chore(deps): bump nicegui from 3.9.0 to 3.10.0

[dependabot]

Bumps nicegui from 3.9.0 to 3.10.0.

Release notes

Sourced from nicegui's releases.

v3.10.0

Security

• ⚠️ Prevent filename sanitization bypass via ui.upload on Windows (GHSA-w8wv-vfpc-hw2w by @​offset, @​evnchn, @​falkoschindler)

New features and enhancements

• Add nested dictionary binding support for deeply nested data structures (#2978, #5738 by @​Aues6uen11Z, @​evnchn, @​falkoschindler)
• Add ui.status_code() to set HTTP status codes from page builders (#5810 by @​evnchn, @​falkoschindler)
• Add on_resize callback to ui.xterm to communicate terminal size to the PTY (#5847, #5858 by @​jacopofar, @​evnchn, @​falkoschindler)
• Unify awaitable handling across lifecycle hooks and tasks (#5878, #5879 by @​AlePiccin, @​falkoschindler, @​evnchn)
• Upgrade Docker image from Python 3.12 to 3.14 (#5900 by @​falkoschindler, @​evnchn, @​rodja)
• Allow ui.tab to find ui.tabs ancestor through intermediate containers (#5902 by @​falkoschindler, @​evnchn)
• Warn when native mode runs on a browser engine without ES module support (#5907, #5909 by @​drkspace, @​evnchn, @​iwr-redmond, @​falkoschindler)
• Split helpers.py into a package with focused submodules (#5916 by @​falkoschindler, @​evnchn)

Bugfixes

• Fix client.ip always reporting "127.0.0.1" behind reverse proxies and On Air (#4786, #5906, #5920 by @​ffilotto, @​evnchn, @​falkoschindler, @​stephanpalmer)
• Fix ValidationElement.error being ignored when no validation is set (#5895, #5903 by @​atollk, @​falkoschindler, @​evnchn)
• Fix built-in elements breaking when starting with tailwind=False (#5868, #5904 by @​platinops, @​evnchn, @​falkoschindler)
• Fix initialized() adding event listeners on every call (#5898 by @​falkoschindler, @​evnchn)
• Fix sad face visibility on dark mode error pages (#5899 by @​falkoschindler, @​evnchn)
• Fix refreshing sub pages from within nested parent elements (#5912, #5914 by @​ZeroPoint095, @​falkoschindler, @​evnchn)
• Fix Cmd/Ctrl-click on sub-page links not opening new tab (#5928 by @​falkoschindler, @​evnchn)
• Fix ui.timer callback tasks leaking when client disconnects mid-execution (#5930, #5931 by @​NiklasNeugebauer, @​falkoschindler, @​evnchn)

Documentation

• Redesign nicegui.io website (#5910, #5911, #5913, #5923 by @​falkoschindler, @​ma-le-design, @​rodja, @​evnchn)
• Fix truncated multi-line parameter descriptions in reference docs (#5808, #5905 by @​evnchn, @​falkoschindler)
• Add keyboard navigation to website search dialog (#5919 by @​falkoschindler, @​evnchn)
• Add Technological Foundations documentation page (#5835 by @​evnchn, @​falkoschindler)
• Surface documentation index for AI tooling and discoverability (#5834 by @​evnchn, @​falkoschindler, @​rodja, @​iwr-redmond)

Infrastructure

• Update .gitignore for Claude Code and Playwright MCP local files (#5893 by @​rodja, @​evnchn, @​falkoschindler)
• Add PR template instruction to AGENTS.md (#5894 by @​rodja, @​evnchn)
• Improve PR template checklist for clarity (#5896 by @​falkoschindler, @​evnchn)
• Auto-format Markdown files via pre-commit hook (#5897 by @​falkoschindler, @​evnchn)

---

Special thanks to our top sponsors Lechler GmbH and TestMu AI ✨

and all our other sponsors and contributors for supporting this project!

🙏 Want to support this project? Check out our GitHub Sponsors page to help us keep building amazing features!

Commits

• d38a702 Merge commit from fork
• 2580928 add Claude command for creating release notes
• efece4b update sponsors
• 88765c7 Upgrade vite to 7.3.2 to fix security vulnerability
• 5024551 Align AgGrid's is_special_dtype with Table's version
• 84c0bd9 Add missing return type annotations to Header toggle/show/hide
• 6b4afe5 Add autopep8 to pre-commit hooks
• 138fcfb Fix timer callback tasks leaking when client disconnects mid-execution (#5931)
• bc46e0b Add on_resize to xterm and show how to use it in xterm example (#5858)
• 315c1d1 fix Dependabot alerts related to lodash
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud