[Snyk] Upgrade vue from 3.3.4 to 3.5.27

[snyk-io]

Snyk has created this PR to upgrade vue from 3.3.4 to 3.5.27.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 96 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-AXIOS-15252993	111	Proof of Concept
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	111	Proof of Concept
	Prototype Pollution SNYK-JS-AXIOS-6144788	111	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-7361793	111	Proof of Concept
	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	111	Proof of Concept
	Allocation of Resources Without Limits or Throttling SNYK-JS-AXIOS-12613773	111	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	111	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9292519	111	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9403194	111	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	111	Proof of Concept
	Predictable Value Range from Previous Values SNYK-JS-FORMDATA-10841150	111	Proof of Concept
	Improper Input Validation SNYK-JS-NANOID-8492085	111	No Known Exploit
	Improper Input Validation SNYK-JS-POSTCSS-5926692	111	No Known Exploit

Breaking Change Risk

Notice: This assessment is enhanced by AI.

Release notes

Package name: vue

• 3.5.27 - 2026-01-19
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

• 3.5.26 - 2025-12-18
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

• 3.5.25 - 2025-11-24
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

• 3.5.24 - 2025-11-07
• 3.5.23 - 2025-11-06
• 3.5.22 - 2025-09-25
• 3.5.21 - 2025-09-02
• 3.5.20 - 2025-08-25
• 3.5.19 - 2025-08-21
• 3.5.18 - 2025-07-23
• 3.5.17 - 2025-06-18
• 3.5.16 - 2025-05-29
• 3.5.15 - 2025-05-26
• 3.5.14 - 2025-05-15
• 3.5.13 - 2024-11-15
• 3.5.12 - 2024-10-11
• 3.5.11 - 2024-10-03
• 3.5.10 - 2024-09-27
• 3.5.9 - 2024-09-26
• 3.5.8 - 2024-09-22
• 3.5.7 - 2024-09-20
• 3.5.6 - 2024-09-16
• 3.5.5 - 2024-09-13
• 3.5.4 - 2024-09-10
• 3.5.3 - 2024-09-06
• 3.5.2 - 2024-09-05
• 3.5.1 - 2024-09-04
• 3.5.0 - 2024-09-03
• 3.5.0-rc.1 - 2024-08-29
• 3.5.0-beta.3 - 2024-08-20
• 3.5.0-beta.2 - 2024-08-15
• 3.5.0-beta.1 - 2024-08-08
• 3.5.0-alpha.5 - 2024-07-31
• 3.5.0-alpha.4 - 2024-07-24
• 3.5.0-alpha.3 - 2024-07-19
• 3.5.0-alpha.2 - 2024-05-04
• 3.5.0-alpha.1 - 2024-04-29
• 3.4.38 - 2024-08-15
• 3.4.37 - 2024-08-08
• 3.4.36 - 2024-08-06
• 3.4.35 - 2024-07-31
• 3.4.34 - 2024-07-24
• 3.4.33 - 2024-07-19
• 3.4.32 - 2024-07-17
• 3.4.31 - 2024-06-28
• 3.4.30 - 2024-06-22
• 3.4.29 - 2024-06-14
• 3.4.28 - 2024-06-14
• 3.4.27 - 2024-05-07
• 3.4.26 - 2024-04-29
• 3.4.25 - 2024-04-24
• 3.4.24 - 2024-04-22
• 3.4.23 - 2024-04-16
• 3.4.22 - 2024-04-15
• 3.4.21 - 2024-02-28
• 3.4.20 - 2024-02-26
• 3.4.19 - 2024-02-13
• 3.4.18 - 2024-02-09
• 3.4.17 - 2024-02-09
• 3.4.16 - 2024-02-08
• 3.4.15 - 2024-01-18
• 3.4.14 - 2024-01-15
• 3.4.13 - 2024-01-13
• 3.4.12 - 2024-01-13
• 3.4.11 - 2024-01-12
• 3.4.10 - 2024-01-11
• 3.4.9 - 2024-01-11
• 3.4.8 - 2024-01-10
• 3.4.7 - 2024-01-09
• 3.4.6 - 2024-01-08
• 3.4.5 - 2024-01-04
• 3.4.4 - 2024-01-03
• 3.4.3 - 2023-12-30
• 3.4.2 - 2023-12-30
• 3.4.1 - 2023-12-30
• 3.4.0 - 2023-12-29
• 3.4.0-rc.3 - 2023-12-27
• 3.4.0-rc.2 - 2023-12-26
• 3.4.0-rc.1 - 2023-12-25
• 3.4.0-beta.4 - 2023-12-19
• 3.4.0-beta.3 - 2023-12-16
• 3.4.0-beta.2 - 2023-12-14
• 3.4.0-beta.1 - 2023-12-13
• 3.4.0-alpha.4 - 2023-12-04
• 3.4.0-alpha.3 - 2023-11-28
• 3.4.0-alpha.2 - 2023-11-27
• 3.4.0-alpha.1 - 2023-10-28
• 3.3.13 - 2023-12-19
• 3.3.12 - 2023-12-16
• 3.3.11 - 2023-12-08
• 3.3.10 - 2023-12-04
• 3.3.9 - 2023-11-25
• 3.3.8 - 2023-11-06
• 3.3.7 - 2023-10-24
• 3.3.6 - 2023-10-20
• 3.3.5 - 2023-10-20
• 3.3.4 - 2023-05-18

from vue GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[snyk-io]

This upgrade from Vue 3.3.4 to 3.5.27 crosses a minor version boundary (v3.4) that includes several breaking changes. While v3.5 is non-breaking, the changes in v3.4 require developer action.

Breaking Changes in v3.4

• Global JSX Namespace Removed: To prevent conflicts with React, Vue no longer registers the global JSX namespace. This will break builds using TSX.
• Removed Deprecated Features: Features deprecated in v3.3 are now removed and will cause errors:
  • The v-is directive is removed. Use the is attribute with the vue: prefix instead.
  • @vnodeXXX event listeners are a compiler error. Use @vue:XXX listeners instead.
  • app.config.unwrapInjectedRef has been removed.
• Reactivity Transform Removed: This experimental feature (using $ref(), $$()) has been removed. Projects using it must migrate away or use the Vue Macros plugin.

Highlights in v3.5

• No Breaking Changes: The v3.5 release is focused on performance and new features, with no documented breaking changes.
• Performance: Includes a major reactivity system refactor for significantly lower memory usage (~56%) and up to 10x faster operations on large reactive arrays.
• New Features: defineModel is now stable, and Reactive Props Destructuring is enabled by default, simplifying component definitions.

Recommendation: Before merging, developers must verify if the project uses TS

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.