chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@nuxt/eslint (source)	1.4.1 → 1.15.2			dependencies	minor
@vue/test-utils	2.4.6 → 2.4.10			devDependencies	patch
@vueuse/nuxt (source)	14.0.0 → 14.3.0			dependencies	minor
danielroe/provenance-action	v0.1.0 → v0.1.1			action	patch
nuxt-og-image (source)	5.1.4 → 5.1.13			dependencies	patch
pnpm (source)	11.1.2 → 11.1.3			packageManager	patch
simple-git-hooks	2.13.0 → 2.13.1			devDependencies	patch
unplugin-vue-router (source)	^0.12.0 → ^0.19.0			dependencies	minor
vue-sonner	2.0.0 → 2.0.9			dependencies	patch
vue-tsc (source)	3.0.1 → 3.3.1			devDependencies	minor

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

nuxt/eslint (@​nuxt/eslint)

v1.15.2

Compare Source

   🐞 Bug Fixes

• Prevent race condition of running checker module before eslint config is written  -  by @​sebbayer in #​653 (69aa4)

    View changes on GitHub

v1.15.1

Compare Source

   🐞 Bug Fixes

• Downgrade @eslint/js, fix #​647  -  by @​antfu in #​647 (2c1c1)

    View changes on GitHub

v1.15.0

Compare Source

   🚀 Features

• Relax peer deps range to support ESLint v10, fix #​642  -  by @​antfu in #​642 (305a9)

    View changes on GitHub

v1.14.0

Compare Source

   🚀 Features

• eslint-config: Add no-page-meta-runtime-values  -  by @​danielroe in #​641 (b74a0)

    View changes on GitHub

v1.13.0

Compare Source

   🚀 Features

• Upgrade eslint-flat-config-utils eslint-plugin-import-lite and eslint-plugin-jsdoc  -  by @​antfu (10bf9)

    View changes on GitHub

v1.12.1

Compare Source

No significant changes

    View changes on GitHub

v1.11.0

Compare Source

   🚀 Features

• Allow config key sorting on files not named nuxt.config  -  by @​benedictleejh in #​630 (be2e9)

    View changes on GitHub

v1.10.0

Compare Source

   🚀 Features

• Update deps  -  by @​antfu (23b8b)

   🐞 Bug Fixes

• Update icon path  -  by @​antfu (3f185)

    View changes on GitHub

v1.9.0

Compare Source

   🚀 Features

• Update plugins  -  by @​antfu (b80cb)

   🐞 Bug Fixes

• Add defineNuxtConfig as ESLint's globals, close #​603  -  by @​antfu in #​603 (2e67f)

    View changes on GitHub

v1.8.0

Compare Source

   🚀 Features

• Update plugins  -  by @​antfu (932a7)

    View changes on GitHub

v1.7.1

Compare Source

   🐞 Bug Fixes

• Include eslint-typegen.d.ts in nuxt.node.d.ts, close #​596  -  by @​antfu in #​596 (ab74e)

    View changes on GitHub

v1.7.0

Compare Source

   🚀 Features

• Upgrade eslint-plugin-unicorn  -  by @​antfu (b3b7d)

    View changes on GitHub

v1.6.0

Compare Source

   🐞 Bug Fixes

• Bring back eslint-plugin-import-x as default, close #​590  -  by @​antfu in #​590 (e43d6)

    View changes on GitHub

v1.5.2

Compare Source

   🚀 Features

• Add option features.import.plugin to swap plugin implementation, close #​587  -  by @​antfu in #​587 (66f5e)

    View changes on GitHub

v1.5.1

Compare Source

   🐞 Bug Fixes

• eslint-config: Replace deprecated vue/object-property-newline option  -  by @​amery in #​586 (7805e)

    View changes on GitHub

v1.5.0

Compare Source

   🚀 Features

• Switch to eslint-plugin-import-lite, update deps  -  by @​antfu (31bd8)

   🐞 Bug Fixes

• eslint-config: Add file type restrictions to prevent CSS parsing errors  -  by @​amery in #​584 (40521)

    View changes on GitHub

vuejs/test-utils (@​vue/test-utils)

v2.4.10

Compare Source

v2.4.9

Compare Source

compare changes

🩹 Fixes

• Tolerate duplicate attachTo cleanup (#​2830)

📖 Documentation

• Document release process (#​2834)

🏡 Chore

• Migrate renovate config (5d37934)

🤖 CI

• Pin github actions to commit hashes (75dcef3)

❤️ Contributors

• Cédric Exbrayat (@​cexbrayat)
• Daniel Roe (@​danielroe)

v2.4.8

Compare Source

compare changes

🩹 Fixes

• Correct declaration entrypoint (#​2826)

🤖 CI

• Enable pkg.pr.new (#​2827)

❤️ Contributors

• Cédric Exbrayat (@​cexbrayat)
• Daniel Roe (@​danielroe)

v2.4.7

Compare Source

compare changes

🚀 Enhancements

• Add Chinese docs translation (#​2552)
• SetData()/shallowMount with initialData for components using the Composition API / <script setup> (#​2655)

🩹 Fixes

• Preserve code from keyboard events (#​2434)
• Switch browser and require exports definitions (#​2501)
• Re-add peer dependencies but with wider range (#​2511)
• Resolve warnings in docs:dev (30b7491)
• Resolve TypeScript type errors in .vitepress/config (#​2549)
• Accept FunctionalComponent as selector (0bb947f)
• Text() misses content for array functional component (#​2579)
• Use await in test (c5482b4)
• deps: Update dependency vue-component-type-helpers to v3 (#​2683)
• Remove wrapper div when unmount (#​2700)
• Make mount options slots compatible with noUncheckedIndexedAccess true (#​2713)
• Add missing peerDependency @​vue/compiler-dom (75801ba)
• docs: Declare css module for vitepress typecheck (ddaca97)

💅 Refactors

• Enforce consistent usage of type imports (#​2734)

📖 Documentation

• Clarify findComponent vs getComponent (#​2435)
• Update fr docs (67064ef)
• Add note about partial transition stub support (#​2431)
• Fix missing data at passing data section essentials guide (dda205e)
• Fix missing data at passing data section essentials guide fr (ae2c72c)
• Fix plugin TS declaration example (#​2466)
• Fixed incorrect checkbox value check (#​2495)
• Capital letter in sentence fix (#​2499)
• Import missing DOMWrapper on Implementation of the plugin section (#​2519)
• Add migration step for deprecated ref syntax in findAllComponents (#​2498)
• Correct anchor hash links and fix typo (#​2551)
• Center logo on home (#​2559)
• zh-cn: Review a-crash-course (#​2563)
• Use code-group for install commands (#​2571)
• zh-cn: Review event-handing.md (#​2572)
• zh-cn: Enhance conditional-rendering.md (#​2562)
• zh-cn: Review easy-to-test (#​2567)
• zh-cn: Review passing-data.md (#​2575)
• zh-cn: Review async-suspense.md (#​2576)
• zh: 优化 API 文档格式和内容 (#​2569)
• zh: 更新 Vitest 模拟日期和计时器的说明 (#​2578)
• zh-cn: Review http-requests.md (#​2580)
• zh-cn: Review forms (#​2582)
• zh-cn: Guide/advanced/slots.md (#​2565)
• zh: Review extending-vtu (#​2583)
• zh: Review index (#​2584)
• Fix modelValue test example (85bfdf4)
• Removes broken link from plugins.md (69bc1ce)
• zh: Review transitions, component-instance, and reusability-composition (#​2616)
• zh: Review v-model and vuex (#​2617)
• zh: Review all the rest advanced guide (#​2619)
• zh: Review migration (#​2623)
• Fix a typo in transitions.md (#​2635)
• Update crash-course to script setup (c81aa79)
• Update Essentials section to setup (composition api) (#​2647)
• Typos in examples (#​2678)
• Typo in easy-to-test.md (#​2710)
• Add note about mocking requestAnimationFrame for transitions (2324c65)
• Updated example TodoApp to script setup (#​2727)
• Remove "Using data" section from "Conditional Rendering" guide and fix passing data test example (#​2743)
• Follow-up fixes for the conditional rendering guide (#​2744)
• Mention shallowMount stub name changes in migration guide (80e051a)
• Update conditional rendering documentation to clarify isVisible() usage with attachTo (#​2799)
• Restore Options API component for data() mounting example (#​2804)
• Promote Vitest as recommended test runner (#​2805)
• api: Note that setValue does not accept objects on <select> (#​2819)

🏡 Chore

• Add api/index.md to docs:translation:compare (6b8681c)
• Remove unnecessary generic arguments (cfd70c6)
• Ignore TS error in config object (9d0a618)
• Simplify eslint packages (c1d0ffd)
• Use eslint v9 with flat config (2f19fdf)
• Expose Stubs type publicly (#​2492)
• Update documentation file path (9c96594)
• Use pnpm v10 (e4c2cb3)
• Pnpm approve build (81c54e9)
• Use github issue forms (#​2673)
• Exclude class components from test type-checking (0899008)
• Add explicit coverage include for vitest v4 (51672b9)
• Update to prettier v3.7 (fed9e7c)
• Migrate to oxfmt (81c1de9)
• Migrate to oxlint (a361908)
• Prepare TypeScript 6 migration settings (55e1262)
• Adjust tsd config for TypeScript 6 (7d23eb5)
• Avoid TypeScript 6 target deprecation warning (81d063c)

🤖 CI

• Remove node v22 build (7ebf58d)
• Add node v22 build (57540ee)
• Use "pool: threads" instead of vmThreads (d0cbb54)
• Remove node v18 and add v24 (fd9cf95)
• Add trusted publishing release workflow (#​2825)

❤️ Contributors

• Lachlan Miller (@​lmiller1990)
• cexbrayat (@​cexbrayat)
• Nicolas Bonamy (@​nbonamy)
• KatWorkGit (@​KatWorkGit)
• Wouter Kroes (@​wouterkroes)
• Rama Muhammad Murshal (@​ramammurshal)
• Evan You (@​yyx990803)
• Vlad Starkovsky (@​starkovsky)
• Joe (@​joaoprp)
• Priyadarshi Kumar (@​Psingh132)
• Sébastien Ronveaux (@​sronveaux)
• Gilliam (@​Gi11i4m)
• Baranov Dmytro (@​dimas7001)
• BrendonHenrique (@​BrendonHenrique)
• Lorenz van Herwaarden (@​lorenzvanherwaarden)
• wuzhiqing (@​DDDDD12138)
• 阿菜 Cai (@​RSS1102)
• Jinjiang (@​Jinjiang)
• Kylin (@​lxKylin)
• Qianhe Chen (@​chenqianhe)
• 时瑶 (@​KiritaniAyaka)
• h7ml (@​h7ml)
• Nicander (@​Nicander93)
• Take-John (@​takejohn)
• ilyasherstoboev (@​ilyasherstoboev)
• aimerie (@​aimerie)
• Miguel Rincon (@​miguelrincon)
• bcastlel (@​bcastlel)
• Claudiu (@​sofuxro)
• Artem Dragunov (@​dragunovartem99)
• Robin (@​OrbisK)
• Koen Mertens (@​KCMertens)
• meomking (@​CaptainWang98)
• Pepijn Olivier (@​pepijnolivier)
• Tomina (@​Thomaash)
• Gareth Jones (@​G-Rath)
• Jerry Hogan (@​hdJerry)
• Marco Pasqualetti (@​marcalexiei)
• guoxk (@​guoxk-me)
• kimulaco (@​kimulaco)
• Erwan IQUEL (@​Olympus5)
• Matt Van Horn (@​mvanhorn)
• Daniel Roe (@​danielroe)

vueuse/vueuse (@​vueuse/nuxt)

v14.3.0

Compare Source

   🚀 Features

• Expose pointer event onLongPress  -  by @​mrcwbr in #​5295 (b1688)
• createInjectionState: Non-undefined return when default specified  -  by @​Laupetin in #​5306 (b0c51)
• createReusableTemplate: Add support for specifying component names  -  by @​wbolster in #​5300 (ea29d)
• nuxt: Add composable variants to auto imports  -  by @​OrbisK in #​5285 (ac2ef)
• useElementVisibility: Add controls option  -  by @​kricsleo in #​5191 (0cb03)
• useTextareaAutosize: Add optional maxHeight to limit autosize growth  -  by @​palamarchukser, @​antfu and @​9romise in #​5324 (1a3e5)

   🐞 Bug Fixes

• Add explicit ./package.json export to all packages  -  by @​babu-ch and @​OrbisK in #​5343 (0d989)
• core: Always return ssrValue in useCssSupports before mounted  -  by @​danielroe in #​5290 (76b0b)
• directive: Create disposable directive func cleanup of side effects unmounted  -  by @​kalu5, @​43081j, Raman Paulau and @​OrbisK in #​5244 (52d68)
• docs: Typos in useManualRefHistory, useFocusWithin, useStorageAsync, useIntersectionObserver  -  by @​blowsie, Sam Blowes and @​OrbisK in #​5329 (1d9c4)
• docs: Add ignoreDeprecations for twoslash TS 6.0 compat  -  by @​antfu and Claude Opus 4.6 (1M context) in #​5367 (9d1eb)
• metadata: Cleanup removed function resolveRef  -  by @​ntnyq in #​5307 (49da8)
• onClickOutside: Detect iframe inside shadow DOM with detectIframe option  -  by @​babu-ch and @​OrbisK in #​5336 (1a77b)
• shared: Align overloads order of watch functions with original version  -  by @​KazariEX in #​5288 (f1d32)
• useAxios: Handle optional response data safely  -  by @​jahnli in #​5318 (51198)
• useCached: Update comparator type and improve documentation  -  by @​IceMooncake in #​5376 (d886c)
• useClipboard: Prevents fail in Safari for async operation  -  by @​MatteoGabriele in #​5369 (5ec56)
• useSortable: Re-query DOM on every start() for string selectors  -  by @​Mini-ghost in #​5374 (3341f)
• useVirtualList: React to changes made in mutable arrays properly  -  by @​dcherman in #​5267 (7069e)
• useWakeLock: Auto-release wake lock on component unmount  -  by @​ProgrammingWithSid and @​OrbisK in #​5271 (43937)
• useWebSocket: Race condition caused by onopen/onclose events.  -  by @​DanCardin, @​antfu and @​9romise in #​5175 (6661c)
• whenever: Improve old value types  -  by @​VChet in #​5096 (979c6)

   🏎 Performance

• Replace deepRef with shallowRef where appropriate  -  by @​9romise in #​5293 (80004)

    View changes on GitHub

v14.2.1

Compare Source

   🚀 Features

• Add skills at the root directory for skills cli  -  by @​antfu (c005d)
• skills: Transfer @vueuse/skills  -  by @​serkodev in #​5286 (532ac)

   🐞 Bug Fixes

• useRafFn: Resolve reactive null fpsLimit not being handled  -  by @​nemanjamalesija in #​5284 (8ce0d)

    View changes on GitHub

v14.2.0

Compare Source

   🚀 Features

• Support configurable scheduler for timed composables  -  by @​9romise in #​5129 (66aad)
• Allow vue-router 5 as peer deps  -  by @​Ericlm in #​5269 (7c94a)
• useCssSupports: Add useCssSupports  -  by @​OrbisK in #​5266 (c1282)
• useDraggable: Auto-scroll with restricted dragging within the container  -  by @​Gazoon007, Alfarish Fizikri, Robin and @​OrbisK in #​4472 (a8a85)
• useElementVisibility: Inherit rootMargin from useIntersectionObserver  -  by @​9romise in #​5207 (46682)
• useIntersectionObserver: Make rootMargin reactive  -  by @​doyuli, @​ilyaliao and @​9romise in #​4934 (53abe)
• useSortable: Add watchElement option for auto-reinitialize on element change  -  by @​Mini-ghost and @​ilyaliao in #​5189 (17ea2)

   🐞 Bug Fixes

• nuxt: Ensure excludes disabledFunctions' alias  -  by @​jinyongp and @​9romise in #​5240 (76829)
• refManualReset: Add explicit return type annotation  -  by @​batuhan-bas in #​5246 (13bbb)
• useAsyncState: Ensure execute return the actual data  -  by @​9romise in #​5167 (0c346)
• useDocumentVisibility: Fix type inference from string to Documen…  -  by @​webfanzc and cowhorse in #​5248 (e8be8)
• useFocusTrap: Update focus-trap range to ^7  -  by ** ^8 (#​5270)** ()
• useInfiniteScroll: Improve promise handling and add flush post to watch  -  by @​nhquyss and @​9romise in #​5122 (abcea)
• useMagicKeys: Handle undefined key in keyboard events  -  by @​LouisLau-art, LouisLau-art and @​OrbisK in #​5225 (65e25)

    View changes on GitHub

v14.1.0

Compare Source

   🚀 Features

• useDropZone: Add checkValidity function  -  by @​kolaente in #​5169 (aee84)
• useElementVisibility: Add initialValue option  -  by @​kricsleo and @​9romise in #​5159 (13f36)
• useMouseInElement: Add support for tracking inline-level elements  -  by @​siavava and @​9romise in #​5049 (62dfb)
• useTimeAgoIntl: Custom units  -  by @​Menci in #​5188 (c7d09)
• useWebSocket: autoConnect.delay support function  -  by @​YuchenWell, Anthony Fu and @​9romise in #​5089 (176f2)

   🐞 Bug Fixes

• Typescript type of isIOS constant  -  by @​toofishes in #​5163 (60888)
• computedWithControl: Allow different types in watch sources array  -  by @​kricsleo in #​5184 (bc4ac)
• types: Allow async functions in useDebounceFn and useThrottleFn  -  by @​xiaoxiaohuayu in #​5131 (7fb7a)
• types: Deprecate embeded ResizeObserverSize types  -  by @​9romise in #​5127 (d7a07)
• useArrayReduce: Export UseArrayReduceReturn type  -  by @​michaelcozzolino in #​5177 (e1204)
• useAsyncQueue: Trigger onFinished when the last task is rejected  -  by @​keeplearning66 and @​9romise in #​5144 (c4a46)
• useClipboard: Add readonly attribute to textarea fallback to support Safari 15  -  by @​huajianjiu in #​5179 (ef0c4)
• useInfiniteScroll: Make canLoadMore reactive  -  by @​nhquyss in #​5110 (3dc2d)
• useMagicKeys: Handle empty key events to prevent errors  -  by @​babu-ch and @​9romise in #​5149 (f8aec)
• useScroll: Use configurable window's getComputedStyle  -  by @​9romise in #​5150 (f74a6)
• useSpeechRecognition: Catch the error while calling method start  -  by @​ben-lau, liubaobin and @​9romise in #​5142 (94f1e)
• useTimeout: Fix type typo  -  by @​keeplearning66, Robin and Anthony Fu in #​5147 (31e5c)

    View changes on GitHub

danielroe/provenance-action (danielroe/provenance-action)

v0.1.1

Compare Source

compare changes

🚀 Enhancements

• Add support for bun.lock (#​12)

📖 Documentation

• Use @main constraint for example (237ceea)

❤️ Contributors

• Daniel Roe (@​danielroe)

nuxt-modules/og-image (nuxt-og-image)

v5.1.13

Compare Source

   🐞 Bug Fixes

• Updated wasm satori API  -  by @​harlan-zw (c330a)
• Handle _query in og-image without breaking render path  -  by @​JackTYM (2e5bd)
• content: Prefer users zod version  -  by @​harlan-zw (e9550)

    View changes on GitHub

v5.1.12

Compare Source

   🐞 Bug Fixes

• Broken google font mirror  -  by @​harlan-zw (7c6f9)

    View changes on GitHub

v5.1.11

Compare Source

   🐞 Bug Fixes

• Broken dist publishing  -  by @​harlan-zw (24a29)

    View changes on GitHub

v5.1.10

Compare Source

   🐞 Bug Fixes

• Broken getOgImagePath usage  -  by @​harlan-zw (8904f)
• NPM trusted publishing  -  by @​harlan-zw (81e90)

    View changes on GitHub

v5.1.9

Compare Source

   🐞 Bug Fixes

• Maybe resolve nitro path resolution bug  -  by @​harlan-zw (118dd)

    View changes on GitHub

v5.1.8

Compare Source

   🐞 Bug Fixes

• Remove #imports  -  by @​harlan-zw (f2788)
• content: Type broken when augmenting  -  by @​harlan-zw (76b7c)

    View changes on GitHub

v5.1.7

Compare Source

   🐞 Bug Fixes

• Prefer nitro.static over _generate  -  by @​danielroe in #​372 (7a570)

    View changes on GitHub

v5.1.6

Compare Source

   🐞 Bug Fixes

• Explicit sharp dependency usage  -  by @​harlan-zw (9e522)

    View changes on GitHub

v5.1.5

Compare Source

   🐞 Bug Fixes

• Handle undefined link/style in server component response  -  by @​danielroe in #​368 (f8ae4)
• Reworked sharp compatibility checks for JPEG rendering  -  by @​harlan-zw in #​370 (f7bb7)

   🏎 Performance

• Persist font cache between og image versions  -  by @​harlan-zw (3967b)
• Pass SVG data directly to sharp for JPEG's  -  by @​harlan-zw (efcc4)

    View changes on GitHub

pnpm/pnpm (pnpm)

v11.1.3

Compare Source

Patch Changes

• pnpm install now re-validates pnpm-lock.yaml entries against the active minimumReleaseAge and trustPolicy: 'no-downgrade' policies before any tarball is fetched. Lockfiles resolved elsewhere (committed to the repo, restored from a CI cache, produced by an older pnpm) under a weaker or absent policy can no longer install a freshly-published or trust-downgraded version silently. Violating entries abort the install with ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION, ERR_PNPM_TRUST_DOWNGRADE, or the generic ERR_PNPM_LOCKFILE_RESOLUTION_VERIFICATION when both policies trip in the same batch; minimumReleaseAgeExclude and trustPolicyExclude are honored. Verification results are cached so repeat installs against an unchanged lockfile take a fast path, and pnpm shows a transient progress line while the registry round-trip runs.

  When fresh resolution picks an immature version, the behavior depends on minimumReleaseAgeStrict:

  • Loose mode — the default, in effect whenever minimumReleaseAge keeps its built-in 24-hour value — auto-adds the immature picks to minimumReleaseAgeExclude in pnpm-workspace.yaml and lets the install proceed. A single info message lists what was persisted.
  • Strict mode in an interactive terminal collects every immature direct AND transitive pick in one pass and prompts once with the full list. Approving adds them to minimumReleaseAgeExclude and the install continues; declining aborts before the lockfile, package.json, or node_modules is touched.
  • Strict mode in CI (or any non-TTY context) aborts with ERR_PNPM_NO_MATURE_MATCHING_VERSION listing every offending entry, instead of failing on

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying dev-mode with    Cloudflare Pages

Latest commit:	a6593b8
Status:	✅  Deploy successful!
Preview URL:	https://b4871a9a.dev-mode.pages.dev
Branch Preview URL:	https://renovate-all-minor-patch.dev-mode.pages.dev

View logs

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	simple-git-hooks@​2.13.1
	@​nuxt/​eslint@​1.15.2
	@​vueuse/​nuxt@​14.3.0
	@​vue/​test-utils@​2.4.10
	nuxt-og-image@​5.1.13

View full report