chore(deps): update dependencies (non-major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@types/node (source)	^20.16.5 -> ^20.16.10
@types/react (source)	^18.3.8 -> ^18.3.10
element-plus (source)	^2.8.3 -> ^2.8.4
tailwindcss (source)	^3.4.12 -> ^3.4.13
vite (source)	^5.4.7 -> ^5.4.8
vue (source)	^3.5.8 -> ^3.5.10

---

Release Notes

element-plus/element-plus (element-plus)

v2.8.4

Compare Source

2.8.4

2024-09-27

Features

• Components [autocomplete] add getData to exposes (#​18237 by @​dormadekhin)
• Components [date-picker] add placement & fallback-placements (#​18310 by @​btea)
• Components [input-number] add prefix and suffix (#​17993 by @​guze2003)
• Components [cascader] update cascader component to expost presentText (#​18338 by @​0song)
• Components add the ability to append table filter panel, select and pagination size dropdowns to any element (#​14318 by @​Karolis-Stoncius)
• Components [table] export updateKeyChildren method & correct version (#​17709 by @​warmthsea)

Bug fixes

• Components [segmented] item may be undefined (#​18199 by @​vaebe)
• Components step-strictly is true and should keep the initial value and step matching (#​18277 by @​KESHAOYE)
• Components [scrollbar] compatibility with wrapRef does not exist (#​18311 by @​btea)
• I18n improve translations of Persian (Farsi) (#​18290 by @​Notorious-Ali)
• Components [checkbox] default false if no false-value attr (#​18187 by @​tuskermanshu)
• Components [carousel] fix style when use motionBlur (#​18329 by @​momei-LJM)
• Components [descriptions-cell] redundant slot function calls (#​18330 by @​betavs)
• Components [avatar] remove outline from el-avatar component (#​18303 by @​DDDDD12138)
• Components [color-picker] support dynamic change of showAlpha prop (#​18280 by @​chensuifengran)
• Style(components): [form-item] top-label change to inline-block element (#​18293 by @​warmthsea)
• Style(components): [transfer] delete input__inner border-radius (#​18351 by @​warmthsea)

tailwindlabs/tailwindcss (tailwindcss)

v3.4.13

Compare Source

Fixed

• Improve source glob verification performance (#​14481)

vitejs/vite (vite)

v5.4.8

Compare Source

Please refer to CHANGELOG.md for details.

vuejs/core (vue)

v3.5.10

Compare Source

Bug Fixes

• custom-element: properly set kebab-case props on Vue custom elements (ea3efa0), closes #​12030 #​12032
• reactivity: fix nested batch edge case (93c95dd)
• reactivity: only clear notified flags for computed in first batch iteration (aa9ef23), closes #​12045
• types/ref: handle nested refs in UnwrapRef (#​12049) (e2c19c2), closes #​12044

v3.5.9

Compare Source

Bug Fixes

• reactivity: fix property dep removal regression (6001e5c), closes #​12020 #​12021
• reactivity: fix recursive sync watcher on computed edge case (10ff159), closes #​12033 #​12037
• runtime-core: avoid rendering plain object as VNode (#​12038) (cb34b28), closes #​12035 vitejs/vite-plugin-vue#353
• runtime-core: make useId() always return a string (a177092)
• types: correct type inference of union event names (#​12022) (4da6881)
• vue: properly cache runtime compilation (#​12019) (fa0ba24)

---

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@dg-scripts/eslint-config@5.21.3	Transitive: environment, eval, filesystem, shell, unsafe	+132	40.1 MB	sabertazimi
npm/@dg-scripts/stylelint-config@5.21.3	None	0	19.8 kB	sabertazimi
npm/@element-plus/icons-vue@2.3.1	None	0	3.76 MB	jeremywuuuuu
npm/@sabertazimi/react-scripts@5.21.3	Transitive: environment, eval, filesystem, shell, unsafe	+316	40.5 MB	sabertazimi
npm/@testing-library/dom@10.4.0	environment	+17	3.42 MB	testing-library-bot
npm/@testing-library/jest-dom@6.5.0	None	+9	1.03 MB	testing-library-bot
npm/@testing-library/react@16.0.1	environment	+1	592 kB	testing-library-bot
npm/@testing-library/user-event@14.5.2	None	0	435 kB	testing-library-bot
npm/@types/jsdom@21.1.7	None	+1	35.4 kB	types
npm/@types/node@20.16.10	None	0	2.21 MB	types
npm/@types/react-dom@18.3.0	None	0	37.8 kB	types
npm/@types/react-reconciler@0.28.8	None	0	47.8 kB	types
npm/@types/react@18.3.10	None	+2	1.69 MB	types
npm/@unhead/vue@1.11.6	None	+3	221 kB	harlan_zw
npm/@vitejs/plugin-vue@5.1.4	environment	0	193 kB	vitebot
npm/@vitest/coverage-v8@2.1.1	Transitive: environment	+8	952 kB	antfu, oreanno, patak, ...1 more
npm/@vue/test-utils@2.4.6	eval	0	1.51 MB	lmiller1990
npm/@vue/tsconfig@0.5.1	None	0	10.6 kB	soda
npm/autoprefixer@10.4.20	environment Transitive: filesystem	+4	2.57 MB	ai
npm/element-plus@2.8.4	environment Transitive: network	+14	44.2 MB	jeremywuuuuu
npm/eslint-plugin-format@0.1.2	None	+5	6.45 MB	antfu
npm/eslint@8.57.1	environment, filesystem Transitive: eval, shell, unsafe	+36	8.04 MB	eslintbot

🚮 Removed packages: npm/nanoid@5.0.7, npm/postcss@8.4.47, npm/prettier@3.3.3, npm/typescript@5.6.2

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Possible typosquat attack	npm/eslint-plugin-react-x@1.5.28	Did you mean: eslint-plugin-react~~-x~~ (1.1 thousand times more downloads)	package.json packages/mortal-ui/package.json packages/vue-basis/package.json packages/vue-design/package.json packages/vue-trello/package.json pnpm-lock.yaml	⚠︎

View full report↗︎

Next steps

What is a typosquat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/eslint-plugin-react-x@1.5.28

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.52%. Comparing base (fa4d25d) to head (516005b).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #701      +/-   ##
==========================================
- Coverage   99.76%   99.52%   -0.24%     
==========================================
  Files           5        5              
  Lines         424      424              
  Branches       71       71              
==========================================
- Hits          423      422       -1     
- Misses          1        2       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.