[Snyk] Upgrade @vueuse/integrations from 10.9.0 to 13.4.0

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade @vueuse/integrations from 10.9.0 to 13.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 34 versions ahead of your current version.

• The recommended version was released 25 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	186	Proof of Concept
	Incorrect Authorization SNYK-JS-VITE-9653016	186	Proof of Concept
	Prototype Pollution SNYK-JS-INTLIFYSHARED-8442251	186	Proof of Concept
	Prototype Pollution SNYK-JS-VUEI18N-8442254	186	Proof of Concept
	Prototype Pollution SNYK-JS-VUEI18N-9376708	186	Proof of Concept
	Access Control Bypass SNYK-JS-VITE-9576207	186	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELHELPERS-9397697	186	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIME-10044504	186	Proof of Concept
	Information Exposure SNYK-JS-VITE-9685035	186	Proof of Concept
	Directory Traversal SNYK-JS-VITE-9919777	186	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-INTLIFYCOREBASE-8442262	186	Proof of Concept
	Improper Input Validation SNYK-JS-NANOID-8492085	186	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-VUEI18N-8442260	186	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	186	Proof of Concept
	Origin Validation Error SNYK-JS-VITE-8648411	186	Proof of Concept
	Incorrect Authorization SNYK-JS-VITE-9512410	186	Mature

Release notes

Package name: @vueuse/integrations

• 13.4.0 - 2025-06-19
  

     🚀 Features

  • shared: Introduce TimerHandle for setTimeout type  -  by @ ilyaliao in #4801 (319d8)
  • useAsyncState: Add executeImmediate with the same type as the promise fn  -  by @ davidglezz in #4716 (82740)
  • useEventSource: Added lastEventId for named events  -  by @ whiteyebrw in #4791 (f6f0b)
  • useFetch: Support for custom abort reason  -  by @ doyuli in #4820 (44c0b)
  • useRefHistory: Add shouldCommit  -  by @ JonathanSchndr, Anthony Fu and Robin in #4471 (18acf)
  • useUrlSearchParams: Add a stringify option for users to provide stringify logic  -  by @ mingXta, Robin and Anthony Fu in #4773 (6a523)

     🐞 Bug Fixes

  • computedWithControl: Allow deeply watching source  -  by @ MetRonnie and Anthony Fu in #4786 (ffc1a)
  • useDevicesList: Check for device availability before requesting permissions  -  by @ ilyaliao in #4818 (c424f)
  • useEventListener: Improve types  -  by @ ArthurDarkstone, liliang18 and @ Alfred-Skyblue in #4787 (6f565)
  • useIdle: Changed the reset call when the initial value is true  -  by @ whiteyebrw in #4800 (c6469)
  • useMouseInElement: Fixing the issue where target element updates were not considered.  -  by @ Codfisher and bgm.cod in #4782 (04af9)
  • useScreenSafeArea: Сhanged initial value update  -  by @ whiteyebrw in #4789 (ae573)
  • useScriptTag: Support passing nonce  -  by @ 1-dilikelei and 董梁玮 in #4753 (57370)
  • useScroll: Use mutationObserver to update arrivedState when the DOM is changed  -  by @ andylou0102, AndyLuo, Robin and Anthony Fu in #4433 (135d5)
  • watchIgnorable: Add and export types  -  by @ ArthurDarkstone, liliang18 and Robin in #4809 (0e10e)

     🏎 Performance

  • computedWithControl: Optimize with shallowRef  -  by @ broBinChen and binge_c-admin in #4826 (2c91a)

      View changes on GitHub

• 13.3.0 - 2025-05-27
  

     🚀 Features

  • useNow: Expose immediate option  -  by @ scottbedard in #4768 (44660)

     🐞 Bug Fixes

  • asyncComputed: Fix types for AsyncComputedOptions  -  by @ antfu (217cc)
  • useFetch: Use globalThis.fetch when defaultWindow.fetch not exist  -  by @ Groupguanfang, Naily and @ OrbisK in #4765 (bf354)
  • useSortable: Fix type misalignment  -  by @ michaelcozzolino in #4760 (16692)

      View changes on GitHub

• 13.2.0 - 2025-05-14
  

     🚀 Features

  • computedAsync: Add option to control watcher's flush timing  -  by @ ferferga in #4746 (b1bc8)
  • useFileDialog: Allow custom input element for file dialog  -  by @ ishakhorski in #4679 (0ea16)
  • useScroll: Add missing measure documentation  -  by @ Matkolit and Mateusz Kołodziej in #4727 (dd98a)
  • useStyleTag: Support passing nonce  -  by @ 1-dilikelei and 董梁玮 in #4749 (fa2c0)
  • watchOnce: Use vue's native once behaviour  -  by @ ferferga in #4750 (08f7d)

     🐞 Bug Fixes

  • Allow vertical scroll in usePointerSwipe  -  by @ 2nofa11 in #4637 and #4720 (d3ed6)
  • Always mount listeners in useStorage  -  by @ 43081j in #4730 (65a99)
  • UseArrayFindReturn: Missing template type  -  by @ michaelcozzolino in #4715 (43903)
  • computedAsync: Return ComputedRef<T> type when lazy: true  -  by @ ferferga in #4751 (b1718)
  • docs: Grammar in /packages/nuxt/README.md  -  by @ neeko-cat in #4701 (44b40)
  • fromEvent: Fix type error of element reference  -  by @ ywenhao and @ antfu in #4728 (94fea)
  • onClickOutside: Workaround for iOS  -  by @ ferferga in #4735 (1c60c)
  • useElementSize: Component type warning  -  by @ menghany in #4722 (9889f)
  • useEventSource: Add missing data generic  -  by @ OrbisK in #4726 (a969e)
  • useFullscreen: Get the correct initial state while mounted  -  by @ ben-lau and liubaobin in #4745 (09cbd)
  • useMagicKeys: Correctly clear current pressed keys when releasing Shift  -  by @ Kedlingar and Skstud5 in #4731 (ab7ac)

      View changes on GitHub

• 13.1.0 - 2025-04-08
  

     🚀 Features

  • shared: Ensure return types exists  -  by @ OrbisK in #4659 (c1d6e)
  • useSortable: Add possibility to use it with Component ref  -  by @ michaelcozzolino in #4684 (15917)

     🐞 Bug Fixes

  • docs: Blog moved to different domain  -  by @ th1m0 in #4663 (72c9a)
  • nuxt: Don't require @ vueuse/core installed at root  -  by @ danielroe in #4698 (17a46)
  • tryOnMounted: Pass target to getLifeCycleTarget  -  by @ Eazash in #4685 (16551)
  • useDropZone: Allow passing document as target  -  by @ osbre in #4681 (21fa6)

      View changes on GitHub

• 13.0.0 - 2025-03-10
  

     🚨 Breaking Changes

  • Drop CJS build, now it's ESM-only  -  by @ antfu in #4581 (5e046)

      View changes on GitHub

• 13.0.0-beta.2 - 2025-03-05
  

     🚨 Breaking Changes

  • Drop CJS build, now it's ESM-only  -  by @ antfu (f0973)

      View changes on GitHub

• 13.0.0-beta.1 - 2025-03-05
  

     🚨 Breaking Changes

  • Drop CJS build, now it's ESM-only  -  by @ antfu (f0973)

      View changes on GitHub

• 12.8.2 - 2025-03-05
  

     🐞 Bug Fixes

  • types: Wrong import path  -  by @ antfu (3f5da)

      View changes on GitHub

• 12.8.1 - 2025-03-05
  

     🐞 Bug Fixes

  • useEventSource: Remove readonly to not be breaking  -  by @ OrbisK in #4645 (79fcb)

      View changes on GitHub

• 12.8.0 - 2025-03-05
  

     🚀 Features

  • nuxt: Support wider Nuxt range  -  by @ antfu (c478e)
  • types: Deprecate MaybeRef and MaybeRefOrGetter in favor of Vue's native  -  by @ ilyaliao and @ antfu in #4636 (7432f)
  • useCached: Add options.deepRefs  -  by @ OrbisK and @ antfu in #4591 (9afee)
  • useWebSocket: Pass the retried to the autoReconnect.retries  -  by @ 9romise and @ OrbisK in #4604 (73e6d)

     🐞 Bug Fixes

  • onStartTyping: Incorrect accepted valid characters  -  by @ Bernard-Borg in #4616 (58a3b)
  • useAnimate: Correct condition for updating keyframes  -  by @ Mrlilili and liyan1 in #4619 (e8665)
  • useClipboard: Unhandled rejection on read permission prompt  -  by @ Vitalis11 in #4615 (a54c4)
  • useCssVar: Update variable when initial  -  by @ ilyaliao in #4641 (d680f)
  • useDeviceList: AudioInputs doesn't update if camera permission is granted  -  by @ Nikitatopodin and Никита Быковский in #4559 (f9685)
  • useScroll: Handle negative scroll values  -  by @ ilyaliao and eavlee in #4613 (4b7ab)
  • useWebSocket: Don't call close() on pongTimeout if connection al…  -  by @ Azurency in #4608 (9ba07)

      View changes on GitHub

• 12.7.0 - 2025-02-15
• 12.6.1 - 2025-02-14
• 12.5.0 - 2025-01-22
• 12.4.0 - 2025-01-10
• 12.3.0 - 2025-01-02
• 12.2.0 - 2024-12-23
• 12.2.0-beta.4 - 2024-12-23
• 12.2.0-beta.3 - 2024-12-23
• 12.1.0 - 2024-12-22
• 12.0.0 - 2024-11-27
• 12.0.0-beta.1 - 2024-11-21
• 11.3.0 - 2024-11-21
• 11.2.0 - 2024-10-30
• 11.1.0 - 2024-09-16
• 11.0.3 - 2024-08-24
• 11.0.1 - 2024-08-19
• 11.0.0 - 2024-08-15
• 11.0.0-beta.3 - 2024-08-14
• 11.0.0-beta.2 - 2024-07-17
• 11.0.0-beta.1 - 2024-06-12
• 10.11.1 - 2024-08-08
• 10.11.0 - 2024-06-12
• 10.10.1 - 2024-06-11
• 10.10.0 - 2024-05-27
• 10.9.0 - 2024-02-27

from @vueuse/integrations GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Chores:

• Bump @vueuse/integrations to version 13.4.0 in package.json

[sourcery-ai]

Reviewer's Guide

This PR updates the @vueuse/integrations dependency from v10.9.0 to v13.4.0 by modifying the version specifier in package.json, triggering an update of the lockfile; no other code changes are included.

File-Level Changes

Change	Details	Files
Bump @vueuse/integrations to latest major release	Update version specifier from ^10.9.0 to ^13.4.0 in package.json Regenerate lockfile to reflect new dependency tree	frontend/package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.