Bump the all-npm-dependencies group with 5 updates

[dependabot]

Bumps the all-npm-dependencies group with 5 updates:

Package	From	To
vue	3.5.26	3.5.27
@biomejs/biome	2.3.10	2.3.12
vite	7.3.0	7.3.1
vitest	4.0.16	4.0.18
vue-tsc	3.2.1	3.2.3

Updates vue from 3.5.26 to 3.5.27

Release notes

Sourced from vue's releases.

v3.5.27

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.27 (2026-01-19)

Bug Fixes

• compile-sfc: correctly handle variable shadowing in for loop for defineProps destructuring. (#14296) (6a1bb50), closes #14294
• compiler-sfc: handle indexed access types in declare global blocks (#14260) (e4091fe), closes #14236
• compiler-sfc: use correct scope when resolving indexed access types from external files (#14297) (f0f0a21), closes #14292
• reactivity: collection iteration should inherit iterator instance methods (#12644) (3c8b2fc), closes #12615
• runtime-core: skip patching reserved props for custom elements (#14275) (19cc7e2), closes #14274
• server-renderer: use ssrRenderClass helper for className attribute (#14327) (a4708f3)
• ssr: handle v-bind modifiers during render attrs (#14263) (c2f5964), closes #14262

Commits

• aa9af1d release: v3.5.27
• 35c3608 Revert "fix(runtime-core): resolve kebab-case slot names from in-DOM template...
• 7e554bf fix(runtime-core): resolve kebab-case slot names from in-DOM templates (#14302)
• 0596a5f types(jsx): improve autocomplete type (#14237)
• 19cc7e2 fix(runtime-core): skip patching reserved props for custom elements (#14275)
• c2f5964 fix(ssr): handle v-bind modifiers during render attrs (#14263)
• 3c8b2fc fix(reactivity): collection iteration should inherit iterator instance method...
• e4091fe fix(compiler-sfc): handle indexed access types in declare global blocks (#14260)
• 6a1bb50 fix(compile-sfc): correctly handle variable shadowing in for loop for `define...
• f0f0a21 fix(compiler-sfc): use correct scope when resolving indexed access types from...
• Additional commits viewable in compare view

Updates @biomejs/biome from 2.3.10 to 2.3.12

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.12

2.3.12

Patch Changes

• #8653 047576d Thanks @​dyc3! - Added new nursery rule noDuplicateAttributes to forbid duplicate attributes in HTML elements.

• #8648 96d09f4 Thanks @​BaeSeokJae! - Added a new nursery rule noVueOptionsApi.

  Biome now reports Vue Options API usage, which is incompatible with Vue 3.6's Vapor Mode. This rule detects Options API patterns in <script> blocks, defineComponent(), and createApp() calls, helping prepare codebases for Vapor Mode adoption.

  For example, the following now triggers this rule:

  <script>
  export default {
    data() {
      return { count: 0 };
    },
  };
  </script>

• #8832 b08270b Thanks @​Exudev! - Fixed #8809, #7985, and #8136: the noSecrets rule no longer reports false positives on common CamelCase identifiers like paddingBottom, backgroundColor, unhandledRejection, uncaughtException, and IngestGatewayLogGroup.

  The entropy calculation algorithm now uses "average run length" to distinguish between legitimate CamelCase patterns (which have longer runs of same-case letters) and suspicious alternating case patterns (which have short runs).

• #8793 c19fb0e Thanks @​TheBaconWizard! - Properly handle parameters metavariables for arrow_function GritQL queries. The following biome search command no longer throws an error:

  biome search 'arrow_function(parameters=$parameters, body=$body)'

• #8561 981affb Thanks @​wataryooou! - Fixed noUnusedVariables to ignore type parameters declared in ambient contexts such as declare module blocks.

• #8817 652cfbb Thanks @​dyc3! - Fixed #8765: The HTML parser can now parse directive modifiers with a single colon, e.g. @keydown.:.

• #8704 a1914d4 Thanks @​Netail! - Added the nursery rule noRootType. Disallow the usage of specified root types. (e.g. mutation and/or subscription)

  Invalid:

  {
    "options": {
      "disallow": ["mutation"]
    }

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.12

Patch Changes

• #8653 047576d Thanks @​dyc3! - Added new nursery rule noDuplicateAttributes to forbid duplicate attributes in HTML elements.

• #8648 96d09f4 Thanks @​BaeSeokJae! - Added a new nursery rule noVueOptionsApi.

  Biome now reports Vue Options API usage, which is incompatible with Vue 3.6's Vapor Mode. This rule detects Options API patterns in <script> blocks, defineComponent(), and createApp() calls, helping prepare codebases for Vapor Mode adoption.

  For example, the following now triggers this rule:

  <script>
  export default {
    data() {
      return { count: 0 };
    },
  };
  </script>

• #8832 b08270b Thanks @​Exudev! - Fixed #8809, #7985, and #8136: the noSecrets rule no longer reports false positives on common CamelCase identifiers like paddingBottom, backgroundColor, unhandledRejection, uncaughtException, and IngestGatewayLogGroup.

  The entropy calculation algorithm now uses "average run length" to distinguish between legitimate CamelCase patterns (which have longer runs of same-case letters) and suspicious alternating case patterns (which have short runs).

• #8793 c19fb0e Thanks @​TheBaconWizard! - Properly handle parameters metavariables for arrow_function GritQL queries. The following biome search command no longer throws an error:

  biome search 'arrow_function(parameters=$parameters, body=$body)'

• #8561 981affb Thanks @​wataryooou! - Fixed noUnusedVariables to ignore type parameters declared in ambient contexts such as declare module blocks.

• #8817 652cfbb Thanks @​dyc3! - Fixed #8765: The HTML parser can now parse directive modifiers with a single colon, e.g. @keydown.:.

• #8704 a1914d4 Thanks @​Netail! - Added the nursery rule noRootType. Disallow the usage of specified root types. (e.g. mutation and/or subscription)

  Invalid:

  {
    "options": {
      "disallow": ["mutation"]
    }
  }

... (truncated)

Commits

• fd33f86 ci: release (#8671)
• a53fc75 chore: update sponsors (#8844)
• 4ee3bda feat(graphql_analyze): implement useLoneAnonymousOperation (#8616)
• 71b5c6e feat(js_analyze): implement noExcessiveClassesPerFile (#8753)
• d6b2bda feat(js_analyze): implement noFloatingClasses (#8754)
• 17ed9d3 feat(js_analyze): implement noDivRegex (#8757)
• 291c9f2 feat(biome_js_analyze): port useInlineScriptId from Next.js (#8624)
• 96d09f4 feat(lint): add noVueOptionsApi rule (#8648)
• 39eb545 fix(biome_configuration): revert URL brackets (#8766)
• 365f7aa feat(js_analyze): implement noDuplicateEnumValues (#8711)
• Additional commits viewable in compare view

Updates vite from 7.3.0 to 7.3.1

Release notes

Sourced from vite's releases.

v7.3.1

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.3.1 (2026-01-07)

Features

• add ignoreOutdatedRequests option to optimizeDeps (#21364) (9d39d37)

Commits

• 95e8923 release: v7.3.1
• 9d39d37 feat: add ignoreOutdatedRequests option to optimizeDeps (#21364)
• See full diff in compare view

Updates vitest from 4.0.16 to 4.0.18

Release notes

Sourced from vitest's releases.

v4.0.18

   🚀 Experimental Features

• experimental: Add onModuleRunner hook to worker.init  -  by @​sheremet-va in vitest-dev/vitest#9286 (ea837)

   🐞 Bug Fixes

• Use meta.url in createRequire  -  by @​sheremet-va in vitest-dev/vitest#9441 (e0572)
• browser: Hide injected data-testid attributes  -  by @​sheremet-va in vitest-dev/vitest#9503 (f8989)
• ui: Process artifact attachments when generating HTML reporter  -  by @​macarie in vitest-dev/vitest#9472 (22543)

    View changes on GitHub

v4.0.17

   🚀 Experimental Features

• Support openTelemetry for browser mode  -  by @​hi-ogawa in vitest-dev/vitest#9180 (1ec3a)
• Support TRACEPARENT and TRACESTATE environment variables for OpenTelemetry context propagation  -  by @​Copilot, hi-ogawa and @​hi-ogawa in vitest-dev/vitest#9295 (876cb)

   🐞 Bug Fixes

• Improve asymmetric matcher diff readability by unwrapping container matchers  -  by @​Copilot, sheremet-va, hi-ogawa and @​hi-ogawa in vitest-dev/vitest#9330 (b2ec7)
• Improve runner error when importing outside of test context  -  by @​sheremet-va in vitest-dev/vitest#9335 (2dd3d)
• Replace crypto.randomUUID to allow insecure environments (fix #9…  -  by @​plusgut in vitest-dev/vitest#9339 and vitest-dev/vitest#9 (e6a3f)
• Handle null options in addEventHandler #9371  -  by @​ThibautMarechal in vitest-dev/vitest#9372 and vitest-dev/vitest#9371 (40841)
• Typo in browser.provider error  -  by @​deammer in vitest-dev/vitest#9394 (4b67f)
• browser:
  • Fix process.env and import.meta.env defines in inline project  -  by @​hi-ogawa in vitest-dev/vitest#9239 (b70c9)
  • Fix upload File instance  -  by @​hi-ogawa in vitest-dev/vitest#9294 (b6778)
  • Fix invalid project token for artifacts assets  -  by @​hi-ogawa in vitest-dev/vitest#9321 (caa7d)
  • Log ErrorEvent.message when unhandled ErrorEvent.error is null  -  by @​hi-ogawa in vitest-dev/vitest#9322 (5d84e)
  • Support fileParallelism on an instance  -  by @​sheremet-va in vitest-dev/vitest#9328 (15006)
• coverage:
  • Remove unnecessary istanbul-lib-source-maps usage  -  by @​AriPerkkio in vitest-dev/vitest#9344 (b0940)
  • Apply patch from istanbuljs/istanbuljs#837  -  by @​AriPerkkio and sapphi-red in vitest-dev/vitest#9413 and vitest-dev/vitest#837 (e05ce)
• fsModuleCache:
  • Don't store importers in cache  -  by @​sheremet-va in vitest-dev/vitest#9422 (75136)
  • Add importers alongside importedModules  -  by @​sheremet-va in vitest-dev/vitest#9423 (59f92)
• mocker:
  • Fix mock transform with class  -  by @​hi-ogawa in vitest-dev/vitest#9421 (d390e)
• pool:
  • Validate environment options when reusing the worker  -  by @​sheremet-va in vitest-dev/vitest#9349 (a8a88)
  • Handle worker start failures gracefully  -  by @​AriPerkkio in vitest-dev/vitest#9337 (200da)
• reporter:
  • Report test module if it failed to run  -  by @​sheremet-va in vitest-dev/vitest#9272 (c7888)
• runner:
  • Respect nested test.only within describe.only  -  by @​Ujjwaljain16 in vitest-dev/vitest#9021 and vitest-dev/vitest#9213 (55d5d)
• typecheck:
  • Improve error message when tsc outputs help text  -  by @​Ujjwaljain16 in vitest-dev/vitest#9214 (7b10a)
• ui:

... (truncated)

Commits

• 4d3e3c6 chore: release v4.0.18
• ea837de feat(experimental): add onModuleRunner hook to worker.init (#9286)
• e057281 fix: use meta.url in createRequire (#9441)
• dd54e94 chore: release v4.0.17
• 59f92d4 fix(fsModuleCache): add importers alongside importedModules (#9423)
• 751364e fix(fsModuleCache): don't store importers in cache (#9422)
• 4b67fc2 fix: typo in browser.provider error (#9394)
• 40841ff fix: handle null options in addEventHandler #9371 (#9372)
• 200dadb fix(pool): handle worker start failures gracefully (#9337)
• 1500654 fix(browser): support fileParallelism on an instance (#9328)
• Additional commits viewable in compare view

Updates vue-tsc from 3.2.1 to 3.2.3

Release notes

Sourced from vue-tsc's releases.

v3.2.3

language-core

• feat: support configuration for language plugins (#5678) - Thanks to @​KazariEX!
• fix: avoid defineModel breaking ast in lang="js" (#5935) - Thanks to @​KazariEX!
• fix: infer object keys as string if it does not extend string (#5933) - Thanks to @​serkodev!

typescript-plugin

• feat: correct rename behavior on same name shorthands in template (#5907) - Thanks to @​KazariEX!
• fix: only forward quick info for original results without tags (#5938) - Thanks to @​KazariEX!

vscode

• fix: correct indent for <style> and <script> tags (#5925) - Thanks to @​serkodev!

Our Sponsors ❤️

... (truncated)

Changelog

Sourced from vue-tsc's changelog.

3.2.3 (2026-01-23)

language-core

• feat: support configuration for language plugins (#5678) - Thanks to @​KazariEX!
• fix: avoid defineModel breaking ast in lang="js" (#5935) - Thanks to @​KazariEX!
• fix: infer object keys as string if it does not extend string (#5933) - Thanks to @​serkodev!

typescript-plugin

• feat: correct rename behavior on same name shorthands in template (#5907) - Thanks to @​KazariEX!
• fix: only forward quick info for original results without tags (#5938) - Thanks to @​KazariEX!

vscode

• fix: correct indent for <style> and <script> tags (#5925) - Thanks to @​serkodev!

3.2.2 (2026-01-06)

language-core

• fix: correct code features on v-bind shorthands of special attributes - Thanks to @​KazariEX!

language-plugin-pug

• feat: accurate Pug shorthand mapping (#5906)
• fix: pre-map HTML to Pug offset attribute (#5905)

language-service

• feat: strip ="" for boolean props completion edits (#5888) - Thanks to @​KazariEX!
• fix: avoid duplicate directive modifiers in completion (#5920) - Thanks to @​KazariEX!

typescript-plugin

• fix: only forward quick info and suggestion diagnostics for setup bindings (#5892) - Thanks to @​KazariEX!

Commits

• efc6882 v3.2.3 (#5942)
• a522afa fix(language-core): avoid defineModel breaking ast in lang="js" (#5935)
• 17394f4 v3.2.2 (#5923)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions