Bump the dev-dependencies group with 7 updates

[dependabot]

Bumps the dev-dependencies group with 7 updates:

Package	From	To
vue	3.5.29	3.5.31
@vue/compiler-sfc	3.5.29	3.5.31
copy-webpack-plugin	13.0.1	14.0.0
terser-webpack-plugin	5.3.16	5.4.0
typescript	5.9.3	6.0.2
webpack	5.105.3	5.105.4
webpack-cli	6.0.1	7.0.2

Updates vue from 3.5.29 to 3.5.31

Release notes

Sourced from vue's releases.

v3.5.31

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.30

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.31 (2026-03-25)

Bug Fixes

• compiler-sfc: allow Node.js subpath imports patterns in asset urls (#13045) (95c3356), closes #9919
• compiler-sfc: support template literal as defineModel name (#14622) (bd7eef0), closes #14621
• reactivity: normalize toRef property keys before dep lookup + improve types (#14625) (1bb28d0), closes #12427 #12431
• runtime-core: invalidate detached v-for memo vnodes after unmount (#14624) (560def4), closes #12708 #12710
• runtime-core: preserve nullish event handlers in mergeProps (#14550) (5725222)
• runtime-core: prevent merging model listener when value is null or undefined (#14629) (b39e032)
• runtime-dom: defer teleport mount/update until suspense resolves (#8619) (88ed045), closes #8603
• runtime-dom: handle activeElement check in Shadow DOM for v-model (#14196) (959ded2)
• server-renderer: cleanup component effect scopes after SSR render (#14548) (862f11e)
• suspense: avoid unmount activeBranch twice if wrapped in transition (#9392) (908c6ad), closes #7966
• suspense: update suspense vnode's el during branch self-update (#12922) (a2c1700), closes #12920
• transition: skip enter guard while hmr updating (#14611) (be0a2f1), closes #14608
• types: prevent shallowReactive marker from leaking into value unions (#14493) (3b561db), closes #14490

3.5.30 (2026-03-09)

Bug Fixes

• compat: add entities to @​vue/compat deps to fix CJS edge cases (#12514) (e725a67), closes #10609
• custom-element: ensure child component styles are injected in correct order before parent styles (#13374) (1398bf8), closes #13029
• custom-element: properly locate parent when slotted in shadow dom (#12480) (f06c81a), closes #12479
• custom-element: should properly patch as props for vue custom elements (#12409) (740983e), closes #12408
• reactivity: avoid duplicate raw/proxy entries in Set.add (#14545) (d943612)
• reactivity: fix reduce on reactive arrays to preserve reactivity (#12737) (16ef165), closes #12735
• reactivity: handle Set with initial reactive values edge case (#12393) (5dc27ca), closes #8647
• runtime-core: warn about negative number in v-for (#12308) (9438cc5)
• ssr: prevent watch from firing after async setup await (#14547) (6cda71d), closes #14546
• types: make generics with runtime props in defineComponent work (fix #11374) (#13119) (cea3cf7), closes #13763
• types: narrow useAttrs class/style typing for TSX (#14492) (bbb8977), closes #14489

Commits

• 81615d3 release: v3.5.31
• 3b561db fix(types): prevent shallowReactive marker from leaking into value unions (#1...
• 1b2aca4 chore: ignore entities updates in renovate (#14630)
• 51675b4 chore(deps): update dependency jsdom to v29 (#14580)
• b147482 chore(deps): update build (#14572)
• 7a4bf3c chore(deps): update all non-major dependencies (#14577)
• fe6e5fe chore(deps): update test (#14578)
• 5ad623a chore(deps): update pnpm/action-setup action to v5 (#14616)
• bf033b8 chore(deps): update dawidd6/action-download-artifact action to v19 (#14614)
• e41a589 chore(deps): update dependency @​babel/parser to ^7.29.2 (#14613)
• Additional commits viewable in compare view

Updates @vue/compiler-sfc from 3.5.29 to 3.5.31

Release notes

Sourced from @​vue/compiler-sfc's releases.

v3.5.31

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.30

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from @​vue/compiler-sfc's changelog.

3.5.31 (2026-03-25)

Bug Fixes

• compiler-sfc: allow Node.js subpath imports patterns in asset urls (#13045) (95c3356), closes #9919
• compiler-sfc: support template literal as defineModel name (#14622) (bd7eef0), closes #14621
• reactivity: normalize toRef property keys before dep lookup + improve types (#14625) (1bb28d0), closes #12427 #12431
• runtime-core: invalidate detached v-for memo vnodes after unmount (#14624) (560def4), closes #12708 #12710
• runtime-core: preserve nullish event handlers in mergeProps (#14550) (5725222)
• runtime-core: prevent merging model listener when value is null or undefined (#14629) (b39e032)
• runtime-dom: defer teleport mount/update until suspense resolves (#8619) (88ed045), closes #8603
• runtime-dom: handle activeElement check in Shadow DOM for v-model (#14196) (959ded2)
• server-renderer: cleanup component effect scopes after SSR render (#14548) (862f11e)
• suspense: avoid unmount activeBranch twice if wrapped in transition (#9392) (908c6ad), closes #7966
• suspense: update suspense vnode's el during branch self-update (#12922) (a2c1700), closes #12920
• transition: skip enter guard while hmr updating (#14611) (be0a2f1), closes #14608
• types: prevent shallowReactive marker from leaking into value unions (#14493) (3b561db), closes #14490

3.5.30 (2026-03-09)

Bug Fixes

• compat: add entities to @​vue/compat deps to fix CJS edge cases (#12514) (e725a67), closes #10609
• custom-element: ensure child component styles are injected in correct order before parent styles (#13374) (1398bf8), closes #13029
• custom-element: properly locate parent when slotted in shadow dom (#12480) (f06c81a), closes #12479
• custom-element: should properly patch as props for vue custom elements (#12409) (740983e), closes #12408
• reactivity: avoid duplicate raw/proxy entries in Set.add (#14545) (d943612)
• reactivity: fix reduce on reactive arrays to preserve reactivity (#12737) (16ef165), closes #12735
• reactivity: handle Set with initial reactive values edge case (#12393) (5dc27ca), closes #8647
• runtime-core: warn about negative number in v-for (#12308) (9438cc5)
• ssr: prevent watch from firing after async setup await (#14547) (6cda71d), closes #14546
• types: make generics with runtime props in defineComponent work (fix #11374) (#13119) (cea3cf7), closes #13763
• types: narrow useAttrs class/style typing for TSX (#14492) (bbb8977), closes #14489

Commits

• 81615d3 release: v3.5.31
• 7a4bf3c chore(deps): update all non-major dependencies (#14577)
• 95c3356 fix(compiler-sfc): allow Node.js subpath imports patterns in asset urls (#13045)
• bd7eef0 fix(compiler-sfc): support template literal as defineModel name (#14622)
• fdd863f release: v3.5.30
• 5098986 chore(deps): update all non-major dependencies (#14498)
• 34a5d84 fix(deps): update dependency postcss to ^8.5.8 (#14543)
• See full diff in compare view

Updates copy-webpack-plugin from 13.0.1 to 14.0.0

Release notes

Sourced from copy-webpack-plugin's releases.

v14.0.0

14.0.0 (2026-03-02)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 20.9.0 (#819) (2881203)

Bug Fixes

• update serialize-javascript to fix security problems

Changelog

Sourced from copy-webpack-plugin's changelog.

14.0.0 (2026-03-02)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 20.9.0 (#819) (2881203)

Bug Fixes

• update serialize-javascript to fix security problems

Commits

• 18eb9d9 chore(release): 14.0.0
• 2881203 refactor!: minimum supported Node.js version is 20.9.0 (#819)
• 9dc3d31 chore(deps-dev): bump ajv from 6.12.6 to 6.14.0 (#815)
• 5cf5a1d chore(deps): update (#814)
• 3dd5b6e chore(deps): bump js-yaml (#813)
• 9ac38bb chore(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#812)
• 6a16bac Update link to contributing guidelines in README
• a1625f9 chore: migrate from contrib (#810)
• 9f6f204 chore: update github actions/checkout from v4 to v5 (#809)
• See full diff in compare view

Updates terser-webpack-plugin from 5.3.16 to 5.4.0

Release notes

Sourced from terser-webpack-plugin's releases.

v5.4.0

5.4.0 (2026-03-10)

Features

• added ability to minimize JSON using jsonMinify (#657) (29ac915)

v5.3.17

5.3.17 (2026-03-03)

Bug Fixes

• update serialize-javascript (37c490c)

Changelog

Sourced from terser-webpack-plugin's changelog.

5.4.0 (2026-03-10)

Features

• added ability to minimizer JSON using jsonMinify (#657) (29ac915)

5.3.17 (2026-03-03)

Bug Fixes

• update serialize-javascript (37c490c)

Commits

• 543da6e chore(release): 5.4.0
• 29ac915 feat: added ability to minimizer JSON using jsonMinify (#657)
• e505dee fix: align with code
• 6f911ff chore(release): 5.3.17
• 37c490c fix: update serialize-javascript
• 207764f chore: deps update (#652)
• a85ab47 chore(deps-dev): bump ajv from 6.12.6 to 6.14.0 (#648)
• See full diff in compare view

Updates typescript from 5.9.3 to 6.0.2

Release notes

Sourced from typescript's releases.

TypeScript 6.0

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

• npm

TypeScript 6.0 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 6.0.0 (Beta).

Downloads are available on:

• npm

Commits

• 607a22a Bump version to 6.0.2 and LKG
• 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
• 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
• e175b69 Bump version to 6.0.1-rc and LKG
• af4caac Update LKG
• 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
• 206ed1a Deprecate assert in import() (#63172)
• e688ac8 Update dependencies (#63156)
• 29b300d Bump the github-actions group across 1 directory with 2 updates (#63205)
• 0c2c7a3 DOM update (#63183)
• Additional commits viewable in compare view

Updates webpack from 5.105.3 to 5.105.4

Release notes

Sourced from webpack's releases.

v5.105.4

Patch Changes

• Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

• Handle createRequire in expressions. (by @​alexander-akait in #20549)

• Fixed types for multi stats. (by @​alexander-akait in #20556)

• Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

• Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

• Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

Changelog

Sourced from webpack's changelog.

5.105.4

Patch Changes

• Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

• Handle createRequire in expressions. (by @​alexander-akait in #20549)

• Fixed types for multi stats. (by @​alexander-akait in #20556)

• Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

• Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

• Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

Commits

• 27c13b4 chore(release): new release (#20550)
• 9b2f41e chore: bump terser plugin (#20569)
• eafe060 fix: narrow the export presence guard detection (#20561)
• 75d605c refactor: add AppendOnlyStackedSet iteration support and tests (#20560)
• afa607d refactor: remove unused code (#20562)
• 4098902 test: add source files for web-webworker and web-webworker-auto-public-path (...
• f97be67 refactor: fix duplicated word in Compilation JSDoc (#20547)
• 9d76fff refactor: add Module.getSourceBasicTypes for basic JS type detection (#20546)
• a3d7839 fix: types for multi stats (#20556)
• b8e9b05 fix: update enhanced-resolve to support new features for tsconfig.json (#...
• Additional commits viewable in compare view

Updates webpack-cli from 6.0.1 to 7.0.2

Release notes

Sourced from webpack-cli's releases.

webpack-cli@7.0.2

Patch Changes

• Resolve configuration path for cache build dependencies. (by @​alexander-akait in #4707)

webpack-cli@7.0.1

Patch Changes

• The file protocol for configuration options (--config/--extends) is supported. (by @​alexander-akait in #4702)

webpack-cli@7.0.0

Major Changes

• The minimum supported version of Node.js is 20.9.0. (by @​alexander-akait in #4677)

• Use dynamic import to load webpack.config.js, fallback to interpret only when configuration can't be load by dynamic import. Using dynamic imports allows you to take advantage of Node.js's built-in TypeScript support. (by @​alexander-akait in #4677)

• Removed the --node-env argument in favor of the --config-node-env argument. (by @​alexander-akait in #4677)

• The version command only output versions right now. (by @​alexander-akait in #4677)

• Removed deprecated API, no action required unless you use import cli from "webpack-cli";/const cli = require("webpack-cli");. (by @​alexander-akait in #4677)

Patch Changes

• Allow configuration freezing. (by @​alexander-akait in #4677)

• Use graceful shutdown when file system cache is enabled. (by @​alexander-akait in #4677)

• Performance improved. (by @​alexander-akait in #4677)

Changelog

Sourced from webpack-cli's changelog.

7.0.2

Patch Changes

• Resolve configuration path for cache build dependencies. (by @​alexander-akait in #4707)

7.0.1

Patch Changes

• The file protocol for configuration options (--config/--extends) is supported. (by @​alexander-akait in #4702)

7.0.0

Major Changes

• The minimum supported version of Node.js is 20.9.0. (by @​alexander-akait in #4677)

• Use dynamic import to load webpack.config.js, fallback to interpret only when configuration can't be load by dynamic import. Using dynamic imports allows you to take advantage of Node.js's built-in TypeScript support. (by @​alexander-akait in #4677)

• Removed the --node-env argument in favor of the --config-node-env argument. (by @​alexander-akait in #4677)

• The version command only output versions right now. (by @​alexander-akait in #4677)

• Removed deprecated API, no action required unless you use import cli from "webpack-cli";/const cli = require("webpack-cli");. (by @​alexander-akait in #4677)

Patch Changes

• Allow configuration freezing. (by @​alexander-akait in #4677)

• Use graceful shutdown when file system cache is enabled. (by @​alexander-akait in #4677)

• Performance improved. (by @​alexander-akait in #4677)

Commits

• 49efdc0 chore(release): new release (#4708)
• 1fc1b9d fix: resolve configuration path for build dependencies (#4707)
• fd02100 chore(release): new release (#4705)
• a653b02 fix: use a new create-webpack-app package name (#4704)
• 173e4bf chore(release): new release (#4703)
• c033657 ci: avoid extra step
• fd28679 fix: support file protocol in configuration options (#4702)
• 37e4270 chore: normalize package.json (#4700)
• d5290e3 ci: fix
• 0b116f7 chore(release): new release (#4679)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for webpack-cli since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions