Skip to content

build(deps-dev): bump the minor-and-patch group with 3 updates#65

Closed
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/npm_and_yarn/minor-and-patch-6b34144590
Closed

build(deps-dev): bump the minor-and-patch group with 3 updates#65
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/npm_and_yarn/minor-and-patch-6b34144590

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 9, 2026
edited
Loading

Bumps the minor-and-patch group with 3 updates: @vitejs/plugin-vue, axios and vue.

Updates @vitejs/plugin-vue from 6.0.3 to 6.0.4

Release notes

Sourced from @​vitejs/plugin-vue's releases.

plugin-vue@6.0.4

Please refer to CHANGELOG.md for details.

Changelog

Sourced from @​vitejs/plugin-vue's changelog.

6.0.4 (2026-02-02)

Bug Fixes

  • deps: update all non-major dependencies (#709) (924b28e)
  • deps: update all non-major dependencies (#722) (8a95809)
  • deps: update all non-major dependencies (#726) (e69d751)

Miscellaneous Chores

Commits

Updates axios from 1.13.4 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

  • Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
  • Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

  • Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

  • Fix/5657. (PR #7313)
  • Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

  • Add input validation to isAbsoluteURL. (PR #7326)
  • Refactor: bump minor package versions. (PR #7356)

Documentation

  • Clarify object-check comment. (PR #7323)
  • Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

  • Chore: fix issues with YAML. (PR #7355)
  • CI: update workflow YAMLs. (PR #7372)
  • CI: fix run condition. (PR #7373)
  • Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
  • Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

Full Changelog: axios/axios@v1.13.4...v1.13.5

Commits
  • 29f7542 chore(release): prepare release 1.13.5 (#7379)
  • 431c3a3 ci: fix run condition (#7373)
  • 9ff3a78 ci: update ymls (#7372)
  • 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
  • 475e75a feat: add input validation to isAbsoluteURL (#7326)
  • 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
  • 04cf019 docs: clarify object check comment (#7323)
  • 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
  • 569f028 fix: added a option to choose between legacy and the new request/response int...
  • 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
  • Additional commits viewable in compare view

Updates vue from 3.5.27 to 3.5.28

Release notes

Sourced from vue's releases.

v3.5.28

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.28 (2026-02-09)

Bug Fixes

  • transition: avoid unexpected cancelled parameter in transition done callback (#14391) (6798853)
  • compiler-sfc: add resolution trying for .mts/.cts files (#14402) (c09d41f), closes vuejs/router#2611
  • compiler-sfc: no params were generated when using withDefaults (#12823) (b0a1f05), closes #12822
  • reactivity: add __v_skip flag to EffectScope to prevent reactive conversion (#14359) (48b7552), closes #14357
  • runtime-core: avoid retaining el on cached text vnodes during static traversal (#14419) (4ace79a), closes #14134
  • runtime-core: prevent child component updates when style remains unchanged (#12825) (57866b5), closes #12826
  • runtime-core: properly handle async component update before resolve (#11619) (e71c26c), closes #11617
  • runtime-dom: handle null/undefined handler in withModifiers (#14362) (261de54), closes #14361
  • teleport: properly handling disabled teleport target anchor (#14417) (d7bcd85), closes #14412
  • transition-group: correct move translation under scale via element rect (#14360) (0243a79), closes #14356
  • useTemplateRef: don't update setup ref for useTemplateRef key (#12756) (fc40ca0), closes #12749
Commits
  • 1bdeb33 release: v3.5.28
  • e71c26c fix(runtime-core): properly handle async component update before resolve (#11...
  • 57866b5 fix(runtime-core): prevent child component updates when style remains unchang...
  • b0a1f05 fix(compiler-sfc): no params were generated when using withDefaults (#12823)
  • 48b7552 fix(reactivity): add __v_skip flag to EffectScope to prevent reactive convers...
  • 0243a79 fix(transition-group): correct move translation under scale via element rect ...
  • 261de54 fix(runtime-dom): handle null/undefined handler in withModifiers (#14362)
  • fc40ca0 fix(useTemplateRef): don't update setup ref for useTemplateRef key (#12756)
  • 6798853 fix: avoid unexpected cancelled parameter in transition done callback (#1...
  • 4ace79a fix(runtime-core): avoid retaining el on cached text vnodes during static tra...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps-dev): bump the minor-and-patch group with 3 updates
d73af71 
Bumps the minor-and-patch group with 3 updates: [@vitejs/plugin-vue](https://github.com/vitejs/vite-plugin-vue/tree/HEAD/packages/plugin-vue), [axios](https://github.com/axios/axios) and [vue](https://github.com/vuejs/core).


Updates `@vitejs/plugin-vue` from 6.0.3 to 6.0.4
- [Release notes](https://github.com/vitejs/vite-plugin-vue/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-vue/blob/main/packages/plugin-vue/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-vue/commits/plugin-vue@6.0.4/packages/plugin-vue)

Updates `axios` from 1.13.4 to 1.13.5
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.4...v1.13.5)

Updates `vue` from 3.5.27 to 3.5.28
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](vuejs/core@v3.5.27...v3.5.28)

---
updated-dependencies:
- dependency-name: "@vitejs/plugin-vue"
  dependency-version: 6.0.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: axios
  dependency-version: 1.13.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: vue
  dependency-version: 3.5.28
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 9, 2026
@dependabot dependabot bot requested a review from StuMason as a code owner February 9, 2026 10:14
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 9, 2026
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 23, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Feb 23, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/minor-and-patch-6b34144590 branch February 23, 2026 09:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@StuMason StuMason Awaiting requested review from StuMason StuMason is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants