[Snyk] Upgrade element-plus from 2.11.4 to 2.11.5

[danelkay93]

Snyk has created this PR to upgrade element-plus from 2.11.4 to 2.11.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.

• The recommended version was released 22 days ago.

Release notes

Package name: element-plus

• 2.11.5 - 2025-10-17
  

  2.11.5

  2025-10-17

  Features

  • Components [watermark] add fontGap prop (#22342 by @ suqingyao)
  • Components [mention/menu/dropdown/pagination] add popper-style (#22278 by @ keeplearning66)
  • Components [cascader] lazyLoad support reject (#22283 by @ btea)
  • Components [radio-group] support options with el-radio-button (#22285 by @ snowbitx)
  • Components [checkbox-group] support options el-checkbox-button (#22377 by @ snowbitx)
  • Components [autocomplete] support home and end key events (#22324 by @ snowbitx)
  • Components [color-picker-panel] hue-slider a11y (#22258 by @ tolking)
  • Components [input] add modelModifiers prop (#22415 by @ cszhjh)
  • Components [input] add word-limit-position attributes (#22359 by @ FrontEndDog)

  Bug fixes

  • Components [select] fix label not show when persistent is false (#22317 by @ kooriookami)
  • Components [popconfirm] unable to capture focus (#22310 by @ tolking)
  • Components [date-picker] allow plain array for modelValue (#22140 by @ Dsaquel)
  • Components [date-picker] display value error when persistent:false (#22356 by @ tolking)
  • Components [tooltip] close tooltip when cliking iframe (#22345 by @ Dsaquel)
  • Components [form-item] dynamically toggle form item slot (#22344 by @ Dsaquel)
  • Components [table] make resizable prop reactive (#22340 by @ keeplearning66)
  • Components [checkbox-group/radio-group] avoid passing alias fields to component (#22346 by @ cszhjh)
  • Translation document path splicing error (#22364 by @ FrontEndDog)
  • Components [tree] correct drop indicator with tree scroll offset (#21947 by @ scvzerng)
  • Components [date-picker] supplement type for DatePickerInstance (#22387 by @ keeplearning66)
  • Components [input-number] arrow key repeat and disabled-scientific not working (#22382 by @ cszhjh)
  • Components [slider] support uneven step sizes (#22401 by @ cszhjh)
  • Components [time-picker] always take old value on cancel (#22414 by @ Dsaquel)
  • Components [select] loading appears on first click when remote (#22323 by @ keeplearning66)
  • Components [cascader] issue with expanding levels during search (#21686 by @ keeplearning66)
  • Use @ eslint/markdown instead of eslint-plugin-markdown (#22434 by @ FrontEndDog)
  • Directives [vRepeatClick] remove event listener during unmounted (#22439 by @ tolking)
  • Components [upload] Invalid CSS variable (#22366 by @ FrontEndDog)
  • Components [message] use correct namespace for lockscreen (#22465 by @ Lensiq)
  • Components [DatePickerPanel] button offset when using unocss (#22449 by @ FrontEndDog)
  • Components [cascader/autocomplete] make debounce prop reactive (#22477 by @ keeplearning66)
  • Components [input-number] fix step-strictly precision (#14359 by @ cc-hearts)
  • Components [color-picker] the panel does not capture focus (#22483 by @ tolking)

  Refactors

  • Components replace props.options with options (#22330 by @ cszhjh)
  • Components [switch] use shallowRef and remove redundant usage (#22347 by @ snowbitx)
  • Style Update Eslint to V9 and Prettier to V3 (#21949 by @ FrontEndDog)
  • Components [date-picker] externalize formatToString (#22349 by @ Dsaquel)
  • Components remove unnecessary 'props.' in the template (#22381 by @ keeplearning66)
  • Components [dropdown] trigger flow for dropdown menu (#22332 by @ tolking)
• 2.11.4 - 2025-09-26
  

  2.11.4

  2025-09-26

  Features

  • Components [color-picker] add validation on blur event (#22247 by @ tolking)

  • Components [autocomplete/time-select/color-picker] add popper-style (#22263 by @ keeplearning66)

  • Components [date-picker] add automatic-dropdown prop (#21764 by @ btea)

  • Components [autocomplete] add loopNavigation attributes (#22281 by @ cszhjh)

  • Components [select-v2] accessibility enhancement (#22153 by @ tolking)

  Bug fixes

  • Components [color-picker-panel] display error when clear the color (#22260 by @ tolking)

  • The KeyboardEvent.code is always empty string on Android (#22228 by @ tolking)

  • Components [loading] add missing context param (#22262 by @ cszhjh)

  • Components [loading] allow setText to accept VNode type (#22264 by @ cszhjh)

  • Components [cascader] resolve visibleChange not triggered on Popper hide (#22206 by @ cszhjh)

  • Components replace KeyboardEvent.code with getEventCode (#22268 by @ cszhjh)

  • Components [color-picker] incorrect thumb offset (#22266 by @ Dsaquel)

  • Improvement(components): trigger enter open tooltip (#19830 by @ warmthsea)

  • Style(theme-chalk): same height across pickers for range date pickers (#22277 by @ Dsaquel)

  • Style(components): [message] fix container width adaptation (#22308 by @ cszhjh)

  Refactors

  • Components [cascader] externalize tooltip tag from v-for (#22191 by @ Dsaquel)

  • Components unify BEM & CSS vars via helpers (#22226 by @ cszhjh)

  • Remove tooltip-v2 visual-hidden components (#22252 by @ warmthsea)

  • Remove unused code related to tooltip-v2 (#22304 by @ Dsaquel)

from element-plus GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-upgrade-6bfe0b91441641e9de12ca06feeaf286

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @danelkay93, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request automates the process of keeping project dependencies current by upgrading the element-plus UI library to its latest patch version, 2.11.5. This update ensures the project benefits from the newest features, critical bug fixes, and performance improvements provided by the library, contributing to a more stable and robust application.

Highlights

• Element Plus Upgrade: The element-plus UI library has been upgraded from version 2.11.4 to 2.11.5, bringing the latest features, bug fixes, and performance enhancements.
• Associated Dependency Updates: Along with element-plus, its associated dependencies @element-plus/icons-vue and dayjs have also been updated to their latest compatible versions, specifically @element-plus/icons-vue to 2.3.2 and dayjs to 1.11.19.
• New Features in Element Plus 2.11.5: The new version introduces features such as a fontGap prop for the Watermark component, popper-style support for Mention, Menu, Dropdown, and Pagination, lazyLoad rejection support for Cascader, and enhanced options handling for Radio and Checkbox groups.
• Bug Fixes in Element Plus 2.11.5: Numerous bug fixes are included, addressing issues in components like Select (label visibility), Popconfirm (focus capture), DatePicker (modelValue, display errors), Tooltip (iframe click closure), Form-Item (dynamic slot toggling), Table (resizable prop reactivity), Input-Number (arrow key repeat, precision), and more, improving overall stability.
• Refactorings in Element Plus 2.11.5: Internal refactorings include replacing props.options with options, using shallowRef in Switch, updating ESLint and Prettier, externalizing formatToString in DatePicker, and removing unnecessary props. in templates.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull Request Overview

This PR updates the element-plus UI framework dependency from version ^2.11.4 to ^2.11.5, which also triggers automatic updates to some of its peer and sub-dependencies including @element-plus/icons-vue (2.3.1 → 2.3.2) and dayjs (1.11.13 → 1.11.19). Additionally, the escape-html dependency has been removed as it's no longer required by the new version of element-plus.

• Minor version bump of element-plus UI library
• Automatic updates to related dependencies (@element-plus/icons-vue, dayjs)
• Removal of unused escape-html dependency

Reviewed Changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File	Description
package.json	Updates element-plus from ^2.11.4 to ^2.11.5
package-lock.json	Updates lockfile with new versions of element-plus (2.11.4 → 2.11.5), @element-plus/icons-vue (2.3.1 → 2.3.2), dayjs (1.11.13 → 1.11.19), and removes escape-html dependency

[Copilot]

The @element-plus/icons-vue version should be updated to ^2.3.2 to match the peer dependency requirement of element-plus 2.11.5. The package-lock.json shows element-plus 2.11.5 depends on @element-plus/icons-vue ^2.3.2, but package.json still specifies ^2.3.1. While the caret range will resolve correctly during installation, it's best practice to align the version in package.json with the peer dependency requirements.

Suggested change

	"@element-plus/icons-vue": "^2.3.1",
	"@element-plus/icons-vue": "^2.3.2",

[gemini-code-assist]

Code Review

This pull request, automatically generated by Snyk, upgrades the element-plus dependency from 2.11.4 to 2.11.5. This is a patch update that includes several new features, bug fixes, and refactorings as detailed in the release notes. The changes in package.json and package-lock.json reflect this upgrade and its corresponding transitive dependency updates. My review includes one suggestion to align a related direct dependency for better project consistency and maintainability.

[gemini-code-assist]

The upgrade of element-plus to 2.11.5 also brings in @element-plus/icons-vue version 2.3.2 as a transitive dependency (as seen in package-lock.json). To maintain consistency and clarity in your project's direct dependencies, it's recommended to also update the @element-plus/icons-vue dependency in this file to ^2.3.2.