[Fix] Upgrade Vue to 3.5.0 to resolve peer dependency conflict

[oregonknuths]

What is the purpose of the pull request

CRITICAL: This PR unblocks distribution of CVE-2025-53960 security fix to Docker users.

The v2.1.7 release contains a fix for CVE-2025-53960 (CVSS 5.9 MEDIUM - JWT HMAC key weakness allowing account takeover), but Docker images were never published due to build failures.

The docker-push workflow has been failing consistently since September 11, 2025, preventing security updates from reaching users who deploy via Docker.

Example failures:

• v2.1.7 tag build (Nov 5, 2025) - Failed to publish v2.1.7 Docker image with security fix
• Daily dev build (Dec 18, 2025) - Most recent failure

Error from build logs:

ERR_PNPM_PEER_DEP_ISSUES  Unmet peer dependencies

.
└─┬ vue-router
  └── ✕ unmet peer vue@^3.5.0: found 3.3.13

Brief change log

• Upgrade vue from ^3.3.4 to ^3.5.0
• Upgrade @vue/runtime-core from ^3.2.41 to ^3.5.0
• Upgrade @vue/shared from ^3.2.41 to ^3.5.0
• Upgrade @vue/compiler-sfc from ^3.2.41 to ^3.5.0

Verifying this change

This change is already covered by existing tests:

• Frontend workflow: Build and type checking passed
• E2E workflow: Build and 4 E2E tests passed (MemberManagementTest, TokenManagementTest, AlarmTest, VariableManagementTest)

The fix has been verified on fork with successful CI runs.

Does this pull request potentially affect one of the following parts

• Dependencies (add/update license info, not modify or delete license)
• The public API
• The serializers
• The runtime per-job or per-task
• Anything that affects deployment

Documentation

• Does this pull request introduce a new feature? (no)
• If yes, how is the feature documented? (not applicable)

[oregonknuths]

This PR fixes the docker-push workflow failure that has been blocking Docker image publication since September 11, 2025, including the v2.1.7 release.

Related to #4316 (Release job not work) - while that issue reports runtime bugs, this PR addresses the build-time failure preventing any Docker images from being published.

The fix has been validated on fork with successful CI runs.

[oregonknuths]

Security Impact: This PR is critical for distributing the CVE-2025-53960 fix to Docker users.

While the vulnerability was fixed in v2.1.7 code, the Docker images were never published due to this build failure. Users deploying StreamPark via Docker are currently unable to access the security fix for JWT HMAC key weakness (CVSS 5.9 MEDIUM).

Fixing the Vue dependency conflict unblocks:

1. Publication of v2.1.7 Docker images with CVE-2025-53960 fix
2. All subsequent security updates via docker-push workflow

This impacts production security for Docker-based deployments.

[GOODBOY008]

@wolfboys PTAL

[wolfboys]

LGTM

[bulolo]

any process?

[RocMarshal]

Thanks @oregonknuths for the patch.
LGTM +1.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud