chore(deps): update all non-major dependencies by renovate[bot] · Pull Request #446 · nuxt/scripts

renovate · 2025-04-05T00:27:07Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Type	Update
@antfu/eslint-config	`^7.7.2` → `^7.7.3`	pnpm.catalog.default	patch
@nuxt/devtools-kit (source)	`^3.2.3` → `^3.2.4`	pnpm.catalog.default	patch
@nuxt/devtools-kit (source)	`^3.2.3` → `^3.2.4`	devDependencies	patch
@nuxt/devtools-ui-kit (source)	`^3.2.3` → `^3.2.4`	pnpm.catalog.default	patch
@nuxt/devtools-ui-kit (source)	`^3.2.3` → `^3.2.4`	devDependencies	patch
@types/youtube (source)	`^0.1.0` → `^0.1.2`	peerDependencies	patch
@typescript-eslint/typescript-estree (source)	`^8.57.0` → `^8.57.1`	pnpm.catalog.default	patch
@unhead/vue (source)	`^2.0.3` → `^2.1.12`	peerDependencies	minor
actions/checkout	`v6.0.1` → `v6.0.2`	action	patch
actions/stale	`v10.0.0` → `v10.2.0`	action	minor
eslint-plugin-harlanzw	`^0.5.17` → `^0.5.21`	pnpm.catalog.default	patch
oxc-parser (source)	`^0.118.0` → `^0.120.0`	pnpm.catalog.default	minor
posthog-js (source)	`^1.0.0` → `^1.360.2`	peerDependencies	minor

Release Notes

antfu/eslint-config (@antfu/eslint-config)

`v7.7.3`

Compare Source

🐞 Bug Fixes

Disable some e18e rules - by @antfu (7edec)

View changes on GitHub

nuxt/devtools (@nuxt/devtools-kit)

`v3.2.4`

Compare Source

Bug Fixes

nuxt devtools inspector style (91f093d)

Features

use ua-parser-modern (114aa17)

typescript-eslint/typescript-eslint (@typescript-eslint/typescript-estree)

`v8.57.1`

Compare Source

This was a version bump only for typescript-estree to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

unjs/unhead (@unhead/vue)

`v2.1.12`

Compare Source

🐞 Bug Fixes

Harden prototype pollution - by @harlan-zw (a6ed9)
Case insensitive attr dedupe - by @harlan-zw (3146b)

View changes on GitHub

`v2.1.11`

Compare Source

⚠️ Security

Fixed XSS bypass in useHeadSafe via attribute name injection (GHSA-g5xx-pwrp-g3fv). Users handling untrusted input with useHeadSafe should upgrade immediately.

🐞 Bug Fixes

addons,schema-org: Permissive peer dependencies - by @harlan-zw (4c5d1)

View changes on GitHub

`v2.1.10`

Compare Source

🐞 Bug Fixes

solid-js: Correct peerDependency version - by @tyeporter in #671 (64e17)

View changes on GitHub

`v2.1.9`

Compare Source

🐞 Bug Fixes

schema-org: Nuxt test utils compat bug - by @harlan-zw (ef838)

View changes on GitHub

`v2.1.8`

Compare Source

🐞 Bug Fixes

schema-org: Avoid crashing from 3+ duplicate nodes - by @harlan-zw (4baf9)

View changes on GitHub

`v2.1.7`

Compare Source

🐞 Bug Fixes

unhead:
- deduplicate matching tags inside same render cycle - by @harlan-zw in #668 (5c0b2)

View changes on GitHub

`v2.1.6`

Compare Source

🐞 Bug Fixes

react: Ssr regression - by @harlan-zw (6adff)

View changes on GitHub

`v2.1.5`

Compare Source

🐞 Bug Fixes

react: Dispose head entries on unmount in React 18 StrictMode - by @harlan-zw in #664 (50ffe)
scripts: Prevent scope disposal from aborting unrelated trigger in useScript - by @cernymatej in #660 (e8f5b)
unhead: Dedupe link rel without hreflang or type - by @danielroe in #658 (1487d)

View changes on GitHub

`v2.1.4`

Compare Source

🐞 Bug Fixes

schema-org: Remove unimplemented SchemaOrgDebug - by @onmax in #649 (642dc)
unhead: Dedupe <link rel="alternate"> by hreflang/type only, drop href from key - by @harlan-zw in #656 (86175)

View changes on GitHub

`v2.1.3`

Compare Source

🐞 Bug Fixes

unhead:
- Dedupe <link rel="alternate"> - by @danielroe and onmax in #655 (fdabe)
vue:
- Support computed getter trigger - by @harlan-zw in #638 (fd63a)
- Guard s._statusRef - by @danielroe in #642 (4ef03)

🏎 Performance

vue: Avoid duplicating error message in the bundle - by @panstromek in #652 (194e5)

View changes on GitHub

`v2.1.2`

Compare Source

🐞 Bug Fixes

Broken cjs environment - by @harlan-zw (ce989)

View changes on GitHub

`v2.1.1`

Compare Source

No significant changes

View changes on GitHub

`v2.1.0`

Compare Source

🚀 Features

schema-org: 12 new nodes - by @harlan-zw in #612 (1a9b8)

🐞 Bug Fixes

react:
- Recursive function resolves broken - by @harlan-zw (4e0c7)
schema-org:
- Correct month off-by-one - by @harlan-zw in #603 (a3e70)
- Missing schema.org properties - by @harlan-zw in #614 (54e05)
unhead:
- Enforce boolean string meta contents - by @kfreezen in #594 (0b8e7)
- Capo module scripts ordering - by @Barbapapazes in #600 (3c661)
- Capo inline scripts ordering - by @Barbapapazes in #596 (7be75)
- Normalize script type - by @harlan-zw (e51b6)
- Safer handling of input - by @harlan-zw (b4b6c)

🏎 Performance

schema-org:
- Remove ohash and defu dependencies - by @harlan-zw in #605 (0d508)
- Rework graph resolution - by @harlan-zw in #616 (b79e4)

View changes on GitHub

`v2.0.19`

Compare Source

🐞 Bug Fixes

vue: Tree shaking breaking some reactivity - by @harlan-zw (7abb5)

View changes on GitHub

`v2.0.18`

Compare Source

🏎 Performance

unhead: Avoid server side effects - by @harlan-zw in #585 (3fd09)

View changes on GitHub

`v2.0.17`

Compare Source

No significant changes

View changes on GitHub

`v2.0.14`

Compare Source

🐞 Bug Fixes

unhead: Multiword attributes in template - by @NikSimonov in #568 (f635b)

View changes on GitHub

`v2.0.13`

Compare Source

🐞 Bug Fixes

unhead:
- Canonical plugin modifying non-url properties - by @paraboul (ee8fd)
- Avoid normalizing template param input - by @harlan-zw (1d205)
- Safer removal of leading / trailing separators - by @harlan-zw (d4501)

View changes on GitHub

`v2.0.12`

Compare Source

🐞 Bug Fixes

react: Force invalidation on entry disposal - by @harlan-zw in #559 (4ee5e)

View changes on GitHub

`v2.0.11`

Compare Source

🐞 Bug Fixes

Allow non-standard meta tags to be intentionally duped - by @harlan-zw (9a899)

View changes on GitHub

`v2.0.10`

Compare Source

🐞 Bug Fixes

Safer meta array deduping - by @harlan-zw (32486)

View changes on GitHub

`v2.0.9`

Compare Source

🏎 Performance

unhead: Normalize canonicalHost only once in canonical plugin - by @negezor in #550 (92713)

View changes on GitHub

`v2.0.8`

Compare Source

No significant changes

View changes on GitHub

`v2.0.7`

Compare Source

🐞 Bug Fixes

schema-org: unhead hoisting issue - by @harlan-zw (bb0e4)

View changes on GitHub

`v2.0.6`

Compare Source

🐞 Bug Fixes

ssr: Less aggressive encoding of non-title tags - by @harlan-zw (f4d4f)

View changes on GitHub

`v2.0.5`

Compare Source

🐞 Bug Fixes

vue: Use setTimeout as render's debounced delayer - by @kricsleo in #540 (8f7c5)

View changes on GitHub

`v2.0.4`

Compare Source

🐞 Bug Fixes

InferSeoMetaPlugin: Template param replacement broken - by @harlan-zw (4e1c8)

View changes on GitHub

actions/checkout (actions/checkout)

`v6.0.2`

Compare Source

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in #2356

actions/stale (actions/stale)

`v10.2.0`

Compare Source

`v10.1.1`

Compare Source

What's Changed

Bug Fix

Add Missing Input Reading for only-issue-types by @Bibo-Joshi in #1298

Improvement

Improves error handling when rate limiting is disabled on GHES. by @chiranjib-swain in #1300

Dependency Upgrades

Upgrade eslint-config-prettier from 8.10.0 to 10.1.8 by @dependabot in #1276
Upgrade @types/node from 20.10.3 to 24.2.0 and document breaking changes in v10 by @dependabot in #1280
Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot in #1291
Upgrade actions/checkout from 4 to 6 by @dependabot in #1306

New Contributors

@chiranjib-swain made their first contribution in #1300

Full Changelog: actions/stale@v10...v10.1.1

`v10.1.0`

Compare Source

What's Changed

Add only-issue-types option to filter issues by type by @Bibo-Joshi in #1255

New Contributors

@Bibo-Joshi made their first contribution in #1255

Full Changelog: actions/stale@v10...v10.1.0

harlan-zw/eslint-plugin-harlanzw (eslint-plugin-harlanzw)

`v0.5.21`

Compare Source

🚀 Features

vue-no-resolve-component-in-composables - by @harlan-zw (f26aa)

View changes on GitHub

`v0.5.19`

Compare Source

🐞 Bug Fixes

Missed shorthands - by @harlan-zw (99cda)

View changes on GitHub

`v0.5.18`

Compare Source

🚀 Features

Nuxt ui prefer shorthand css - by @harlan-zw (51912)

View changes on GitHub

oxc-project/oxc (oxc-parser)

`v0.120.0`

⚡ Performance

9cd612f linter/plugins: Recycle comment objects (#20362) (overlookmotel)

`v0.119.0`

📚 Documentation

e4aa5b5 parser/napi, linter/plugins: Add JSDoc comments to raw transfer constants (#20286) (overlookmotel)

PostHog/posthog-js (posthog-js)

`v1.360.2`

Compare Source

1.360.2

Patch Changes

#3236 bc30c2d Thanks @dustinbyrne! - fix: Calling reset() now automatically reloads feature flags
(2026-03-13)
Updated dependencies [bc30c2d, bc30c2d]:
- @posthog/core@1.23.4
- @posthog/types@1.360.2

`v1.360.1`

Compare Source

1.360.1

Patch Changes

Updated dependencies [4009c15]:
- @posthog/core@1.23.3
- @posthog/types@1.360.1

`v1.360.0`

Compare Source

1.360.0

Patch Changes

#3213 db089fd Thanks @TueHaulund! - fix(replay): treat legacy configs without cache_timestamp as fresh

Configs persisted by older SDK versions never include a cache_timestamp.
Defaulting to 0 treats them as always stale, causing the persisted config
to be cleared before start() runs — so recording never starts for
customers on older core SDK versions paired with the latest CDN recorder. (2026-03-09)
#3207 c5a37cb Thanks @dustinbyrne! - fix: PostHogFeatureFlags uses a TreeShakeable type
(2026-03-09)
Updated dependencies [c5a37cb]:
- @posthog/types@1.360.0

`v1.359.1`

Compare Source

1.359.1 Patch Changes

#3204 2b0cd52 Thanks @marandaneto! - chore: upgrade dompurify to 3.3.2
(2026-03-06)
Updated dependencies []:
- @posthog/types@1.359.1

`v1.359.0`

Compare Source

1.359.0

Minor Changes

#3166 9180726 Thanks @dustinbyrne! - feat: Tree-shake feature flags
(2026-03-05)

Patch Changes

Updated dependencies []:
- @posthog/types@1.359.0

`v1.358.1`

Compare Source

1.358.1

Patch Changes

#3191 9f41d26 Thanks @TueHaulund! - fix(replay): fall back to persisted config when remote config fetch fails

When the remote config fetch failed (network error, ad blocker, CDN outage), the SDK received an empty {} response with no sessionRecording key. The onRemoteConfig handler returned early without ever setting _receivedFlags = true, leaving the recording permanently stuck in pending_config status for the entire page session.

This removes the _receivedFlags gate entirely. The 1-hour TTL on persisted config (added in #3051, increased from 5 minutes) and the stale-config retry in _onScriptLoaded (added in #3093) already prevent recording from starting with outdated config. The additional gate was redundant and created a deadlock when the config fetch failed.

Now when the config fetch fails, startIfEnabledOrStop() is called and falls back to persisted config from a previous page load. If no persisted config exists (first-ever visit), recording is correctly disabled rather than silently stuck. (2026-03-04)
#3198 9d0df0e Thanks @TueHaulund! - Reduce session replay memory pressure by tracking per-event sizes in SnapshotBuffer, eliminating redundant JSON.stringify calls during buffer operations. Also bumps @posthog/rrweb to 0.0.46 which uses FNV-1a hash-based canvas frame deduplication instead of storing full base64 strings.
(2026-03-04)
Updated dependencies []:
- @posthog/types@1.358.1

`v1.358.0`

Compare Source

1.358.0

Minor Changes

#3165 0e08337 Thanks @dustinbyrne! - feat: Tree-shake surveys, toolbar, exceptions, conversations, logs, experiments
(2026-03-03)

Patch Changes

#3164 20c1ff2 Thanks @dustinbyrne! - Add Extension interface for tree-shakable extensions
(2026-03-03)
Updated dependencies []:
- @posthog/types@1.358.0

`v1.357.2`

Compare Source

1.357.2

Patch Changes

#3170 f485c92 Thanks @slshults! - fix: Move tablet detection logic into detectDeviceType for consistent classification across all call sites
(2026-03-03)
Updated dependencies []:
- @posthog/types@1.357.2

`v1.357.1`

Compare Source

1.357.1

Patch Changes

#3149 91223c5 Thanks @adboio! - avoid re-checking URLs if they have not changed
(2026-03-02)
Updated dependencies [5e8d5fc]:
- @posthog/core@1.23.2
- @posthog/types@1.357.1

`v1.357.0`

Compare Source

1.357.0

Minor Changes

#3169 4f885c0 Thanks @marandaneto! - feat: add local sampleRate config for session recording
(2026-03-02)

Patch Changes

#3179 0dce119 Thanks @TueHaulund! - Bump @posthog/rrweb-* to 0.0.45 — reuses a single OffscreenCanvas in the canvas recording worker instead of allocating a new one per frame, fixing a memory leak in Safari where GPU-backed canvas resources were not being garbage collected promptly
(2026-03-02)
Updated dependencies [4f885c0]:
- @posthog/types@1.357.0

`v1.356.2`

Compare Source

1.356.2

Patch Changes

#3174 e9127d8 Thanks @TueHaulund! - Detect and report when rrweb fails to initialize. rrweb's record() silently swallows startup errors and returns undefined, which previously left the SDK reporting an active recording status while capturing zero data. The SDK now checks the return value and reports a new rrweb_error status, making the failure visible in debug properties.
(2026-03-02)
#3175 6ee5f12 Thanks @TueHaulund! - Fix memory leak in canvas recording on Safari < 16.4 where ImageBitmaps were never closed when OffscreenCanvas was unavailable in the web worker.
(2026-03-02)
#3178 186871a Thanks @TueHaulund! - Skip canvas FPS recording entirely on browsers without OffscreenCanvas support (Safari < 16.4) instead of running a wasteful requestAnimationFrame loop that can never produce data. Also includes displayWidth/displayHeight in canvas mutation data for correct replay sizing.
(2026-03-02)
#3176 87bae20 Thanks @dustinbyrne! - fix: Drop explicit exports
(2026-03-02)
#3172 2e46959 Thanks @dustinbyrne! - fix: Compressed requests use ArrayBuffer
(2026-03-02)
Updated dependencies []:
- @posthog/types@1.356.2

`v1.356.1`

Compare Source

1.356.1

Patch Changes

#3128 a500d14 Thanks @ksvat! - wait for fresh config before recording start decision, add new recorder status, output recording started event
(2026-02-27)
Updated dependencies []:
- @posthog/types@1.356.1

`v1.356.0`

Compare Source

1.356.0

Minor Changes

#3142 ec54fd8 Thanks @dmarticus! - Add feature_flag_cache_ttl_ms config to prevent stale flag values
(2026-02-26)

Patch Changes

#3154 a47179c Thanks @slshults! - fix: Improve tablet device type detection when Chrome sends desktop-like UA strings

Chrome on Android tablets defaults to "request desktop site" mode, sending a UA string
indistinguishable from desktop Linux. This uses the Client Hints API (navigator.userAgentData.platform)
and touch capability (navigator.maxTouchPoints) to correctly classify these devices as Tablet or Mobile
when UA-based detection falls through to the Desktop default. (2026-02-26)
#3145 d741668 Thanks @dmarticus! - Adds a remote_config_refresh_interval_ms config option to control how often feature flags are automatically refreshed in long-running sessions.
(2026-02-26)
Updated dependencies [ec54fd8, d741668]:
- @posthog/types@1.356.0

`v1.355.0`

Compare Source

1.355.0

Minor Changes

#3109 1d3f14c Thanks @adboio! - add product tour wait period support
(2026-02-26)

Patch Changes

Updated dependencies []:
- @posthog/types@1.355.0

`v1.354.4`

Compare Source

1.354.4

Patch Changes

#3152 d6fd9c9 Thanks @ksvat! - add re-entrancy guard for cases where ALL + regex + event trigger matching is configured
(2026-02-26)
Updated dependencies []:
- @posthog/types@1.354.4

`v1.354.3`

Compare Source

1.354.3

Patch Changes

#3113 77261d8 Thanks @adboio! - add product tours device type targeting
(2026-02-25)
Updated dependencies []:
- @posthog/types@1.354.3

`v1.354.2`

Compare Source

1.354.2

Patch Changes

#3153 67cf41e Thanks @dustinbyrne! - fix: Add additional legacy exports for fully qualified dist and lib exports
(2026-02-25)
Updated dependencies []:
- @posthog/types@1.354.2

`v1.354.1`

Compare Source

1.354.1

Patch Changes

#3148 9ae20e7 Thanks @dustinbyrne! - fix: Expose all export paths
(2026-02-25)
Updated dependencies []:
- @posthog/types@1.354.1

`v1.354.0`

Compare Source

1.354.0

Minor Changes

#3080 4d0c783 Thanks @dustinbyrne! - feat: Introduce internal config to improve tree-shaking
(2026-02-25)

Patch Changes

Updated dependencies []:
- @posthog/types@1.354.0

`v1.353.1`

Compare Source

1.353.1

Patch Changes

#3143 0b86924 Thanks @adboio! - fix autofill bug in hosted surveys
(2026-02-24)
Updated dependencies []:
- @posthog/types@1.353.1

`v1.353.0`

Compare Source

1.353.0

Minor Changes

#3135 fba7e5b Thanks @dustinbyrne! - feat: Persist $user_state to cookie for server-side access
(2026-02-23)

Patch Changes

Updated dependencies []:
- @posthog/types@1.353.0

`v1.352.1`

Compare Source

1.352.1

Patch Changes

#3129 6bfa003 Thanks @pauldambra! - fix: no need to put rrweb and friends directly on window in posthog-recorder
(2026-02-23)
#3131 ad26474 Thanks @veryayskiy! - Fix issue with toolbar interferring distinct id in conversations
(2026-02-23)
Updated dependencies []:
- @posthog/types@1.352.1

`v1.352.0`

Compare Source

1.352.0

Minor Changes

#3121 c3c9780 Thanks @veryayskiy! - Ability to retrieve previous conversations
(2026-02-20)

Patch Changes

Updated dependencies []:
- @posthog/types@1.352.0

`v1.351.4`

Compare Source

1.351.4 Patch Changes

#3119 2649a9a Thanks @dmarticus! - Adds a fresh option to getFeatureFlag(), getFeatureFlagResult(), and isFeatureEnabled() that only returns values loaded from the server, not cached localStorage values.
(2026-02-19)
Updated dependencies [2649a9a]:
- @posthog/types@1.351.4

`v1.351.3`

Compare Source

1.351.3 Patch Changes

#3098 1a53e8c Thanks @adboio! - add animation option for tour banners
(2026-02-19)
Updated dependencies []:
- @posthog/types@1.351.3

`v1.351.2`

[Compare Source](https://redirect.github.com/PostHog/posthog-js/compare/posthog-js@1.351.1...posthog-

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

vercel · 2025-04-05T00:27:09Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
scripts-docs	Error		Mar 17, 2026 2:16am
scripts-playground	Error		Mar 17, 2026 2:16am

pkg-pr-new · 2025-07-16T18:29:18Z

Open in StackBlitz

npm i https://pkg.pr.new/@nuxt/scripts@446

commit: c3f46fd

pnpm-lock.yaml

vercel · 2025-11-25T02:47:14Z

docs/package.json

    "@nuxt/image": "^1.11.0",
    "@nuxt/scripts": "workspace:*",
-    "@nuxt/ui": "4.0.0",
+    "@nuxt/ui": "4.2.1",


Suggested change

"@nuxt/ui": "4.2.1",

"@nuxt/ui": "^4.2.1",

The @nuxt/ui dependency is pinned to 4.2.1 without a caret, which is inconsistent with all other dependencies in this file that use flexible versioning with the ^ prefix.

View Details

Analysis

Inconsistent version pinning for @nuxt/ui dependency

What fails: docs/package.json line 20 specifies @nuxt/ui as pinned version 4.2.1 (without caret prefix), while all 13 other dependencies use caret versioning (^) for flexible version constraints within the major version.

How to reproduce:

cat docs/package.json | grep -A 15 '"dependencies"'

Result: Shows "@nuxt/ui": "4.2.1" (pinned) while all surrounding dependencies have caret prefix:

"@nuxt/content": "^3.8.2"

"@nuxt/fonts": "^0.12.1"

"@nuxthq/studio": "^2.2.1"

All other 10 dependencies also use ^ prefix

Expected behavior: According to npm semantic versioning, caret versioning allows compatible updates (minor/patch versions) within a major version. The project consistently uses this pattern for all other dependencies, so @nuxt/ui should be ^4.2.1 to match the established convention and allow patch/minor updates like other dependencies.

Root cause: Automated dependency update (Renovate bot commit 0b37709) preserved the previous pinned format when bumping the version from 4.0.0 to 4.2.1, rather than applying the project's standard caret versioning pattern used throughout the file.

vercel · 2026-01-15T00:37:21Z

package.json

-    "posthog-js": "^1.0.0"
+    "@types/youtube": "^0.1.2",
+    "@unhead/vue": "^2.1.2",
+    "posthog-js": "^1.321.2"


Suggested change

"posthog-js": "^1.321.2"

"posthog-js": "^1.0.0"

The posthog-js peer dependency constraint changed from ^1.0.0 to ^1.321.2, which is unusually restrictive and appears unintentional given the patch version bump in devDependencies (1.321.1 → 1.321.2).

View Details

Analysis

Overly restrictive posthog-js peer dependency breaks backward compatibility

What fails: The posthog-js peer dependency constraint in package.json was changed from ^1.0.0 to ^1.321.2 (commit 1536ad2), restricting supported versions to 1.321.2+ and rejecting all prior versions (1.0.0-1.321.1) that would previously install.

How to reproduce:

# User has posthog-js 1.200.0 installed (legitimate version under old ^1.0.0 constraint) npm install @nuxt/scripts # After update, npm now rejects this version because 1.200.0 does not satisfy ^1.321.2

Result: npm/pnpm install fails with: "posthog-js@1.200.0 not satisfied by ^1.321.2"

Expected: The peer dependency should remain at ^1.0.0 (or similar permissive constraint) since:

Code only uses posthog.init() and basic config options (api_host, capture_pageview, disable_session_recording) available since 1.0.0

The devDependency update was only a patch bump (1.222.0 → 1.321.2), not a major version requiring API changes

Peer dependencies should be permissive to maximize compatibility

Semantic versioning guidance indicates patch/minor version updates within the same major version should be backward compatible

This change appears to be an error from automated dependency update tooling (Renovate) that applied the same pinpoint version to both devDependencies and peerDependencies.

renovate · 2026-03-04T13:32:15Z

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 3 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 44, reused 0, downloaded 0, added 0
Progress: resolved 50, reused 0, downloaded 0, added 0
Progress: resolved 79, reused 0, downloaded 0, added 0
Progress: resolved 143, reused 0, downloaded 0, added 0
Progress: resolved 195, reused 0, downloaded 0, added 0
Progress: resolved 238, reused 0, downloaded 0, added 0
Progress: resolved 266, reused 0, downloaded 0, added 0
Progress: resolved 338, reused 0, downloaded 0, added 0
Progress: resolved 354, reused 0, downloaded 0, added 0
Progress: resolved 478, reused 0, downloaded 0, added 0
Progress: resolved 542, reused 0, downloaded 0, added 0
Progress: resolved 645, reused 0, downloaded 0, added 0
Progress: resolved 686, reused 0, downloaded 0, added 0
Progress: resolved 706, reused 0, downloaded 0, added 0
Progress: resolved 792, reused 0, downloaded 0, added 0
Progress: resolved 845, reused 0, downloaded 0, added 0
Progress: resolved 863, reused 0, downloaded 0, added 0
Progress: resolved 918, reused 0, downloaded 0, added 0
Progress: resolved 1144, reused 0, downloaded 0, added 0
 WARN  Request took 13418ms: https://registry.npmjs.org/vite
Progress: resolved 1161, reused 0, downloaded 0, added 0
/tmp/renovate/repos/github/nuxt/scripts/client:
 ERR_PNPM_TRUST_DOWNGRADE  High-risk trust downgrade for "chokidar@4.0.3" (possible package takeover)

This error happened while installing the dependencies of nuxt@4.4.2
 at @nuxt/vite-builder@4.4.2
 at vite-plugin-checker@0.12.0

Trust checks are based solely on publish date, not semver. A package cannot be installed if any earlier-published version had stronger trust evidence. Earlier versions had provenance attestation, but this version has no trust evidence. A trust downgrade may indicate a supply chain incident.

renovate bot force-pushed the renovate/all-minor-patch branch from 9c4e39b to 5bfebea Compare April 5, 2025 00:30

vercel bot deployed to Preview – scripts-playground April 5, 2025 00:37 View deployment

vercel bot deployed to Preview – scripts-docs April 5, 2025 00:40 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from 5bfebea to 7804f68 Compare April 6, 2025 09:08

renovate bot changed the title ~~chore(deps): update resolutions typescript to v5.8.3~~ chore(deps): update all non-major dependencies Apr 6, 2025

vercel bot deployed to Preview – scripts-docs April 6, 2025 09:10 View deployment

vercel bot deployed to Preview – scripts-playground April 6, 2025 09:12 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from 7804f68 to 2d975ff Compare April 7, 2025 04:48

vercel bot deployed to Preview – scripts-docs April 7, 2025 04:51 View deployment

vercel bot deployed to Preview – scripts-playground April 7, 2025 04:53 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from 2d975ff to 0104ff1 Compare April 7, 2025 08:22

vercel bot deployed to Preview – scripts-playground April 7, 2025 08:24 View deployment

vercel bot deployed to Preview – scripts-docs April 7, 2025 08:26 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from 0104ff1 to 8120e32 Compare April 7, 2025 15:15

vercel bot deployed to Preview – scripts-playground April 7, 2025 15:17 View deployment

vercel bot deployed to Preview – scripts-docs April 7, 2025 15:20 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from 8120e32 to 5ec9f5e Compare April 7, 2025 18:22

vercel bot deployed to Preview – scripts-docs April 7, 2025 18:29 View deployment

vercel bot deployed to Preview – scripts-playground April 7, 2025 18:31 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from 5ec9f5e to efcb3b7 Compare April 8, 2025 08:39

vercel bot deployed to Preview – scripts-playground April 8, 2025 08:42 View deployment

vercel bot deployed to Preview – scripts-docs April 8, 2025 08:44 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from efcb3b7 to 1a61aec Compare April 10, 2025 00:28

vercel bot deployed to Preview – scripts-playground April 10, 2025 00:30 View deployment

vercel bot deployed to Preview – scripts-docs April 10, 2025 00:33 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from 1a61aec to cf8e7f8 Compare April 10, 2025 09:47

vercel bot deployed to Preview – scripts-playground April 10, 2025 09:50 View deployment

vercel bot deployed to Preview – scripts-docs April 10, 2025 09:52 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from cf8e7f8 to 2b13cf8 Compare April 11, 2025 01:12

renovate bot force-pushed the renovate/all-minor-patch branch from 64d7d5a to 6132302 Compare April 16, 2025 07:22

vercel bot deployed to Preview – scripts-playground April 16, 2025 07:26 View deployment

vercel bot had a problem deploying to Preview – scripts-docs April 16, 2025 07:27 Failure

renovate bot force-pushed the renovate/all-minor-patch branch from 6132302 to 360e116 Compare April 16, 2025 14:05

vercel bot deployed to Preview – scripts-playground April 16, 2025 14:07 View deployment

vercel bot had a problem deploying to Preview – scripts-docs April 16, 2025 14:08 Failure

renovate bot force-pushed the renovate/all-minor-patch branch from 360e116 to aa97a8b Compare April 17, 2025 00:59

vercel bot deployed to Preview – scripts-playground April 17, 2025 01:02 View deployment

vercel bot had a problem deploying to Preview – scripts-docs April 17, 2025 01:03 Failure

renovate bot force-pushed the renovate/all-minor-patch branch from aa97a8b to 714cf9d Compare April 17, 2025 08:46

vercel bot deployed to Preview – scripts-playground April 17, 2025 08:48 View deployment

vercel bot had a problem deploying to Preview – scripts-docs April 17, 2025 08:49 Failure

renovate bot force-pushed the renovate/all-minor-patch branch from 714cf9d to bdbb60c Compare April 17, 2025 18:14

vercel bot had a problem deploying to Preview – scripts-docs April 17, 2025 18:15 Failure

vercel bot deployed to Preview – scripts-playground April 17, 2025 18:17 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from bdbb60c to 9343bf3 Compare April 18, 2025 20:28

vercel bot had a problem deploying to Preview – scripts-docs April 18, 2025 21:10 Failure

vercel bot deployed to Preview – scripts-playground April 18, 2025 21:12 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from 9343bf3 to fb7fea7 Compare April 21, 2025 12:46

vercel bot deployed to Preview – scripts-playground April 21, 2025 12:48 View deployment

vercel bot had a problem deploying to Preview – scripts-docs April 21, 2025 12:49 Failure

renovate bot force-pushed the renovate/all-minor-patch branch from fb7fea7 to 556aaae Compare April 21, 2025 16:40

vercel bot deployed to Preview – scripts-playground April 21, 2025 16:42 View deployment

vercel bot had a problem deploying to Preview – scripts-docs April 21, 2025 16:43 Failure

vercel bot reviewed Sep 20, 2025

View reviewed changes

pnpm-lock.yaml Outdated Show resolved Hide resolved

vercel bot reviewed Nov 25, 2025

View reviewed changes

vercel bot reviewed Jan 15, 2026

View reviewed changes

chore(deps): update all non-major dependencies

f03d6d0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update all non-major dependencies#446

chore(deps): update all non-major dependencies#446
renovate[bot] wants to merge 1 commit intomainfrom
renovate/all-minor-patch

renovate bot commented Apr 5, 2025 •

edited

Loading

Uh oh!

vercel bot commented Apr 5, 2025 •

edited

Loading

Uh oh!

pkg-pr-new bot commented Jul 16, 2025 •

edited

Loading

Uh oh!

Uh oh!

vercel bot Nov 25, 2025

Uh oh!

vercel bot Jan 15, 2026

Uh oh!

renovate bot commented Mar 4, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate bot commented Apr 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

🐞 Bug Fixes

Bug Fixes

Features

🐞 Bug Fixes

⚠️ Security

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🏎 Performance

🐞 Bug Fixes

🚀 Features

🐞 Bug Fixes

🏎 Performance

🐞 Bug Fixes

🏎 Performance

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🏎 Performance

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

What's Changed

Bug Fix

Improvement

Dependency Upgrades

New Contributors

What's Changed

New Contributors

🚀 Features

🐞 Bug Fixes

🚀 Features

⚡ Performance

📚 Documentation

1.360.2

Patch Changes

1.360.1

Patch Changes

1.360.0

Patch Changes

1.359.1

Patch Changes

1.359.0

Minor Changes

Patch Changes

1.358.1

Patch Changes

1.358.0

Minor Changes

Patch Changes

1.357.2

Patch Changes

renovate bot commented Apr 5, 2025 •

edited

Loading