Bump the patch group across 1 directory with 11 updates

[dependabot]

Bumps the patch group with 10 updates in the /vue directory:

Package	From	To
@tailwindcss/cli	4.3.0	4.3.1
marked	18.0.4	18.0.5
vue	3.5.35	3.5.38
vue-i18n	11.4.4	11.4.5
@vitest/eslint-plugin	1.6.18	1.6.20
@vue/test-utils	2.4.10	2.4.11
eslint-plugin-security	4.0.0	4.0.1
eslint-plugin-vue	10.9.1	10.9.2
prettier	3.8.3	3.8.4
vue-tsc	3.3.2	3.3.5

Updates @tailwindcss/cli from 4.3.0 to 4.3.1

Release notes

Sourced from @​tailwindcss/cli's releases.

v4.3.1

Added

• Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

• Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)
• Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)
• Allow @apply to be used with CSS mixins (#19427)
• Ensure not-* correctly negates @container queries, including style(…) queries (#20059)
• Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)
• Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)
• Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)
• Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)] → px-[calc(1rem+0)]) (#20127)
• Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px] → left-[99999px], not left-24999.75) (#20130)
• Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)
• Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)
• Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)
• Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)
• Allow @variant to be used inside addBase (#19480)
• Ensure @source globs with symlinks are preserved (#20203)
• Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)
• Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)
• Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)
• Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)
• Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)
• Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)] → w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)
• Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

• Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)
• Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#20196)

Changelog

Sourced from @​tailwindcss/cli's changelog.

[4.3.1] - 2026-06-12

Added

• Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

• Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)
• Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)
• Allow @apply to be used with CSS mixins (#19427)
• Ensure not-* correctly negates @container queries, including style(…) queries (#20059)
• Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)
• Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)
• Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)
• Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)] → px-[calc(1rem+0)]) (#20127)
• Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px] → left-[99999px], not left-24999.75) (#20130)
• Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)
• Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)
• Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)
• Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)
• Allow @variant to be used inside addBase (#19480)
• Ensure @source globs with symlinks are preserved (#20203)
• Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)
• Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)
• Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)
• Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)
• Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)
• Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)] → w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)
• Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

• Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)
• Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#20196)

Commits

• 8a14a71 4.3.1 (#20226)
• 0c5f8bf Ignore the standalone CLI (#20139)
• 44818a6 Ensure @tailwindcss/cli recovers from a deleted transitive dependency (#20137)
• e0a0c46 Cleanup lockfile / dependencies (#20102)
• a480043 Add --silent option to suppress output in @tailwindcss/cli (#20100)
• 8dcdb66 Bump dependencies (#20095)
• See full diff in compare view

Updates marked from 18.0.4 to 18.0.5

Release notes

Sourced from marked's releases.

v18.0.5

18.0.5 (2026-06-04)

Bug Fixes

• parse empty list item with trailing space (#3984) (b55410f)

Commits

• 4063c63 chore(release): 18.0.5 [skip ci]
• b55410f fix: parse empty list item with trailing space (#3984)
• c6e667b chore(deps-dev): bump eslint from 10.4.0 to 10.4.1 (#3986)
• 95f98ec chore(deps-dev): bump @​arethetypeswrong/cli from 0.18.2 to 0.18.3 (#3985)
• c1a86f0 Add Node.js usage example to README (#3983)
• 763f729 chore(deps-dev): bump marked-man from 2.1.0 to 2.1.1 (#3978)
• 2cf1fd0 chore(deps-dev): bump markdown-it from 14.1.1 to 14.2.0 (#3977)
• See full diff in compare view

Updates vue from 3.5.35 to 3.5.38

Release notes

Sourced from vue's releases.

v3.5.38

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.37

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.38 (2026-06-11)

3.5.37 (2026-06-11)

3.5.36 (2026-06-11)

Bug Fixes

• compiler-core: avoid crash on CDATA at the document root (#14916) (0ea17e2)
• compiler-core: prefix dynamic keys on v-memo elements (#14922) (68e978e), closes #14920
• compiler-sfc: handle vue-ignore on leading intersection/union type (#14950) (0dcd225), closes #12254
• compiler-sfc: respect var hoisting in props destructure (48ad452)
• reactivity: preserve watch callback return value when wrapped for once: true (#14902) (450a8a8)
• runtime-core: add dev warning for silent catch in compat mode and fix test description typo (#14891) (db3e117)
• runtime-core: force model update when reverted before sync (#14897) (7f76378), closes #13524
• runtime-core: skip async component callbacks after unmount (#14911) (5300ead)
• transition: avoid move transition for hidden v-show group children (#14895) (c11f6ee), closes #14894
• watch: trigger immediate callback for empty sources (#14914) (1f2ca7e), closes #14898

Commits

• 478e3e8 release: v3.5.38
• 30ba647 chore(release): make release publishing resumable (#14953)
• c00b021 release: v3.5.37
• 11ac8b4 release: v3.5.36
• 43eba78 chore(deps): update lint (#14935)
• 3bc7290 chore(deps): update build (#14901)
• 8203fc5 chore(deps): update all non-major dependencies (#14938)
• 8f4bc85 chore(deps): update compiler (#14900)
• 8e63cdf chore(deps): update dependency npm-run-all2 to v9 (#14939)
• 131291a chore(deps): update test (#14936)
• Additional commits viewable in compare view

Updates vue-i18n from 11.4.4 to 11.4.5

Release notes

Sourced from vue-i18n's releases.

v11.4.5

What's Changed

⚡ Improvement Features

• fix(core-base): respect part option when format key is omitted in number/datetime by @​kazupon in intlify/vue-i18n#2522

Full Changelog: intlify/vue-i18n@v11.4.4...v11.4.5

Commits

• 6b97bfd release: v11.4.5
• See full diff in compare view

Updates @vitest/eslint-plugin from 1.6.18 to 1.6.20

Release notes

Sourced from @​vitest/eslint-plugin's releases.

v1.6.20

   🐞 Bug Fixes

• hoisted-apis-on-top: Detect vitest.mock and aliased vi/vitest mock calls  -  by @​spokodev in vitest-dev/eslint-plugin-vitest#909 (8fff9)
• require-test-timeout: Treat imported bindings as explicit timeouts  -  by @​spokodev in vitest-dev/eslint-plugin-vitest#906 (bd82c)
• valid-expect: Treat .finally() as part of async assertion promise chains  -  by @​spokodev in vitest-dev/eslint-plugin-vitest#908 (7c697)

    View changes on GitHub

v1.6.19

No significant changes

    View changes on GitHub

Commits

• 9cca3c3 chore: release v1.6.20
• 7c697f8 fix(valid-expect): treat .finally() as part of async assertion promise chains...
• 8fff969 fix(hoisted-apis-on-top): detect vitest.mock and aliased vi/vitest mock calls...
• 7606e1d docs(no-large-snapshots): describe allowSnapshots as a map (#916)
• bd82c7d fix(require-test-timeout): treat imported bindings as explicit timeouts (#906)
• 28bc45f chore: release v1.6.19
• 8566d7f chore: prefer-called-with should report toHaveBeenCalledOnce() (#911)
• See full diff in compare view

Updates @vue/test-utils from 2.4.10 to 2.4.11

Release notes

Sourced from @​vue/test-utils's releases.

v2.4.11

compare changes

🩹 Fixes

• Drop legacy Mutation Event listener entries (#2844)
• Handle setData() correctly for components using both setup() and data() (#2846)
• Export GlobalMountOptions type (#2851)
• Set spec-compliant event.code on keydown/keyup (#2850)

❤️ Contributors

• Cédric Exbrayat (@​cexbrayat)
• Renato de Leão (@​renatodeleao)
• Matt Van Horn (@​mvanhorn)
• Carsten Brachem (@​cbrachem)
• Ahmad Hanan (@​AhmadHannan037)
• Paul Cochrane (@​paultcochrane)
• Arpit Jain (@​arpitjain099)

Commits

• 5e48e1e v2.4.11
• b73ee1d chore(deps): update dependency oxfmt to v0.53.0
• 39e32ec chore(deps): update all non-major dependencies to v17.0.7 (#2881)
• 0621772 chore(deps): update actions/checkout digest to df4cb1c (#2880)
• 81fde07 chore(deps): update all non-major dependencies (#2879)
• 4ad4255 chore(deps): update dependency oxfmt to v0.52.0 (#2878)
• 8d3d26e chore(deps): update pnpm to v11.3.0 (#2877)
• bc79eff chore(deps): update all non-major dependencies (#2876)
• 58db8f7 chore(deps): update all non-major dependencies (#2874)
• 9ad31cb chore: enable renovate minimum release age for npm
• Additional commits viewable in compare view

Updates eslint-plugin-security from 4.0.0 to 4.0.1

Release notes

Sourced from eslint-plugin-security's releases.

eslint-plugin-security: v4.0.1

4.0.1 (2026-06-12)

Bug Fixes

• treat import.meta.dirname and import.meta.filename as static (#200) (74c97bb)

Changelog

Sourced from eslint-plugin-security's changelog.

4.0.1 (2026-06-12)

Bug Fixes

• treat import.meta.dirname and import.meta.filename as static (#200) (74c97bb)

Commits

• cb8645c chore: release 4.0.1 🚀 (#204)
• 74c97bb fix: treat import.meta.dirname and import.meta.filename as static (#200)
• 0b45f82 chore(deps-dev): bump shell-quote from 1.7.4 to 1.8.4 (#202)
• 954149a chore(deps-dev): bump handlebars from 4.7.7 to 4.7.9 (#198)
• d5012b6 chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 (#197)
• b53d8b4 chore(deps-dev): bump flatted from 3.3.1 to 3.4.2 (#196)
• 7876750 chore(deps): bump minimatch (#194)
• See full diff in compare view

Updates eslint-plugin-vue from 10.9.1 to 10.9.2

Release notes

Sourced from eslint-plugin-vue's releases.

v10.9.2

Patch Changes

• Fixed vue/custom-event-name-casing to check segments of colon-separated event names like update:foo-bar (#3079)
• Fixed vue/one-component-per-file to not report functions not imported from Vue (#3063)
• Fixed vue/prefer-import-from-vue to not report imports/exports of names that are not re-exported by vue (#3081)
• Fixed vue/return-in-computed-property and vue/require-render-return to not report exhaustive switch statements when TypeScript type information is available (#3067)

Changelog

Sourced from eslint-plugin-vue's changelog.

10.9.2

Patch Changes

• Fixed vue/custom-event-name-casing to check segments of colon-separated event names like update:foo-bar (#3079)
• Fixed vue/one-component-per-file to not report functions not imported from Vue (#3063)
• Fixed vue/prefer-import-from-vue to not report imports/exports of names that are not re-exported by vue (#3081)
• Fixed vue/return-in-computed-property and vue/require-render-return to not report exhaustive switch statements when TypeScript type information is available (#3067)

Commits

• 9aa463a Version Packages (#3080)
• 517347c Add error positions (#3085)
• b582b7e fix: false positive for returns in exhaustive switch (#3067)
• 91a136c fix(one-component-per-file): Ignore members imported from elsewhere (#3063)
• d37d17b fix(prefer-import-from-vue): don't report names not exported by vue (#3081)
• 836aa95 fix(custom-event-name-casing): check segments of colon-separated names (#3079)
• See full diff in compare view

Updates jiti from 2.6.1 to 2.7.0

Release notes

Sourced from jiti's releases.

v2.7.0

compare changes

🚀 Enhancements

• Add explicit resource management (using/await using) support (#422)
• Support opt-in tsconfigPaths (#427)
• Support virtual modules (#428)
• Add jiti/static subpath (#430)

🔥 Performance

• interopDefault: Add caching to reduce proxy overhead by ~2x (#421)

🩹 Fixes

• require: Passthrough resolve options (#412)
• require: Fallback to transpilation when tryNative fails (#413)
• Fallback for ENAMETOOLONG when evaluating esm (#429)

📦 Build

• Upgrade rspack to v2 (55194fb)
• Experimental rolldown config (8c0243f)

✅ Tests

• Ignore jsx test for bun/cjs (3a744ca)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Kricsleo (@​kricsleo)
• Espen Hovlandsdal (@​rexxars)
• Rintaro Itokawa (@​re-taro)
• Matteo Collina (@​mcollina)
• Mario Zechner (@​badlogic)

Changelog

Sourced from jiti's changelog.

v2.7.0

compare changes

🚀 Enhancements

• Add explicit resource management (using/await using) support (#422)
• Support opt-in tsconfigPaths (#427)
• Support virtual modules option (#428)
• Add jiti/static export (#430)

🔥 Performance

• interopDefault: Add caching to reduce proxy overhead by ~2x (#421)

🩹 Fixes

• require: Passthrough resolve options (#412)
• ci: Skip --coverage flag for node 18 (fe264b4)
• require: Fallback to transpilation when tryNative fails (#413)
• Fallback for ENAMETOOLONG when evaluating esm (#429)

📦 Build

• Upgrade rspack (55194fb)
• Experimental rolldown config (8c0243f)

🏡 Chore

• Fix lint issues (4045c7a)
• Update deps (e88ac44)
• Update deps (498e8d7)
• Add missing prettier dep (650bc48)
• Lint (058d91a)
• Init agents.md (c49c54e)
• Update agents.md (4deba16)
• Update deps (08fc868)
• Update tsconfig (8c7822e)
• Update release script (27fe3f2)

✅ Tests

• Ignore jsx test for bun/cjs (3a744ca)
• Update (9ee314f)

🤖 CI

• Update node test matrix (0abda72)

❤️ Contributors

... (truncated)

Commits

• fd3bb28 chore(release): v2.7.0
• 27fe3f2 chore: update release script
• 4fcd2f2 fix: fallback for ENAMETOOLONG when evaluating esm (#429)
• 8c0243f build: experimental rolldown config
• 55194fb build: upgrade rspack
• 0abda72 ci: update node test matrix
• 8c7822e chore: update tsconfig
• 08fc868 chore: update deps
• 5d552e3 feat: add jiti/static export (#430)
• ae790b0 feat: support virtual modules option (#428)
• Additional commits viewable in compare view

Updates prettier from 3.8.3 to 3.8.4

Release notes

Sourced from prettier's releases.

3.8.4

• Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (prettier/prettier#17746 by @​byplayer)

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.4

diff

Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (#17746 by @​byplayer)

Prettier was removing blank lines between list items and their nested sub-lists, converting loose lists into tight lists and changing their semantic meaning.

<!-- Input -->
- a


b


c

d



<!-- Prettier 3.8.3 -->

a

b


c

d



<!-- Prettier 3.8.4 -->


a

b



c

d

Commits

• 1c6ba55 Release 3.8.4
• 4a673dc Fix blank lines between list items and nested sub-lists being removed in Mark...
• 074aaed Replace main branch in changelog link with tags (#19054)
• c22a003 Bump Prettier dependency to 3.8.3
• 07bad1f Clean changelog_unreleased
• See full diff in compare view

Updates vue-tsc from 3.3.2 to 3.3.5

Release notes

Sourced from vue-tsc's releases.

v3.3.5

language-core

• fix: include event modifiers in duplicate listener checks (#6097) - Thanks to @​KazariEX!

Our Sponsors ❤️

... (truncated)

Changelog

Sourced from vue-tsc's changelog.

3.3.5 (2026-06-13)

language-core

• fix: include event modifiers in duplicate listener checks (#6097) - Thanks to @​KazariEX!

3.3.4 (2026-06-08)

language-core

• fix: only exclude already-set props from inherited attrs when checkRequiredFallthroughAttributes is enabled (#6088) - Thanks to @​KazariEX!
• fix: camelize slot props regardless of htmlAttributes option (#6089) - Thanks to @​KazariEX!
• fix: detect duplicate event listeners across name formats (#6094) - Thanks to @​whysopaul!

language-service

• fix: respect var hoisting for destructured props hints (#6092) - Thanks to @​KazariEX!

typescript-plugin

• fix: do not treat class and style as a boolean property (#6081) - Thanks to @​KazariEX!

3.3.3 (2026-05-30)

vscode

• fix: prevent grammar scopes leakage in capitalized tags (#6073) - Thanks to @​KazariEX!
• fix: preserve TS auto imports behavior in Vue files (#6072) - Thanks to @​KazariEX!

workspace

• fix: read PR title from env in auto-version workflow to prevent injection (#6074) - Thanks to @​arpitjain099!

Commits

• 2fe255c v3.3.5 (#6102)
• 043a77b v3.3.4 (#6095)
• 5c41b5f v3.3.3 (#6079)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions