build(deps): bump the all-dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the all-dependencies group with 10 updates in the / directory:

Package	From	To
@floating-ui/vue	1.1.10	1.1.11
@sentry/nuxt	10.38.0	10.42.0
@types/lodash	4.17.23	4.17.24
marked	17.0.2	17.0.4
swiper	12.1.1	12.1.2
@nuxt/eslint	1.15.1	1.15.2
@nuxtjs/robots	5.7.0	5.7.1
eslint	10.0.0	10.0.3
stylelint	17.3.0	17.4.0
vite-svg-loader	5.1.0	5.1.1

Updates @floating-ui/vue from 1.1.10 to 1.1.11

Release notes

Sourced from @​floating-ui/vue's releases.

@​floating-ui/vue@​1.1.11

Patch Changes

• Update dependencies: @floating-ui/dom@1.7.6, @floating-ui/utils@0.2.11

Changelog

Sourced from @​floating-ui/vue's changelog.

1.1.11

Patch Changes

• Update dependencies: @floating-ui/dom@1.7.6, @floating-ui/utils@0.2.11

Commits

• See full diff in compare view

Updates @sentry/nuxt from 10.38.0 to 10.42.0

Release notes

Sourced from @​sentry/nuxt's releases.

10.42.0

• feat(consola): Enhance Consola integration to extract first-param object as searchable attributes (#19534)
• fix(astro): Do not inject withSentry into Cloudflare Pages (#19558)
• fix(core): Do not remove promiseBuffer entirely (#19592)
• fix(deps): Bump fast-xml-parser to 4.5.4 for CVE-2026-25896 (#19588)
• fix(react-router): Set correct transaction name when navigating with object argument (#19590)
• ref(nuxt): Use addVitePlugin instead of deprecated vite:extendConfig (#19464)

• chore(deps-dev): bump @​sveltejs/kit from 2.52.2 to 2.53.3 (#19571)
• chore(deps): Bump @​sveltejs/kit to 2.53.3 in sveltekit-2-svelte-5 E2E test (#19594)
• ci(deps): bump actions/checkout from 4 to 6 (#19570)

Bundle size 📦

Path	Size
@​sentry/browser	25.02 KB
@​sentry/browser - with treeshaking flags	23.57 KB
@​sentry/browser (incl. Tracing)	41.44 KB
@​sentry/browser (incl. Tracing, Profiling)	45.99 KB
@​sentry/browser (incl. Tracing, Replay)	79.35 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	69.21 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	83.93 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	95.91 KB
@​sentry/browser (incl. Feedback)	41.44 KB
@​sentry/browser (incl. sendFeedback)	29.58 KB
@​sentry/browser (incl. FeedbackAsync)	34.52 KB
@​sentry/browser (incl. Metrics)	26.17 KB
@​sentry/browser (incl. Logs)	26.31 KB
@​sentry/browser (incl. Metrics & Logs)	26.96 KB
@​sentry/react	26.74 KB
@​sentry/react (incl. Tracing)	43.72 KB
@​sentry/vue	29.37 KB
@​sentry/vue (incl. Tracing)	43.26 KB
@​sentry/svelte	25.05 KB
CDN Bundle	27.51 KB
CDN Bundle (incl. Tracing)	42.25 KB
CDN Bundle (incl. Logs, Metrics)	28.33 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	43.07 KB
CDN Bundle (incl. Replay, Logs, Metrics)	66.49 KB
CDN Bundle (incl. Tracing, Replay)	78.26 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	79.1 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	83.65 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	84.5 KB
CDN Bundle - uncompressed	80.42 KB

... (truncated)

Changelog

Sourced from @​sentry/nuxt's changelog.

10.42.0

• feat(consola): Enhance Consola integration to extract first-param object as searchable attributes (#19534)
• fix(astro): Do not inject withSentry into Cloudflare Pages (#19558)
• fix(core): Do not remove promiseBuffer entirely (#19592)
• fix(deps): Bump fast-xml-parser to 4.5.4 for CVE-2026-25896 (#19588)
• fix(react-router): Set correct transaction name when navigating with object argument (#19590)
• ref(nuxt): Use addVitePlugin instead of deprecated vite:extendConfig (#19464)

• chore(deps-dev): bump @​sveltejs/kit from 2.52.2 to 2.53.3 (#19571)
• chore(deps): Bump @​sveltejs/kit to 2.53.3 in sveltekit-2-svelte-5 E2E test (#19594)
• ci(deps): bump actions/checkout from 4 to 6 (#19570)

10.41.0

Important Changes

• feat(core,cloudflare,deno): Add instrumentPostgresJsSql instrumentation (#19566)

  Added a new instrumentation helper for the postgres (postgres.js) library, designed for SDKs that are not based on OpenTelemetry (e.g. Cloudflare, Deno). This wraps a postgres.js sql tagged template instance so that all queries automatically create Sentry spans.

  import postgres from 'postgres';
  import * as Sentry from '@sentry/cloudflare'; // or '@sentry/deno'
  export default Sentry.withSentry(env => ({ dsn: 'DSN' }), {
  async fetch(request, env, ctx) {
  const sql = Sentry.instrumentPostgresJsSql(postgres(env.DATABASE_URL));
  // All queries now create Sentry spans
  const users = await sql`SELECT * FROM users WHERE id = ${userId}`;
  return Response.json(users);
  
  },
  });

  The instrumentation is available in @sentry/core, @sentry/cloudflare, and @sentry/deno.

• feat(nextjs): Add Turbopack support for thirdPartyErrorFilterIntegration (#19542)

  We added experimental support for the thirdPartyErrorFilterIntegration with Turbopack builds.

  This feature requires Next.js 16+ and is currently behind an experimental flag:

... (truncated)

Commits

• 07c9190 release: 10.42.0
• 193a78d Merge pull request #19601 from getsentry/prepare-release/10.42.0
• 8738f9b meta(changelog): Update changelog for 10.42.0
• f870073 fix(astro): Do not inject withSentry into Cloudflare Pages (#19558)
• 552187d chore(deps): Bump @​sveltejs/kit to 2.53.3 in sveltekit-2-svelte-5 E2E test (#...
• 1ffba2c fix(core): Do not remove promiseBuffer entirely (#19592)
• 4a7c056 fix(react-router): Set correct transaction name when navigating with object a...
• 003e894 ci(deps): bump actions/checkout from 4 to 6 (#19570)
• 5d4c0eb chore(deps-dev): bump @​sveltejs/kit from 2.52.2 to 2.53.3 (#19571)
• 116c3f3 fix(deps): Bump fast-xml-parser to 4.5.4 for CVE-2026-25896 (#19588)
• Additional commits viewable in compare view

Updates @types/lodash from 4.17.23 to 4.17.24

Commits

• See full diff in compare view

Updates marked from 17.0.2 to 17.0.4

Release notes

Sourced from marked's releases.

v17.0.4

17.0.4 (2026-03-04)

Bug Fixes

• prevent ReDoS in inline link regex title group (#3902) (46fb9b8)

v17.0.3

17.0.3 (2026-02-17)

Bug Fixes

• escape image alt text (#3896) (909fe44)

Commits

• 22f0c55 chore(release): 17.0.4 [skip ci]
• 46fb9b8 fix: prevent ReDoS in inline link regex title group (#3902)
• 5b6faee chore(deps-dev): Bump eslint from 10.0.1 to 10.0.2 (#3904)
• bcdaf6a chore(deps-dev): Bump @​semantic-release/npm from 13.1.4 to 13.1.5 (#3905)
• baa78a5 docs: Add marked-abc to known extensions list (#3903)
• 1aed9ac chore(deps-dev): Bump eslint from 10.0.0 to 10.0.1 (#3901)
• 8045055 chore: rename escape helper function (#3900)
• bced615 chore(release): 17.0.3 [skip ci]
• 909fe44 fix: escape image alt text (#3896)
• eb8ba2b chore(deps-dev): Bump @​semantic-release/github from 12.0.5 to 12.0.6 (#3897)
• Additional commits viewable in compare view

Updates swiper from 12.1.1 to 12.1.2

Changelog

Sourced from swiper's changelog.

Changelog

Commits

• 2fd88b7 12.1.2
• d3e6633 fix prototype pollution bypass in extend() util
• See full diff in compare view

Updates @nuxt/devtools from 3.2.1 to 3.2.2

Release notes

Sourced from @​nuxt/devtools's releases.

v3.2.2

   🚀 Features

• Replace prompts with @clack/prompts  -  by @​KazariEX in nuxt/devtools#935 (1aa3d)

   🐞 Bug Fixes

• Attributes error penetration warning  -  by @​doyuli in nuxt/devtools#930 (706a7)
• devtools: Scope storage watchers to avoid EMFILE  -  by @​onmax in nuxt/devtools#934 (902c6)
• wizard: Typos  -  by @​doyuli in nuxt/devtools#931 (0216c)

    View changes on GitHub

Changelog

Sourced from @​nuxt/devtools's changelog.

3.2.2 (2026-02-25)

Bug Fixes

• attributes error penetration warning (#930) (706a760)
• devtools: scope storage watchers to avoid EMFILE (#934) (902c60c)
• wizard: typos (#931) (0216c08)

Features

• replace prompts with @clack/prompts (#935) (1aa3d2d)

Commits

• f0ee75a chore: release v3.2.2
• be7eab5 chore: fix lint errors
• 902c60c fix(devtools): scope storage watchers to avoid EMFILE (#934)
• 706a760 fix: attributes error penetration warning (#930)
• See full diff in compare view

Updates @nuxt/eslint from 1.15.1 to 1.15.2

Commits

• f852ae5 chore: release v1.15.2
• 69aa40e fix: prevent race condition of running checker module before eslint config is...
• See full diff in compare view

Updates @nuxtjs/robots from 5.7.0 to 5.7.1

Release notes

Sourced from @​nuxtjs/robots's releases.

v5.7.1

   🐞 Bug Fixes

• Support nuxt 4 with compatibility version >= 4  -  by @​lumirelle in nuxt-modules/robots#272 (1bf24)
• devtools: Broken indexable status  -  by @​harlan-zw (b0030)

    View changes on GitHub

Commits

• 6787c2e chore: release v5.7.1
• bfa19e5 chore: sync
• 4f38709 Merge branches 'main' and 'main' of github.com:nuxt-modules/robots
• b003020 fix(devtools): broken indexable status
• 1bf2418 fix: support nuxt 4 with compatibility version >= 4 (#272)
• b17465b docs: add skilld snippet to installation docs (#271)
• 1ac922a docs: add skilld agent skill snippet (#270)
• See full diff in compare view

Updates eslint from 10.0.0 to 10.0.3

Release notes

Sourced from eslint's releases.

v10.0.3

Bug Fixes

• e511b58 fix: update eslint (#20595) (renovate[bot])
• f4c9cf9 fix: include variable name in no-useless-assignment message (#20581) (sethamus)
• ee9ff31 fix: update dependency minimatch to ^10.2.4 (#20562) (Milos Djermanovic)

Documentation

• 9fc31b0 docs: Update README (GitHub Actions Bot)
• 4efaa36 docs: add info box for eslint-plugin-eslint-comments (#20570) (DesselBane)
• 23b2759 docs: add v10 migration guide link to Use docs index (#20577) (Pixel998)
• 80259a9 docs: Remove deprecated eslintrc documentation files (#20472) (Copilot)
• 9b9b4ba docs: fix typo in no-await-in-loop documentation (#20575) (Pixel998)
• e7d72a7 docs: document TypeScript 5.3 minimum supported version (#20547) (sethamus)

Chores

• ef8fb92 chore: package.json update for eslint-config-eslint release (Jenkins)
• e8f2104 chore: updates for v9.39.4 release (Jenkins)
• 5cd1604 refactor: simplify isCombiningCharacter helper (#20524) (Huáng Jùnliàng)
• 70ff1d0 chore: eslint-config-eslint require Node ^20.19.0 || ^22.13.0 || >=24 (#20586) (Milos Djermanovic)
• e32df71 chore: update eslint-plugin-eslint-comments, remove legacy-peer-deps (#20576) (Milos Djermanovic)
• 53ca6ee chore: disable eslint-comments/no-unused-disable rule (#20578) (Milos Djermanovic)
• e121895 ci: pin Node.js 25.6.1 (#20559) (Milos Djermanovic)
• efc5aef chore: update tsconfig.json in eslint-config-eslint (#20551) (Francesco Trotta)

v10.0.2

Bug Fixes

• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537) (루밀LuMir)

Documentation

• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548) (Mike McCready)
• 98cbf6b docs: update migration guide per Program range change (#20534) (Huáng Jùnliàng)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533) (Abilash)

Chores

• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553) (renovate[bot])
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536) (Milos Djermanovic)

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

... (truncated)

Commits

• bfce7ea 10.0.3
• d44ced8 Build: changelog update for 10.0.3
• e511b58 fix: update eslint (#20595)
• ef8fb92 chore: package.json update for eslint-config-eslint release
• e8f2104 chore: updates for v9.39.4 release
• 5cd1604 refactor: simplify isCombiningCharacter helper (#20524)
• 9fc31b0 docs: Update README
• 70ff1d0 chore: eslint-config-eslint require Node ^20.19.0 || ^22.13.0 || >=24 (#20586)
• f4c9cf9 fix: include variable name in no-useless-assignment message (#20581)
• 4efaa36 docs: add info box for eslint-plugin-eslint-comments (#20570)
• Additional commits viewable in compare view

Updates stylelint from 17.3.0 to 17.4.0

Release notes

Sourced from stylelint's releases.

17.4.0

It adds 2 options to the rules and fixes 7 bugs.

• Added: ignoreAtRules: [] to at-rule-no-vendor-prefix (#9096) (@​theacrat).
• Added: ignoreMediaFeatureNames: [] to media-feature-name-no-vendor-prefix (#9097) (@​theacrat).
• Fixed: performance of selector cloning rules (#9089) (@​jeddy3).
• Fixed: *-empty-line-before performance (#9092) (@​jeddy3).
• Fixed: declaration-property-value-no-unknown performance (#9090) (@​jeddy3).
• Fixed: no-irregular-whitespace performance (#9091) (@​jeddy3).
• Fixed: property-no-unknown false negatives for at-rule descriptors (#9109) (@​jeddy3).
• Fixed: property-no-unknown false positives for corner-shape (#9099) (@​jeddy3).
• Fixed: property-no-unknown false positives for double-slashed properties (#9099) (@​jeddy3).

Changelog

Sourced from stylelint's changelog.

17.4.0 - 2026-02-25

It adds 2 options to the rules and fixes 7 bugs.

• Added: ignoreAtRules: [] to at-rule-no-vendor-prefix (#9096) (@​theacrat).
• Added: ignoreMediaFeatureNames: [] to media-feature-name-no-vendor-prefix (#9097) (@​theacrat).
• Fixed: performance of selector cloning rules (#9089) (@​jeddy3).
• Fixed: *-empty-line-before performance (#9092) (@​jeddy3).
• Fixed: declaration-property-value-no-unknown performance (#9090) (@​jeddy3).
• Fixed: no-irregular-whitespace performance (#9091) (@​jeddy3).
• Fixed: property-no-unknown false negatives for at-rule descriptors (#9109) (@​jeddy3).
• Fixed: property-no-unknown false positives for corner-shape (#9099) (@​jeddy3).
• Fixed: property-no-unknown false positives for double-slashed properties (#9099) (@​jeddy3).

Commits

• 556b7ad Release 17.4.0 (#9113)
• 05f64ad Run npm audit for minimatch (#9112)
• d358479 Document steps for adding an option and fixing a rule bug (#9111)
• 467c5c9 Fix property-no-unknown false negatives for at-rule descriptors (#9109)
• 4250b21 Document opening a pull request requests in CONTRIBUTING (#9110)
• effb787 Remove husky (#8984)
• f38a18c Remove redundant @types/file-entry-cache type dep (#9108)
• 83ed11b Add ignoreAtRules: [] to at-rule-no-vendor-prefix (#9096)
• 0a8f468 Add ignoreMediaFeatureNames: [] to media-feature-name-no-vendor-prefix (#...
• 83cfd65 Fix property-no-unknown false positives for corner-shape (#9099)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates vite-svg-loader from 5.1.0 to 5.1.1

Release notes

Sourced from vite-svg-loader's releases.

5.1.1

• Fix: High severity vulnerability in svgo dependency (GHSA-xpqw-6gx7-v673 / CVE-2026-29074 #167
• Chore: move console.warn to debug #115

Commits

• b6b5e73 Update svgo dependency
• 9aa85d9 Vite 8 is currently the same as vite@latest
• eab1417 Run e2e tests for vite v8
• 97cccda Remove tests badge
• e0ef764 Merge pull request #133 from jpkleemans/create-test-app-script
• d87a8ab Fix typescript tests
• 0c19a45 Update comment
• 50c6e70 Ignore create-test-app.sh script in npm package
• 95926f7 Copy vite-env.d.ts when using typescript
• fa1f29b Add tests
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.