chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@iconify-json/lucide	^1.2.82 → ^1.2.89
@iconify-json/simple-icons	^1.2.65 → ^1.2.70
@iconify-json/vscode-icons	^1.2.37 → ^1.2.40
@nuxt/content (source)	^3.10.0 → ^3.11.2
@nuxt/eslint (source)	^1.12.1 → ^1.14.0
@nuxt/hints	1.0.0-alpha.5 → 1.0.0-alpha.6
@nuxt/ui (source)	^4.3.0 → ^4.4.0
@nuxtjs/seo (source)	^3.3.0 → ^3.4.0
@shikijs/engine-javascript (source)	^3.20.0 → ^3.22.0
@stefanobartoletti/nuxt-social-share	^2.3.0 → ^2.3.1
@unhead/vue (source)	^2.1.1 → ^2.1.4
@vueuse/nuxt (source)	^14.1.0 → ^14.2.0
better-sqlite3	^12.5.0 → ^12.6.2
feed	^5.1.0 → ^5.2.0
pnpm (source)	10.27.0 → 10.29.2
posthog-js (source)	^1.313.0 → ^1.342.1
submitjson (source)	^0.13.0 → ^0.14.0
ufo	^1.6.1 → ^1.6.3
vue-tsc (source)	^3.2.2 → ^3.2.4
zod (source)	^4.3.5 → ^4.3.6

---

Release Notes

nuxt/content (@​nuxt/content)

v3.11.2

Compare Source

Bug Fixes

• studio: fallback to env variable to detect ai feature (#​3713) (3fc8b7b)

v3.11.1

Compare Source

Features

• collections: create studio collections for AI if detected (#​3709) (7744645)

Bug Fixes

• issue with disabling contentRawMarkdown (5be6b0c)

v3.11.0

Compare Source

Features

• api: use request fetch (#​3677) (2b32a4d)
• auto generate markdown version of documents (#​3688) (340fdf4)
• cast date field from datetime to date string format (#​3673) (f1a2ca4)
• collection: allow hidden property in editor without redefine validation (#​3661) (24af55a)
• nuxt-llms: rewriteLLMSTxt option to disable rewriting paths in llms.txt (38e57ec)

Bug Fixes

• add mdc.components.map to renderer aliases (7eebe27), closes #​3681
• nuxthub: handle nuxthub version correctly (#​3680) (695bd2e)
• nuxthub: register sql_dump route even if the database is disabled (#​3668) (bb78812)

Performance Improvements

• wrap SQL queries in transaction (#​3670) (030dc27)

Reverts

• Revert "chore: upgrade deps" (c4a3228)
• Revert "chore: upgrade deps" (841b360)

nuxt/eslint (@​nuxt/eslint)

v1.14.0

Compare Source

   🚀 Features

• eslint-config: Add no-page-meta-runtime-values  -  by @​danielroe in #​641 (b74a0)

    View changes on GitHub

v1.13.0

Compare Source

   🚀 Features

• Upgrade eslint-flat-config-utils eslint-plugin-import-lite and eslint-plugin-jsdoc  -  by @​antfu (10bf9)

    View changes on GitHub

nuxt/hints (@​nuxt/hints)

v1.0.0-alpha.6

Compare Source

🚀 Enhancements

• runtime: Use consola logger (#​194)
• client: Set fold level to 2 when hydration diff > 20 lines (#​187)

🩹 Fixes

• Don't run hydration check if page is not server rendered (#​200)

❤️ Contributors

• Julien Huang (@​huang-julien)

nuxt/ui (@​nuxt/ui)

v4.4.0

Compare Source

Features

• Calendar: add weekNumbers prop (#​4555) (7a1a71b)
• ChangelogVersions: handle scroll options in indicator prop (#​5257) (6a925cd)
• CommandPalette/InputMenu/SelectMenu/Tree: handle virtualizer estimateSize as function (#​5748) (d51b424)
• CommandPalette: add input prop (#​5736) (12052e8)
• CommandPalette: add size prop (#​5878) (3ae04c6)
• components: add by prop (#​5906) (36cd5e5)
• components: add valueKey prop (#​5905) (55646ea)
• Editor: add placeholder.mode prop (d90acb3), closes #​5785
• Editor: add size prop in menus (#​5889) (571d50d)
• Editor: add taskList handler (#​5837) (db04197)
• Editor: add support for code inside links (2ed2d5d)
• Editor: handle boolean in image and mention props (b6fa83a), closes #​5820
• EditorMentionMenu: handle async search with ignoreFilter prop (#​5880) (f8d1883)
• InputMenu/Select/SelectMenu: expose viewportRef for infinite scroll (#​5836) (f4a945c)
• InputMenu/SelectMenu: add clear prop (#​5643) (ec6b8ec)
• Link: support custom navigate function in vue (#​5860) (f51e58a)
• ProseTd/ProseTh: handle align prop (859390e), closes #​5795
• Timeline/Stepper: add wrapper slot and fix dynamic slot conditions (#​5868) (8610d4d)
• Timeline: add select event (#​5826) (8e431be)

Bug Fixes

• Banner: isolate banner visibility using per-instance CSS variables (#​5751) (c7332eb)
• Banner: prevent XSS via id prop injection (4e334a0)
• CommandPalette/ContextMenu/DropdownMenu: keyboard selection on link items (3f5bdb3)
• CommandPalette: prevent XSS in search highlight (e12ceb6)
• ContentSurround: align next link to right on tablet without prev (#​5833) (b3adccc)
• defineShortcuts: check shift modifier for special character shortcuts (bd344d7), closes #​5911
• Editor: set contentType when updating value (c37d6f7), closes #​5709
• Editor: support all heading levels by default (3046c3e)
• EditorToolbar: prevent onClick from being called twice on items (cbed0cc), closes #​5784
• EditorToolbar: prevent disabled dropdown when items have no kind (d473f63)
• Error/Main: render as main instead of div (6ccb1f5)
• FileUpload: emit null when clearing file (#​5892) (1d9a2fd)
• FileUpload: keep input visible when preview is disabled with multiple files (597ac29), closes #​5875
• locale: improve cs and sk terminology for correct inflection (#​5789) (af6f288)
• module: only override primary color and md size default variants (f422de8)
• ProseCodeTree: prevent infinite update loop with expandAll prop (c79cb77), closes #​5828
• useOverlay: refine close event argument extraction (#​5775) (182af20)

harlan-zw/nuxt-seo (@​nuxtjs/seo)

v3.4.0

Compare Source

This release brings major updates to Robots and Sitemap with definePageMeta() integration, a new zeroRuntime sitemap mode, a redesigned sitemap.xsl, and improved i18n support across modules, plus stability fixes throughout.

Highlights:

• Robots: New definePageMeta() integration for per-page robot rules and improved i18n custom route path support
• Sitemap: New zeroRuntime mode, definePageMeta() integration, redesigned
  sitemap.xsl with light/dark mode, and Nuxt Content collection filters
• OG Image: v6 beta opt-in now supported

✅ Upgrading

Our recommendation for upgrading is to run:

npx nuxt upgrade --dedupe                                                                                                                                                                                                         

This will deduplicate your lockfile as well, and help ensure that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.

📦 Module Updates

Nuxt Robots (v5.6.4 → v5.7.0)

• ✨ Robots definePageMeta integration
• ✨ i18n support for custom route paths in allow/disallow expansion
• 🐛 Fix runtime resolution bug on @nuxtjs/robots/util
• 🐛 Fix useBotDetection() empty when ran client-side only
• 🐛 Fix broken route rules for Nuxt v3
• 🐛 Fix type augmentation / definitions rework
• 🐛 Fix Content-Usage/Content-Signal parsing with spaces after commas
• 🐛 Fix broken useRobotsRule type, prevent _robots.txt in final bundle

Nuxt Sitemap (v7.4.9 → v7.6.0)

• ✨ zeroRuntime mode for fully static sitemap generation
• ✨ Build-time hook sitemap:prerender:done
• ✨ Support sitemap on definePageMeta
• ✨ Sitemap.xsl redesign with light/dark mode and validation warnings
• ✨ Nuxt Content collection filters and onUrl function
• ✨ DevTools UI refresh
• ✨ parseSitemapIndex() utility
• ⚡ Optimized XML generation, faster entry resolution, precomputed filter functions
• 🐛 Fix memory leak on recursive sitemap requests
• 🐛 Fix discoverImages missing body
• 🐛 Fix chunked sitemaps with sitemapsPathPrefix /
• 🐛 Fix i18n custom route paths, don't extract alternatives when autoI18n enabled
• 🐛 Fix h3 v2 resolution, sitemaps with slash in name
• 🐛 Fix type augments / overrides rework

Nuxt Site Config (v3.2.11 → v3.2.19)

• 🐛 Fix env support for internal origin URL resolution
• 🐛 Fix getNitroOrigin resolution rework
• 🐛 Fix DevTools broken build and 500 error
• 🐛 Fix respect devServer.host
• 🐛 Fix i18n possible memory leak
• 🐛 Fix handle undefined import.meta.env

    View changes on GitHub

shikijs/shiki (@​shikijs/engine-javascript)

v3.22.0

Compare Source

   🚀 Features

• Update grammar and themes  -  by @​antfu (40676)

    View changes on GitHub

v3.21.0

Compare Source

   🚀 Features

• Update grammar  -  by @​antfu (6d109)
• core: Preserve HAST data and properties in codeToHast  -  by @​AmanCrafts in #​1204 (747ea)

   🐞 Bug Fixes

• vitepress-twoslash: Fix scroll blocking on mobile viewports  -  by @​dahlia in #​1235 (8e931)

    View changes on GitHub

stefanobartoletti/nuxt-social-share (@​stefanobartoletti/nuxt-social-share)

v2.3.1

Compare Source

compare changes

🩹 Fixes

• deps: Update dependency @​nuxt/content to ^3.10.0 (8942a99)
• deps: Update dependency @​posthog/nuxt to ^1.4.9 (4cfc00e)
• deps: Update @​iconify-json (ea7bc1b)
• deps: Update dependency @​nuxtjs/seo to ^3.3.0 (46830d6)
• deps: Update dependency @​nuxt/ui to ^4.3.0 (676cfb5)
• deps: Update nuxtjs monorepo to ^4.2.2 (eb69eea)

📖 Documentation

• Add official posthog module (2af2272)

🏡 Chore

• release: V2.3.0 (5787a66)
• Temporarily disable 'pnpm/yaml-enforce-settings' (7d331d4)

🤖 CI

• Update npm publishing workflow (1566d1f)

❤️ Contributors

• Stefano Bartoletti

unjs/unhead (@​unhead/vue)

v2.1.4

Compare Source

   🐞 Bug Fixes

• schema-org: Remove unimplemented SchemaOrgDebug  -  by @​onmax in #​649 (642dc)
• unhead: Dedupe <link rel="alternate"> by hreflang/type only, drop href from key  -  by @​harlan-zw in #​656 (86175)

    View changes on GitHub

v2.1.3

Compare Source

   🐞 Bug Fixes

• unhead:
  • Dedupe <link rel="alternate">  -  by @​danielroe and onmax in #​655 (fdabe)
• vue:
  • Support computed getter trigger  -  by @​harlan-zw in #​638 (fd63a)
  • Guard s._statusRef  -  by @​danielroe in #​642 (4ef03)

   🏎 Performance

• vue: Avoid duplicating error message in the bundle  -  by @​panstromek in #​652 (194e5)

    View changes on GitHub

v2.1.2

Compare Source

   🐞 Bug Fixes

• Broken cjs environment  -  by @​harlan-zw (ce989)

    View changes on GitHub

vueuse/vueuse (@​vueuse/nuxt)

v14.2.0

Compare Source

   🚀 Features

• Support configurable scheduler for timed composables  -  by @​9romise in #​5129 (66aad)
• Allow vue-router 5 as peer deps  -  by @​Ericlm in #​5269 (7c94a)
• useCssSupports: Add useCssSupports  -  by @​OrbisK in #​5266 (c1282)
• useDraggable: Auto-scroll with restricted dragging within the container  -  by @​Gazoon007, Alfarish Fizikri, Robin and @​OrbisK in #​4472 (a8a85)
• useElementVisibility: Inherit rootMargin from useIntersectionObserver  -  by @​9romise in #​5207 (46682)
• useIntersectionObserver: Make rootMargin reactive  -  by @​doyuli, @​ilyaliao and @​9romise in #​4934 (53abe)
• useSortable: Add watchElement option for auto-reinitialize on element change  -  by @​Mini-ghost and @​ilyaliao in #​5189 (17ea2)

   🐞 Bug Fixes

• nuxt: Ensure excludes disabledFunctions' alias  -  by @​jinyongp and @​9romise in #​5240 (76829)
• refManualReset: Add explicit return type annotation  -  by @​batuhan-bas in #​5246 (13bbb)
• useAsyncState: Ensure execute return the actual data  -  by @​9romise in #​5167 (0c346)
• useDocumentVisibility: Fix type inference from string to Documen…  -  by @​webfanzc and cowhorse in #​5248 (e8be8)
• useFocusTrap: Update focus-trap range to ^7  -  by ** ^8 (#​5270)** ()
• useInfiniteScroll: Improve promise handling and add flush post to watch  -  by @​nhquyss and @​9romise in #​5122 (abcea)
• useMagicKeys: Handle undefined key in keyboard events  -  by @​LouisLau-art, LouisLau-art and @​OrbisK in #​5225 (65e25)

    View changes on GitHub

WiseLibs/better-sqlite3 (better-sqlite3)

v12.6.2

Compare Source

What's Changed

• fix build: update node-abi version in package.json to ^4.25.0 by @​mceachen in #​1439

Full Changelog: WiseLibs/better-sqlite3@v12.6.1...v12.6.2

v12.6.0

Compare Source

What's Changed

• Update SQLite to version 3.51.2 in #​1436

Full Changelog: WiseLibs/better-sqlite3@v12.5.0...v12.6.0

jpmonette/feed (feed)

v5.2.0

Compare Source

What's Changed

• Set copyright as optional for feed by @​lluisemper in #​217
• feat(rss): relax tag output condition to allow name-only by @​huanjuedadehen in #​220
• fix: treat description as optional rss2 to avoid "undefined" output by @​Krinkle in #​223
• perf(rss/atom/json): Use .forEach() instead of .map() when resulting array is unused by @​Greenheart in #​234
• docs: Show current default value for generator in example by @​Greenheart in #​232
• fix: make copyright and id optional by @​dword-design in #​219
• Hotfix for allowing multiple atom:link tags in the RSS2 feed by @​aletorrado in #​235
• Add stylesheet support to rss and atom by @​kunatastic in #​216
• release 5.2.0 by @​jpmonette in #​236

New Contributors

• @​lluisemper made their first contribution in #​217
• @​huanjuedadehen made their first contribution in #​220
• @​Krinkle made their first contribution in #​223
• @​Greenheart made their first contribution in #​234
• @​dword-design made their first contribution in #​219
• @​aletorrado made their first contribution in #​235
• @​kunatastic made their first contribution in #​216

Full Changelog: jpmonette/feed@5.1.0...5.2.0

pnpm/pnpm (pnpm)

v10.29.2

Compare Source

v10.29.1: pnpm 10.29.1

Compare Source

Minor Changes

• The pnpm dlx / pnpx command now supports the catalog: protocol. Example: pnpm dlx shx@catalog:.
• Support configuring auditLevel in the pnpm-workspace.yaml file #​10540.
• Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #​10436.

Patch Changes

• Fixed pnpm list --json returning incorrect paths when using global virtual store #​10187.

• Fix pnpm store path and pnpm store status using workspace root for path resolution when storeDir is relative #​10290.

• Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #​10497.

• Fixed a bug where catalogMode: strict would write the literal string "catalog:" to pnpm-workspace.yaml instead of the resolved version specifier when re-adding an existing catalog dependency #​10176.

• Fixed the documentation URL shown in pnpm completion --help to point to the correct page at https://pnpm.io/completion #​10281.

• Skip local file: protocol dependencies during pnpm fetch. This fixes an issue where pnpm fetch would fail in Docker builds when local directory dependencies were not available #​10460.

• Fixed pnpm audit --json to respect the --audit-level setting for both exit code and output filtering #​10540.

• update tar to version 7.5.7 to fix security issue

  Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842

• Fix pnpm audit --fix replacing reference overrides (e.g. $foo) with concrete versions #​10325.

• Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not being converted to publicHoistPattern #​10271.

• pnpm help should correctly report if the currently running pnpm CLI is bundled with Node.js #​10561.

• Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for node_modules/.bin, causing binaries to not be found when running commands like pnpm exec #​10457.

Platinum Sponsors

Gold Sponsors

v10.28.2: pnpm 10.28.2

Compare Source

Patch Changes

• Security fix: prevent path traversal in directories.bin field.

• When pnpm installs a file: or git: dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into node_modules.

  This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., /etc/passwd, ~/.ssh/id_rsa) and have their contents copied when the package is installed.

  Note: This only affects file: and git: dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.

• Fixed optional dependencies to request full metadata from the registry to get the libc field, which is required for proper platform compatibility checks #​9950.

Platinum Sponsors

Gold Sponsors

v10.28.1

Compare Source

v10.28.0

Compare Source

PostHog/posthog-js (posthog-js)

v1.342.1

Compare Source

1.342.1

Patch Changes

• #​3039 8f75dae Thanks @​hpouillot! - fix(err): fix console error capturing
  (2026-02-06)
• Updated dependencies [8f75dae]:
  • @​posthog/core@​1.20.1
  • @​posthog/types@​1.342.1

v1.342.0

Compare Source

1.342.0

Minor Changes

• #​3032 19d59ea Thanks @​dmarticus! - add featureFlagsReloading event for tracking flag reload state
  (2026-02-05)

Patch Changes

• Updated dependencies []:
  • @​posthog/types@​1.342.0

v1.341.2

Compare Source

1.341.2

Patch Changes

• #​3035 b68e991 Thanks @​adboio! - unify element<>modal steps for product tours, deprecate element steps
  (2026-02-05)
• Updated dependencies []:
  • @​posthog/types@​1.341.2

v1.341.1

Compare Source

1.341.1

Patch Changes

• #​3041 23292d4 Thanks @​adboio! - replace stopPropagation with preventDefault for tour manaul click triggers
  (2026-02-05)
• Updated dependencies []:
  • @​posthog/types@​1.341.1

v1.341.0

Compare Source

1.341.0

Minor Changes

• #​3027 d7b37f7 Thanks @​robbie-c! - Rename setTestUser to setInternalOrTestUser
  (2026-02-04)

Patch Changes

• Updated dependencies []:
  • @​posthog/types@​1.341.0

v1.340.0

Compare Source

1.340.0

Minor Changes

• #​3024 2b2725e Thanks @​veryayskiy! - Support widget position
  (2026-02-04)

Patch Changes

• Updated dependencies [bb62809]:
  • @​posthog/core@​1.20.0
  • @​posthog/types@​1.340.0

v1.339.1

Compare Source

1.339.1

Patch Changes

• #​3007 af665cc Thanks @​adboio! - add element inference precision to tours; do not mark as shown until we know first step rendered successfully
  (2026-02-03)
• Updated dependencies []:
  • @​posthog/types@​1.339.1

v1.339.0

Compare Source

1.339.0

Minor Changes

• #​3006 b3ec434 Thanks @​robbie-c! - Add a function isTestUser() and config option

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.