chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@clack/prompts (source)	1.0.1 → 1.1.0			dependencies	minor
@jest/globals (source)	30.2.0 → 30.3.0			devDependencies	minor
actions/setup-node	v6.2.0 → v6.3.0			action	minor
better-sqlite3	12.6.2 → 12.8.0			devDependencies	minor
eslint (source)	10.0.2 → 10.0.3			devDependencies	patch
h3 (source)	^1.15.5 → ^1.15.6			dependencies	patch
h3 (source)	^2.0.1-rc.14 → ^2.0.1-rc.16			dependencies	patch
h3-next (source)	2.0.1-rc.14 → 2.0.1-rc.16			dependencies	patch
happy-dom	20.8.3 → 20.8.4			devDependencies	patch
jest (source)	30.2.0 → 30.3.0			devDependencies	minor
knip (source)	5.85.0 → 5.86.0			devDependencies	minor
oven-sh/setup-bun	v2.1.2 → v2.1.3			action	patch
oxc-parser (source)	0.116.0 → 0.118.0			devDependencies	minor
pnpm (source)	10.30.3 → 10.32.1			packageManager	minor
tinyexec	^1.0.2 → ^1.0.4			dependencies	patch
unimport	6.0.0 → 6.0.1			devDependencies	patch
vitest-browser-vue	2.0.2 → 2.1.0			devDependencies	minor
vue (source)	^3.5.29 → ^3.5.30			resolutions	patch
vue (source)	^3.5.29 → ^3.5.30			dependencies	patch

---

Release Notes

bombshell-dev/clack (@​clack/prompts)

v1.1.0

Compare Source

Minor Changes

• e3333fb: Replaces picocolors with Node.js built-in styleText.

Patch Changes

• c3666e2: destruct limitOption param for better code readability, tweak types definitions
• ba3df8e: Fixes withGuide support in intro, outro, and cancel messages.
• Updated dependencies [e3333fb]
  • @​clack/core@​1.1.0

jestjs/jest (@​jest/globals)

v30.3.0

Compare Source

Features

• [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#​15844)
• [jest-fake-timers] Add setTimerTickMode to configure how timers advance
• [*] Reduce token usage when run through LLMs (3f17932)

Fixes

• [jest-config] Keep CLI coverage output when using --json with --outputFile (#​15918)
• [jest-mock] Use Symbol from test environment (#​15858)
• [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#​15864)
• [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#​15842)
• [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#​15851)
• [jest-util] Make sure process.features.require_module is false (#​15867)

Chore & Maintenance

• [*] Replace remaining micromatch uses with picomatch
• [deps] Update to sinon/fake-timers v15
• [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#​15849)
• Updated Twitter icon to match the latest brand guidelines (#​15869)

actions/setup-node (actions/setup-node)

v6.3.0

Compare Source

What's Changed

Enhancements:

• Support parsing devEngines field by @​susnux in #​1283

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:

• Fix npm audit issues by @​gowridurgad in #​1491
• Replace uuid with crypto.randomUUID() by @​trivikr in #​1378
• Upgrade minimatch from 3.1.2 to 3.1.5 by @​dependabot in #​1498

Bug fixes:

• Remove hardcoded bearer for mirror-url @​marco-ippolito in #​1467
• Scope test lockfiles by package manager and update cache tests by @​gowridurgad in #​1495

New Contributors

• @​susnux made their first contribution in #​1283

Full Changelog: actions/setup-node@v6...v6.3.0

WiseLibs/better-sqlite3 (better-sqlite3)

v12.8.0

Compare Source

What's Changed

• Readme: requires Node.js v20 or later by @​Prinzhorn in #​1443
• Update SQLite to version 3.51.3 in #​1460
• fix: use HolderV2() for PropertyCallbackInfo on V8 >= 12.5 by @​tstone-1 in #​1459

New Contributors

• @​tstone-1 made their first contribution in #​1459

Why SQLite v3.51.3 instead of v3.52.0

From the SQLite team:

Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

Hence, if you were planning to upgrade to 3.52.0 tomorrow (Friday, 2026-03-14), perhaps it would be better to wait a day or so for 3.51.3.

At some point we will do version 3.52.1 which will hopefully resolve the issues that have arisen with the 3.52.0 release.

Full Changelog: WiseLibs/better-sqlite3@v12.7.1...v12.8.0

eslint/eslint (eslint)

v10.0.3

Compare Source

h3js/h3 (h3)

v1.15.6

Compare Source

compare changes

🩹 Fixes

• sse: Sanitize newlines in event stream fields to prevent SSE injection (840ac5c)
• static: Prevent path traversal via percent-encoded dot segments (6465e1b)

capricorn86/happy-dom (happy-dom)

v20.8.4

Compare Source

webpro-nl/knip (knip)

v5.86.0: Release 5.86.0

Compare Source

• Rewrite import specifiers to use .ts extensions, remove tsx (#​1548) (58674ad) - thanks @​wojtekmaj!
• Add .spec-d to vitest entry files (#​1556) (3123ab7) - thanks @​yamachi4416!
• Update docs for tsx → node (0418eba)
• Auto-format (7142fd7)
• Add Qwik plugin (#​1557) (fc668f4) - thanks @​azat-io!
• Fix Bun plugin to handle directory arguments in bun test (c112b6c)
• Update FAQ (b105a42)
• fix(plugin): swc with externalHelpers setting ignores @swc/helpers dependency (#​1560) (4bcb1f5) - thanks @​bobaaaaa!
• chore: git ignore artifacts (#​1563) (4878724) - thanks @​unional!
• Fix Vite plugin to respect root option for index.html entries (#​1561) (67a5647) - thanks @​azat-io!
• Fix Astro sharpImageService() false positive for unused sharp (#​1559) (c36247c) - thanks @​azat-io!
• Fix up gitignore test (b2c3d08)
• fix: normalize Windows backslash paths in fs.watch listener to fix --watch on Windows (#​1558) (b86b421) - thanks @​Aiudadadadf!
• Fix wrangler plugin not enabled by jsonc config (#​1564) (00bb1be) - thanks @​DaniFoldi!
• Edit AGENTS.md (a2aaf2f)
• Fix tsconfig presets marked as unlisted in strict mode (resolve #​1568) (463d67d)
• oxcellent (8a602c7)
• Refactor format test and use prettier for consistent results (b6afc01)
• Sort package.json (d3a521b)
• Add .git to GLOBAL_IGNORE_PATTERNS (resolve #​1571) (4e95ffb)
• Detect Yarn plugins that are listed by their path alone (#​1574) (de4c7d8) - thanks @​robintown!
• Start using unbash (a5de2c4)
• Bump unbash & simplify bash parser further (57896d3)
• Fix refs in workspaces fixture (#​1578) (fbee342)
• Include a few more entry patterns with pageExtensions (resolve #​1581) (c6a6d9e)
• Clean exit if --fix fixes all issues (resolve #​1577) (c182c29)
• Document JSDoc tag hints (0e7b6ae)
• Update AGENTS.md (f845462)
• Add openapi-ts plugin (#​1579) (42d1b3f) - thanks @​jonahsnider!
• Migrate from js-yaml → yaml (fb042ae)
• pnpm dedupe (2586254)
• Fix plugin list order (#​1587) (519ae3a) - thanks @​ikeyan!
• Fix confusing test fixtures for openapi-ts plugin (#​1591) (f0083ca) - thanks @​jonahsnider!
• Off-by-1 (7d7dec6)
• Don't fix compiled files (pos off) (a9fdc77)
• Add aliases from any tsconfig file in typescript plugin (resolve #​1347) (ced77c7)
• Support auto-imports in Nuxt plugin (#​1517) (4ce27b2)
• Fix + lint .ts extension in import specifiers (d349de3)
• Safe ts.isInTopLevelContext → isInTopLevelScope (1819c20)
• Wrap session.handleFileChanges in try/catch (185afb8)
• Improve MDX compiler (9205e2a)
• fix(playwright): Add missing built-in null reporter (#​1596) (0f1ce7d) - thanks @​shrink!
• Add package.json#imports as entry points (1fbe286)
• Update some dependencies + dedupe (381241e)
• Add support for extends in nuxt plugin (9fcbdf5)
• Update release script (f446b4f)

oven-sh/setup-bun (oven-sh/setup-bun)

v2.1.3

Compare Source

oven-sh/setup-bun is the github action for setting up Bun.

What's Changed

• perf: avoid unnecessary api calls by @​xhyrom in #​161
• feat: add bun- prefix to cache keys by @​maschwenk in #​160
• fix: use native Windows ARM64 binary for Bun >= 1.3.10 by @​oddrationale in #​165
• feat: add AVX2 support detection for x64 Linux systems by @​GoForceX in #​167
• fix: validate cached binary version matches requested version (#​146) by @​wyMinLwin in #​169
• release: v2.1.3 by @​xhyrom in #​170

New Contributors

• @​oddrationale made their first contribution in #​165
• @​GoForceX made their first contribution in #​167
• @​wyMinLwin made their first contribution in #​169

Full Changelog: oven-sh/setup-bun@v2...v2.1.3

oxc-project/oxc (oxc-parser)

v0.117.0

🐛 Bug Fixes

• 92cfb14 linter/plugins: Fix types for walkProgram and walkProgramWithCfg (#​20081) (overlookmotel)
• ee0491e apps,napi: Explicitly specify libs in tsconfigs (#​20071) (camc314)

pnpm/pnpm (pnpm)

v10.32.1: pnpm 10.32.1

Compare Source

Patch Changes

• Fix a regression where pnpm-workspace.yaml without a packages field caused all directories to be treated as workspace projects. This broke projects that use pnpm-workspace.yaml only for settings (e.g. minimumReleaseAge) without defining workspace packages #​10909.

Platinum Sponsors

Gold Sponsors

v10.32.0: pnpm 10.32

Compare Source

Minor Changes

• Added --all flag to pnpm approve-builds that approves all pending builds without interactive prompts #​10136.

Patch Changes

• Reverted change related to setting explicitly the npm config file path, which caused regressions.
• Reverted fix related to lockfile-include-tarball-url. Fixes #​10915.

Platinum Sponsors

Gold Sponsors

v10.31.0

Compare Source

tinylibs/tinyexec (tinyexec)

v1.0.4

Compare Source

What's Changed

• fix: package.json exports by @​mbwhite in #​91

New Contributors

• @​mbwhite made their first contribution in #​91

Full Changelog: tinylibs/tinyexec@1.0.3...1.0.4

v1.0.3

Compare Source

What's Changed

• chore: enable dependabot, bump actions by @​43081j in #​60
• chore: upgrade dependencies by @​43081j in #​62
• chore(deps): bump actions/checkout from 5.0.0 to 5.0.1 in the github-actions group by @​dependabot[bot] in #​66
• chore: add licenses to distributed code temporarily by @​43081j in #​69
• chore(deps): bump actions/checkout from 5.0.1 to 6.0.0 in the github-actions group by @​dependabot[bot] in #​70
• chore(deps): bump the github-actions group with 2 updates by @​dependabot[bot] in #​72
• chore: bump node in CI by @​43081j in #​75
• chore(deps-dev): bump the development-dependencies group across 1 directory with 8 updates by @​dependabot[bot] in #​74
• chore(deps-dev): bump the development-dependencies group with 3 updates by @​dependabot[bot] in #​77
• chore(deps): bump actions/setup-node from 6.1.0 to 6.2.0 in the github-actions group by @​dependabot[bot] in #​76
• chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 in the github-actions group by @​dependabot[bot] in #​79
• chore(deps-dev): bump the development-dependencies group with 6 updates by @​dependabot[bot] in #​80
• chore(deps-dev): bump @​types/node from 25.0.10 to 25.2.0 in the development-dependencies group by @​dependabot[bot] in #​81
• chore(deps-dev): bump the development-dependencies group across 1 directory with 6 updates by @​dependabot[bot] in #​83
• chore(deps-dev): bump the development-dependencies group with 3 updates by @​dependabot[bot] in #​84
• chore(deps-dev): bump @​types/node from 25.3.0 to 25.3.3 in the development-dependencies group by @​dependabot[bot] in #​85
• fix: prefer local node_modules/.bin executables to globally installed ones by @​iiroj in #​87
• chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 in the github-actions group by @​dependabot[bot] in #​88
• chore(deps-dev): bump the development-dependencies group with 4 updates by @​dependabot[bot] in #​89

New Contributors

• @​dependabot[bot] made their first contribution in #​66
• @​iiroj made their first contribution in #​87

Full Changelog: tinylibs/tinyexec@1.0.2...1.0.3

unjs/unimport (unimport)

v6.0.1

Compare Source

   🐞 Bug Fixes

• Filter out reserved words from exp.names  -  by @​danielroe in #​504 (464a0)

    View changes on GitHub

vitest-community/vitest-browser-vue (vitest-browser-vue)

v2.1.0

Compare Source

   🚀 Features

• Integrate trace mark with render  -  by @​hi-ogawa and Claude Opus 4.6 in #​25 (872fd)

    View changes on GitHub

vuejs/core (vue)

v3.5.30

Compare Source

Bug Fixes

• compat: add entities to @​vue/compat deps to fix CJS edge cases (#​12514) (e725a67), closes #​10609
• custom-element: ensure child component styles are injected in correct order before parent styles (#​13374) (1398bf8), closes #​13029
• custom-element: properly locate parent when slotted in shadow dom (#​12480) (f06c81a), closes #​12479
• custom-element: should properly patch as props for vue custom elements (#​12409) (740983e), closes #​12408
• reactivity: avoid duplicate raw/proxy entries in Set.add (#​14545) (d943612)
• reactivity: fix reduce on reactive arrays to preserve reactivity (#​12737) (16ef165), closes #​12735
• reactivity: handle Set with initial reactive values edge case (#​12393) (5dc27ca), closes #​8647
• runtime-core: warn about negative number in v-for (#​12308) (9438cc5)
• ssr: prevent watch from firing after async setup await (#​14547) (6cda71d), closes #​14546
• types: make generics with runtime props in defineComponent work (fix #​11374) (#​13119) (cea3cf7), closes #​13763
• types: narrow useAttrs class/style typing for TSX (#​14492) (bbb8977), closes #​14489

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/nuxt/test-utils/@nuxt/test-utils@1612

npm i https://pkg.pr.new/nuxt/test-utils/vitest-environment-nuxt@1612

commit: 1c10bb0