Stu Mason

Bumps the minor-and-patch group with 8 updates in the / directory:

Package	From	To
@tailwindcss/postcss	`4.2.2`	`4.2.4`
@vitejs/plugin-vue	`6.0.5`	`6.0.6`
autoprefixer	`10.4.27`	`10.5.0`
axios	`1.14.0`	`1.15.2`
postcss	`8.5.8`	`8.5.12`
vite	`8.0.4`	`8.0.10`
vue	`3.5.31`	`3.5.33`
vue-router	`5.0.4`	`5.0.6`

Updates @tailwindcss/postcss from 4.2.2 to 4.2.4

▶Release notes

Sourced from @tailwindcss/postcss's releases.

v4.2.4

Fixed

Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

v4.2.3

Fixed

Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tighter → tracking-wider) (#19827)

Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)

Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)

Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem] → p-[1.2rem]) (#19837)

Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)

Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)

Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)

Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)

Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)

Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)

Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)

Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)

Upgrade: never migrate files that are ignored by git (#19846)

Add .env and .env.* to default ignored content files (#19846)

Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)

Canonicalization: migrate start-full → inset-s-full, start-auto → inset-s-auto, start-px → inset-s-px, and start-<number> → inset-s-<number> as well as negative versions (#19849)

Canonicalization: migrate end-full → inset-e-full, end-auto → inset-e-auto, end-px → inset-e-px, and end-<number> → inset-e-<number> as well as negative versions (#19849)

Canonicalization: move the - sign inside the arbitrary value -left-[9rem] → left-[-9rem] (#19858)

Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))] → -ml-(--width) (#19858)

Improve performance when scanning JSONL / NDJSON files (#19862)

Support NODE_PATH environment variable in standalone CLI (#19617)

▶Changelog

Sourced from @tailwindcss/postcss's changelog.

[4.2.4] - 2026-04-21

Fixed

Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

[4.2.3] - 2026-04-20

Fixed

Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tighter → tracking-wider) (#19827)

Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)

Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)

Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem] → p-[1.2rem]) (#19837)

Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)

Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)

Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)

Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)

Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)

Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)

Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)

Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)

Upgrade: never migrate files that are ignored by git (#19846)

Add .env and .env.* to default ignored content files (#19846)

Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)

Canonicalization: migrate start-full → inset-s-full, start-auto → inset-s-auto, start-px → inset-s-px, and start-<number> → inset-s-<number> as well as negative versions (#19849)

Canonicalization: migrate end-full → inset-e-full, end-auto → inset-e-auto, end-px → inset-e-px, and end-<number> → inset-e-<number> as well as negative versions (#19849)

Canonicalization: move the - sign inside the arbitrary value -left-[9rem] → left-[-9rem] (#19858)

Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))] → -ml-(--width) (#19858)

Improve performance when scanning JSONL / NDJSON files (#19862)

Support NODE_PATH environment variable in standalone CLI (#19617)

▶Commits

69ad7cc 4.2.4 (#19948)
685c19e Fix issue around resolving paths in @tailwindcss/vite (#19947)
2e3fa49 4.2.3 (#19944)
4527123 docs(postcss): remove duplicated optimize example from README (#19938)
aad6017 docs/fix-lightning-css-typo-postcss-readme (#19913)
See full diff in compare view

▶Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @tailwindcss/postcss since your current version.

Updates @vitejs/plugin-vue from 6.0.5 to 6.0.6

▶Release notes

Sourced from @vitejs/plugin-vue's releases.

[email protected]

Please refer to CHANGELOG.md for details.

▶Changelog

Sourced from @vitejs/plugin-vue's changelog.

6.0.6 (2026-04-13)

Features

plugin-vue: propagate multiRoot for template-only vapor components (#745) (9e07ae9)

Bug Fixes

deps: update all non-major dependencies (#738) (050c996)

Miscellaneous Chores

deps: update dependency rollup to ^4.59.0 (#749) (a0e1ef8)

remove unused deps (#760) (6d834d8)

▶Commits

51dbf4b release: [email protected]
9e07ae9 feat(plugin-vue): propagate multiRoot for template-only vapor components (#745)
050c996 fix(deps): update all non-major dependencies (#738)
6d834d8 chore: remove unused deps (#760)
a0e1ef8 chore(deps): update dependency rollup to ^4.59.0 (#749)
See full diff in compare view

Updates autoprefixer from 10.4.27 to 10.5.0

▶Release notes

Sourced from autoprefixer's releases.

10.5.0 “Each Endeavouring, All Achieving”

Added mask-position-x and mask-position-y support (by @toporek).

▶Changelog

Sourced from autoprefixer's changelog.

10.5.0 “Each Endeavouring, All Achieving”

Added mask-position-x and mask-position-y support (by @toporek).

▶Commits

faf456a Release 10.5 version
b841fc5 Update dependencies
47d6e68 Update email
45cfc08 Replace ESLint and Prettier to oxlint and oxfmt
7e3ec7d Add prefixing support for mask-position-x and mask-position-y (#1548)
See full diff in compare view

Updates axios from 1.14.0 to 1.15.2

▶Release notes

Sourced from axios's releases.

v1.15.2

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)

SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)

Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

v1.15.1

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)

CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)

Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)

withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)

maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)

Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)

Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)

Location Request Header Type: Adds Location to CommonRequestHeadersList for accurate typing of redirect-aware requests. (#7528)

🐛 Bug Fixes

FormData Handling: Removes Content-Type when no boundary is present on FormData fetch requests, supports multi-select fields, cancels request.body instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (#7314, #10676, #10702, #10726)

HTTP Adapter: Handles socket-only request errors without leaking keep-alive listeners. (#10576)

Progress Events: Clamps loaded to total for computable upload/download progress events. (#7458)

Types: Aligns runWhen type with the runtime behaviour in InterceptorManager and makes response header keys case-insensitive. (#7529, #10677)

buildFullPath: Uses strict equality in the base/relative URL check. (#7252)

AxiosURLSearchParams Regex: Improves the regex used for param serialisation to avoid edge-case mismatches. (#10736)

Resilient Value Parsing: Parses out header/config values instead of throwing on malformed input. (#10687)

... (truncated)

▶Changelog

Sourced from axios's changelog.

v1.15.2 - April 21, 2026

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)

SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)

Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

v1.15.1 - April 19, 2026

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)

CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)

Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)

withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)

maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)

Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)

Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)

... (truncated)

▶Commits

5829343 chore(release): prepare release 1.15.2 (#10789)
4709a48 fix: added fix for memory leak in sockets (#10788)
be33360 chore: update changelog (#10781)
4791514 fix: more header pollutions (#10779)
6feafcf fix: socket issue (#10777)
302e273 docs: update docs, add a couple actions etc (#10776)
ac42446 chore(release): prepare release 1.15.1 (#10767)
908f220 docs: update threatmodel (#10765)
f93f815 docs: added docs around potential decompressions bomb (#10763)
1728aa1 fix: short-circuits on any truthy non-boolean in withXSRFToken (#10762)
Additional commits viewable in compare view

Updates postcss from 8.5.8 to 8.5.12

▶Release notes

Sourced from postcss's releases.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

▶Changelog

Sourced from postcss's changelog.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

▶Commits

9bc81c4 Release 8.5.12 version
85c4d7d Another try to fix coverage
94484ca Try to fix coverage
c64b748 Load only .map source maps
aaec7b7 Avoid throwing JSON parsing errors for non-JSON source maps
233fb26 Mention original author of the solution
2502f75 Release 8.5.11 version
5ca1901 Speed up parsing many nested brackets
42b5337 Update dependencies
7e36e15 Cache node.raws locally in Stringifier hot methods
Additional commits viewable in compare view

Updates tailwindcss from 4.2.2 to 4.2.4

▶Release notes

Sourced from tailwindcss's releases.

v4.2.4

Fixed

Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

v4.2.3

Fixed

Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tighter → tracking-wider) (#19827)

Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)

Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)

Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem] → p-[1.2rem]) (#19837)

Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)

Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)

Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)

Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)

Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)

Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)

Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)

Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)

Upgrade: never migrate files that are ignored by git (#19846)

Add .env and .env.* to default ignored content files (#19846)

Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)

Canonicalization: migrate start-full → inset-s-full, start-auto → inset-s-auto, start-px → inset-s-px, and start-<number> → inset-s-<number> as well as negative versions (#19849)

Canonicalization: migrate end-full → inset-e-full, end-auto → inset-e-auto, end-px → inset-e-px, and end-<number> → inset-e-<number> as well as negative versions (#19849)

Canonicalization: move the - sign inside the arbitrary value -left-[9rem] → left-[-9rem] (#19858)

Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))] → -ml-(--width) (#19858)

Improve performance when scanning JSONL / NDJSON files (#19862)

Support NODE_PATH environment variable in standalone CLI (#19617)

▶Changelog

Sourced from tailwindcss's changelog.

[4.2.4] - 2026-04-21

Fixed

Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

[4.2.3] - 2026-04-20

Fixed

Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tighter → tracking-wider) (#19827)

Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)

Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)

Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem] → p-[1.2rem]) (#19837)

Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)

Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)

Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)

Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)

Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)

Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)

Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)

Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)

Upgrade: never migrate files that are ignored by git (#19846)

Add .env and .env.* to default ignored content files (#19846)

Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)

Canonicalization: migrate start-full → inset-s-full, start-auto → inset-s-auto, start-px → inset-s-px, and start-<number> → inset-s-<number> as well as negative versions (#19849)

Canonicalization: migrate end-full → inset-e-full, end-auto → inset-e-auto, end-px → inset-e-px, and end-<number> → inset-e-<number> as well as negative versions (#19849)

Canonicalization: move the - sign inside the arbitrary value -left-[9rem] → left-[-9rem] (#19858)

Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))] → -ml-(--width) (#19858)

Improve performance when scanning JSONL / NDJSON files (#19862)

Support NODE_PATH environment variable in standalone CLI (#19617)

▶Commits

69ad7cc 4.2.4 (#19948)
2e3fa49 4.2.3 (#19944)
df6209a Canonicalize negative arbitrary values (#19858)
52fd421 Small refactor of canonicalization tests (#19851)
c385fd3 use test.each instead of manual loop
0d6e038 fix index in test name
88a2d22 Add more canonicalization rules for deprecated utilities (#19849)
2c1ef9e Use --placeholder-color instead of --background-color for placeholder-*...
28d5268 Collapse more utilities by expanding their declarations (#19842)
b55d960 fix(canonicalize): collapse arbitrary values into shorthand utilities (#19837)
Additional commits viewable in compare view

Updates vite from 8.0.4 to 8.0.10

▶Release notes

Sourced from vite's releases.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

▶Changelog

Sourced from vite's changelog.

8.0.10 (2026-04-23)

Features

update rolldown to 1.0.0-rc.17 (#22299) (a4d06d9)

Bug Fixes

hmrClient.logger.debug and hmrClient.logger.error looked different from other HMR logs (#22147) (a4d828f)

css: show filename in CSS minification warnings for .css?inline (#22292) (83f0a78)

optimizer: allow user transform.target to override default in optimizeDeps (#22273) (5c7cec6)

remove format sniffing module resolution from JS resolver (#22297) (b8a21cc)

Code Refactoring

enable some typecheck rules (#22278) (9437518)

typecheck client directory (#22284) (40a0847)

8.0.9 (2026-04-20)

Features

update rolldown to 1.0.0-rc.16 (#22248) (2947edd)

Bug Fixes

allow binding when strictPort is set but wildcard port is in use (#22150) (dfc8aa5)

build: emptyOutDir should happen for watch rebuilds (#22207) (ee52267)

bundled-dev: reject requests to HMR patch files in non potentially trustworthy origins (#22269) (868f141)

css: use unique key for cssEntriesMap to prevent same-basename collision (#22039) (374bb5d)

deps: update all non-major dependencies (#22219) (4cd0d67)

deps: update all non-major dependencies (#22268) (c28e9c1)

detect Deno workspace root (fix #22237) (#22238) (1b793c0)

dev: handle errors in watchChange hook (#22188) (fc08bda)

optimizer: handle more chars that will be sanitized (#22208) (3f24533)

skip fallback sourcemap generation for ?raw imports (#22148) (3ec9cda)

Documentation

align the descriptions in READMEs (#22231) (44c42b9)

fix reuses wording in dev environment comment (#22173) (9163412)

fix wording in sass error comment (#22214) (bc5c6a7)

update build CLI defaults (#22261) (605bb97)

Miscellaneous Chores

deps: update dependency dotenv-expand to v13 (#22271) (0a3887d)

8.0.8 (2026-04-09)

Features

update rolldown to 1.0.0-rc.15 (#22201) (6baf587)

... (truncated)

▶Commits

32c2978 release: v8.0.10
a4d06d9 feat: update rolldown to 1.0.0-rc.17 (#22299)
a4d828f fix: hmrClient.logger.debug and hmrClient.logger.error looked different f...
83f0a78 fix(css): show filename in CSS minification warnings for .css?inline (#22292)
b8a21cc fix: remove format sniffing module resolution from JS resolver (#22297)
40a0847 refactor: typecheck client directory (#22284)
5c7cec6 fix(optimizer): allow user transform.target to override default in optimizeDe...
9437518 refactor: enable some typecheck rules (#22278)
ce729f5 release: v8.0.9
605bb97 docs: update build CLI defaults (#22261)
Additional commits viewable in compare view

Updates vue from 3.5.31 to 3.5.33

▶Release notes

Sourced from vue's releases.

v3.5.33

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.32

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

▶Changelog

Sourced from vue's changelog.

3.5.33 (2026-04-22)

Bug Fixes

compiler-sfc: handle nested :deep in selector pseudos (#14725) (bb9d265), closes #14724

reactivity: unlink effect scopes on out-of-order off (#14734) (e7659be), closes #14733

runtime-dom: preserve textarea resize dimensions (#14747) (
Description has been truncated

PR #93 merged: build(deps-dev): bump the minor-and-patch group across 1 directory with 9 updates

v4.2.4

Fixed

v4.2.3

Fixed

[4.2.4] - 2026-04-21

Fixed

[4.2.3] - 2026-04-20

Fixed

[email protected]

6.0.6 (2026-04-13)

Features

Bug Fixes

Miscellaneous Chores

10.5.0 “Each Endeavouring, All Achieving”

10.5.0 “Each Endeavouring, All Achieving”

v1.15.2

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

v1.15.1

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

v1.15.2 - April 21, 2026

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

v1.15.1 - April 19, 2026

🔒 Security Fixes

🚀 New Features

8.5.12

8.5.11

8.5.10

8.5.9

8.5.12

8.5.11

8.5.10

8.5.9

v4.2.4

Fixed

v4.2.3

Fixed

[4.2.4] - 2026-04-21

Fixed

[4.2.3] - 2026-04-20

Fixed

v8.0.10

v8.0.9

v8.0.8

v8.0.7

v8.0.6

v8.0.5

8.0.10 (2026-04-23)

Features

Bug Fixes

Code Refactoring

8.0.9 (2026-04-20)

Features

Bug Fixes

Documentation

Miscellaneous Chores

8.0.8 (2026-04-09)

Features

v3.5.33

v3.5.32

3.5.33 (2026-04-22)

Bug Fixes