chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@nuxt/devtools-kit (source)	^3.1.1 → ^3.2.1			dependencies	patch
@nuxt/devtools-kit (source)	^3.1.1 → ^3.2.1			devDependencies	patch
@nuxt/devtools-ui-kit (source)	^3.1.1 → ^3.2.1			devDependencies	minor
@nuxt/eslint-config (source)	^1.12.1 → ^1.15.1			devDependencies	minor
@nuxt/ui (source)	^4.3.0 → ^4.4.0			dependencies	minor
@types/node (source)	^24.10.9 → ^24.10.13			resolutions	patch
@types/node (source)	^24.10.9 → ^24.10.13			devDependencies	patch
@vitest/coverage-v8 (source)	^4.0.17 → ^4.0.18			devDependencies	patch
actions/checkout	v6.0.1 → v6.0.2			action	patch
docus	^5.4.2 → ^5.5.0			dependencies	minor
fontless (source)	^0.1.0 → ^0.2.0			dependencies	minor
pkg-pr-new (source)	^0.0.62 → ^0.0.63			devDependencies	patch
playwright-core (source)	^1.57.0 → ^1.58.2			devDependencies	minor
pnpm (source)	10.28.1 → 10.29.3			packageManager	minor
sass	^1.97.2 → ^1.97.3			devDependencies	patch
semver	^7.7.3 → ^7.7.4			devDependencies	patch
unifont	^0.6.0 → ^0.7.3			dependencies	minor
vitest (source)	^4.0.17 → ^4.0.18			devDependencies	patch
vue (source)	3.5.27 → 3.5.28			dependencies	patch
vue (source)	3.5.27 → 3.5.28			devDependencies	patch
vue-tsc (source)	^3.2.2 → ^3.2.4			devDependencies	patch

---

Release Notes

nuxt/devtools (@​nuxt/devtools-ui-kit)

v3.2.1

Compare Source

Bug Fixes

• inspect panel position (2f93070)

v3.2.0

Compare Source

Bug Fixes

• devtools: call devtools:initialized hook after all modules run (#​919) (3662836)

Features

• enhance inspect panel, add copy visual info for agents (#​928) (6bb2565)
• upgrade vite-devtools (5c4a0b0)

3.1.1 (2025-11-25)

Bug Fixes

• ui: remove flash when switching to dark (#​909) (75a814f)

Features

• support passing additional permissions to the iframe (#​911) (bc1d11c)

nuxt/eslint (@​nuxt/eslint-config)

v1.15.1

Compare Source

   🐞 Bug Fixes

• Downgrade @eslint/js, fix #​647  -  by @​antfu in #​647 (2c1c1)

    View changes on GitHub

v1.15.0

Compare Source

   🚀 Features

• Relax peer deps range to support ESLint v10, fix #​642  -  by @​antfu in #​642 (305a9)

    View changes on GitHub

v1.14.0

Compare Source

   🚀 Features

• eslint-config: Add no-page-meta-runtime-values  -  by @​danielroe in #​641 (b74a0)

    View changes on GitHub

v1.13.0

Compare Source

   🚀 Features

• Upgrade eslint-flat-config-utils eslint-plugin-import-lite and eslint-plugin-jsdoc  -  by @​antfu (10bf9)

    View changes on GitHub

nuxt/ui (@​nuxt/ui)

v4.4.0

Compare Source

Features

• Calendar: add weekNumbers prop (#​4555) (7a1a71b)
• ChangelogVersions: handle scroll options in indicator prop (#​5257) (6a925cd)
• CommandPalette/InputMenu/SelectMenu/Tree: handle virtualizer estimateSize as function (#​5748) (d51b424)
• CommandPalette: add input prop (#​5736) (12052e8)
• CommandPalette: add size prop (#​5878) (3ae04c6)
• components: add by prop (#​5906) (36cd5e5)
• components: add valueKey prop (#​5905) (55646ea)
• Editor: add placeholder.mode prop (d90acb3), closes #​5785
• Editor: add size prop in menus (#​5889) (571d50d)
• Editor: add taskList handler (#​5837) (db04197)
• Editor: add support for code inside links (2ed2d5d)
• Editor: handle boolean in image and mention props (b6fa83a), closes #​5820
• EditorMentionMenu: handle async search with ignoreFilter prop (#​5880) (f8d1883)
• InputMenu/Select/SelectMenu: expose viewportRef for infinite scroll (#​5836) (f4a945c)
• InputMenu/SelectMenu: add clear prop (#​5643) (ec6b8ec)
• Link: support custom navigate function in vue (#​5860) (f51e58a)
• ProseTd/ProseTh: handle align prop (859390e), closes #​5795
• Timeline/Stepper: add wrapper slot and fix dynamic slot conditions (#​5868) (8610d4d)
• Timeline: add select event (#​5826) (8e431be)

Bug Fixes

• Banner: isolate banner visibility using per-instance CSS variables (#​5751) (c7332eb)
• Banner: prevent XSS via id prop injection (4e334a0)
• CommandPalette/ContextMenu/DropdownMenu: keyboard selection on link items (3f5bdb3)
• CommandPalette: prevent XSS in search highlight (e12ceb6)
• ContentSurround: align next link to right on tablet without prev (#​5833) (b3adccc)
• defineShortcuts: check shift modifier for special character shortcuts (bd344d7), closes #​5911
• Editor: set contentType when updating value (c37d6f7), closes #​5709
• Editor: support all heading levels by default (3046c3e)
• EditorToolbar: prevent onClick from being called twice on items (cbed0cc), closes #​5784
• EditorToolbar: prevent disabled dropdown when items have no kind (d473f63)
• Error/Main: render as main instead of div (6ccb1f5)
• FileUpload: emit null when clearing file (#​5892) (1d9a2fd)
• FileUpload: keep input visible when preview is disabled with multiple files (597ac29), closes #​5875
• locale: improve cs and sk terminology for correct inflection (#​5789) (af6f288)
• module: only override primary color and md size default variants (f422de8)
• ProseCodeTree: prevent infinite update loop with expandAll prop (c79cb77), closes #​5828
• useOverlay: refine close event argument extraction (#​5775) (182af20)

vitest-dev/vitest (@​vitest/coverage-v8)

v4.0.18

Compare Source

   🚀 Experimental Features

• experimental: Add onModuleRunner hook to worker.init  -  by @​sheremet-va in #​9286 (ea837)

   🐞 Bug Fixes

• Use meta.url in createRequire  -  by @​sheremet-va in #​9441 (e0572)
• browser: Hide injected data-testid attributes  -  by @​sheremet-va in #​9503 (f8989)
• ui: Process artifact attachments when generating HTML reporter  -  by @​macarie in #​9472 (22543)

    View changes on GitHub

actions/checkout (actions/checkout)

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

nuxt-content/docus (docus)

v5.5.0

Compare Source

Features

• add skills folder with first skill /create-docs (#​1257) (0b2d346)
• layer: add sitemap.xml generation (#​1259) (45bffbc)
• layer: add ai assistant module (#​1241) (1ff2829)
• llms: add docs page redirection to raw markdown for agents (#​1264) (9ceafe6)
• llms: redirect homepage to /llms.txt (#​1263) (6fd8686)

Bug Fixes

• .starters: prerendering issues (8fe3796)
• .starters: prerendering issues (edab8bf)
• .starters: prerendering issues in i18n template (251b962)
• assitant: do not trigger panel when opening Studio (6199d95)
• build: remove warnings (845e4c8)
• layer: add @vercel/oidc to optimizeDeps (#​1262) (88885ae)
• layer: enhance sitemap generation, exclude navigation files (#​1261) (cd2c62e)
• llms: default domain (d7ff04a)
• llms: infer vercel urls (6d437cc)
• locale: lazy import (#​1266) (dd4a526)
• logs: use nuxt logger (e6be163)

v5.4.4

Compare Source

Features

• llms: better support by using /raw/**.md links inside llms.txt (#​1247) (0a7f25e)

Bug Fixes

• i18n: collection name standardization (#​1246) (39105fe)

unjs/fontaine (fontless)

v0.2.0

Compare Source

   🚀 Features

• fontless: Upgrade to unifont v0.7  -  by @​danielroe (01bdc)
• fontless: Allow resolving formats, and respect provider-specific options  -  by @​danielroe (67d5c)

   🐞 Bug Fixes

• fontless:
  • Improve types of defaultValues  -  by @​danielroe (de2ab)

    View changes on GitHub

stackblitz-labs/pkg.pr.new (pkg-pr-new)

v0.0.63

Compare Source

microsoft/playwright (playwright-core)

v1.58.2

Compare Source

v1.58.1

Compare Source

Highlights

#​39036 fix(msedge): fix local network permissions
#​39037 chore: update cft download location
#​38995 chore(webkit): disable frame sessions on fronzen builds

Browser Versions

• Chromium 145.0.7632.6
• Mozilla Firefox 146.0.1
• WebKit 26.0

v1.58.0

Compare Source

pnpm/pnpm (pnpm)

v10.29.3

Compare Source

v10.29.2

Compare Source

v10.29.1: pnpm 10.29.1

Compare Source

Minor Changes

• The pnpm dlx / pnpx command now supports the catalog: protocol. Example: pnpm dlx shx@catalog:.
• Support configuring auditLevel in the pnpm-workspace.yaml file #​10540.
• Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #​10436.

Patch Changes

• Fixed pnpm list --json returning incorrect paths when using global virtual store #​10187.

• Fix pnpm store path and pnpm store status using workspace root for path resolution when storeDir is relative #​10290.

• Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #​10497.

• Fixed a bug where catalogMode: strict would write the literal string "catalog:" to pnpm-workspace.yaml instead of the resolved version specifier when re-adding an existing catalog dependency #​10176.

• Fixed the documentation URL shown in pnpm completion --help to point to the correct page at https://pnpm.io/completion #​10281.

• Skip local file: protocol dependencies during pnpm fetch. This fixes an issue where pnpm fetch would fail in Docker builds when local directory dependencies were not available #​10460.

• Fixed pnpm audit --json to respect the --audit-level setting for both exit code and output filtering #​10540.

• update tar to version 7.5.7 to fix security issue

  Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842

• Fix pnpm audit --fix replacing reference overrides (e.g. $foo) with concrete versions #​10325.

• Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not being converted to publicHoistPattern #​10271.

• pnpm help should correctly report if the currently running pnpm CLI is bundled with Node.js #​10561.

• Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for node_modules/.bin, causing binaries to not be found when running commands like pnpm exec #​10457.

Platinum Sponsors

Gold Sponsors

v10.28.2: pnpm 10.28.2

Compare Source

Patch Changes

• Security fix: prevent path traversal in directories.bin field.

• When pnpm installs a file: or git: dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into node_modules.

  This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., /etc/passwd, ~/.ssh/id_rsa) and have their contents copied when the package is installed.

  Note: This only affects file: and git: dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.

• Fixed optional dependencies to request full metadata from the registry to get the libc field, which is required for proper platform compatibility checks #​9950.

Platinum Sponsors

Gold Sponsors

sass/dart-sass (sass)

v1.97.3

Compare Source

• Fix a bug where nesting an at-rule within multiple style rules in plain CSS
  could cause outer style rules to be omitted.

unjs/unifont (unifont)

v0.7.3

Compare Source

   🐞 Bug Fixes

• More consistent type name  -  by @​danielroe (93485)

    View changes on GitHub

v0.7.2

Compare Source

   🐞 Bug Fixes

• Prioritize sliced woff2 over full ttf  -  by @​tuyuritio in #​315 (8a618)
• Allow font resolvers to return fallback information  -  by @​danielroe (d8fef)

    View changes on GitHub

v0.7.1

Compare Source

compare changes

🚀 Enhancements

• Strongly type provider name (#​286)
• Throw on error (#​289)
• bunny: Filter subsets (#​298)
• Allow resolving specific font formats (#​297)
• Export InitializedProvider and ResolveFontResult (#​305)
• Allow passing provider-specific options to resolveFont (#​288)

🔥 Performance

• googleicons: Use direct string slicing to drop first line of metadata response (#​302)

🩹 Fixes

• Increase strength of provider types (#​290)
• Isolate cache keys by provider name and options (#​281)

💅 Refactors

• ⚠️ Remove resolveFontFace (#​284)

📖 Documentation

• Update readme and add custom provider example (#​291)
• Give correct examples for experimental.glyphs (#​293)

📦 Build

• Migrate to tsdown (dcbc089)
• Update file extension to .mts (fa1aa74)

🏡 Chore

• Fetch-depth: 0 in release workflow (551259f)
• Update pnpm to 10.21 and enable trust policy (8a93ab7)
• Revert pnpm trust policy and restore provenance action (7855023)
• Remove unused types (#​285)
• Extract unifont (#​292)
• Disallow newlines in import/exports (ad66736)
• Remove T prefix from generics (9e96630)
• Remove publish step (c2ba1b7)
• Release v0.7.0 (9ac1125)
• Add changelogithub to deps (efd5d34)
• Release v0.7.1 (8f191aa)

🤖 CI

• Update release workflow to use trusted publishing (2554e6b)

⚠️ Breaking Changes

• ⚠️ Remove resolveFontFace (#​284)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Florian Lefebvre (@​florian-lefebvre)
• Kentaro Suzuki (@​sushichan044)

v0.7.0

Compare Source

vuejs/core (vue)

v3.5.28

Compare Source

Bug Fixes

• transition: avoid unexpected cancelled parameter in transition done callback (#​14391) (6798853)
• compiler-sfc: add resolution trying for .mts/.cts files (#​14402) (c09d41f), closes vuejs/router#2611
• compiler-sfc: no params were generated when using withDefaults (#​12823) (b0a1f05), closes #​12822
• reactivity: add __v_skip flag to EffectScope to prevent reactive conversion (#​14359) (48b7552), closes #​14357
• runtime-core: avoid retaining el on cached text vnodes during static traversal (#​14419) (4ace79a), closes #​14134
• runtime-core: prevent child component updates when style remains unchanged (#​12825) (57866b5), closes #​12826
• runtime-core: properly handle async component update before resolve (#​11619) (e71c26c), closes #​11617
• runtime-dom: handle null/undefined handler in withModifiers (#​14362) (261de54), closes #​14361
• teleport: properly handling disabled teleport target anchor (#​14417) (d7bcd85), closes #​14412
• transition-group: correct move translation under scale via element rect (#​14360) (0243a79), closes #​14356
• useTemplateRef: don't update setup ref for useTemplateRef key (#​12756) (fc40ca0), closes #​12749

vuejs/language-tools (vue-tsc)

v3.2.4

Compare Source

language-core

• feat: place plugin configs under ctx.config and support type annotation via generics (#​5944) - Thanks to @​KazariEX!

workspace

• chore: publish to npm with OIDC (#​5912) - Thanks to @​ghiscoding!

v3.2.3

Compare Source

language-core

• feat: support configuration for language plugins (#​5678) - Thanks to @​KazariEX!
• fix: avoid defineModel breaking ast in lang="js" (#​5935) - Thanks to @​KazariEX!
• fix: infer object keys as string if it does not extend string (#​5933) - Thanks to @​serkodev!

typescript-plugin

• feat: correct rename behavior on same name shorthands in template (#​5907) - Thanks to @​KazariEX!
• fix: only forward quick info for original results without tags (#​5938) - Thanks to @​KazariEX!

vscode

• fix: correct indent for <style> and <script> tags (#​5925) - Thanks to @​serkodev!

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying fonts with    Cloudflare Pages

Latest commit:	f42cb99
Status:	✅  Deploy successful!
Preview URL:	https://5ef52183.fonts-dsw.pages.dev
Branch Preview URL:	https://renovate-all-minor-patch.fonts-dsw.pages.dev

View logs

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/@nuxt/fonts@762

commit: f42cb99