chore(deps): bump the patch group across 1 directory with 6 updates

[dependabot]

Bumps the patch group with 6 updates in the / directory:

Package	From	To
@rive-app/canvas	2.35.1	2.35.4
dayjs	1.11.19	1.11.20
jose	6.2.0	6.2.2
shiki	4.0.1	4.0.2
slugify	1.6.6	1.6.8
vue	3.5.29	3.5.31

Updates @rive-app/canvas from 2.35.1 to 2.35.4

Changelog

Sourced from @​rive-app/canvas's changelog.

2.35.4

Commits

• fix: Fixes occasional mesh crash on each draw with different technique to grab uv, vtx, indices from WASM heap (#11911) 6033a9a49b 5c70f18
• Add support for setting ViewModel value using Listeners and comparing ViewModels in Transition Conditions (#11917) 46a089fc12 bee1d1a
• chore: skip focus nodes that are collapsed or fully transparent (#11916) 57139fa664 51b0c5b
• fix: type enum issue with vm property DataType. re-expose the enum for runtime use (#11915) c07d10f899 a82466e
• Nnnnn library export fixes (#11884) 68176685ac 89e956e
• feat(vkcwa): Implement advanced blend (#11858) 37c39e85d4 327710e
• Bind ViewModelInstanceList with Stateful Components (#11878) e4abf64f44 3b38385
• fix: correct emoji image buffer size and dual-presentation fallback (#11876) 7640c5a47a f8e57de
• feature: add support for removing all elements from a view model list (#11872) 354acb8533 0a1c9a6

2.35.3 - 2026-03-16

Commits

• chore: tag 2.35.3 51315fd
• feature: add support for multiple inputs on listeners (#11862) 501b7f488c 4cd4607
• feature: emojis! (#11857) 89305a5fed 93f2356
• fix(runtime): Don't early out when processing KeyedObjects with missing objects (#11856) 3eb4211852 d25b756
• Component Input/Output Properties (#11854) 3034940065 50d11aa
• fix(apple): support language hints, create font from tables (#11807) 30fcb84a44 e1266c4
• feat(renderer): Enable reordering on clockwise mode (#11843) b5b724b93a ecdee3a
• Stateful Component Properties (#11800) b09cb6b29e 52b8003
• feature: add support for replacing view model property values (#11826) c8242bfa23 f8101f8
• fix: missing psql install (#11838) 96919e93b7 34f2043
• chore: bump to luau 0.711 (#11837) e74f1cb12e a9a5690
• feature: RenderCanvas, a GPU texture usable as both render target and render image (#11836) 2b8d8a0b03 d1d57fc
• Focus nodes (#11814) 017a4f41e3 c73c0e9

2.35.2 - 2026-03-09

Commits

• chore: tag 2.35.2 1156d6b
• fix(gl): Enable linear filtering on the atlas texture (#11818) 3312a8f159 e8ccf0f
• fix: restore indexing order of view model symbols (#11817) f7c0374b8f 05c2f29

Commits

• b38a584 chore: tag 2.35.4
• 5c70f18 fix: Fixes occasional mesh crash on each draw with different technique to gra...
• bee1d1a Add support for setting ViewModel value using Listeners and comparing ViewMod...
• 51b0c5b chore: skip focus nodes that are collapsed or fully transparent (#11916) 5713...
• a82466e fix: type enum issue with vm property DataType. re-expose the enum for runtim...
• 89e956e Nnnnn library export fixes (#11884) 68176685ac
• 327710e feat(vkcwa): Implement advanced blend (#11858) 37c39e85d4
• 3b38385 Bind ViewModelInstanceList with Stateful Components (#11878) e4abf64f44
• f8e57de fix: correct emoji image buffer size and dual-presentation fallback (#11876) ...
• 0a1c9a6 feature: add support for removing all elements from a view model list (#11872...
• Additional commits viewable in compare view

Updates dayjs from 1.11.19 to 1.11.20

Release notes

Sourced from dayjs's releases.

v1.11.20

1.11.20 (2026-03-12)

Bug Fixes

• Update locale km.js to support meridiem (#3017) (9d2b6a1)
• update updateLocale plugin to merge nested object properties instead of replacing (#3012) (99691c5), closes #1118

Changelog

Sourced from dayjs's changelog.

1.11.20 (2026-03-12)

Bug Fixes

• Update locale km.js to support meridiem (#3017) (9d2b6a1)
• update updateLocale plugin to merge nested object properties instead of replacing (#3012) (99691c5), closes #1118

Commits

• af6e1f8 chore(release): 1.11.20 [skip ci]
• 82babd6 D2M (#3018)
• bbe4ab1 chore: fix lint error
• 99691c5 fix: update updateLocale plugin to merge nested object properties instead of ...
• 9d2b6a1 fix: Update locale km.js to support meridiem (#3017)
• acf21cd chore: update doc
• 55a64e1 chore: update doc
• 807face chore: update doc
• 54f4470 chore: update doc
• 9ea23c7 chore: update doc
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for dayjs since your current version.

Updates jose from 6.2.0 to 6.2.2

Release notes

Sourced from jose's releases.

v6.2.2

Fixes

• reject failed decompression with JWEInvalid error (043b181)

v6.2.1

Refactor

• reorganize internals, less files, smaller footprint (d4231f9)

Changelog

Sourced from jose's changelog.

6.2.2 (2026-03-18)

Fixes

• reject failed decompression with JWEInvalid error (043b181)

6.2.1 (2026-03-09)

Refactor

• reorganize internals, less files, smaller footprint (d4231f9)

Commits

• 9c86586 chore(release): 6.2.2
• 4984b5c chore(deps): bump the actions group with 4 updates
• 043b181 fix: reject failed decompression with JWEInvalid error
• 867cc2c chore(deps-dev): bump undici
• f4e20e7 chore(deps-dev): bump tar in the npm_and_yarn group across 1 directory
• d0505bf chore: cleanup after release
• d491aa9 chore(release): 6.2.1
• d4231f9 refactor: reorganize internals, less files, smaller footprint
• 7b22ba8 test: use playwright instead of testcafe
• 00965b4 chore: bump packages
• Additional commits viewable in compare view

Updates shiki from 4.0.1 to 4.0.2

Release notes

Sourced from shiki's releases.

v4.0.2

   🐞 Bug Fixes

• Support ANSI language with multiple themes  -  by @​dan-lee in shikijs/shiki#1259 (2a232)

    View changes on GitHub

Commits

• 7a1007d chore: release v4.0.2
• ef42a16 chore: update deps
• 2a23230 fix: support ANSI language with multiple themes (#1259)
• See full diff in compare view

Updates slugify from 1.6.6 to 1.6.8

Changelog

Sourced from slugify's changelog.

Change Log

Commits

• fbbb8ff 1.6.8
• a71a725 patch: fix package.json
• 21b2bfc 1.6.7
• f1b83a4 fix: change declare module to namespace in slugify.d.ts (#206)
• b94fedb CI: add Node 24 (#202)
• c99c574 Add Node.js 22 to CI & update CI actions (#193)
• 4860d7e Merge pull request #188 from stscoundrel/patch-1
• 6dc0bba Run CI in Node.js 20
• daab928 Update changelog
• See full diff in compare view

Updates vue from 3.5.29 to 3.5.31

Release notes

Sourced from vue's releases.

v3.5.31

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.30

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.31 (2026-03-25)

Bug Fixes

• compiler-sfc: allow Node.js subpath imports patterns in asset urls (#13045) (95c3356), closes #9919
• compiler-sfc: support template literal as defineModel name (#14622) (bd7eef0), closes #14621
• reactivity: normalize toRef property keys before dep lookup + improve types (#14625) (1bb28d0), closes #12427 #12431
• runtime-core: invalidate detached v-for memo vnodes after unmount (#14624) (560def4), closes #12708 #12710
• runtime-core: preserve nullish event handlers in mergeProps (#14550) (5725222)
• runtime-core: prevent merging model listener when value is null or undefined (#14629) (b39e032)
• runtime-dom: defer teleport mount/update until suspense resolves (#8619) (88ed045), closes #8603
• runtime-dom: handle activeElement check in Shadow DOM for v-model (#14196) (959ded2)
• server-renderer: cleanup component effect scopes after SSR render (#14548) (862f11e)
• suspense: avoid unmount activeBranch twice if wrapped in transition (#9392) (908c6ad), closes #7966
• suspense: update suspense vnode's el during branch self-update (#12922) (a2c1700), closes #12920
• transition: skip enter guard while hmr updating (#14611) (be0a2f1), closes #14608
• types: prevent shallowReactive marker from leaking into value unions (#14493) (3b561db), closes #14490

3.5.30 (2026-03-09)

Bug Fixes

• compat: add entities to @​vue/compat deps to fix CJS edge cases (#12514) (e725a67), closes #10609
• custom-element: ensure child component styles are injected in correct order before parent styles (#13374) (1398bf8), closes #13029
• custom-element: properly locate parent when slotted in shadow dom (#12480) (f06c81a), closes #12479
• custom-element: should properly patch as props for vue custom elements (#12409) (740983e), closes #12408
• reactivity: avoid duplicate raw/proxy entries in Set.add (#14545) (d943612)
• reactivity: fix reduce on reactive arrays to preserve reactivity (#12737) (16ef165), closes #12735
• reactivity: handle Set with initial reactive values edge case (#12393) (5dc27ca), closes #8647
• runtime-core: warn about negative number in v-for (#12308) (9438cc5)
• ssr: prevent watch from firing after async setup await (#14547) (6cda71d), closes #14546
• types: make generics with runtime props in defineComponent work (fix #11374) (#13119) (cea3cf7), closes #13763
• types: narrow useAttrs class/style typing for TSX (#14492) (bbb8977), closes #14489

Commits

• 81615d3 release: v3.5.31
• 3b561db fix(types): prevent shallowReactive marker from leaking into value unions (#1...
• 1b2aca4 chore: ignore entities updates in renovate (#14630)
• 51675b4 chore(deps): update dependency jsdom to v29 (#14580)
• b147482 chore(deps): update build (#14572)
• 7a4bf3c chore(deps): update all non-major dependencies (#14577)
• fe6e5fe chore(deps): update test (#14578)
• 5ad623a chore(deps): update pnpm/action-setup action to v5 (#14616)
• bf033b8 chore(deps): update dawidd6/action-download-artifact action to v19 (#14614)
• e41a589 chore(deps): update dependency @​babel/parser to ^7.29.2 (#14613)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions