⬆️(deps): Bump the minor-and-patch group with 11 updates

[dependabot]

Bumps the minor-and-patch group with 11 updates:

Package	From	To
@codemirror/lint	6.9.6	6.9.7
@codemirror/view	6.43.0	6.43.1
@sentry/vue	10.56.0	10.57.0
dompurify	3.4.8	3.4.9
pingman	2.1.0	2.2.0
simple-icons	16.22.0	16.23.0
vue	3.5.35	3.5.38
@vue/compiler-sfc	3.5.35	3.5.38
happy-dom	20.10.1	20.10.2
sass	1.100.0	1.101.0
vue-tsc	3.3.3	3.3.4

Updates @codemirror/lint from 6.9.6 to 6.9.7

Commits

• See full diff in compare view

Updates @codemirror/view from 6.43.0 to 6.43.1

Commits

• See full diff in compare view

Updates @sentry/vue from 10.56.0 to 10.57.0

Release notes

Sourced from @​sentry/vue's releases.

10.57.0

Important Changes

• feat(angular): Add support for Angular 22 (21330)

  @sentry/angular now officially supports Angular 22.

• ref(core): Deprecate sendDefaultPii in favor of dataCollection (21277)

  sendDefaultPii is deprecated and will be removed in v11. The new dataCollection option lets you control each category of collected data. sendDefaultPii: true still works and maps to enabling all dataCollection categories. dataCollection.userInfo defaults to true when dataCollection is provided, meaning auto-populated user.* fields (e.g. IP address from a request) are collected by default. Data you set explicitly (like via Sentry.setUser()) is always sent regardless. When dataCollection is not set at all, the legacy sendDefaultPii behavior applies (userInfo: false by default) to preserve backward compatibility.

  Note that an empty dataCollection: {} falls back to more permissive defaults than sendDefaultPii: false, so replicate the old behavior by opting out explicitly:

  Sentry.init({
    dataCollection: {
      userInfo: false,
      genAI: { inputs: false, outputs: false },
      httpBodies: [],
      httpHeaders: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
      cookies: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
      queryParams: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
    },
  });

Other Changes

• feat: Use dataCollection.frameContextLines for ContextLines integration (21323)
• feat(cloudflare): Auto instrument D1 based on env (21276)
• feat(core): Change default of dataCollection.userInfo to true (21348)
• feat(core): Default dataCollection.httpBodies to all valid body types (21352)
• feat(hono): Filter noisy transactions (favicon etc) (21365)
• fix(cloudflare): Don't track negatively sampled spans (21367)
• fix(core): Use safeDateNow calls for new Date() reads (21351)
• fix(nextjs): Shim pinoIntegration on edge runtime (21347)
• fix(node): Prevent PostgresJs integration from emitting duplicate spans per query (21364)
• fix(node-core): Read __SENTRY_SERVER_MODULES__ lazily so Turbopack injection is honored (21339)
• fix(react): Detect React Router v6/v7 navigations in a layout effect to propagate the correct trace (21326)
• fix(react): Remove unused react.componentStack event context (21183)
• fix(replays): Record sentry._internal.replay_is_buffering for spans (21297)

• chore: Bump volta node version from 20.19.2 to 20.19.5 (21359)

... (truncated)

Changelog

Sourced from @​sentry/vue's changelog.

10.57.0

Important Changes

• feat(angular): Add support for Angular 22 (21330)

  @sentry/angular now officially supports Angular 22.

• ref(core): Deprecate sendDefaultPii in favor of dataCollection (21277)

  sendDefaultPii is deprecated and will be removed in v11. The new dataCollection option lets you control each category of collected data. sendDefaultPii: true still works and maps to enabling all dataCollection categories. dataCollection.userInfo defaults to true when dataCollection is provided, meaning auto-populated user.* fields (e.g. IP address from a request) are collected by default. Data you set explicitly (like via Sentry.setUser()) is always sent regardless. When dataCollection is not set at all, the legacy sendDefaultPii behavior applies (userInfo: false by default) to preserve backward compatibility.

  Note that an empty dataCollection: {} falls back to more permissive defaults than sendDefaultPii: false, so replicate the old behavior by opting out explicitly:

  Sentry.init({
    dataCollection: {
      userInfo: false,
      genAI: { inputs: false, outputs: false },
      httpBodies: [],
      httpHeaders: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
      cookies: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
      queryParams: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
    },
  });

Other Changes

• feat: Use dataCollection.frameContextLines for ContextLines integration (21323)
• feat(cloudflare): Auto instrument D1 based on env (21276)
• feat(core): Change default of dataCollection.userInfo to true (21348)
• feat(core): Default dataCollection.httpBodies to all valid body types (21352)
• feat(hono): Filter noisy transactions (favicon etc) (21365)
• fix(cloudflare): Don't track negatively sampled spans (21367)
• fix(core): Use safeDateNow calls for new Date() reads (21351)
• fix(nextjs): Shim pinoIntegration on edge runtime (21347)
• fix(node): Prevent PostgresJs integration from emitting duplicate spans per query (21364)
• fix(node-core): Read __SENTRY_SERVER_MODULES__ lazily so Turbopack injection is honored (21339)
• fix(react): Detect React Router v6/v7 navigations in a layout effect to propagate the correct trace (21326)
• fix(react): Remove unused react.componentStack event context (21183)
• fix(replays): Record sentry._internal.replay_is_buffering for spans (21297)

... (truncated)

Commits

• 950cf97 release: 10.57.0
• 55f9343 Merge pull request 21369 from getsentry/prepare-release/10.57.0
• 88d9d30 meta(changelog): Update changelog for 10.57.0
• 03ffd25 fix(cloudflare): Don't track negatively sampled spans (21367)
• 7c19ead ref(node): Streamline sql-common (21360)
• 95df562 feat(hono): Filter noisy transactions (favicon etc) (21365)
• 92eb5d2 feat(deps): Bump hono from 4.12.18 to 4.12.21 (21341)
• c6f790b fix(node): Prevent PostgresJs integration from emitting duplicate spans per q...
• d645349 ref(node): Streamline lru-memoizer instrumentation (21350)
• 4293015 feat(deps): Bump @​types/aws-lambda from 8.10.150 to 8.10.161 (21105)
• Additional commits viewable in compare view

Updates dompurify from 3.4.8 to 3.4.9

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.9

• Further improved the handling of Trusted Types config options, thanks @​offset
• Further improved the handling of IN_PLACE sanitization, thanks @​mozfreddyb
• Added more test coverage for IN_PLACE and Trusted Types related usage
• Bumped several dependencies where possible
• Updated README and wiki with more accurate documentation & attack samples

Commits

• 5210247 release: 3.4.9 (1459)
• See full diff in compare view

Updates pingman from 2.1.0 to 2.2.0

Release notes

Sourced from pingman's releases.

v2.2.0

• update versions (60) 9ea95f4
• docs(contributor): contrib-readme-action has updated readme (59) c9196de
• fix: anchor domain regex in validateIp to reject trailing input (58) fde4a04
• Bump lodash from 4.17.23 to 4.18.1 (57) bc1708d
• Bump picomatch from 2.3.1 to 2.3.2 (56) d238b43
• Bump minimatch (55) 96da568
• Bump lodash from 4.17.21 to 4.17.23 (54) 974fc7f
• Bump js-yaml (53) 95ecabe

---

dopecodez/pingman@v2.1.0...v2.2.0

Commits

• 741de19 2.2.0
• 9ea95f4 update versions (60)
• c9196de docs(contributor): contrib-readme-action has updated readme (59)
• fde4a04 fix: anchor domain regex in validateIp to reject trailing input (58)
• bc1708d Bump lodash from 4.17.23 to 4.18.1 (57)
• d238b43 Bump picomatch from 2.3.1 to 2.3.2 (56)
• 96da568 Bump minimatch (55)
• 974fc7f Bump lodash from 4.17.21 to 4.17.23 (54)
• 95ecabe Bump js-yaml (53)
• See full diff in compare view

Updates simple-icons from 16.22.0 to 16.23.0

Release notes

Sourced from simple-icons's releases.

Release 16.23.0

4 new icons

• Agent Skills (14788) (@​LitoMore)
• M5Stack (14795) (@​jasonarmbrecht)
• OpenCode (14694) (@​byt3m4st3r)
• Pi (14797) (@​cscnk52)

1 updated icon

• NixOS (14793) (@​fmbearmf)

Commits

• 022e7c1 Replace README CDN theme image links
• c3777a7 Release 16.23.0
• 8a32e95 Bump version to 16.23.0
• 8581258 Add M5Stack icon (14795)
• 48b3f92 Add Pi icon (14797)
• 3237c86 Add OpenCode icon (14694)
• e57879b Update NixOS icon (14793)
• bbfcf50 Add Agent Skills icon (14788)
• See full diff in compare view

Updates vue from 3.5.35 to 3.5.38

Release notes

Sourced from vue's releases.

v3.5.38

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.37

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.38 (2026-06-11)

3.5.37 (2026-06-11)

3.5.36 (2026-06-11)

Bug Fixes

• compiler-core: avoid crash on CDATA at the document root (14916) (0ea17e2)
• compiler-core: prefix dynamic keys on v-memo elements (14922) (68e978e), closes 14920
• compiler-sfc: handle vue-ignore on leading intersection/union type (14950) (0dcd225), closes 12254
• compiler-sfc: respect var hoisting in props destructure (48ad452)
• reactivity: preserve watch callback return value when wrapped for once: true (14902) (450a8a8)
• runtime-core: add dev warning for silent catch in compat mode and fix test description typo (14891) (db3e117)
• runtime-core: force model update when reverted before sync (14897) (7f76378), closes 13524
• runtime-core: skip async component callbacks after unmount (14911) (5300ead)
• transition: avoid move transition for hidden v-show group children (14895) (c11f6ee), closes 14894
• watch: trigger immediate callback for empty sources (14914) (1f2ca7e), closes 14898

Commits

• 478e3e8 release: v3.5.38
• 30ba647 chore(release): make release publishing resumable (14953)
• c00b021 release: v3.5.37
• 11ac8b4 release: v3.5.36
• 43eba78 chore(deps): update lint (14935)
• 3bc7290 chore(deps): update build (14901)
• 8203fc5 chore(deps): update all non-major dependencies (14938)
• 8f4bc85 chore(deps): update compiler (14900)
• 8e63cdf chore(deps): update dependency npm-run-all2 to v9 (14939)
• 131291a chore(deps): update test (14936)
• Additional commits viewable in compare view

Updates @vue/compiler-sfc from 3.5.35 to 3.5.38

Release notes

Sourced from @​vue/compiler-sfc's releases.

v3.5.38

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.37

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from @​vue/compiler-sfc's changelog.

3.5.38 (2026-06-11)

3.5.37 (2026-06-11)

3.5.36 (2026-06-11)

Bug Fixes

• compiler-core: avoid crash on CDATA at the document root (14916) (0ea17e2)
• compiler-core: prefix dynamic keys on v-memo elements (14922) (68e978e), closes 14920
• compiler-sfc: handle vue-ignore on leading intersection/union type (14950) (0dcd225), closes 12254
• compiler-sfc: respect var hoisting in props destructure (48ad452)
• reactivity: preserve watch callback return value when wrapped for once: true (14902) (450a8a8)
• runtime-core: add dev warning for silent catch in compat mode and fix test description typo (14891) (db3e117)
• runtime-core: force model update when reverted before sync (14897) (7f76378), closes 13524
• runtime-core: skip async component callbacks after unmount (14911) (5300ead)
• transition: avoid move transition for hidden v-show group children (14895) (c11f6ee), closes 14894
• watch: trigger immediate callback for empty sources (14914) (1f2ca7e), closes 14898

Commits

• 478e3e8 release: v3.5.38
• c00b021 release: v3.5.37
• 11ac8b4 release: v3.5.36
• 8f4bc85 chore(deps): update compiler (14900)
• 0dcd225 fix(compiler-sfc): handle vue-ignore on leading intersection/union type (14950)
• 48ad452 fix(compiler-sfc): respect var hoisting in props destructure
• See full diff in compare view

Updates happy-dom from 20.10.1 to 20.10.2

Release notes

Sourced from happy-dom's releases.

v20.10.2

👷‍♂️ Patch fixes

• Updates external dependencies - By @​capricorn86 in task 2163

Commits

• b334a12 fix: 2163 Updates external dependencies (2188)
• See full diff in compare view

Updates sass from 1.100.0 to 1.101.0

Release notes

Sourced from sass's releases.

Dart Sass 1.101.0

To install Sass 1.101.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Potentially breaking bug fix: The Node package importer now properly supports resolving import-only variants of Sass files declared in the exports, sass, and style fields of package.json. Previously, these files were ignored even when loaded via @import, so any code relying on loading module-system-only files this way may break.

See the full changelog for changes in earlier releases.

Changelog

Sourced from sass's changelog.

1.101.0

• Potentially breaking bug fix: The Node package importer now properly supports resolving import-only variants of Sass files declared in the exports, sass, and style fields of package.json. Previously, these files were ignored even when loaded via @import, so any code relying on loading module-system-only files this way may break.

Commits

• 63b9922 Load import-only files through package.json exports (2772)
• c7e9947 Migrate from bufbuild/buf-setup-action to bufbuild/buf-action (2773)
• 7674a4c Bump postcss from 8.5.13 to 8.5.15 in /pkg/sass-parser (2774)
• See full diff in compare view

Updates vue-tsc from 3.3.3 to 3.3.4

Release notes

Sourced from vue-tsc's releases.

v3.3.4

language-core

• fix: only exclude already-set props from inherited attrs when checkRequiredFallthroughAttributes is enabled (6088) - Thanks to @​KazariEX!
• fix: camelize slot props regardless of htmlAttributes option (6089) - Thanks to @​KazariEX!
• fix: detect duplicate event listeners across name formats (6094) - Thanks to @​whysopaul!

language-service

• fix: respect var hoisting for destructured props hints (6092) - Thanks to @​KazariEX!

typescript-plugin

• fix: do not treat class and style as a boolean property (6081) - Thanks to @​KazariEX!

Our Sponsors ❤️

... (truncated)

Changelog

Sourced from vue-tsc's changelog.

3.3.4 (2026-06-08)

language-core

• fix: only exclude already-set props from inherited attrs when checkRequiredFallthroughAttributes is enabled (6088) - Thanks to @​KazariEX!
• fix: camelize slot props regardless of htmlAttributes option (6089) - Thanks to @​KazariEX!
• fix: detect duplicate event listeners across name formats (6094) - Thanks to @​whysopaul!

language-service

• fix: respect var hoisting for destructured props hints (6092) - Thanks to @​KazariEX!

typescript-plugin

• fix: do not treat class and style as a boolean property (6081) - Thanks to @​KazariEX!

Commits

• 043a77b v3.3.4 (6095)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions