deps(deps): bump the minor-and-patch group across 1 directory with 28 updates

[dependabot]

Bumps the minor-and-patch group with 26 updates in the / directory:

Package	From	To
@vue/compat	3.5.13	3.5.38
@vueuse/core	14.1.0	14.3.0
axios	1.15.2	1.18.0
cron-validator	1.3.1	1.4.0
date-fns	4.1.0	4.4.0
lodash	4.17.21	4.18.1
monaco-editor	0.44.0	0.55.1
qrcode.vue	3.6.0	3.10.0
query-string	9.2.0	9.4.0
sortablejs	1.15.6	1.15.7
vidstack	1.12.13	1.15.6
vue-i18n	11.2.8	11.4.6
zod	4.3.6	4.4.3
@biomejs/biome	2.4.16	2.5.0
@tsconfig/node22	22.0.0	22.0.5
@vitejs/plugin-vue	6.0.4	6.0.7
@vitest/coverage-v8	4.1.8	4.1.9
@vue/test-utils	2.4.6	2.4.11
@vue/tsconfig	0.7.0	0.9.1
prismjs	1.29.0	1.30.0
sass	1.85.1	1.101.0
vite-plugin-checker	0.8.0	0.14.4
vite-plugin-node-polyfills	0.25.0	0.28.0
vitepress	1.6.3	1.6.4
@esbuild/linux-x64	0.24.0	0.28.1
@rollup/rollup-linux-x64-gnu	4.9.5	4.62.2

Updates @vue/compat from 3.5.13 to 3.5.38

Release notes

Sourced from @​vue/compat's releases.

v3.5.38

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.37

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.35

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.34

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.33

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.32

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.31

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.30

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.29

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.28

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.27

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.26

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.25

For stable releases, please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from @​vue/compat's changelog.

3.5.38 (2026-06-11)

3.5.37 (2026-06-11)

3.5.36 (2026-06-11)

Bug Fixes

• compiler-core: avoid crash on CDATA at the document root (#14916) (0ea17e2)
• compiler-core: prefix dynamic keys on v-memo elements (#14922) (68e978e), closes #14920
• compiler-sfc: handle vue-ignore on leading intersection/union type (#14950) (0dcd225), closes #12254
• compiler-sfc: respect var hoisting in props destructure (48ad452)
• reactivity: preserve watch callback return value when wrapped for once: true (#14902) (450a8a8)
• runtime-core: add dev warning for silent catch in compat mode and fix test description typo (#14891) (db3e117)
• runtime-core: force model update when reverted before sync (#14897) (7f76378), closes #13524
• runtime-core: skip async component callbacks after unmount (#14911) (5300ead)
• transition: avoid move transition for hidden v-show group children (#14895) (c11f6ee), closes #14894
• watch: trigger immediate callback for empty sources (#14914) (1f2ca7e), closes #14898

3.5.35 (2026-05-27)

Bug Fixes

• compiler-core: avoid double processing v-for keys with v-memo (#14861) (34a0ded), closes #14859
• compiler-sfc: resolve top-level exports from files registered as global types (#14805) (3d077f2), closes nuxt/nuxt#33694
• runtime-core: avoid repeated hydration mismatch checks (#14857) (170fc95), closes #14855
• runtime-core: skip idle persisted transition hooks in keep-alive moves (#14865) (80fc139), closes #14031
• server-renderer: propagate sync errors from ssrRenderSuspense (#14804) (4760997), closes nuxt/nuxt#28162
• teleport: skip child unmount when pending mount discarded (#14876) (#14877) (584beb1)

Performance Improvements

• reactivity: skip type checks for cached proxies (#14860) (5734fe9)
• runtime-dom: optimize array event handler dispatch (#14828) (bb18dc8)
• server-renderer: avoid materializing iterables in ssrRenderList (#14821) (1b7a2cc)

3.5.34 (2026-05-06)

Bug Fixes

• compiler-sfc: infer Vue ref wrapper types when source is unresolvable (#14758) (7f46fd4), closes #14729
• compiler-sfc: preserve hash hrefs on <image> elements (#14756) (090b2e3)
• compiler-sfc: resolve type re-exports inside declare global (#14766) (acfffe3)
• reactivity: prevent orphan effect when created in a stopped scope (#14778) (c8e2d4a), closes #14777
• runtime-core: avoid symbol coercion during props validation (#8539) (23d4fb5), closes #8487
• suspense: avoid DOM leak with out-in transition in v-if fragment (#14762) (9667e0d), closes #14761

... (truncated)

Commits

• 478e3e8 release: v3.5.38
• 30ba647 chore(release): make release publishing resumable (#14953)
• c00b021 release: v3.5.37
• 11ac8b4 release: v3.5.36
• 43eba78 chore(deps): update lint (#14935)
• 3bc7290 chore(deps): update build (#14901)
• 8203fc5 chore(deps): update all non-major dependencies (#14938)
• 8f4bc85 chore(deps): update compiler (#14900)
• 8e63cdf chore(deps): update dependency npm-run-all2 to v9 (#14939)
• 131291a chore(deps): update test (#14936)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​vue/compat since your current version.

Updates @vueuse/core from 14.1.0 to 14.3.0

Release notes

Sourced from @​vueuse/core's releases.

v14.3.0

   🚀 Features

• Expose pointer event onLongPress  -  by @​mrcwbr in vueuse/vueuse#5295 (b1688)
• createInjectionState: Non-undefined return when default specified  -  by @​Laupetin in vueuse/vueuse#5306 (b0c51)
• createReusableTemplate: Add support for specifying component names  -  by @​wbolster in vueuse/vueuse#5300 (ea29d)
• nuxt: Add composable variants to auto imports  -  by @​OrbisK in vueuse/vueuse#5285 (ac2ef)
• useElementVisibility: Add controls option  -  by @​kricsleo in vueuse/vueuse#5191 (0cb03)
• useTextareaAutosize: Add optional maxHeight to limit autosize growth  -  by @​palamarchukser, @​antfu and @​9romise in vueuse/vueuse#5324 (1a3e5)

   🐞 Bug Fixes

• Add explicit ./package.json export to all packages  -  by @​babu-ch and @​OrbisK in vueuse/vueuse#5343 (0d989)
• core: Always return ssrValue in useCssSupports before mounted  -  by @​danielroe in vueuse/vueuse#5290 (76b0b)
• directive: Create disposable directive func cleanup of side effects unmounted  -  by @​kalu5, @​43081j, Raman Paulau and @​OrbisK in vueuse/vueuse#5244 (52d68)
• docs: Typos in useManualRefHistory, useFocusWithin, useStorageAsync, useIntersectionObserver  -  by @​blowsie, Sam Blowes and @​OrbisK in vueuse/vueuse#5329 (1d9c4)
• docs: Add ignoreDeprecations for twoslash TS 6.0 compat  -  by @​antfu and Claude Opus 4.6 (1M context) in vueuse/vueuse#5367 (9d1eb)
• metadata: Cleanup removed function resolveRef  -  by @​ntnyq in vueuse/vueuse#5307 (49da8)
• onClickOutside: Detect iframe inside shadow DOM with detectIframe option  -  by @​babu-ch and @​OrbisK in vueuse/vueuse#5336 (1a77b)
• shared: Align overloads order of watch functions with original version  -  by @​KazariEX in vueuse/vueuse#5288 (f1d32)
• useAxios: Handle optional response data safely  -  by @​jahnli in vueuse/vueuse#5318 (51198)
• useCached: Update comparator type and improve documentation  -  by @​IceMooncake in vueuse/vueuse#5376 (d886c)
• useClipboard: Prevents fail in Safari for async operation  -  by @​MatteoGabriele in vueuse/vueuse#5369 (5ec56)
• useSortable: Re-query DOM on every start() for string selectors  -  by @​Mini-ghost in vueuse/vueuse#5374 (3341f)
• useVirtualList: React to changes made in mutable arrays properly  -  by @​dcherman in vueuse/vueuse#5267 (7069e)
• useWakeLock: Auto-release wake lock on component unmount  -  by @​ProgrammingWithSid and @​OrbisK in vueuse/vueuse#5271 (43937)
• useWebSocket: Race condition caused by onopen/onclose events.  -  by @​DanCardin, @​antfu and @​9romise in vueuse/vueuse#5175 (6661c)
• whenever: Improve old value types  -  by @​VChet in vueuse/vueuse#5096 (979c6)

   🏎 Performance

• Replace deepRef with shallowRef where appropriate  -  by @​9romise in vueuse/vueuse#5293 (80004)

    View changes on GitHub

v14.2.1

   🚀 Features

• Add skills at the root directory for skills cli  -  by @​antfu (c005d)
• skills: Transfer @vueuse/skills  -  by @​serkodev in vueuse/vueuse#5286 (532ac)

   🐞 Bug Fixes

• useRafFn: Resolve reactive null fpsLimit not being handled  -  by @​nemanjamalesija in vueuse/vueuse#5284 (8ce0d)

    View changes on GitHub

v14.2.0

   🚀 Features

... (truncated)

Commits

• 99c5df9 chore: release v14.3.0
• 1a3e572 feat(useTextareaAutosize): add optional maxHeight to limit autosize growth ...
• d886c2f fix(useCached): update comparator type and improve documentation (#5376)
• acf182e docs(useCloned): add tip about watch flush timing (#5375)
• 5ec568d fix(useClipboard): prevents fail in Safari for async operation (#5369)
• 52d688f fix(directive): create disposable directive func cleanup of side effects unmo...
• df72450 chore: update deps
• 1aa211e Make demo of useElementSize readonly (#5365)
• 0d98998 fix: add explicit ./package.json export to all packages (#5343)
• 8c252c3 refactor: change primitive to shallowReadonly, rename readonly usage to `...
• Additional commits viewable in compare view

Updates axios from 1.15.2 to 1.18.0

Release notes

Sourced from axios's releases.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

• Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

• URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

• Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

• Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

• Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

• Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​drori12 (#10984)
• @​eyupcanakman (#10899)
• @​Adi-Beker (#10995)

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

... (truncated)

Changelog

Sourced from axios's changelog.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

• Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

• URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

• Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

• Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

• Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

• Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​drori12 (#10984)
• @​eyupcanakman (#10899)
• @​Adi-Beker (#10995)

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

... (truncated)

Commits

• 2d06f96 chore(release): prepare release 1.18.0 (#11003)
• 32fc489 fix: malformed http urls (#11000)
• b40ce49 chore(deps-dev): bump the development_dependencies group with 10 updates (#10...
• fe964f9 docs: mark proxy config as Node.js only (#10995)
• 5f229d2 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 in the github-actions ...
• fae9d4e docs: clarify package update PR policy (#10992)
• 28ab2ce chore(deps-dev): bump the development_dependencies group with 2 updates (#10989)
• a8e4f13 fix(core): keep default validateStatus when request passes undefined (#10899)
• 614f455 docs: publish v1.17.0 release notes (#10988)
• 6bb12c1 fix: custom auth headers not stripped on cross-origin redirects (#10892)
• Additional commits viewable in compare view

Updates cron-validator from 1.3.1 to 1.4.0

Release notes

Sourced from cron-validator's releases.

1.4.0

Add support for n-th weekday of month. This validates crons with the format tue#2 to specify on the 2nd Tuesday of the month.

Commits

• 84785fb 1.4.0
• 71c990e Merge pull request #26 from a10nik/master
• 40a0d52 chore: bug found at review, allowNthWeekdayOfMonth no longer ignores ranges
• 22866a7 chore: readme
• c180ffc feat: Support n-th weekday of month such as TUE#2
• 97ee1eb Merge pull request #22 from GuillaumeRochat/dependabot/npm_and_yarn/minimist-...
• d97cb9c Bump minimist from 1.2.5 to 1.2.6
• See full diff in compare view

Updates date-fns from 4.1.0 to 4.4.0

Release notes

Sourced from date-fns's releases.

v4.4.0

This release revisits the approach to CDN usage and introduces a new package, @date-fns/cdn and deprecates the date-fns CDN scripts. It allowed reducing the zipped package size from 5.83 MB down to 3.96 MB without introducing any breaking changes.

In v5.0.0-alpha.0 where CDN scripts are completely removed from date-fns the change is more significant and brings the zipped package size down to 2.89 MB.

It is just the first step in optimizing the package size. Expect further size reduction in the future v4 and v5 versions.

Changed

• DEPRECATED: The date-fns CDN scripts are now deprecated and will be removed in the next major release. Please switch to the new @date-fns/cdn package for CDN usage.

• Removed CDN source maps to reduce the package size. If you rely on them, please switch to the new @date-fns/cdn package that still includes them.

v4.3.0

Kudos to @​ImRodry and @​puneetdixit200 for their contributions.

Fixed

• Fixed missing modularized optimization fallback (for Next.js and others). See #4193.

• Fixed pt locale first day of week to be Sunday. See #4195 by @​ImRodry.

• Fixed zh-CN, zh-HK, and zh-TW locale month parsing for October, November, and December. See #4194 by @​puneetdixit200.

v4.2.1

Fixed

• Fixed type definitions missing in v4.2.0 due to TypeScript misconfiguration.

v4.2.0

This is a minor release in all senses, it only includes documentation updates (first of many) that points to the new You Don't Need date-fns* page.

* Not really

Changed

• Added Temporal API references to the JSDoc annotations of add, addBusinessDays, and addDays.

Commits

• cd53d25 Promote to v4.4.0
• d948ec1 Preserve but deprecate CDN versions for v4, set up v5 with polyfills
• ee65753 Add root mise :format task
• 9f5bdf5 Add positional argument to test/smoke.sh script
• 651ead6 Split CDN bundles into separate @​date-fns/cdn package
• 224c1a2 Deprecate type tests as attw hangs on date-fns package
• 7bb2842 Switch PACKAGE_OUTPUT_PATH to --dist flag in the package build script
• b6ad5ac Add flags to control package build script
• 424a783 Fix docs release after moving to monorepo setup
• f95bcf1 (docs): Add missing tsx dependency
• Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

• lodash: lodash/lodash@4.18.0-npm...4.18.1-npm
• lodash-es: lodash/lodash@4.18.0-es...4.18.1-es
• lodash-amd: lodash/lodash@4.18.0-amd...4.18.1-amd
• lodash.templatelodash/lodash@4.18.0-npm-packages...4.18.1-npm-packages

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

• Add security notice for _.template in threat model and API docs (#6099)
• Document lower > upper behavior in _.random (#6115)
• Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

• lodash.orderby
• lodash.tonumber
• lodash.trim
• lodash.trimend
• lodash.sortedindexby
• lodash.zipobjectdeep
• lodash.unset
• lodash.omit
• lodash.template

Commits

• cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
• 75535f5 chore: prune stale advisory refs (#6170)
• 62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
• 59be2de release(minor): bump to 4.18.0 (#6161)
• af63457 fix: broken tests for _.template 879aaa9
• 1073a76 fix: linting issues
• 879aaa9 fix: validate imports keys in _.template
• fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
• 18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
• b819080 ci: add dist sync validation workflow (#6137)
• Additional commits viewable in compare view

Updates monaco-editor from 0.44.0 to 0.55.1

Release notes

Sourced from monaco-editor's releases.

v0.55.1

Changes:

• #5121: Fixes missing language exports
• #5122: v0.55.1

This list of changes was auto generated.

v0.55.0

Changes:

• #5120: Fixes npx playwright install --with-deps
• #5118: Fixes microsoft/monaco-editor#5113
• #5117: v0.55.0
• #5116: Install playwright dependencies in monaco-editor-core job
• #5105: Fixes website
• #5104: fixes website & adds editor.api.d.ts
• #5102: Fixes typedoc & updates pipelines to test website
• #5100: Updates website dependencies
• #5071: Bump vite from 5.4.20 to 5.4.21 in /samples/browser-esm-vite-react
• #4961: Bump on-headers and compression in /samples

• #5040: Bump @​babel/runtime from 7.18.9 to 7.28.4 in /website
• #5095: Bump vite from 7.1.9 to 7.1.11 in /samples/browser-esm-vite
• #5097: Cleans up build scripts
• #5098: Dont build the editor when building the website
• #5099: Run tests
• #5094: Adds vite esm example
• #5093: Adds playground support for esmUrl
• #5092: Updates changelog
• #5090: Adds localization section to readme
• #5089: Adds missing NLS files
• #5088: Dont use .js for typescript imports, as rollup adds them to the output
• #5070: Bump vite from 7.1.5 to 7.1.11

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.