chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@types/node (source)	^24.10.0 -> ^24.10.1			devDependencies	patch
actions/checkout	v5.0.0 -> v5.0.1			action	patch
danielroe/provenance-action	v0.1.0 -> v0.1.1			action	patch
pnpm (source)	10.21.0 -> 10.23.0			packageManager	minor
vite (source)	^7.1.12 -> ^7.2.4			devDependencies	minor
vue (source)	3.5.22 -> 3.5.24			devDependencies	patch

---

Release Notes

actions/checkout (actions/checkout)

v5.0.1

Compare Source

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in #​2301

Full Changelog: actions/checkout@v5...v5.0.1

danielroe/provenance-action (danielroe/provenance-action)

v0.1.1

Compare Source

compare changes

🚀 Enhancements

• Add support for bun.lock (#​12)

📖 Documentation

• Use @main constraint for example (237ceea)

❤️ Contributors

• Daniel Roe (@​danielroe)

pnpm/pnpm (pnpm)

v10.23.0: pnpm 10.23

Compare Source

Minor Changes

• Added --lockfile-only option to pnpm list #​10020.

Patch Changes

• pnpm self-update should download pnpm from the configured npm registry #​10205.
• pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #​10190.
• Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #​10209.
• The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #​10208.
• pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:[email protected]) #​8660.
• Don't add an extra slash to the Node.js mirror URL #​10204.
• pnpm store prune should not fail if the store contains Node.js packages #​10131.

Platinum Sponsors

Gold Sponsors

v10.22.0: pnpm 10.22

Compare Source

Minor Changes

• Added support for trustPolicyExclude #​10164.

  You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

  trustPolicy: no-downgrade
  trustPolicyExclude:
    - [email protected]
    - [email protected] || 5.102.1

• Allow to override the engines field on publish by the publishConfig.engines field.

Patch Changes

• Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #​10179.

Platinum Sponsors

Gold Sponsors

vitejs/vite (vite)

v7.2.4

Compare Source

Bug Fixes

• revert "perf(deps): replace debug with obug (#​21107)" (2d66b7b)

v7.2.3

Compare Source

Bug Fixes

• allow multiple bindCLIShortcuts calls with shortcut merging (#​21103) (5909efd)
• deps: update all non-major dependencies (#​21096) (6a34ac3)
• deps: update all non-major dependencies (#​21128) (4f8171e)

Performance Improvements

• deps: replace debug with obug (#​21107) (acfe939)

Miscellaneous Chores

• deps: update dependency @​rollup/plugin-commonjs to v29 (#​21099) (02ceaec)
• deps: update rolldown-related dependencies (#​21095) (39a0a15)
• deps: update rolldown-related dependencies (#​21127) (5029720)

v7.2.2

Compare Source

Bug Fixes

• revert "refactor: use fs.cpSync (#​21019)" (#​21081) (728c8ee)

v7.2.1

Compare Source

Bug Fixes

• worker: some worker asset was missing (#​21074) (82d2d6c)

Code Refactoring

• build: rename indexOfMatchInSlice to findPreloadMarker (#​21054) (f83264f)

v7.2.0

Compare Source

Bug Fixes

• css: fallback to sass when sass-embedded platform binary is missing (#​21002) (b1fd616)
• module-runner: make getBuiltins response JSON serializable (#​21029) (ad5b3bf)
• types: add undefined to optional properties for exactOptionalProperties type compatibility (#​21040) (2833c55)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​21047) (e3a6a83)

vuejs/core (vue)

v3.5.24

Compare Source

Reverts

• Revert "fix(compiler-core): correctly handle ts type assertions in expression…" (#​14062) (11ec51a), closes #​14062 #​14060

v3.5.23

Compare Source

Bug Fixes

• compiler-core: correctly handle ts type assertions in expressions (#​13397) (e6544ac), closes #​13395
• compiler-core: fix v-bind shorthand handling for in-DOM templates (#​13933) (b3cca26), closes #​13930
• compiler-sfc: resolve numeric literals and template literals without expressions as static property key (#​13998) (75d44c7)
• compiler-ssr: textarea with v-text directive SSR (#​13975) (006a0c1)
• compiler: using guard instead of non-nullish assertion (#​13982) (dcc6f36)
• custom-element: batch custom element prop patching (#​13478) (c13e674), closes #​12619
• custom-element: optimize slot retrieval to avoid duplicates (#​13961) (84ca349), closes #​13955
• hydration: avoid mismatch during hydrate text with newlines in interpolation (#​9232) (6cbdf78), closes #​9229
• runtime-core: pass props and children to loadingComponent (#​13997) (40c4b2a)
• runtime-dom: ensure iframe sandbox is handled as an attribute to prevent unintended behavior (#​13950) (5689884), closes #​13946
• suspense: clear placeholder and fallback el after resolve to enable GC (#​13928) (f411c66)
• transition-group: use offsetLeft and offsetTop instead of getBoundingClientRect to avoid transform scale affect animation (#​6108) (dc4dd59), closes #​6105
• v-model: handle number modifier on change (#​13959) (8fbe48f), closes #​13958

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/vue-bundle-renderer@285

commit: 7d71738