chore(deps): bump nicegui from 3.4.1 to 3.5.0 in /anvil

[dependabot]

Bumps nicegui from 3.4.1 to 3.5.0.

Release notes

Sourced from nicegui's releases.

v3.5.0

Security

• ⚠️ Prevent Zero-click XSS attacks via user-defined link fragments (GHSA-mhpg-c27v-6mxr by @​evnchn, @​falkoschindler)
• ⚠️ Prevent XSS attacks via user-defined links in apps with ui.sub_pages (GHSA-m7j5-rq9j-6jj9 by @​evnchn, @​falkoschindler, @​xx-mikusan-xx)
• ⚠️ Prevent XSS attacks via user-defined URL in ui.navigate.push and ui.navigate.replace (GHSA-7grm-h62g-5m97 by @​xx-mikusan-xx, @​evnchn, @​falkoschindler)
• ⚠️ Prevent service degradation via leaking Redis connections for disconnected clients (GHSA-mp55-g7pj-rvm2, #5616 by @​yudelevi, @​evnchn, @​falkoschindler)

New features and enhancements

• Allow defining table cell slots without string templates (#846, #1138, #2080, #2625, #3148, #3317, #3540, #3662, #3939, #5092, #5591, #5592 by @​tofusoul, @​kleynjan, @​retsyo, @​me21, @​CrystalWindSnake, @​Ottokranz, @​williamhCode, @​marcuslimdw, @​zceemja, @​strunov, @​Yuerchu, @​falkoschindler, @​evnchn)
• Introduce ui.anywidget and ui.altair (#657, #5096, #5137 by @​murilomm192, @​Jerold-S, @​azjps, @​evnchn, @​falkoschindler, @​Noghpu, @​s-meza)
• Allow disabling or setting a custom GZipMiddleware (#5582 by @​falkoschindler, @​denniswittich, @​evnchn)
• Introduce on_click for ui.echart (#5576, #5578 by @​TheOtherRealm, @​evnchn, @​falkoschindler)
• Add support for scheme validations with AJV formats in ui.json_editor (#4748, #5571 by @​phnmn, @​evnchn)
• Convert ui.plotly and ui.joystick into JavaScript components for faster loading (#5567, #5568 by @​evnchn, @​falkoschindler)
• Add prefix and suffix properties to ui.input and ui.number (#5534 by @​Yuerchu, @​evnchn, @​falkoschindler)
• Check dependencies for naming conflicts (#5495 by @​evnchn, @​falkoschindler)

Bugfixes

• Avoid default parameter values overwriting default props (#4856, #4857, #5505, #5622 by @​SHDocter, @​falkoschindler, @​thetableman, @​evnchn) ⚠️ Note: This bugfix changes the name of some undocumented, internally used props. If you happen to have used them in advanced use cases in user code, refer to this list of all renamed props. NiceGUI will warn and auto-convert them. This backward compatibility will be removed in NiceGUI 4.0.
• Fix Docker bind-mount regression after uv migration (#5593, #5600 by @​lpellicer, @​evnchn) ⚠️ Note: If you adjusted your code/workflows to work around the 3.4.0 regression, you can now undo those workarounds for 3.5.0.
• Fix ui.mermaid sending error events to wrong UI element (#5597, #5599 by @​AwMalka, @​evnchn, @​falkoschindler)
• Fix ui.timer leaking memory when client disconnects immediately (#5595, #5598 by @​ftilde, @​evnchn, @​falkoschindler)

Documentation

• Extend documentation about input validation (#5584, #5620 by @​whoamiafterall, @​evnchn)
• Make sure example images are always shown (#5604, #5605 by @​evnchn)
• Segment direct & inherited properties/methods in reference documentation to enhance readability (#5484 by @​himbeles, @​evnchn, @​falkoschindler)

Testing

• Test .vue components (#5619 by @​evnchn, @​falkoschindler)

---

Special thanks to our top sponsors Lechler GmbH, LambdaTest and frankhuurman ✨

and all our other sponsors and contributors for supporting this project!

🙏 Want to support this project? Check out our GitHub Sponsors page to help us keep building amazing features!

Commits

• ae20f77 Merge commit from fork
• 139c1dd Merge commit from fork
• f9ec9db Merge commit from fork
• 6c52eb2 Merge commit from fork
• 5ef3a2e Allow defining table cell slots without string templates (#5592)
• a5423c6 Add Anywidget Front-End Module spec support with ui.anywidget() (#5137)
• f1c8ef2 Document input validation thoroughly (#5620)
• c2bdea8 Check props immediately when a warning or rename is added (#5622)
• 13b4c23 use gray text color for expansion header in reference sections
• b6554e1 Segment direct&inherited properties/methods in reference documentation to en...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.