chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@nuxt/eslint-config (source)	^1.13.0 → ^1.15.2			devDependencies	minor
@nuxt/ui (source)	4.4.0 → 4.5.1			dependencies	minor
@release-it/conventional-changelog	^10.0.4 → ^10.0.5			devDependencies	patch
eslint (source)	^9.39.2 → ^9.39.3			devDependencies	patch
node	24.13.0 → 24.14.0			uses-with	minor
nuxt (source)	^4.3.0 → ^4.3.1			dependencies	patch
pnpm (source)	10.28.2 → 10.30.3			packageManager	minor

---

Release Notes

nuxt/eslint (@​nuxt/eslint-config)

v1.15.2

Compare Source

   🐞 Bug Fixes

• Prevent race condition of running checker module before eslint config is written  -  by @​sebbayer in #​653 (69aa4)

    View changes on GitHub

v1.15.1

Compare Source

   🐞 Bug Fixes

• Downgrade @eslint/js, fix #​647  -  by @​antfu in #​647 (2c1c1)

    View changes on GitHub

v1.15.0

Compare Source

   🚀 Features

• Relax peer deps range to support ESLint v10, fix #​642  -  by @​antfu in #​642 (305a9)

    View changes on GitHub

v1.14.0

Compare Source

   🚀 Features

• eslint-config: Add no-page-meta-runtime-values  -  by @​danielroe in #​641 (b74a0)

    View changes on GitHub

nuxt/ui (@​nuxt/ui)

v4.5.1

Compare Source

Bug Fixes

• components: improve arrow styling with stroke-default and fill-bg (#​6095) (0e9198e)
• components: improve slots return types and tests (#​6109) (7d1e863)
• components: prevent transformUI from mutating cached useComponentUI value (286738a), closes #​6104 #​4387
• ContentToc: add relative positioning to content slot (fcdb231), closes #​6117
• ContentToc: use rem units for indicator size calculation (d631853)
• NavigationMenu: prevent navigation when clicking trailing area in horizontal orientation (8f84c90), closes #​6083
• Page: make slot presence reactive for variant computation (082ea41)
• types: resolve isArrayOfArray type return (#​6097) (04292d9)
• useResizable: use function declaration to prevent false auto-import (c22ecf4)

v4.5.0

Compare Source

Features

• DashboardSidebar/Header: add autoClose prop (#​6089) (2663deb)
• EditorDragHandle: proxy nested / nestedOptions props and emit hover event (#​5960) (ed60193)
• Form: add HTML5 validation to programmatic submit (#​6002) (ed552fc)
• locale: add Belarusian language (#​5972) (ac9e7b3)
• module: add support for taupe / mauve / mist / olive neutral colors (#​6081) (bc49d3f)
• NavigationMenu: allow tooltip usage in horizontal orientation (#​5682) (f46b504)
• NavigationMenu: handle chip in items (#​6064) (401a2c0)
• ScrollArea: add skipMeasurement virtualize option (#​5721) (548b711)
• Select/SelectMenu: add hover effects on outline and subtle variants (94b0c31)
• Theme: new component (#​4387) (c97047d)
• Toaster: prevent duplicate toasts and add pulse animation (3f6581a)

Bug Fixes

• BlogPost/ChangelogVersion: use ImgHTMLAttributes type for image prop (#​6007) (0185856)
• ChatMessages: allow message props to override role defaults (#​6000) (f64ec17)
• ChatMessages: prevent flash at top before scrolling to bottom on mount (4bdcb83)
• Checkbox/Switch: prevent data-state conflict when used inside Tooltip (2bb1a8b), closes #​3599
• CheckboxGroup: update update:modelValue emit type (#​5927) (64d2e88)
• ColorModeImage: add baseURL support for public paths (#​6006) (db510f3)
• components: add fixed prop to prevent responsive text size reduction (#​6074) (8f5f44c)
• components: nullable and optional type support (#​6060) (cd3432b)
• components: prevent iOS auto-zoom on input fields with font-size below 16px (#​6040) (1262016)
• ContentNavigation: pass nested child data to slots (#​6043) (e67f77e)
• defineShortcuts: add alt key guard (#​6020) (8451f45)
• defineShortcuts: allow shifted special character shortcuts (08facc0)
• Drawer/Modal/Popover/Slideover: prevent unexpected close on touch when interacting with other overlays (#​5695) (e2c038c)
• Editor: handle placeholder in RTL mode (#​5977) (3cc16e3)
• EditorMentionMenu: use char prop as mention prefix instead of always @ (0b9b097), closes #​6035
• EditorToolbar: proxy size prop to dropdown menu (8f8d989)
• InputMenu/InputNumber/SelectMenu: proxy size to buttons (1ec1698), closes #​5958
• InputMenu/Select/SelectMenu: exclude cosmetic items from model value type (#​6044) (22cf1ea)
• InputMenu/SelectMenu: sort filtered items by match relevance (058c66b), closes #​4672
• InputMenu: prevent focus on trailing button (88073b6)
• module: update icon cssLayer option from components to base (#​6076) (e8bc322)
• NavigationMenu: allow clicking trailing slot in horizontal orientation (7f9996f), closes #​5192 #​6083
• NavigationMenu: unique auto-generated item values for grouped items (7b317d9)
• PricingPlan: truncate title (#​6041) (8e86c51)
• Select: remove useless by prop (14dceaf)
• Table: improve perfs with shallowRef when watch deep is disabled (#​6023) (bc06ce2)
• Toast: allow update to keep toast open and reset duration (82afa0a)
• Toast: improve animation smoothness (#​6065) (ee2c0a5)
• types: improve DotPathKeys accuracy and GetItemKeys performance (#​6077) (6f7af3e)
• useEditorMenu: rank filtered results by relevance (f53484a)

release-it/conventional-changelog (@​release-it/conventional-changelog)

v10.0.5

Compare Source

• test: add should generate changelog with remote origin urls (#​132) (7e53f8c) - thanks @​Maxel01!
• fix: pass parserOpts to both Bumper and ConventionalChangelog (#​135) (4dce48a) - thanks @​aarond-sp!

eslint/eslint (eslint)

v9.39.3

Compare Source

Bug Fixes

• 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

• 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#​20529) (Milos Djermanovic)
• 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
• af498c6 chore: ignore /docs/v9.x in link checker (#​20453) (Milos Djermanovic)

actions/node-versions (node)

v24.14.0: 24.14.0

Compare Source

Node.js 24.14.0

v24.13.1: 24.13.1

Compare Source

Node.js 24.13.1

nuxt/nuxt (nuxt)

v4.3.1

Compare Source

4.3.1 is a regularly scheduled patch release.

👉 Changelog

compare changes

🩹 Fixes

• nuxt: Correct reference format of server builder (#​34177)
• nuxt: Add status/statusText getters to NuxtError (#​34188)
• nuxt: Don't inject shared types for differing auto-imports (#​34191)
• schema: Add direnv and vendor to default ignore (#​34190)
• nuxt: Focus hash links after navigation (#​34193)
• nuxt: Exclude head runtime from unhead imports transform (#​34195)
• kit: Include prereleases in semver satisfy check (#​34210)
• nitro: Encode unicode paths in x-nitro-prerender header (#​34202)
• nuxt: Watch server/ for builder:watch hook (#​34208)
• nitro: Preserve error.message for fatal errors (#​34226)
• Only enable dynamic imports when ts plugin (#​34205)
• webpack: Use H3Error for 403 in dev server (#​34233)
• nuxt: Ensure NuxtError extends Error type (#​34242)
• vite: Use H3Error for 404 in dev server (#​34225)
• nuxt: Add backwards compat for #app barrel export in keyed functions (#​34199)
• nuxt: Track + re-add custom routes on hmr (#​32044)
• nuxt: Keep vnode when leaving deeper nested route (#​33778)
• vite: Prevent CSS flickering in dev mode after config changes (#​33856)
• nuxt: Do not start view transition if there is no route (#​33723)
• nuxt: Call deferHydration done on NuxtPage unmount (#​34152)
• nuxt: Handle invalid datetime in ` (#​33992)
• nuxt: Preserve middleware error status in 404 fallback (#​34148)
• nitro: Do not augment nuxt/schema (#​34255)
• nuxt: Cache manifest files to preserve buildId (#​34002)
• nuxt: Don't decode query string in SSR context URL (#​34252)
• nuxt: Allow specifying moduleDependencies by meta.name (#​34263)
• nuxt: Resolve #components import mapping conflict for packages outside rootDir (#​34139)
• vite,webpack: Use node.res to send 403/404 (#​34266)
• nitro,nuxt: Align path encoding with vue-router (#​34265)
• nitro: Augment nuxt/schema once more (552bbd8d1)

💅 Refactors

• nuxt: Prefer genObjectKey to omit unnecessary quotes (#​34245)
• nuxt: Use ComponentProps helper to extract layout props (#​34248)

📖 Documentation

• Update roadmap dates (#​34166)
• Correct default value of nitroAutoImports (#​34182)
• Clarify shared type context limitations for custom imports (#​34194)
• Fix broken links (#​34223)
• Document payload extraction for ISR/SWR routes (#​34222)
• Update default aliases in configuration reference (#​34237)
• Update example of email validation (#​34247)
• Align server alias examples with #server and rootDir (#​34259)
• Add documentation for keyedComposables (#​34201)

🏡 Chore

• Remove px from width attribute (8d1cbb27a)
• Add ai config in gitignore (#​34220)

✅ Tests

• Vitest v4 compatibility (825b2c202)
• Add runtime tests for deeply nested <NuxtPage> navigation (048efc030)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Matej Černý (@​cernymatej)
• Octavio Araiza (@​8ctavio)
• Muhammad Yasir Ghaffar (@​M-YasirGhaffar)
• mrkaashee (@​mrkaashee)
• Max (@​onmax)
• Bobbie Goede (@​BobbieGoede)
• 纸鹿/Zhilu (@​L33Z22L11)
• Florian Heuberger (@​Flo0806)
• 山吹色御守 (@​KazariEX)
• ExXTreMe315 (@​ExXTreMe315)
• Eugene (@​FlexIDK)
• abeer0 (@​iiio2)
• Jonas Thelemann (@​dargmuesli)
• Erwan Jugand (@​erwanjugand)

pnpm/pnpm (pnpm)

v10.30.3

Compare Source

v10.30.2

Compare Source

v10.30.1: pnpm 10.30.1

Compare Source

Patch Changes

• Use the /-/npm/v1/security/audits/quick endpoint as the primary audit endpoint, falling back to /-/npm/v1/security/audits when it fails #​10649.

Platinum Sponsors

Gold Sponsors

v10.30.0: pnpm 10.30

Compare Source

Minor Changes

• pnpm why now shows a reverse dependency tree. The searched package appears at the root with its dependents as branches, walking back to workspace roots. This replaces the previous forward-tree output which was noisy and hard to read for deeply nested dependencies.

Patch Changes

• Revert pnpm why dependency pruning to prefer correctness over memory consumption. Reverted PR: #​7122.
• Optimize pnpm why and pnpm list performance in workspaces with many importers by sharing the dependency graph and materialization cache across all importers instead of rebuilding them independently for each one #​10596.

Platinum Sponsors

Gold Sponsors

v10.29.3

Compare Source

v10.29.2

Compare Source

v10.29.1: pnpm 10.29.1

Compare Source

Minor Changes

• The pnpm dlx / pnpx command now supports the catalog: protocol. Example: pnpm dlx shx@catalog:.
• Support configuring auditLevel in the pnpm-workspace.yaml file #​10540.
• Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #​10436.

Patch Changes

• Fixed pnpm list --json returning incorrect paths when using global virtual store #​10187.

• Fix pnpm store path and pnpm store status using workspace root for path resolution when storeDir is relative #​10290.

• Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #​10497.

• Fixed a bug where catalogMode: strict would write the literal string "catalog:" to pnpm-workspace.yaml instead of the resolved version specifier when re-adding an existing catalog dependency #​10176.

• Fixed the documentation URL shown in pnpm completion --help to point to the correct page at https://pnpm.io/completion #​10281.

• Skip local file: protocol dependencies during pnpm fetch. This fixes an issue where pnpm fetch would fail in Docker builds when local directory dependencies were not available #​10460.

• Fixed pnpm audit --json to respect the --audit-level setting for both exit code and output filtering #​10540.

• update tar to version 7.5.7 to fix security issue

  Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842

• Fix pnpm audit --fix replacing reference overrides (e.g. $foo) with concrete versions #​10325.

• Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not being converted to publicHoistPattern #​10271.

• pnpm help should correctly report if the currently running pnpm CLI is bundled with Node.js #​10561.

• Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for node_modules/.bin, causing binaries to not be found when running commands like pnpm exec #​10457.

Platinum Sponsors

Gold Sponsors

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.