chore: Bump the npm-version-updates group in /frontend with 2 updates

[dependabot]

Bumps the npm-version-updates group in /frontend with 2 updates: vue and stylelint.

Updates vue from 3.5.38 to 3.5.39

Release notes

Sourced from vue's releases.

v3.5.39

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.39 (2026-06-25)

Bug Fixes

• compiler-core: correct filter rewrite recursion (#14959) (be7ce31)
• hydration: force patch dynamic props when hydrating (#9083) (024cf06), closes #9033
• hydration: respect data-allow-mismatch on conditional branches (#12801) (164af63), closes #12782
• reactivity: avoid triggering effects when set fails (#14964) (e450973)
• runtime-core: handle non-isomorphic block element update (#15002) (932ddd0), closes #6385
• runtime-core: normalize function children for elements and Teleport (#9108) (2f374cd), closes #9107
• runtime-core: pause tracking when invoking function refs (#14985) (3ac052b)
• runtime-core: preserve once event listener name (#8341) (87b73b6), closes #8342
• runtime-dom: preserve option modifier event names (#8338) (4b659e6), closes #8334
• ssr: dedupe inherited scope ids during vnode rendering (#15005) (027da6b), closes #12159 #12175
• ssr: resolve nested async teleport content (#9431) (31d0f23), closes #6207
• teleport: handle teleport unmount edge case (#12705) (671997a), closes #12702
• types: support named tuple emits (#12676) (232f402), closes #12673
• types: validate defineModel defaults (#14968) (747f57e), closes #14966

Commits

• c0606e9 release: v3.5.39
• 4b659e6 fix(runtime-dom): preserve option modifier event names (#8338)
• 232f402 fix(types): support named tuple emits (#12676)
• 671997a fix(teleport): handle teleport unmount edge case (#12705)
• 164af63 fix(hydration): respect data-allow-mismatch on conditional branches (#12801)
• 2f374cd fix(runtime-core): normalize function children for elements and Teleport (#9108)
• 87b73b6 fix(runtime-core): preserve once event listener name (#8341)
• 027da6b fix(ssr): dedupe inherited scope ids during vnode rendering (#15005)
• 024cf06 fix(hydration): force patch dynamic props when hydrating (#9083)
• be7ce31 fix(compiler-core): correct filter rewrite recursion (#14959)
• Additional commits viewable in compare view

Updates stylelint from 17.13.0 to 17.14.0

Release notes

Sourced from stylelint's releases.

17.14.0

It fixes 3 bugs, including a false negative one.

• Fixed: performance of getting module paths (#9354) (@​jeddy3).
• Fixed: performance by dynamically importing TIMING only on use (#9356) (@​jeddy3).
• Fixed: function-calc-no-unspaced-operator false negatives for unspaced + and - operators following a * or / operator (#9357) (@​sarathfrancis90).

Changelog

Sourced from stylelint's changelog.

17.14.0 - 2026-06-25

It fixes 3 bugs, including a false negative one.

• Fixed: performance of getting module paths (#9354) (@​jeddy3).
• Fixed: performance by dynamically importing TIMING only on use (#9356) (@​jeddy3).
• Fixed: function-calc-no-unspaced-operator false negatives for unspaced + and - operators following a * or / operator (#9357) (@​sarathfrancis90).

Commits

• f36e170 Release 17.14.0 (#9371)
• 9334bff Bump actions/checkout from 6.0.3 to 7.0.0 (#9367)
• f736374 Bump npm-run-all2 from 9.0.1 to 9.0.2 (#9370)
• 78e1b44 Bump postcss-selector-parser from 7.1.2 to 7.1.4 in the postcss group (#9369)
• cab5acd Bump eslint from 10.4.1 to 10.5.0 in the eslint group (#9368)
• 89b95e1 Bump prettier from 3.8.3 to 3.8.4 (#9363)
• 7ecce94 Bump cosmiconfig from 9.0.1 to 9.0.2 (#9362)
• fa54191 Bump postcss-selector-parser from 7.1.1 to 7.1.2 in the postcss group (#9361)
• 8c3cf69 Bump @​csstools/css-syntax-patches-for-csstree from 1.1.4 to 1.1.5 in the csst...
• c61d3db Fix performance of getting module paths (#9354)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions