build(deps-dev): bump eslint-plugin-vue from 8.7.1 to 10.0.0

[dependabot]

Bumps eslint-plugin-vue from 8.7.1 to 10.0.0.

Release notes

Sourced from eslint-plugin-vue's releases.

v10.0.0

💥 Breaking changes

• #2630 Changed Versioning Policy:
  • Allow minor versions of this plugin to enhance the checks for new features in Vue and Nuxt.
  • Allow updating deprecated/reserved HTML+SVG element tag names in minor versions, see #2171.
• #2645 Removed deprecated rules (see removed rules).
• #2669 Dropped support for old versions of ESLint and Node.js. New minimum requirements:
  • Node.js: ^18.18.0 || ^20.9.0 || >=21.1.0
  • ESLint: ^8.57.0 || ^9.0.0
• Updated configs:
  • #2627 Added vue/block-order rule to recommended configs (replaces the removed vue/component-tags-order rule).
  • #2628 Added vue/no-deprecated-delete-set rule to vue3-essential config.
  • #2629 Added vue/no-deprecated-model-definition rule to vue3-essential config.
  • #2640 Added vue/no-required-prop-with-default rule to recommended configs.
  • #2653 Added vue/valid-define-options rule to vue3-essential config.
  • #2674 Removed globals from configs.
  • #2648 Renamed .eslintrc configs (to match eslint.config.js config names; see PR for comparison).
  • #2668 Changed .eslintrc base config so that vue-eslint-parser is only used for .vue files.
• #2670 Changed vue-eslint-parser to peer dependency.
• #2697 Upgraded vue-eslint-parser to v10.
  • This includes vuejs/vue-eslint-parser#195, which should make the parser much faster for large TypeScript projects ⚡
• #2153 Added slots and expose to the default order of vue/order-in-components rule.
• #2626 Removed legacy option from vue/custom-event-name-casing rule.
• #2655 Removed unused runOutsideVue option from vue/sort-keys rule.
• #2652 Removed setup-compiler-macros environments.

✨ Enhancements

• #2693 Improved type resolution for generic types and improved the rules for checking type-only macros.
• #2684 Added vue/no-import-compiler-macros rule that disallows importing Vue compiler macros.
• #2694 Added except option to vue/prefer-true-attribute-shorthand rule.
• #2311 Improved the plugin to check for objects declared with Nuxt3 defineNuxtComponent().

⚙️ Updates

• #2171 Updated resources.
• #2675 Deprecated Vue 2 only rules. They will be removed in eslint-plugin-vue v11.

Full Changelog: vuejs/eslint-plugin-vue@v9.33.0...v10.0.0

v9.33.0

✨ Enhancements

• #2639 Added vue/no-implicit-coercion rule to disallow shorthand type conversions in \<template>.
• #2680 Improved vue/no-ref-as-operand rule to check emit payloads.
• #2679 Added ignoreProps option to vue/prop-name-casing rule.

🐛 Bug Fixes

... (truncated)

Commits

• d385140 10.0.0
• 2fb1f30 feat(prefer-true-attribute-shorthand): add except option (#2694)
• 82f7e2b Upgrade vue-eslint-parser to v10 (#2697)
• 24495c0 Deprecate Vue 2 only rules (#2675)
• 3c3f711 Remove globals from configs (#2674)
• 118ef57 Drop support for old versions of ESLint and Node.js (#2669)
• 1606bae Change legacy base config so that vue-eslint-parser is only used for .vue (...
• dceee34 Change vue-eslint-parser to peer dependency (#2670)
• 90fc513 Remove unused runOutsideVue option from vue/sort-keys (#2655)
• 01ed527 Add vue/valid-define-options to vue3-essential config (#2653)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/eslint-plugin-vue	10.0.0	🟢 6.4	Details Check Score Reason Code-Review 🟢 9 Found 28/30 approved changesets -- score normalized to 9 Maintained 🟢 10 21 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/postcss-selector-parser	6.1.2	🟢 4.2	Details Check Score Reason Code-Review 🟢 6 Found 18/27 approved changesets -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 5 5 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/semver	7.7.1	🟢 7.2	Details Check Score Reason Maintained 🟢 10 9 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Code-Review 🟢 10 all changesets reviewed Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found SAST 🟢 9 SAST tool detected but not run on all commits
npm/xml-name-validator	4.0.0	🟢 4.2	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 1 Found 3/25 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/eslint-plugin-vue	^10.0.0	🟢 6.4	Details Check Score Reason Code-Review 🟢 9 Found 28/30 approved changesets -- score normalized to 9 Maintained 🟢 10 21 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• package-lock.json
• package.json

[dependabot]

Superseded by #1136.