: avoid repeated hydration mismatch checks (#14857) (170fc95), closes #14855
• runtime-core: skip idle persisted transition hooks in keep-alive moves (#14865) (80fc139), closes #14031
• server-renderer: propagate sync errors from ssrRenderSuspense (#14804) (4760997), closes nuxt/nuxt#28162
• teleport: skip child unmount when pending mount discarded (#14876) (#14877) (584beb1)

Performance Improvements

• reactivity: skip type checks for cached proxies (#14860) (5734fe9)
• runtime-dom: optimize array event handler dispatch (#14828) (bb18dc8)
• server-renderer: avoid materializing iterables in ssrRenderList (#14821) (1b7a2cc)

Commits

• 8be32d6 release: v3.5.35
• 80fc139 fix(runtime-core): skip idle persisted transition hooks in keep-alive moves (...
• d6c7371 ci: use backup action for size report comments
• bb18dc8 perf(runtime-dom): optimize array event handler dispatch (#14828)
• 5734fe9 perf(reactivity): skip type checks for cached proxies (#14860)
• 584beb1 fix(teleport): skip child unmount when pending mount discarded (#14876) (#14877)
• 34a0ded fix(compiler-core): avoid double processing v-for keys with v-memo (#14861)
• 170fc95 fix(runtime-core): avoid repeated hydration mismatch checks (#14857)
• 1b7a2cc perf(server-renderer): avoid materializing iterables in ssrRenderList (#14821)
• 3d077f2 fix(compiler-sfc): resolve top-level exports from files registered as global ...
• Additional commits viewable in compare view

Updates vue-router from 5.0.4 to 5.1.0

Release notes

Sourced from vue-router's releases.

v5.1.0

   🚀 Features

• Typed definePage params.path  -  by @​posva in vuejs/router#2716 (d65de)
• Strict type for definePage param default  -  by @​posva (0ae10)
• Support raw param parsers  -  by @​posva (eadec)
• Force array type raw param parsers  -  by @​posva (7a68b)
• Allow overriding the global Router type  -  by @​posva (1cd93)
• Emit runtime warning for invalid format in query params  -  by @​posva (8259a)
• Override useRouter() return with experimental types config  -  by @​posva (39a34)
• Allow string as a param parser for convenience  -  by @​posva (be37b)

   🐞 Bug Fixes

• Fix auto import fixes and make experimental esm only  -  by @​posva (db3a6)
• Deterministic param parser types order  -  by @​posva (bf0fc)
• Avoid importing unused param parsers  -  by @​posva (41c00)
• Filter invalid query params without failing to match  -  by @​posva (db717)
• Detect not set format  -  by @​posva (aa89e)
• Allow undefined values for params in query  -  by @​posva (4726e)
• experimental: Repeatable params in subsegments  -  by @​posva (84664)
• types: Add vite as optional peer dependency  -  by @​ForgottenR, @​posva and shihuijie in vuejs/router#2712 (facbf)

    View changes on GitHub

v5.0.7

   🚀 Features

• Upgrade to babel 8  -  by @​posva (8d3e6)
• Make defineParamParser() more intuitive  -  by @​posva (8715b)
• Upgrade @vue/devtools-api  -  by @​posva (87c3a)
• matcher: Hint at params: {} workaround in discarded params warning  -  by @​posva and shanliuling in vuejs/router#2689 (c2b13)
• param-parsers: Add include/exclude options  -  by @​posva (91cde)

   🐞 Bug Fixes

• matcher:
  • Finalize param token before processing escaped colon  -  by @​babu-ch and @​posva in vuejs/router#2654 (20521)
• query:
  • Use Object.create(null) to prevent prototype pollution  -  by @​wdskuki, wdsmini and @​posva in vuejs/router#2661 (be88c)
• resolve:
  • Omit empty optional params from resolved params  -  by @​babu-ch and @​posva in vuejs/router#2434 (1ef09)
• types:
  • Wire RouteNamedMap via generated routes.d.ts  -  by @​posva in vuejs/router#2700 (aef99)
• unplugin:
  • Avoid generating empty routes  -  by @​FrontEndDog and @​posva in vuejs/router#2642 (10a8b)
  • Apply definePage path-param parser overrides  -  by @​posva in vuejs/router#2699 (c8074)
• volar:
  • Drop runtime @vue/language-core import  -  by @​danielroe in vuejs/router#2710 (8af50)

... (truncated)

Commits

• c0e3226 release: vue-router@5.1.0
• 9ca7672 chore: fix playgroundc usage
• 315cc09 refactor(experimental): remove defineQueryParamParser and definePathParamParser
• 7fa42f4 docs: fix gen and dead links
• 1b3a068 refactor: organize imports and exports add back Router
• 665be2d docs: links update
• 5d79bd2 chore: unused param
• 9ccf3d1 docs: experimental
• eee8ac6 chore: playground param parsers testing
• 0194b85 build: build before test:types
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.