chore(deps): bump the production-minor-patch group across 1 directory with 4 updates

[dependabot]

Bumps the production-minor-patch group with 4 updates in the /app directory: @unhead/vue, bootstrap-vue-next, dompurify and vue.

Updates @unhead/vue from 2.1.10 to 2.1.12

Release notes

Sourced from @​unhead/vue's releases.

v2.1.12

   🐞 Bug Fixes

• Harden prototype pollution  -  by @​harlan-zw (a6ed9)
• Case insensitive attr dedupe  -  by @​harlan-zw (3146b)

    View changes on GitHub

v2.1.11

    ⚠️ Security

• Fixed XSS bypass in useHeadSafe via attribute name injection (GHSA-g5xx-pwrp-g3fv). Users handling untrusted input with useHeadSafe should upgrade immediately.

   🐞 Bug Fixes

• addons,schema-org: Permissive peer dependencies  -  by @​harlan-zw (4c5d1)

    View changes on GitHub

Commits

• 20a19e0 chore: release v2.1.12
• 7b8d893 chore: bump snapshots
• 59ef1e2 chore: release v2.1.11
• 9ecc4f9 Merge commit from fork
• See full diff in compare view

Updates bootstrap-vue-next from 0.43.8 to 0.43.9

Release notes

Sourced from bootstrap-vue-next's releases.

bootstrapvuenext: v0.43.9

0.43.9 (2026-03-10)

Features

• BInput: expose the "onBlur" method as the "flushDebounce" method (#2758) (980754a)

Bug Fixes

• BFormSelect: normalize sub-options within groups using custom field names (#3104) (d6e36b2)
• BFormTags: pass noTagRemove and disabled props to BFormTag children (#3101) (412f8dc)
• BTable: use field accessor for sorting when available (#3103) (67a41a5)

nuxt: v0.43.9

0.43.9 (2026-03-10)

Miscellaneous Chores

• nuxt: Synchronize main group versions

Dependencies

• The following workspace dependencies were updated
  • devDependencies
    • bootstrap-vue-next bumped to 0.43.9
  • peerDependencies
    • bootstrap-vue-next bumped to 0.43.9

Changelog

Sourced from bootstrap-vue-next's changelog.

0.43.9 (2026-03-10)

Features

• BInput: expose the "onBlur" method as the "flushDebounce" method (#2758) (980754a)

Bug Fixes

• BFormSelect: normalize sub-options within groups using custom field names (#3104) (d6e36b2)
• BFormTags: pass noTagRemove and disabled props to BFormTag children (#3101) (412f8dc)
• BTable: use field accessor for sorting when available (#3103) (67a41a5)

Commits

• d09ea5c chore: release main (#3105)
• 8c5d621 test: add unit tests
• d6e36b2 fix(BFormSelect): normalize sub-options within groups using custom field name...
• 67a41a5 fix(BTable): use field accessor for sorting when available (#3103)
• 980754a feat(BInput): expose the "onBlur" method as the "flushDebounce" method (#2758)
• 412f8dc fix(BFormTags): pass noTagRemove and disabled props to BFormTag children (#3101)
• See full diff in compare view

Updates dompurify from 3.3.2 to 3.3.3

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.3

• Fixed an engine requirement for Node 20 which caused hiccups, thanks @​Rotzbua

Commits

• 8bcbf73 chore: Preparing 3.3.3 release
• 5faddd6 fix: engine requirement (#1210)
• 0f91e3a Update README.md
• d5ff1a8 Merge branch 'main' of github.com:cure53/DOMPurify
• c3efd48 fix: moved back from jsdom 28 to jsdom 20
• 988b888 fix: moved back from jsdom 28 to jsdom 20
• 2726c74 chore: Preparing 3.3.2 release
• 6202c7e build(deps): bump @​tootallnate/once and jsdom (#1204)
• 302b51d fix: Expanded the regex ever so slightly to also cover script
• cd85175 Merge branch 'main' of github.com:cure53/DOMPurify
• Additional commits viewable in compare view

Updates vue from 3.5.29 to 3.5.30

Release notes

Sourced from vue's releases.

v3.5.30

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.30 (2026-03-09)

Bug Fixes

• compat: add entities to @​vue/compat deps to fix CJS edge cases (#12514) (e725a67), closes #10609
• custom-element: ensure child component styles are injected in correct order before parent styles (#13374) (1398bf8), closes #13029
• custom-element: properly locate parent when slotted in shadow dom (#12480) (f06c81a), closes #12479
• custom-element: should properly patch as props for vue custom elements (#12409) (740983e), closes #12408
• reactivity: avoid duplicate raw/proxy entries in Set.add (#14545) (d943612)
• reactivity: fix reduce on reactive arrays to preserve reactivity (#12737) (16ef165), closes #12735
• reactivity: handle Set with initial reactive values edge case (#12393) (5dc27ca), closes #8647
• runtime-core: warn about negative number in v-for (#12308) (9438cc5)
• ssr: prevent watch from firing after async setup await (#14547) (6cda71d), closes #14546
• types: make generics with runtime props in defineComponent work (fix #11374) (#13119) (cea3cf7), closes #13763
• types: narrow useAttrs class/style typing for TSX (#14492) (bbb8977), closes #14489

Commits

• fdd863f release: v3.5.30
• 6cda71d fix(ssr): prevent watch from firing after async setup await (#14547)
• 9438cc5 fix(runtime-core): warn about negative number in v-for (#12308)
• 1398bf8 fix(custom-element): ensure child component styles are injected in correct or...
• 0d63202 chore(deps): update dependency puppeteer to ~24.38.0 (#14544)
• 5098986 chore(deps): update all non-major dependencies (#14498)
• 5d98213 chore(deps): update dependency minimatch to v10.2.3 [security] (#14495)
• 6a06ee5 chore(deps): update actions/upload-artifact action to v7 (#14500)
• 34a5d84 fix(deps): update dependency postcss to ^8.5.8 (#14543)
• d4ea55b chore(deps): update build (#14497)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, javascript. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.