chore(deps-dev): bump the dev-deps group across 1 directory with 4 updates

[dependabot]

Bumps the dev-deps group with 4 updates in the / directory: fast-check, hono, tsx and vue.

Updates fast-check from 4.7.0 to 4.8.0

Release notes

Sourced from fast-check's releases.

New arbitrary to chain in a loop fashion

[Code][Diff]

Features

• (PR#6678) Add chainUntil arbitrary for iterative chaining

Fixes

• (PR#6965) Bug: Restore ability not to use skipLibCheck
• (PR#6877) CI: Lowercase discussion_category_name to "announcements"
• (PR#6878) CI: Scope permissions of clean-caches
• (PR#6880) CI: Add PR-authoring guidance for Claude
• (PR#6887) CI: Delete CLAUDE.md
• (PR#6888) CI: Use tilde ranges for security dependency overrides
• (PR#6891) CI: Disable Renovate updates on pnpm overrides
• (PR#6899) CI: Scope Claude hooks to $CLAUDE_PROJECT_DIR
• (PR#6905) CI: Enable pnpm global virtual store
• (PR#6933) CI: Pin pnpm in npm install commands
• (PR#6932) CI: Grant discussions: write to release jobs
• (PR#6935) CI: Skip PR template check for dubzzz
• (PR#6937) CI: Mirror the repo to tangled
• (PR#6938) CI: Add missing runs-on for tangled
• (PR#6889) Doc: Add release notes for fast-check 4.7.0
• (PR#6900) Doc: Fix broken API reference links
• (PR#6844) Doc: Extract manual setup guide into dedicated page
• (PR#6845) Doc: Add index pages for documentation sections
• (PR#6918) Doc: Fix Documentation link to point to first doc page
• (PR#6939) Doc: Link to Tangled mirror of fast-check
• (PR#6934) Test: Tolerate \p{...} value drift in docs tests
• (PR#6951) Test: Fix poisoning tests for latest Node

---

Changelog

Sourced from fast-check's changelog.

4.8.0

New arbitrary to chain in a loop fashion [Code][Diff]

Features

• (PR#6678) Add chainUntil arbitrary for iterative chaining

Fixes

• (PR#6965) Bug: Restore ability not to use skipLibCheck
• (PR#6877) CI: Lowercase discussion_category_name to "announcements"
• (PR#6878) CI: Scope permissions of clean-caches
• (PR#6880) CI: Add PR-authoring guidance for Claude
• (PR#6887) CI: Delete CLAUDE.md
• (PR#6888) CI: Use tilde ranges for security dependency overrides
• (PR#6891) CI: Disable Renovate updates on pnpm overrides
• (PR#6899) CI: Scope Claude hooks to $CLAUDE_PROJECT_DIR
• (PR#6905) CI: Enable pnpm global virtual store
• (PR#6933) CI: Pin pnpm in npm install commands
• (PR#6932) CI: Grant discussions: write to release jobs
• (PR#6935) CI: Skip PR template check for dubzzz
• (PR#6937) CI: Mirror the repo to tangled
• (PR#6938) CI: Add missing runs-on for tangled
• (PR#6889) Doc: Add release notes for fast-check 4.7.0
• (PR#6900) Doc: Fix broken API reference links
• (PR#6844) Doc: Extract manual setup guide into dedicated page
• (PR#6845) Doc: Add index pages for documentation sections
• (PR#6918) Doc: Fix Documentation link to point to first doc page
• (PR#6939) Doc: Link to Tangled mirror of fast-check
• (PR#6934) Test: Tolerate \p{...} value drift in docs tests
• (PR#6951) Test: Fix poisoning tests for latest Node

---

Commits

• c0da76f 🔖 Update CHANGELOG.md for fast-check@4.8.0, @​fast-check/ava@​3.0.1 (#6967)
• df6f4c1 🐛 Restore ability not to use skipLibCheck (#6965)
• af612c5 ⬆️ Update dependency @​types/node to ^24.12.3 (#6952)
• 917dda4 ✅ Fix poisoning tests for latest Node (#6951)
• acb5c6f ✅ Tolerate \p{...} value drift in docs tests (#6934)
• 26cab19 ✨ Add chainUntil arbitrary for iterative chaining (#6678)
• 16f65f6 ⬆️ Update dependency oxlint to ^1.60.0 (#6856)
• 0a8ce9a ⬆️ Update dependency @​microsoft/api-extractor to ^7.58.7 (#6898)
• debb9b6 📝 Fix broken API reference links (#6900)
• 642e651 ⬆️ Update dependency typescript to ~6.0.3 (#6886)
• Additional commits viewable in compare view

Updates hono from 4.12.16 to 4.12.19

Release notes

Sourced from hono's releases.

v4.12.19

What's Changed

• ci: pin GitHub Actions to SHAs by @​yusukebe in honojs/hono#4932
• fix(serveStatic): make options parameter optional in all adapters by @​mixelburg in honojs/hono#4934
• fix(cookie): return the first cookie when there are multiple cookies with the same name by @​usualoma in honojs/hono#4922
• feat(bearer-auth): make bearerAuth generic for typed context in verifyToken by @​justinnais in honojs/hono#4913
• feat(cache): key cache entries by configured vary headers by @​usualoma in honojs/hono#4915
• feat(request): add bytes() by @​yusukebe in honojs/hono#4921
• fix(stream): upgrade @hono/node-server to v2 and fix abort handling by @​yusukebe in honojs/hono#4940

New Contributors

• @​justinnais made their first contribution in honojs/hono#4913

Full Changelog: honojs/hono@v4.12.18...v4.12.19

v4.12.18

Security fixes

This release includes fixes for the following security issues:

Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Affects: Cache Middleware. Fixes missing cache-skip handling for Vary: Authorization and Vary: Cookie, where a response cached for one authenticated user could be served to other users. GHSA-p77w-8qqv-26rm

CSS Declaration Injection via Style Object Values in JSX SSR

Affects: hono/jsx. Fixes a missing CSS-context escape for style object values and property names, where untrusted input could inject additional CSS declarations. The impact is limited to CSS and does not allow JavaScript execution. GHSA-qp7p-654g-cw7p

Improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Affects: hono/utils/jwt. Fixes improper validation of exp, nbf, and iat claims, where falsy, non-finite, or non-numeric values could silently bypass time-based checks instead of being rejected per RFC 7519. GHSA-hm8q-7f3q-5f36

---

Users who use the JWT helper, hono/jsx, or the Cache middleware are strongly encouraged to upgrade to this version.

v4.12.17

What's Changed

• fix(jsx): normalize SVG attributes on the root element by @​kfly8 in honojs/hono#4893
• fix(ssg): add atom+xml and rss+xml to defaultExtensionMap by @​yuintei in honojs/hono#4899
• fix(cors): make origin optional in CORSOptions by @​truffle-dev in honojs/hono#4905
• fix(types): propagate middleware response types to app.on overloads by @​T4ko0522 in honojs/hono#4906

New Contributors

• @​kfly8 made their first contribution in honojs/hono#4893
• @​truffle-dev made their first contribution in honojs/hono#4905

Full Changelog: honojs/hono@v4.12.16...v4.12.17

Commits

• 7e62bcd 4.12.19
• e2f252a fix(stream): upgrade @hono/node-server to v2 and fix abort handling (#4940)
• 54f2f0c feat(request): add bytes() (#4921)
• e59db59 feat(cache): key cache entries by configured vary headers (#4915)
• 48a7ccb feat(bearer-auth): make bearerAuth generic for typed context in verifyToken (...
• ff7522f fix(cookie): return the first cookie when there are multiple cookies with the...
• 26f8c33 fix(serveStatic): make options parameter optional in all adapters (#4934)
• 16c4e38 ci: pin GitHub Actions to SHAs (#4932)
• f10dee8 4.12.18
• a5bd9eb Merge commit from fork
• Additional commits viewable in compare view

Updates tsx from 4.21.0 to 4.22.1

Release notes

Sourced from tsx's releases.

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

• resolve tsconfig path aliases containing a colon (#780) (6979f28)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.0

4.22.0 (2026-05-14)

Features

• upgrade esbuild to 0.28 (#789) (b29f6ee)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.21.1

4.21.1 (2026-05-14)

Bug Fixes

• support Node 20.11/21.2 import.meta paths (acf3d8f)
• support Node.js 24.15.0 (c1d2d45)
• support Node.js 26.1.0 and 25.9.0 (1d7e528)

---

This release is also available on:

• npm package (@​latest dist-tag)

Commits

• 6979f28 fix: resolve tsconfig path aliases containing a colon (#780)
• b29f6ee feat: upgrade esbuild to 0.28 (#789)
• 0dd17e9 test: cover registerHooks loader composition
• acf3d8f fix: support Node 20.11/21.2 import.meta paths
• 4bbef80 test: cover configDir paths without baseUrl
• dddc5ce test: cover sync-hook watch reruns and cleanup retries
• 09e8f8c test: assert CLI runs without warnings
• 1d7e528 fix: support Node.js 26.1.0 and 25.9.0
• c1d2d45 fix: support Node.js 24.15.0
• d04672d test: update node version feature gates
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.

Updates vue from 3.5.33 to 3.5.34

Release notes

Sourced from vue's releases.

v3.5.34

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.34 (2026-05-06)

Bug Fixes

• compiler-sfc: infer Vue ref wrapper types when source is unresolvable (#14758) (7f46fd4), closes #14729
• compiler-sfc: preserve hash hrefs on <image> elements (#14756) (090b2e3)
• compiler-sfc: resolve type re-exports inside declare global (#14766) (acfffe3)
• reactivity: prevent orphan effect when created in a stopped scope (#14778) (c8e2d4a), closes #14777
• runtime-core: avoid symbol coercion during props validation (#8539) (23d4fb5), closes #8487
• suspense: avoid DOM leak with out-in transition in v-if fragment (#14762) (9667e0d), closes #14761

Commits

• 57545e9 release: v3.5.34
• a3b2617 chore(deps): update dependency jsdom to ^29.1.1 (#14775)
• 23d4fb5 fix(runtime-core): avoid symbol coercion during props validation (#8539)
• 090b2e3 fix(compiler-sfc): preserve hash hrefs on \<image> elements (#14756)
• 9667e0d fix(suspense): avoid DOM leak with out-in transition in v-if fragment (#14762)
• c8e2d4a fix(reactivity): prevent orphan effect when created in a stopped scope (#14778)
• 7f46fd4 fix(compiler-sfc): infer Vue ref wrapper types when source is unresolvable (#...
• acfffe3 fix(compiler-sfc): resolve type re-exports inside declare global (#14766)
• a037385 chore(deps): update build (#14759)
• 0bc56ff chore(deps): update pnpm to v10.33.3 (#14760)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions