fix(deps): update all non-major dependencies with stable versions (patch)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@floating-ui/vue (source)	^1.1.10 → ^1.1.11
@types/node (source)	^24.10.13 → ^24.10.15
@types/sanitize-html (source)	^2.16.0 → ^2.16.1
@vitejs/plugin-vue (source)	^6.0.4 → ^6.0.5
autoprefixer	^10.4.24 → ^10.4.27
eslint (source)	^9.39.2 → ^9.39.4
flatted	^3.3.3 → ^3.3.4
glob@>=10.2.0 <10.5.0	[>=13.0.5 → >=13.0.6](https://renovatebot.com/diffs/npm/glob@&gt;&#x3D;10.2.0 <10.5.0/13.0.5/13.0.6)
minimatch@<10.2.3	>=10.2.3 → >=10.2.4
postcss (source)	^8.5.6 → ^8.5.8
rollup-plugin-visualizer	^6.0.5 → ^6.0.11
rollup@>=4.0.0 <4.59.0 (source)	[>=4.59.0 → >=4.59.1](https://renovatebot.com/diffs/npm/rollup@&gt;&#x3D;4.0.0 <4.59.0/4.59.0/4.59.1)
sanitize-html (source)	^2.17.1 → ^2.17.2
undici@<6.24.0 (source)	>=6.24.0 → >=6.24.1
undici@>=7.0.0 <7.24.0 (source)	[>=7.24.0 → >=7.24.5](https://renovatebot.com/diffs/npm/undici@&gt;&#x3D;7.0.0 <7.24.0/7.24.0/7.24.5)
vite-plugin-vue-devtools (source)	^8.0.6 → ^8.0.7
vue (source)	^3.5.28 → ^3.5.30
vue-tsc (source)	^3.2.4 → ^3.2.6

---

Release Notes

floating-ui/floating-ui (@​floating-ui/vue)

v1.1.11

Patch Changes

• Update dependencies: @floating-ui/dom@1.7.6, @floating-ui/utils@0.2.11

vitejs/vite-plugin-vue (@​vitejs/plugin-vue)

v6.0.5

Miscellaneous Chores

• remove Vite 8 beta from supported range (#​746) (b3f23e4)

postcss/autoprefixer (autoprefixer)

v10.4.27

Compare Source

• Removed development key from package.json.

v10.4.26

Compare Source

• Reduced package size.

v10.4.25

Compare Source

• Fixed broken gradients on CSS Custom Properties (by @​serger777).

eslint/eslint (eslint)

v9.39.4

Compare Source

Bug Fixes

• f18f6c8 fix: update dependency minimatch to ^3.1.5 (#​20564) (Milos Djermanovic)
• a3c868f fix: update dependency @​eslint/eslintrc to ^3.3.4 (#​20554) (Milos Djermanovic)
• 234d005 fix: minimatch security vulnerability patch for v9.x (#​20549) (Andrej Beles)
• b1b37ee fix: update ajv to 6.14.0 to address security vulnerabilities (#​20538) (루밀LuMir)

Documentation

• 4675152 docs: add deprecation notice partial (#​20520) (Milos Djermanovic)

Chores

• b8b4eb1 chore: update dependencies for ESLint v9.39.4 (#​20596) (Francesco Trotta)
• 71b2f6b chore: package.json update for @​eslint/js release (Jenkins)
• 1d16c2f ci: pin Node.js 25.6.1 (#​20563) (Milos Djermanovic)

v9.39.3

Compare Source

Bug Fixes

• 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

• 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#​20529) (Milos Djermanovic)
• 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
• af498c6 chore: ignore /docs/v9.x in link checker (#​20453) (Milos Djermanovic)

isaacs/node-glob (glob@>=10.2.0 <10.5.0)

v13.0.6

Compare Source

isaacs/minimatch (minimatch@<10.2.3)

v10.2.4

Compare Source

postcss/postcss (postcss)

v8.5.8

Compare Source

• Fixed Processor#version.

v8.5.7

Compare Source

• Improved source map annotation cleaning performance (by CodeAnt AI).

btd/rollup-plugin-visualizer (rollup-plugin-visualizer)

v6.0.11

Compare Source

• Identical to 6.0.5 to have latest v6 that is not deprecated

v6.0.8

Compare Source

• Not published (rolled back, moved to 7.0.0)

rollup/rollup (rollup@>=4.0.0 <4.59.0)

v4.59.1

Compare Source

2026-03-21

Bug Fixes

• Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#​6306)

Pull Requests

• #​6281: fix(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6282: chore(deps): update github artifact actions (major) (@​renovate[bot], @​lukastaegert)
• #​6283: chore(deps): update dependency nyc to v18 (@​renovate[bot], @​lukastaegert)
• #​6284: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #​6285: chore(deps): lock file maintenance (@​renovate[bot])
• #​6290: chore(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6291: chore(deps): update dependency @​shikijs/vitepress-twoslash to v4 (@​renovate[bot])
• #​6292: chore(deps): lock file maintenance (@​renovate[bot])
• #​6297: chore(deps): update minor/patch updates (@​renovate[bot])
• #​6298: chore(deps): lock file maintenance (@​renovate[bot])
• #​6299: chore(deps): lock file maintenance (@​renovate[bot])
• #​6300: docs: update packagephobia link (@​bluwy)
• #​6301: chore(deps): update dependency lint-staged to ^16.3.3 (@​renovate[bot])
• #​6306: fix: fix chunk assignment for deoptimized module with dynamic import (@​JoaoBrlt, @​lukastaegert)
• #​6307: chore(deps): update minor/patch updates (@​renovate[bot])
• #​6308: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #​6309: chore(deps): update dependency vite to v8 (@​renovate[bot])
• #​6310: chore(deps): lock file maintenance (@​renovate[bot])
• #​6311: chore(deps): lock file maintenance (@​renovate[bot])
• #​6312: chore(deps): lock file maintenance (@​renovate[bot])

apostrophecms/apostrophe (sanitize-html)

v2.17.2

Compare Source

Changes

• Upgrade htmlparser2 from 8.x to 10.1.0. This improves security by correctly decoding zero-padded numeric character references (e.g., &#​0000001) that previously bypassed javascript: URL detection. Also fixes double-encoding of entities inside raw text elements like textarea and option.

nodejs/undici (undici@<6.24.0)

v6.24.1

Compare Source

Full Changelog: nodejs/undici@v6.24.0...v6.24.1

vuejs/devtools (vite-plugin-vue-devtools)

v8.0.7

Compare Source

   🚀 Features

• Show VNode lifecycle events as built-in  -  by @​skirtles-code in #​1036 (35de5)
• Tooltips for field values  -  by @​skirtles-code in #​1037 (27555)

   🐞 Bug Fixes

• Use displayName for functional components  -  by @​skirtles-code in #​1046 (20efd)
• Match camelCase event declarations  -  by @​skirtles-code in #​1048 (0f7e1)
• computed and inject leak via mixins  -  by @​skirtles-code in #​1050 (ecca7)

    View changes on GitHub

vuejs/core (vue)

v3.5.30

Compare Source

Bug Fixes

• compat: add entities to @​vue/compat deps to fix CJS edge cases (#​12514) (e725a67), closes #​10609
• custom-element: ensure child component styles are injected in correct order before parent styles (#​13374) (1398bf8), closes #​13029
• custom-element: properly locate parent when slotted in shadow dom (#​12480) (f06c81a), closes #​12479
• custom-element: should properly patch as props for vue custom elements (#​12409) (740983e), closes #​12408
• reactivity: avoid duplicate raw/proxy entries in Set.add (#​14545) (d943612)
• reactivity: fix reduce on reactive arrays to preserve reactivity (#​12737) (16ef165), closes #​12735
• reactivity: handle Set with initial reactive values edge case (#​12393) (5dc27ca), closes #​8647
• runtime-core: warn about negative number in v-for (#​12308) (9438cc5)
• ssr: prevent watch from firing after async setup await (#​14547) (6cda71d), closes #​14546
• types: make generics with runtime props in defineComponent work (fix #​11374) (#​13119) (cea3cf7), closes #​13763
• types: narrow useAttrs class/style typing for TSX (#​14492) (bbb8977), closes #​14489

v3.5.29

Compare Source

Bug Fixes

• runtime-core: prevent instance leak in withAsyncContext (#​14445) (702284f), closes nuxt/nuxt#33644
• server-renderer: render className as escaped string (#​14469) (da6690c)
• transition: prevent enter if leave is in progress (#​14443) (df059f8), closes #​12091 #​12133

vuejs/language-tools (vue-tsc)

v3.2.6

Compare Source

language-core

• fix: generate $slots type in template correctly with defineSlots (#​5984) - Thanks to @​KazariEX!
• fix: infer only readonly component of arrays in v-for (#​5987) - Thanks to @​ascott18!
• fix: avoid false positives for destructured props detection on binding property names (#​5994) - Thanks to @​KazariEX!

vscode

• fix: use regex for TS extension patching to support VS Code 1.110+ (#​5983) - Thanks to @​ebiryu!

v3.2.5

Compare Source

language-core

• fix: re-parse template when interpolation syntax breaks (#​5971) - Thanks to @​Dsaquel!

language-service

• fix: use default html data provider for document symbols (#​5968) - Thanks to @​liangmiQwQ!

language-plugin-pug

• fix: handle backtick attributes containing both quote types (#​5970) - Thanks to @​baptistejamin!

workspace

• docs: document all packages with consistent README structure (#​5953)
• docs: update tsconfig schema of plugins option - Thanks to @​KazariEX!

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) in timezone America/New_York, Automerge - Monday through Friday ( * * * * 1-5 ) in timezone America/New_York.

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.