Bump the npm_and_yarn group across 1 directory with 9 updates

[dependabot]

Bumps the npm_and_yarn group with 1 update in the /client directory: vue.

Updates vue from 2.7.14 to 3.0.0

Changelog

Sourced from vue's changelog.

3.0.0 (2020-09-18)

3.0.0-rc.13 (2020-09-18)

Bug Fixes

• hmr: make hmr working with class components (#2144) (422f05e)
• reactivity: avoid length mutating array methods causing infinite updates (#2138) (f316a33), closes #2137
• suspense: should discard unmount effects of invalidated pending branch (5bfcad1)
• types: component instance inference without props (#2145) (57bdaa2)

Code Refactoring

• watch APIs default to trigger pre-flush (49bb447), closes vuejs/vue-next#1706

Features

• runtime-core: support using inject() inside props default functions (58c31e3)
• watch: support dot-delimited path in watch option (1c9a0b3)

BREAKING CHANGES

• watch APIs now default to use flush: 'pre' instead of flush: 'post'. This change affects watch, watchEffect, the watch component option, and this.$watch. See (49bb447) for more details.

3.0.0-rc.12 (2020-09-16)

Bug Fixes

• reactivity: effect should only recursively self trigger with explicit options (3810de7), closes #2125
• runtime-core: ensure root stable fragments inherit elements for moving (bebd44f), closes #2134
• runtime-core: should still do full traverse of stable fragment children in dev + hmr (dd40ad8)
• runtime-core/async-component: fix error component when there are no error handlers (c7b4a37), closes #2129
• types/tsx: optional props from Mixin/Extends are treated as required (#2048) (89e9ab8)

Features

• compiler-sfc: additionalData support for css preprocessors (#2126) (066d514)

3.0.0-rc.11 (2020-09-15)

... (truncated)

Commits

• See full diff in compare view

Updates minimatch from 3.0.4 to 3.1.5

Commits

• 7bba978 3.1.5
• bd25942 docs: add warning about ReDoS
• 1a9c27c fix partial matching of globstar patterns
• 1a2e084 3.1.4
• ae24656 update lockfile
• b100374 limit recursion for **, improve perf considerably
• 26ffeaa lockfile update
• 9eca892 lock node version to 14
• 00c323b 3.1.3
• 30486b2 update CI matrix and actions
• Additional commits viewable in compare view

Updates ajv from 4.11.8 to 6.15.0

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

• error logging example (@​RadiationSickness)
• TypeScript usage notes (@​thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

v6.10.2

Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.

v6.10.1

Fix types Fix addSchema (#1001) Update dependencies

v6.10.0

Option strictDefaults to report ignored defaults (#957, @​not-an-aardvark) Option strictKeywords to report unknown keywords (#781)

v6.9.0

OpenAPI keyword nullable can be any boolean (and not only true). Custom keyword definition changes:

• dependencies option in to require the presence of keywords in the same schema.

... (truncated)

Commits

• 184bc32 6.15.0
• fea46af test/fix prototype pollution via $data ref with format keyword (#2606)
• e3af0a7 6.14.0
• b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
• 72f2286 docs: update v7 info
• 231e52b Merge pull request #1320 from philsturgeon/patch-1
• d3475fc Add spectral, an AJV util from a sponsor
• 413afe0 docs: v7.0.0-beta.3
• 11e997b update readme for v7
• fe59143 6.12.6
• Additional commits viewable in compare view

Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.

Updates cross-spawn from 5.1.0 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

7.0.3 (2020-05-25)

Bug Fixes

• detect path key based on correct environment (#133) (159e7e9)

7.0.2 (2020-04-04)

Bug Fixes

• fix worker threads in Node >=11.10.0 (#132) (6c5b4f0)

7.0.1 (2019-10-07)

Bug Fixes

• core: support worker threads (#127) (cfd49c9)

7.0.0 (2019-09-03)

⚠ BREAKING CHANGES

• drop support for Node.js < 8

• drop support for versions below Node.js 8 (#125) (16feb53)

... (truncated)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates debug from 2.2.0 to 4.4.3

Release notes

Sourced from debug's releases.

4.4.3

Functionally identical release to 4.4.1.

Version 4.4.2 is compromised. Please see debug-js/debug#1005.

4.4.1

What's Changed

• fix(Issue-996): replace whitespaces in namespaces string with commas globally by @​pdahal-cx in debug-js/debug#997
• fixes #987 fallback to localStorage.DEBUG if debug is not defined by @​lzilioli in debug-js/debug#988

New Contributors

• @​pdahal-cx made their first contribution in debug-js/debug#997
• @​lzilioli made their first contribution in debug-js/debug#988

Full Changelog: debug-js/debug@4.4.0...4.4.1

4.4.0

Fixes (hopefully) the inefficient regex warnings in .enable().

Minor version as this is invariably going to break certain users who misuse the .enable() API and expected it to work with regexes, which was never supported nor documented. That's on you, sorry - that functionality won't be added back.

Full Changelog: debug-js/debug@4.3.7...4.4.0

4.3.7

What's Changed

• Upgrade ms to version 2.1.3 by @​realityking in debug-js/debug#819

Full Changelog: debug-js/debug@4.3.6...4.3.7

4.3.6

What's Changed

• Avoid using deprecated RegExp.$1 by @​bluwy in debug-js/debug#969

New Contributors

• @​bluwy made their first contribution in debug-js/debug#969

Full Changelog: debug-js/debug@4.3.5...4.3.6

4.3.5

Patch

• cac39b1c5b018b0fe93a53a05f084eee543d17f5 Fix/debug depth (#926)

Thank you @​calvintwr for the fix.

4.3.4

What's Changed

• Add section about configuring JS console to show debug messages by @​gitname in debug-js/debug#866
• Replace deprecated String.prototype.substr() by @​CommanderRoot in debug-js/debug#876

... (truncated)

Commits

• 6b2c5fb 4.4.3
• 33330fa 4.4.1
• 98df33e remove istanbul
• bf2f574 fixes #987 fallback to localStorage.DEBUG if debug is not defined (#988)
• a0497bd Replace whitespaces in namespaces string with commas globally instead of just...
• 7e3814c 4.4.0
• d2d6bf0 fix inefficient .enable() regex and .enabled() test
• bc60914 4.3.7
• c63e96e Upgrade ms to version 2.1.3 (#819)
• 382864a remove archaic badges from readme
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.

Updates fsevents from 1.2.4 to 2.3.3

Release notes

Sourced from fsevents's releases.

Release v2.3.3

Released to npm as v2.3.3

Release v2.3.2

Released to npm as v2.3.2

Release v2.3.1

Released to npm as v2.3.1

Release contains universal binary for x86 & amd64 (m1) chips

Release v2.2.2

Released to npm as v2.2.2

Universal Binary Support x86-64 & amd64(m1)

Release v2.2.0

Electron Enabled (no static functions/variables)

Release v1.2.3

No release notes provided.

Release v2.1.2

No release notes provided.

2.1.0

Latest stable release

Release NAPI v2.0.6

Include essential files only.

Release NAPI v2.0.5

No release notes provided.

Release NAPI v2.0.4

No release notes provided.

Release NAPI v2.0.3

Moved NAPI version out of experimental.

NAPI release

No release notes provided.

deprecated

Fixing the API for chokidar since it was calling FSEvents as a constructor

deprecated

We have upgraded to N-API. For that reason we have also dropped support for node < 6.

For that reason, we have made this a major version bump so dependents have to opt in. The actual API remains entirely the same, so if you are depending on fsevents, it should be as simple as changing the version number in your package.json.

... (truncated)

Commits

• 2db891e Release v2.3.3
• 8ec87bf Update nodejs.yml (#392)
• c20c3af readme
• 63709df Merge pull request #384 from aleksanb/subdirs
• a77340f Handle MustScanSubDirs for large projects
• 66be519 Update README.md (#371)
• 2f2a858 Update README.md (#364)
• a7f5d00 Release v2.3.2
• fab136a fix: issue #355 (#356)
• 328ae39 Release v2.3.1
• Additional commits viewable in compare view

Install script changes

This version adds install script that runs during installation. Review the package contents before updating.

Updates js-yaml from 3.12.0 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

• Added docs/safety.md with notes about processing untrusted YAML.
• Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
• Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
• Added sourcemaps to dist/ builds.

Changed

• Stop resolving numbers with underscores as numeric scalars, #627.
• Switched dev toolchains to Vite / neostandard.
• Updated demo.
• Reorganized tests.
• dist/ files are no longer kept in the repository.

Fixed

• Fix parsing of properties on the first implicit block mapping key, #62.
• Fix trailing whitespace handling when folding flow scalar lines, #307.
• Reject top-level block scalars without content indentation, #280.
• Ensure numbers survive round-trip, #737.
• Fix test coverage for issue #221.
• Fix flow scalar trailing whitespace folding, #307.
• Fix digits in YAML named tag handles.

Security

• Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

• Types are now exported as yaml.types.XXX.
• Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

• Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

... (truncated)

Commits

• See full diff in compare view

Updates ms from 0.7.1 to 2.1.3

Release notes

Sourced from ms's releases.

2.1.3

Patches

• Rename zeit to vercel: #151
• Bump eslint from 4.12.1 to 4.18.2: #122
• Add prettier as a dev dependency: #135 #153
• Use GitHub Actions CI: #154

Credits

Huge thanks to @​getsnoopy for helping!

2.1.2

Patches

• Fixed negative decimals less than -10 don&#39;t work: #111
• Support error in case of Infinity: #116
• Update regexp for 10-.5 is invalid input: #117
• Update chat badge: #119

Credits

Huge thanks to @​yuler and @​7ma7X for helping!

2.1.1

Patches

• Add full support for negative numbers: #104

Credits

Huge thanks to @​thevtm for helping!

2.1.0

Minor Changes

• Add "week" / "w" support: a2caead13ac7f9931338a1a51ab4e36ddb505e00
• Fixed match regex to support negative numbers: #96

Patches

• Applied a few text improvements: 15dc8c5b5a9e8372555400485a749ec04cc02444
• Fixed spelling of “millisecond” in description: #95
• Lockfile added: 2425ebdefcdd1c2b726c06f6a65c4f2dea58dee7

Credits

Huge thanks to @​yoavmmn and @​binki for helping!

2.0.0

... (truncated)

Commits

• 1c6264b 2.1.3
• 82495ad Use GitHub Actions CI (#154)
• 1a13a88 Run prettier 2.x (#153)
• 1048042 Add prettier as a dev dependency (#135)
• f2bfb40 Rename zeit to vercel (#151)
• adf1eb2 Bump eslint from 4.12.1 to 4.18.2 (#122)
• 7920885 2.1.2
• 199ff78 Update chat badge (#119)
• d1add60 Update regexp for 10-.5 is invalid input (#117)
• d95e17f Support error in case of Infinity (#116)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by styfle, a new releaser for ms since your current version.

Updates semver from 4.3.6 to 7.8.4

Release notes

Sourced from semver's releases.

v7.8.4

7.8.4 (2026-06-09)

Bug Fixes

• e583226 #874 reject numeric segments after x-ranges (@​pupuking723)

v7.8.3

7.8.3 (2026-06-08)

Bug Fixes

• 046da7f #872 align caret includePrerelease lower bounds (#872) (@​wayyoungboy)

Chores

• 3485dda #866 bump @​npmcli/eslint-config from 6.0.1 to 7.0.0 (#866) (@​dependabot[bot])

v7.8.2

7.8.2 (2026-06-04)

Bug Fixes

• bea6028 #870 increment dotted prerelease identifiers (#870) (@​liuzemei, @​SheldonNeo)

v7.8.1

7.8.1 (2026-05-21)

Bug Fixes

• 17aa702 #869 strip build metadata before comparator trimming (#869) (@​owlstronaut)
• 5f3ca13 #867 handle prerelease bounds in subset (#867) (@​puneetdixit200, Puneet Dixit)

v7.8.0

7.8.0 (2026-05-08)

Features

• 0d0a0a2 #855 Add truncate function (#855) (@​pjohnmeyer, @​owlstronaut)

Bug Fixes

• 3905343 #859 Warn when defaulting to --inc=patch in CLI (@​pjohnmeyer)

Documentation

• c368af6 #853 fix typos in documentation (#853) (@​ankitkumar572005)
• 37776c3 #846 fix BNF grammar to distinguish prerelease from build identifiers (#846) (@​abhu85, @​claude)

Chores

• 9542e09 #860 template-oss-apply (@​owlstronaut)
• 937bc2c #860 template-oss-apply@5.0.0 (@​owlstronaut)
• 6946fef #852 bump @​npmcli/template-oss from 4.29.0 to 4.30.0 (#852) (@​dependabot[bot], @​npm-cli-bot)

v7.7.4

7.7.4 (2026-01-16)

Bug Fixes

• a29faa5 #835 cli: pass options to semver.valid() for loose version validation (#835) (@​mldangelo)

Documentation

• 1d28d5e #836 fix typos and update -n CLI option documentation (#836) (@​mldangelo)

Dependencies

• 120968b #840 @npmcli/template-oss@4.29.0 (#840)

Chores

• 44d7130 #824 bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824) (@​dependabot[bot])
• 7073576 #820 reorder parameters in invalid-versions.js test (#820) (@​reggi)
• 5816d4c #829 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829) (@​dependabot[bot], @​npm-cli-bot)

... (truncated)

Changelog

Sourced from semver's changelog.

7.8.4 (2026-06-09)

Bug Fixes

• e583226 #874 reject numeric segments after x-ranges (@​pupuking723)

7.8.3 (2026-06-08)

Bug Fixes

• 046da7f #872 align caret includePrerelease lower bounds (#872) (@​wayyoungboy)

Chores

• 3485dda #866 bump @​npmcli/eslint-config from 6.0.1 to 7.0.0 (#866) (@​dependabot[bot])

7.8.2 (2026-06-04)

Bug Fixes

• bea6028 #870 increment dotted prerelease identifiers (#870) (@​liuzemei, @​SheldonNeo)

7.8.1 (2026-05-21)

Bug Fixes

• 17aa702 #869 strip build metadata before comparator trimming (#869) (@​owlstronaut)
• 5f3ca13 #867 handle prerelease bounds in subset (#867) (@​puneetdixit200, Puneet Dixit)

7.8.0 (2026-05-08)

Features

• 0d0a0a2 #855 Add truncate function (#855) (@​pjohnmeyer, @​owlstronaut)

Bug Fixes

• 3905343 #859 Warn when defaulting to --inc=patch in CLI (@​pjohnmeyer)

Documentation

• c368af6 #853 fix typos in documentation (#853) (@​ankitkumar572005)
• 37776c3 #846 fix BNF grammar to distinguish prerelease from build identifiers (#846) (@​abhu85, @​claude)

Chores

• 9542e09 #860 template-oss-apply (@​owlstronaut)
• 937bc2c #860 template-oss-apply@5.0.0 (@​owlstronaut)
• 6946fef #852 bump @​npmcli/template-oss from 4.29.0 to 4.30.0 (#852) (@​dependabot[bot], @​npm-cli-bot)

7.7.4 (2026-01-16)

Bug Fixes

• a29faa5 #835 cli: pass options to semver.valid() for loose version validation (#835) (@​mldangelo)

Documentation

• 1d28d5e #836 fix typos and update -n CLI option documentation (#836) (@​mldangelo)

Dependencies

• 120968b #840 @npmcli/template-oss@4.29.0 (#840)

Chores

• 44d7130 #824 bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824) (@​dependabot[bot])
• 7073576 #820 reorder parameters in invalid-versions.js test (#820) (@​reggi)
• 5816d4c #829 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829) (@​dependabot[bot], @​npm-cli-bot)

7.7.3 (2025-10-06)

Bug Fixes

• e37e0ca #813 faster paths for compare (#813) (@​H4ad)
• 2471d75 #811 x-range build metadata support (i529015)

Chores

• 8f05c87 #807 bump @​npmcli/template-oss from 4.25.0 to 4.25.1 (#807) (@​dependabot[bot], @​owlstronaut)

... (truncated)

Commits

• 8640bd6 chore: release 7.8.4 (#875)
• e583226 fix: reject numeric segments after x-ranges
• 6b77aa8 chore: release 7.8.3 (#873)
• 3485dda chore: bump @​npmcli/eslint-config from 6.0.1 to 7.0.0 (#866)
• 046da7f fix: align caret includePrerelease lower bounds (#872)
• efafcf8 chore: release 7.8.2 (#871)
• bea6028 fix: increment dotted prerelease identifiers (#870)
• 7641608 chore: release 7.8.1 (#868)
• 17aa702 fix: strip build metadata before comparator trimming (#869)
• 5f3ca13 fix: handle prerelease bounds in subset (#867)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for semver since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Client V3 Test Results

23 tests   23 ✅  0s ⏱️
 2 suites   0 💤
 1 files     0 ❌

Results for commit 0a3d03a.

[github-actions]

Client Test Results

0 tests   0 ✅  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit 0a3d03a.

[github-actions]

Python Test Results

  1 files    1 suites   1m 58s ⏱️
662 tests 662 ✅ 0 💤 0 ❌
667 runs  667 ✅ 0 💤 0 ❌

Results for commit 0a3d03a.

[github-actions]

Playwright E2E Results (firefox)

175 tests   175 ✅  1m 48s ⏱️
 14 suites    0 💤
  1 files      0 ❌

Results for commit 0a3d03a.

[github-actions]

Playwright E2E Results (chromium)

175 tests   175 ✅  1m 52s ⏱️
 14 suites    0 💤
  1 files      0 ❌

Results for commit 0a3d03a.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml