chore(deps): update all non-major dependencies

[hywax-assistant]

This PR contains the following updates:

Package	Type	Update	Change
@commitlint/cli (source)	devDependencies	minor	^19.6.1 -> ^19.7.1
@commitlint/config-conventional (source)	devDependencies	minor	^19.6.0 -> ^19.7.1
@nuxt/kit (source)	dependencies	patch	^3.15.0 -> ^3.15.4
@nuxt/schema (source)	devDependencies	patch	^3.15.0 -> ^3.15.4
@types/node (source)	devDependencies	patch	^20.17.10 -> ^20.17.17
cron	dependencies	minor	^3.3.1 -> ^3.5.0
eslint (source)	devDependencies	minor	^9.17.0 -> ^9.19.0
fast-glob	dependencies	patch	^3.3.2 -> ^3.3.3
lint-staged	devDependencies	minor	^15.3.0 -> ^15.4.3
nuxt (source)	devDependencies	patch	^3.15.0 -> ^3.15.4
pnpm (source)	packageManager	patch	9.15.2 -> 9.15.5
typescript (source)	devDependencies	patch	^5.7.2 -> ^5.7.3
vitepress (source)	devDependencies	minor	^1.5.0 -> ^1.6.3

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

conventional-changelog/commitlint (@​commitlint/cli)

v19.7.1

Compare Source

Note: Version bump only for package @​commitlint/cli

conventional-changelog/commitlint (@​commitlint/config-conventional)

v19.7.1

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

nuxt/nuxt (@​nuxt/kit)

v3.15.4

Compare Source

3.15.4 is the next patch release.

✅ Upgrading

As usual, our recommendation for upgrading is to run:

npx nuxi@latest upgrade --force

This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.

👉 Changelog

compare changes

🩹 Fixes

• nuxt: Improve error logging when parsing with acorn (#​30754)
• nuxt: Clear island uid before saving into the payload (#​30767)
• kit: Load @nuxt/schema from nuxt package dir (#​30774)
• nuxt: Allow restarting nuxt on paths outside srcDir (#​30771)
• nuxt: Don't warn about calling useRoute in SFC setup (#​30788)
• webpack: Disallow cross-site requests in no-cors mode (#​30757)
• vite: Restore externality for dev server externals (#​30802)

💅 Refactors

• vite: Use new rollup chunk.names for asset names (#​30780)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Peter Radko (@​Gwynerva)
• Lansi (@​lansi951)
• Julien Huang (@​huang-julien)
• Norbiros (@​Norbiros)

v3.15.3

Compare Source

3.15.3 is the next regularly scheduled patch release.

👀 Highlights

CORS configuration for dev server

Alongside a range of improvements, we've also shipped a significant fix to impose CORS origin restrictions on the dev server. This applies to your Vite or Webpack/Rspack dev middleware only.

This is a significant/breaking change we would not normally ship in a patch but it is a security fix (see GHSA-4gf7-ff8x-hq99 and GHSA-2452-6xj8-jh47) and we urge you to update ASAP.

You can configure the allowed origins and other CORS options via the devServer.cors options in your nuxt.config, which may be relevant if you are developing with a custom hostname:

export default defineNuxtConfig({
  devServer: {
    cors: {
      origin: ['https://custom-origin.com'],
    },
  },
})

✅ Upgrading

As usual, our recommendation for upgrading is to run:

npx nuxi@latest upgrade --force

This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.

👉 Changelog

compare changes

🔥 Performance

• kit,nuxt: Don't resolve paths from local layers/modules (#​30650)
• nuxt: Reduce number of mkdirSync calls (#​30651)
• nuxt: Reduce unnecessary template updating (#​30684)
• kit: Reduce duplication between findPath and resolvePath (#​30682)
• kit: Run components compat check synchronously (#​30685)
• nuxt: Early return from annotation for non-object syntax plugins (#​30683)
• nuxt: Enable Transition component only on client side (#​30720)

🩹 Fixes

• vite: Override previous #app-manifest alias (#​30618)
• kit,nuxt,schema,vite: Improve watching behaviour (#​30620)
• nuxt: Fall back to plugin.src for variable name generation (#​30649)
• schema: Allow overriding dev/test environment value (#​30667)
• vite: Drop unneeded call to invalidate module (d2a95c542)
• vite: Add back invalidateModule call (9bd71e498)
• nuxt: Do not warn about [[ optional dynamic params (#​30619)
• vite: Inline shared folder in dev mode (#​30690)
• nuxt: Deep clone extracted page meta (#​30717)
• vite,webpack: Restrict access via cors to local origins + allow configuration via devServer.cors (406db5b4d)

💅 Refactors

• vite: Drop externality and use vite internal config (#​30634)

📖 Documentation

• Add link to custom useFetch example (#​30629)
• Fix example command (#​30628)
• Fix links to nuxi source code (4fabe0025)
• Add description for prefetch and other details of NuxtLink (#​30614)
• Update nuxt/content example (542987627)
• Adjust examples, type and description for addRouteMiddleware (#​30656)
• Explain how to use ClientOnly with onMounted hook (#​30670)
• Update links to unhead source (eb5344b43)
• Add more context about navigation mode in callOnce composable (#​30612)
• Add example on how to disable default routes for ssg (#​30729)

📦 Build

• schema: Use new inlineDependencies option (01adefcec)

🏡 Chore

• kit: Explicitly inline lodash-es (0c01273f5)
• Add debug timing jiti/unbuild plugins (#​30648)
• Do not clobber global tracker objects (df8554331)
• Remove stray console log (47c40f310)
• Improve debugging plugins (492b1ec65)
• Write metrics to disk for better diffing (c5c6b8105)
• Lint (86aff854c)

🤖 CI

• Run bundle size assertion outside of matrix (#​30688)
• Reenable nuxt benchmarking (#​30711)

❤️ Contributors

• Alex Liu (@​Mini-ghost)
• Daniel Roe (@​danielroe)
• Alan Schio (@​schirrel)
• xjccc (@​xjccc)
• Saeid Zareie (@​Saeid-Za)
• Zakhar Shymanchyk (@​zshimanchik)
• Arturs Jansons (@​iegik)
• Maxime Pauvert (@​maximepvrt)

v3.15.2

Compare Source

3.15.2 is the next regularly scheduled patch release.

👀 Highlights

🔥 Startup performance improvements

It is worth noting that this release includes some pretty significant performance improvements which you should notice particularly in the startup time. In my tests in the nuxt monorepo,

fixture	time to vite build complete (v3.15.1)	time to vite build complete (v3.15.2)
minimal	850ms	710ms
everything bagel	3,021ms	1,690ms

There's more improvement to do here but hopefully these are good numbers!

📦 CLI refactor

To improve performance within Nuxt projects, we've published a new @nuxt/cli distribution of nuxi, which is used under-the-hood in nuxt (see issue). This should behave exactly the same and nothing needs to be updated in your projects (for example, you will continue to use the nuxi or nuxt commands). The only significant change is that it no longer inlines dependencies. Feedback is welcome 🙏

✅ Upgrading

As usual, our recommendation for upgrading is to run:

npx nuxi@latest upgrade --force

This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.

👉 Changelog

compare changes

🔥 Performance

• nuxt: Remove code duplication in client-only (#​30460)
• nuxt: Use lighter @nuxt/cli dependency (#​30526)
• kit: Remove iterations when resolving module path (#​30562)
• nuxt: Avoid checking fs for existence of scanned pages (#​30581)
• nuxt: Defer version/config warnings to after build (#​30567)

🩹 Fixes

• nuxt: Collect all identifiers before extracting page metadata (#​30478)
• nuxt: Don't hoist identifiers declared locally in definePageMeta when extracting page metadata (#​30490)
• kit: Reorder #build to the end of tsConfig paths (#​30520)
• nuxt: Use fullPath instead of empty string in router hmr (#​30500)
• Relax nuxt version constraints to current (23b968289)
• nuxt: Add import protection for @nuxt/cli (618bbc6da)
• kit: Fully resolve plugin paths when normalising them (#​30540)
• nuxt: Call page:loading:end only once with nested pages (#​29009)
• nuxt: Warn about ignored char while parsing route segment (#​30396)
• nuxt: Allow url-specific chars in vfs (#​30584)
• nuxt: Do not warn about invalid characters in route groups/catchalls (0249c74bc)
• vite: Provide fallback alias for #app-manifest (#​30587)
• nuxt: Avoid invoking shouldPrefetch on the server side (#​30591)
• nuxt: Decode id before resolving relative imports (#​30599)

💅 Refactors

• kit,nuxt,webpack: Reduce reassignments (#​30589)

📖 Documentation

• Document --dev option for the module command (#​30477)
• Document the add layer command (#​30476)
• Update v4 release date (#​30514)
• Ensure correct type for url in useFetch (#​30531)
• Update link to @nuxt/module-builder source (509cf4a5c)
• Add status detail and enhance getCachedData readability (#​30536)
• Update hash link to correct heading (#​30543)
• Update links to unhead source (fef3a59bb)
• Adjust example and additional instructions of useNuxtData (#​30570)
• Resolve many twoslash errors (#​30573)
• Add context for useAsyncData side effects (#​30479)
• Update examples to use function declarations for clarity (#​30588)

🏡 Chore

• Control dependency import into nuxt/app (1adf3e31f)
• Ignore automated renovate node engines updates (6895993fb)

🤖 CI

• Don't block release on fixtures + add pkg.pr.new (#​30548)
• Remove concurrency group from release-pr job (8ac54ff10)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Alex Liu (@​Mini-ghost)
• Anthony Fu (@​antfu)
• Camille Coutens (@​Kamsou)
• Julien Huang (@​huang-julien)
• Peter Buglavecz (@​buglavecz)
• ikxin (@​ikxin)
• Guspan Tanadi (@​guspan-tanadi)
• Vuk Marjanovic (@​vmrjnvc)
• Saeid Zareie (@​Saeid-Za)
• Matej Černý (@​cernymatej)
• Clément Ollivier (@​clemcode)

v3.15.1

Compare Source

3.15.1 is the next regularly scheduled patch release.

✅ Upgrading

As usual, our recommendation for upgrading is to run:

npx nuxi@latest upgrade --force

This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.

👉 Changelog

compare changes

🔥 Performance

• nuxt: Skip experimental async context transform in client build (#​30360)
• schema: Drop unneeded type-only schema dependencies (#​30411)
• rspack,webpack: Drop lodash-es dependency (#​30409)
• nuxt: Drop pathe browser dep for deep server components (#​30456)

🩹 Fixes

• nuxt: Update module path for defaults (#​30371)
• nuxt: Ignore non-reference identifiers when extracting page metadata (#​30381)
• nuxt: Pass nuxt instance to resolvePagesRoutes (e4a372e12)
• schema: Support pfx certificate for dev server (#​30412)
• nuxt: Use node location instead of range for route meta property extraction (#​30447)
• schema: Override vueCompilerOptions.plugins type (#​30454)
• nuxt: Respect baseURL when ignoring prerendered manifest (#​30446)
• nuxt: Respect router.options when hmring routes (#​30455)

💅 Refactors

• nuxt: Use consola with nuxt tag instead of console (#​30408)

📖 Documentation

• Update references to lodash and recommend es-toolkit (8e2ca5bdc)
• Add warning about prerendering (#​30437)

🏡 Chore

• Add configuration for JetBrains IDEs (#​30380)
• Update lockfile (db65a703b)
• Dedupe lockfile + bump nanoid (c5eb6a81d)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Anders Bootsmann Larsen (@​bootsmann1995)
• Alexander Lichter (@​TheAlexLichter)
• Matej Černý (@​cernymatej)
• Connor Roberts (@​murshex)
• Julien Huang (@​huang-julien)

kelektiv/node-cron (cron)

v3.5.0

Compare Source

✨ Features

• throw instead of silently rewriting invalid cron expressions (#​937) (dcc5b93)

⚙️ Continuous Integrations

• action: update step-security/harden-runner action to v2.10.3 (#​943) (cd7ee9f)

♻️ Chores

• deps: update dependency @​types/node to v20.17.12 (2a867f9)
• deps: update dependency @​types/node to v22 (#​900) (f7548bd)

v3.4.0

Compare Source

✨ Features

• error handling on ticks (#​861) (0d3161f), closes #​426

📚 Documentation

• contributing: add "Submitting a Pull Request" & "Coding Rules" sections (#​936) (ddd8988)

♻️ Chores

• deps: lock file maintenance (494b4bf)
• deps: update dependency @​types/node to v20.17.11 (2978e92)
• deps: update dependency lint-staged to v15.3.0 (11f9bad)
• deps: update semantic-release related packages (b830bdb)
• deps: update tests (major) (#​826) (e47fd5a)

v3.3.2

Compare Source

🐛 Bug Fixes

• fix infinite loop on expressions resolving only inside a DST forward jump (#​938) (efb8df5), closes /github.com/kelektiv/node-cron/pull/667/files#diff-c14c2dca8456f15417b39cfbd9758009f8eb4f3a190a415768d6e4ae6ae9dceeL473-L477 #​919 #​919

⚙️ Continuous Integrations

• action: update marocchino/sticky-pull-request-comment action to v2.9.0 (#​930) (1e7bce9)
• renovate: pin GitHub action digests to semver (#​926) (6541167)

♻️ Chores

• deps: lock file maintenance (70c3339)
• deps: lock file maintenance (afad454)
• deps: lock file maintenance (b1dbf69)
• deps: pin dependencies (#​915) (dfcbd3c)
• deps: update dependency @​commitlint/cli to v19.6.1 (7999427)
• deps: update dependency @​semantic-release/release-notes-generator to v14.0.2 (93c9373)
• deps: update dependency @​types/node to v20.17.10 (9313ffd)
• deps: update dependency lint-staged to v15.2.11 (100c9ff)

eslint/eslint (eslint)

v9.19.0

Compare Source

Features

• 1637b8e feat: add --report-unused-inline-configs (#​19201) (Josh Goldberg ✨)

Bug Fixes

• aae6717 fix: sync rule type header comments automatically (#​19276) (Francesco Trotta)

Documentation

• cfea9ab docs: Clarify overrideConfig option (#​19370) (Nicholas C. Zakas)
• 2b84f66 docs: Update README (#​19362) (Nicholas C. Zakas)
• 044f93c docs: clarify frozen rule description (#​19351) (Pavel)
• 797ee7c docs: fix Bluesky links (#​19368) (Milos Djermanovic)
• 81a9c0e docs: Update README (GitHub Actions Bot)
• 093fb3d docs: replace var with let and const in rule examples (#​19365) (Tanuj Kanti)
• 417de32 docs: replace var with const in rule examples (#​19352) (jj)
• 17f2aae docs: update getting-started config to match default generated config (#​19308) (0xDev)
• 8a0a5a8 docs: better global ignores instruction (#​19297) (Jacopo Marrone)
• 6671a2c docs: Update README (GitHub Actions Bot)
• e39d3f2 docs: fix divider for rule category (#​19264) (Tanuj Kanti)
• e0cf53f docs: fix search result box position for small screens (#​19328) (Tanuj Kanti)
• f92a680 docs: replace var with let or const in rule examples (#​19331) (Ravi Teja Kolla)
• b04b84b docs: revert accidental changes in TS config files docs (#​19336) (Francesco Trotta)

Chores

• 9b9cb05 chore: upgrade @​eslint/js@​9.19.0 (#​19371) (Milos Djermanovic)
• 58560e7 chore: package.json update for @​eslint/js release (Jenkins)
• 2089707 test: fix failing test in Node.js v22.13.0 (#​19345) (Francesco Trotta)

v9.18.0

Compare Source

Features

• e84e6e2 feat: Report allowed methods for no-console rule (#​19306) (Anna Bocharova)
• 8efc2d0 feat: unflag TypeScript config files (#​19266) (Francesco Trotta)
• 87a9352 feat: check imports and class names in no-shadow-restricted-names (#​19272) (Milos Djermanovic)

Bug Fixes

• da768d4 fix: correct overrideConfigFile type (#​19289) (Francesco Trotta)

Documentation

• d9c23c5 docs: replace var with const in rule examples (#​19325) (Tanuj Kanti)
• 8e1a898 docs: add tabs to cli code blocks (#​18784) (Jay)
• f3aeefb docs: rewrite using let and const in rule examples (#​19320) (PoloSpark)
• 0b680b3 docs: Update README (GitHub Actions Bot)
• 98c86a9 docs: Edit this page button link to different branches (#​19228) (Tanuj Kanti)
• 6947901 docs: remove hardcoded edit link (#​19323) (Milos Djermanovic)
• 03f2f44 docs: rewrite var with const in rules examples (#​19317) (Thiago)
• 26c3003 docs: Clarify dangers of eslint:all (#​19318) (Nicholas C. Zakas)
• c038257 docs: add eqeqeq in related rules to no-eq-null (#​19310) (루밀LuMir)
• 89c8fc5 docs: rewrite examples with var using let and const (#​19315) (Amaresh S M)
• db574c4 docs: add missing backticks to no-void (#​19313) (루밀LuMir)
• 8d943c3 docs: add missing backticks to default-case-last (#​19311) (루밀LuMir)
• 36ef8bb docs: rewrite examples with var using let and const (#​19298) (Amaresh S M)
• 1610c9e docs: add missing backticks to no-else-return (#​19309) (루밀LuMir)
• df409d8 docs: Update README (GitHub Actions Bot)
• 2e84213 docs: Fix Horizontal Scroll Overflow in Rule Description on Mobile View (#​19304) (Amaresh S M)
• 6e7361b docs: replace var with let and const in rule example (#​19302) (Tanuj Kanti)
• 069af5e docs: rewrite var using const in rule examples (#​19303) (Kim GyeonWon)
• 064e35d docs: remove 'I hope to' comments from scope-manager-interface (#​19300) (Josh Goldberg ✨)
• 8e00305 docs: replace var with const in rule examples (#​19299) (Tanuj Kanti)
• a559009 docs: Add warning about extending core rules (#​19295) (Nicholas C. Zakas)
• 0bfdf6c docs: Update README (GitHub Actions Bot)
• ce0b9ff docs: add navigation link for code explorer (#​19285) (Tanuj Kanti)
• e255cc9 docs: add bluesky icon to footer (#​19290) (Tanuj Kanti)
• 5d64851 docs: remove outdated info about environments (#​19296) (Francesco Trotta)
• eec01f0 docs: switch rule examples config format to languageOptions (#​19277) (Milos Djermanovic)
• b36ca0a docs: Fixing Focus Order by Rearranging Element Sequence (#​19241) (Amaresh S M)
• d122c8a docs: add missing backticks to sort-imports (#​19282) (루밀LuMir)
• 0367a70 docs: update custom parser docs (#​19288) (Francesco Trotta)
• 8c07ebb docs: add border-radius to hX:target selector styles (#​19270) (루밀LuMir)
• eff7c57 docs: add limitation section in no-loop-func (#​19287) (Tanuj Kanti)
• 5db226f docs: add missing backticks in various parts of the documentation (#​19269) (루밀LuMir)
• 789edbb docs: Update README (GitHub Actions Bot)
• 613c06a docs: mark rules that are frozen with ❄️ (#​19231) (Amaresh S M)
• 43172ec docs: Update README (GitHub Actions Bot)
• ac8b3c4 docs: fix description of overrideConfigFile option (#​19262) (Milos Djermanovic)
• bbb9b46 docs: Update README (GitHub Actions Bot)
• 995b492 docs: fix inconsistent divider in rule categories box (#​19249) (Tanuj Kanti)
• f76d05d docs: Refactor search result handling with better event listener cleanup (#​19252) (Amaresh S M)
• c5f3d7d docs: Update README (GitHub Actions Bot)

Chores

• c52be85 chore: upgrade to @eslint/[email protected] (#​19330) (Francesco Trotta)
• 362099c chore: package.json update for @​eslint/js release (Jenkins)
• 495aa49 chore: extract package name from package.json for public interface (#​19314) (루밀LuMir)
• 6fe0e72 chore: update dependency @​eslint/json to ^0.9.0 (#​19263) (renovate[bot])

mrmlnc/fast-glob (fast-glob)

v3.3.3

Compare Source

Full Changelog: mrmlnc/fast-glob@3.3.2...3.3.3

💬 Common

• Refer to [email protected] to avoid annoying npm audit spam (#​443, #​444, #​454, #​456, #​457, #​461)

🐛 Bug fixes

• Apply absolute negative patterns to full path instead of file path (#​441, thanks @​webpro)

lint-staged/lint-staged (lint-staged)

v15.4.3

Compare Source

Patch Changes

• #​1512 cbfed1d Thanks @​tarik02! - Adjust TypeScript types for the default export so that it can be used as a value without error TS2693.

v15.4.2

Compare Source

Patch Changes

• #​1509 8827ebf Thanks @​iiroj! - Change lint-staged's dependencies to use caret (^) ranges instead of tilde (~). This makes it easier for package managers to perform dependency management when minor-level updates are also permitted instead of just patch-level.

v15.4.1

Compare Source

Patch Changes

• #​1504 1c7a45e Thanks @​iiroj! - Default TypeScript config filenames match JS equivalents.

• #​1504 9cc18c9 Thanks @​iiroj! - Add missing conditional exports syntax for TypeScript types.

v15.4.0

Compare Source

Minor Changes

• #​1500 a8ec1dd Thanks @​iiroj! - Lint-staged now provides TypeScript types for the configuration and main Node.js API. You can use the JSDoc syntax in your JS configuration files:

  /**
   * @​filename: lint-staged.config.js
   * @​type {import('lint-staged').Configuration}
   */
  export default {
    '*': 'prettier --write',
  }

  It's also possible to use the .ts file extension for the configuration if your Node.js version supports it. The --experimental-strip-types flag was introduced in Node.js v22.6.0 and unflagged in v23.6.0, enabling Node.js to execute TypeScript files without additional configuration.

  export NODE_OPTIONS="--experimental-strip-types"
  
  npx lint-staged --config lint-staged.config.ts

Patch Changes

• #​1501 9b79364 Thanks @​iiroj! - Handle possible failures when logging user shell for debug info.

pnpm/pnpm (pnpm)

v9.15.5: pnpm 9.15.5

Compare Source

Patch Changes

• Verify that the package name is valid when executing the publish command.
• When running pnpm install, the preprepare and postprepare scripts of the project should be executed #​8989.
• Quote args for scripts with shell-quote to support new lines (on POSIX only) #​8980.
• Proxy settings should be respected, when resolving Git-hosted dependencies #​6530.
• Replace strip-ansi with the built-in util.stripVTControlCharacters #​9009.

Platinum Sponsors

Gold Sponsors

v9.15.4: pnpm 9.15.4

Compare Source

Patch Changes

• Ensure that recursive pnpm update --latest <pkg> updates only the specified package, with dedupe-peer-dependents=true.

Platinum Sponsors

Gold Sponsors

config help if that's undesired. If you want to rebase/retry this PR, check this box This PR has been generated by Hywax Assistant.

[hywax-assistant]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 2 projects
Progress: resolved 1, reused 0, downloaded 0, added 0
playground                               | Progress: resolved 1, reused 0, downloaded 0, added 0
undefined
 ERR_PNPM_FETCH_404  GET https://npm.pkg.github.com/@hywax%2Fvitepress-yandex-metrika: Not Found - 404

This error happened while installing a direct dependency of /tmp/renovate/repos/github/hywax/nuxt-cron

@hywax/vitepress-yandex-metrika is not in the npm registry, or you have no permission to fetch it.

An authorization header was used: Bearer ghp_[hidden]