chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@antfu/eslint-config	^8.2.0 → ^8.3.0
@iconify-json/carbon	^1.2.20 → ^1.2.21
@iconify-json/tabler	^1.2.33 → ^1.2.35
@nuxt/devtools-kit (source)	4.0.0-alpha.3 → 4.0.0-alpha.4
@nuxt/test-utils	^4.0.2 → ^4.0.3
@nuxtjs/i18n (source)	^10.2.4 → ^10.3.0
@vueuse/nuxt (source)	^14.2.1 → ^14.3.0
better-sqlite3	^12.9.0 → ^12.10.0
bumpp	^11.0.1 → ^11.1.0
eslint (source)	^10.2.1 → ^10.4.0
eslint-plugin-harlanzw	^0.12.1 → ^0.15.1
pkg-types	^2.3.0 → ^2.3.1
playwright-core (source)	^1.59.1 → ^1.60.0
pnpm (source)	10.33.1 → 10.33.4
ufo	^1.6.3 → ^1.6.4
vite (source)	^8.0.10 → ^8.0.13
vitest (source)	^4.1.5 → ^4.1.6
vue (source)	^3.5.33 → ^3.5.34
vue-router (source)	^5.0.6 → ^5.0.7
zod (source)	>=3 → >=3.25.76

---

Release Notes

antfu/eslint-config (@​antfu/eslint-config)

v8.3.0

Compare Source

   🚀 Features

• Make perfectionist configurable inside antfu()  -  by @​oliver139 in #​848 (ae1d6)
• stylistic: Allow easy setting brace style  -  by @​oliver139 in #​846 (bd784)
• svelte: Use recommended rules  -  by @​Jungzl in #​842 (6c839)

   🐞 Bug Fixes

• markdown: Scope user rule overrides away from md files  -  by @​antfu and Claude Opus 4.7 (1M context) in #​844 (8d25a)

    View changes on GitHub

nuxt/devtools (@​nuxt/devtools-kit)

v4.0.0-alpha.4

Compare Source

   🚨 Breaking Changes

• Remove deprecated auth token args from builtin RPC functions  -  by @​antfu and Claude Opus 4.6 (1M context) in #​965 (4418e)

   🚀 Features

• Upgrade vite-plugin-inspect to v12, use devtools-kit RPC  -  by @​antfu and Claude Opus 4.6 (1M context) in #​966 (4c594)

   🐞 Bug Fixes

• devtools:
  • Optimize @​vue/devtools dependencies in dev  -  by @​huang-julien in #​981 (32563)
  • Let birpc be singlesource of turth for server<->client comms  -  by @​huang-julien in #​978 (4853d)
  • Run defineViteDevToolsPlugin only for client vite  -  by @​huang-julien in #​977 (b5f9f)
• devtools/client:
  • Debounce render of NDisconnectIndicator  -  by @​huang-julien in #​979 (cf8d9)

    View changes on GitHub

nuxt/test-utils (@​nuxt/test-utils)

v4.0.3

Compare Source

4.0.3 is the next patch release.

👉 Changelog

compare changes

🩹 Fixes

• runtime-utils: Lazily import root-component in mount + render helpers (#​1665)
• runtime-utils: Insert compilerOptions conditionally (#​1659)
• config: Enable sourcemaps when vitest coverage is enabled (#​1674)
• module: Exclude test files from Nuxt plugin registration (#​1666)
• runtime-utils: Provide NuxtLink isActive slot props (#​1640)
• e2e: Wait for HTTP readiness before resolving startServer (#​1675)

🏡 Chore

• Fix typo (#​1663)
• Bump nitro and nuxt pins in nitro-v3 example (#​1678)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Martin Masevski (@​Archetipo95)
• Ryota Watanabe (@​wattanx)
• Jan Müller (@​DerYeger)
• Yoshihiro Yamaguchi (@​yamachi4416)
• Sai Asish Y (@​SAY-5)

nuxt-modules/i18n (@​nuxtjs/i18n)

v10.3.0

Compare Source

This changelog is generated by GitHub Releases

   🚀 Features

• Experimental regex routes  -  by @​BobbieGoede in #​3957 (07a9b)

   🐞 Bug Fixes

• Disable experimental.compactRoutes by default  -  by @​BobbieGoede (02e2a)
• Incorrect route group server redirection during ssg  -  by @​BobbieGoede in #​3965 (ce7f7)
• Stable locale message endpoint hash  -  by @​BobbieGoede in #​3966 (84525)

    View changes on GitHub

vueuse/vueuse (@​vueuse/nuxt)

v14.3.0

Compare Source

   🚀 Features

• Expose pointer event onLongPress  -  by @​mrcwbr in #​5295 (b1688)
• createInjectionState: Non-undefined return when default specified  -  by @​Laupetin in #​5306 (b0c51)
• createReusableTemplate: Add support for specifying component names  -  by @​wbolster in #​5300 (ea29d)
• nuxt: Add composable variants to auto imports  -  by @​OrbisK in #​5285 (ac2ef)
• useElementVisibility: Add controls option  -  by @​kricsleo in #​5191 (0cb03)
• useTextareaAutosize: Add optional maxHeight to limit autosize growth  -  by @​palamarchukser, @​antfu and @​9romise in #​5324 (1a3e5)

   🐞 Bug Fixes

• Add explicit ./package.json export to all packages  -  by @​babu-ch and @​OrbisK in #​5343 (0d989)
• core: Always return ssrValue in useCssSupports before mounted  -  by @​danielroe in #​5290 (76b0b)
• directive: Create disposable directive func cleanup of side effects unmounted  -  by @​kalu5, @​43081j, Raman Paulau and @​OrbisK in #​5244 (52d68)
• docs: Typos in useManualRefHistory, useFocusWithin, useStorageAsync, useIntersectionObserver  -  by @​blowsie, Sam Blowes and @​OrbisK in #​5329 (1d9c4)
• docs: Add ignoreDeprecations for twoslash TS 6.0 compat  -  by @​antfu and Claude Opus 4.6 (1M context) in #​5367 (9d1eb)
• metadata: Cleanup removed function resolveRef  -  by @​ntnyq in #​5307 (49da8)
• onClickOutside: Detect iframe inside shadow DOM with detectIframe option  -  by @​babu-ch and @​OrbisK in #​5336 (1a77b)
• shared: Align overloads order of watch functions with original version  -  by @​KazariEX in #​5288 (f1d32)
• useAxios: Handle optional response data safely  -  by @​jahnli in #​5318 (51198)
• useCached: Update comparator type and improve documentation  -  by @​IceMooncake in #​5376 (d886c)
• useClipboard: Prevents fail in Safari for async operation  -  by @​MatteoGabriele in #​5369 (5ec56)
• useSortable: Re-query DOM on every start() for string selectors  -  by @​Mini-ghost in #​5374 (3341f)
• useVirtualList: React to changes made in mutable arrays properly  -  by @​dcherman in #​5267 (7069e)
• useWakeLock: Auto-release wake lock on component unmount  -  by @​ProgrammingWithSid and @​OrbisK in #​5271 (43937)
• useWebSocket: Race condition caused by onopen/onclose events.  -  by @​DanCardin, @​antfu and @​9romise in #​5175 (6661c)
• whenever: Improve old value types  -  by @​VChet in #​5096 (979c6)

   🏎 Performance

• Replace deepRef with shallowRef where appropriate  -  by @​9romise in #​5293 (80004)

    View changes on GitHub

WiseLibs/better-sqlite3 (better-sqlite3)

v12.10.0

Compare Source

What's Changed

• Update SQLite to version 3.53.1 by @​JoshuaWise in #​1467
• Add support for Node.js v26 prebuilds and remove EOL builds (Node.js v20, v23) by @​m4heshd in #​1468
• Temporarily rollback support for Electron v42 prebuilds by @​m4heshd in #​1470
• Enable percentile functions by @​Maxime-J in #​1447

Full Changelog: WiseLibs/better-sqlite3@v12.9.1...v12.10.0

antfu-collective/bumpp (bumpp)

v11.1.0

Compare Source

   🐞 Bug Fixes

• Inherit stdio for git push to support windows SSH passphrase  -  by @​awdr74100 in #​122 (a30af)
• cli: Prevent empty CLI files from overriding config-file files  -  by @​benny123tw in #​120 (4e42e)

    View changes on GitHub

eslint/eslint (eslint)

v10.4.0

Compare Source

v10.3.0

Compare Source

harlan-zw/eslint-plugin-harlanzw (eslint-plugin-harlanzw)

v0.15.1

Compare Source

   🐞 Bug Fixes

• Misc false positives  -  by @​harlan-zw (f7259)

    View changes on GitHub

v0.15.0

Compare Source

   🚀 Features

• nuxt-prefer-layer-alias  -  by @​harlan-zw (bc9e0)

    View changes on GitHub

v0.14.3

Compare Source

No significant changes

    View changes on GitHub

v0.14.2

Compare Source

   🐞 Bug Fixes

• vue: False positives  -  by @​harlan-zw (1c872)

    View changes on GitHub

v0.14.1

Compare Source

   🐞 Bug Fixes

• vue: False positives  -  by @​harlan-zw (11f43)

    View changes on GitHub

v0.14.0

Compare Source

   🚀 Features

• prefer-node-style-text: No raw ansi  -  by @​harlan-zw (be249)

    View changes on GitHub

v0.13.0

Compare Source

No significant changes

    View changes on GitHub

v0.12.3

Compare Source

   🐞 Bug Fixes

• vue-no-faux-composables: Catch provide, inject  -  by @​harlan-zw (7fe3e)
• vue-require-composable-prefix: False positive on useNuxtApp()  -  by @​harlan-zw (31bda)

    View changes on GitHub

unjs/pkg-types (pkg-types)

v2.3.1

Compare Source

compare changes

🩹 Fixes

• Use untransformed typescript type exports (#​261)

📖 Documentation

• Improve documentation and fix typos across the project (#​246)
• Fix incorrect imports and add missing function docs (#​248)

📦 Build

• Migrate to obuild (29e54be)

🏡 Chore

• Migrate to oxlint and oxfmt (67fedc4)
• Update deps (78e9de1)
• Update ci (e21a456)
• Update test scripts (d8d7e68)
• Add missing tsgo dep (d05a063)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Pooya Parsa (@​pi0)
• Eugene (@​outslept)

microsoft/playwright (playwright-core)

v1.60.0

Compare Source

🌐 HAR recording on Tracing

tracing.startHar() / tracing.stopHar() expose HAR recording as a first-class tracing API, with the same content, mode and urlFilter options as recordHar. The returned Disposable makes it easy to scope a recording with await using:

await using har = await context.tracing.startHar('trace.har');
const page = await context.newPage();
await page.goto('https://playwright.dev');
// HAR is finalized when `har` goes out of scope.

🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:

await page.locator('#dropzone').drop({
  files: { name: 'note.txt', mimeType: 'text/plain', buffer: Buffer.from('hello') },
});

await page.locator('#dropzone').drop({
  data: {
    'text/plain': 'hello world',
    'text/uri-list': 'https://example.com',
  },
});

🎯 Aria snapshots

• expect(page).toMatchAriaSnapshot() now works on a Page, in addition to a Locator — equivalent to asserting against page.locator('body').
• New boxes option on locator.ariaSnapshot() / page.ariaSnapshot() appends each element's bounding box as [box=x,y,width,height], useful for AI consumption.

🛑 test.abort()

New test.abort() aborts the currently running test from a fixture, hook, or route handler with an optional message. Use it when you have detected an unrecoverable misuse and want to fail the test right away:

test('does not publish to the shared page', async ({ page }) => {
  await page.route('**/publish', route => {
    test.abort('Tests must not publish to the shared page. Use the `clone` option.');
    return route.abort();
  });
  // ...
});

New APIs

Browser, Context and Page

• Event browser.on('context') — fired when a new context is created on the browser.
• BrowserContext now mirrors lifecycle events from its pages: browserContext.on('download'), browserContext.on('frameattached'), browserContext.on('framedetached'), browserContext.on('framenavigated'), browserContext.on('pageclose'), browserContext.on('pageload').

Locators and Assertions

• New option description in page.getByRole() / locator.getByRole() / frame.getByRole() / frameLocator.getByRole() for matching the accessible description.
• New option pseudo in expect(locator).toHaveCSS() reads computed styles from ::before or ::after.
• New option style in locator.highlight() applies extra inline CSS to the highlight overlay, plus new page.hideHighlight() to clear all highlights.

Network

• webSocketRoute.protocols() returns the WebSocket subprotocols requested by the page.
• New option noDefaults in browserType.connectOverCDP() disables Playwright's default overrides on the default context (download behavior, focus emulation, media emulation), so attaching to a user's daily-driver browser doesn't disturb its state.

Errors and Reporting

• New webError.location() mirrors consoleMessage.location().
• consoleMessage.location() now exposes line / column properties (lineNumber / columnNumber are deprecated).
• New testInfoError.errorContext surfaces additional diagnostic context, such as the aria snapshot of the receiver at the time of an expect(...) matcher failure.
• reporter.onError() now receives a workerInfo argument with details about the worker for fixture teardown errors.

Test runner

• New {testFileBaseName} token in testProject.snapshotPathTemplate — file name without extension.
• Test runner now errors when a config tries to override a non-option fixture, and rejects workers: 0 or negative values.

🛠️ Other improvements

• HTML reporter:
  • npx playwright show-report accepts .zip files directly — no need to unzip first.
  • Steps that contain attachments inside nested children show an indicator on the parent step.
  • The repeatEachIndex is shown in the test header when non-zero.
• Trace Viewer adds a pretty-print toggle for JSON / form request and response bodies in the network details panel.

Breaking Changes ⚠️

• Removed long-deprecated APIs:
  • Locator.ariaRef() — use the standard locator.ariaSnapshot() pipeline.
  • handle option on BrowserContext.exposeBinding and Page.exposeBinding.
  • logger option on BrowserType.connect and BrowserType.connectOverCDP — use tracing instead.
  • Context options videosPath / videoSize — use recordVideo instead.

Browser Versions

• Chromium 148.0.7778.96
• Mozilla Firefox 150.0.2
• WebKit 26.4

This version was also tested against the following stable channels:

• Google Chrome 147
• Microsoft Edge 147

pnpm/pnpm (pnpm)

v10.33.4: pnpm 10.33.4

Compare Source

Patch Changes

• Pin the integrity of git-hosted tarballs (codeload.github.com, gitlab.com, bitbucket.org) in the lockfile so that subsequent installs detect a tampered or substituted tarball and refuse to install it. Previously the lockfile only stored the tarball URL for git dependencies, so a compromised git host or a man-in-the-middle could serve arbitrary code on later installs without lockfile changes.

  A new gitHosted: true field is recorded on git-hosted tarball resolutions in the lockfile, letting every reader/writer route them by a single typed check instead of pattern-matching the tarball URL in each call site. Lockfiles written by older pnpm versions are enriched on load (URL fallback) so the field can be relied on uniformly across the codebase.

• Fix a regression where pnpm --recursive --filter '!<pkg>' run/exec/test/add would include the workspace root in the matched projects. The workspace root is now correctly excluded by default when only negative --filter arguments are provided, matching the documented behavior. To include the root, pass --include-workspace-root #​11341.

Platinum Sponsors

Gold Sponsors

v10.33.3

Compare Source

v10.33.2

Compare Source

unjs/ufo (ufo)

v1.6.4

Compare Source

compare changes

🩹 Fixes

• withoutBase: Collapse leading slashes (#​335)

🏡 Chore

• Update deps (7807010)

❤️ Contributors

• Pooya Parsa (@​pi0)

vitejs/vite (vite)

v8.0.13

Compare Source

Features

• bundled-dev: add lazy bundling support (#​21406) (4f0949f)
• optimizer: improve the esbuild plugin converter to pass some properties of build result to onEnd (#​22357) (47071ce)
• update rolldown to 1.0.1 (#​22444) (8c766a6)

Bug Fixes

• build: copy public directory after building same environment with write=false (#​22328) (158e8ae)
• css: await sass/less/styl worker disposal on teardown (fix #​22274) (#​22275) (b7edcb7)
• css: keep deprecated name/originalFileName in synthetic assetFileNames call (#​22439) (8e59c97)
• make isBundled per environment (#​22257) (a576326)
• ssr: avoid rewriting labels that collide with imports (#​22451) (d9b18e0)

Miscellaneous Chores

• remove irrelevant commits from changelog (#​22430) (6ea3838)
• update changelog (#​22413) (fcdc87c)

v8.0.12

Compare Source

Features

• update rolldown to 1.0.0 (#​22401) (cf0ff41)

Bug Fixes

• create-vite: pass react framework to TanStack CLI (#​22397) (18f0f90)
• deps: update all non-major dependencies (#​22420) (2be6000)
• module-runner: prevent partial-exports race on concurrent imports of in-flight invalidated re-export chains (#​22369) (f5a22e6)
• refer to rolldownOptions instead of deprecated rollupOptions in messages (#​22400) (b675c7b)
• worker: apply build.target to worker bundle (#​22404) (3c93fde)
• worker: forward define to worker bundle transform (#​22408) (d4838a0)

Miscellaneous Chores

• deps: update dependency eslint-plugin-n to v18 (#​22423) (2fe7bd2)
• deps: update rolldown-related dependencies (#​22421) (66b9eb3)

v8.0.11

Compare Source

Features

• update rolldown to 1.0.0-rc.18 (#​22360) (3f80524)

Bug Fixes

• deps: update all non-major dependencies (#​22334) (672c962)
• deps: update all non-major dependencies (#​22382) (5c0cfcb)
• glob: align hmr matcher options with glob enumeration (#​22306) (30028f9)
• make separate object instance for each environment (#​22276) (7c2aa3b)

Documentation

• create-vite: list react-compiler templates in README (#​22347) (7c3a61f)
• explain mergeConfig skips null/undefined (#​22325) (2151f70)
• mention native config loader in CLI options (#​22348) (0420c5d)
• update evan's x handle (640202a)

Miscellaneous Chores

• deps: update dependency tsdown to ^0.21.10 (#​22333) (3b51e05)
• deps: update rolldown-related dependencies (#​22383) (555ff36)
• deps: update transitive packages to fix npm audit alerts (#​22316) (86aee62)

Code Refactoring

• devtools integration (#​22312) (3c8bf06)
• remove unnecessary async (#​22296) (b31fd35)
• show direct path type in bad character warning (#​22339) (0c162e9)

Tests

• create-vite: use short help alias (#​22389) (994ab66)

vitest-dev/vitest (vitest)

v4.1.6

Compare Source

   🐞 Bug Fixes

• browser: Provide project reference in ToMatchScreenshotResolvePath  -  by @​macarie and @​sheremet-va in #​10138 (31882)
• Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options  -  by @​hi-ogawa, Codex and @​sheremet-va in #​10196 (2847d)
• browser: Simplify orchestrator otel carrier  -  by @​hi-ogawa in #​10285 (18af9)

   🏎 Performance

• Stringify diff objects only once  -  by @​sheremet-va in #​10276 (9f7b1)

    View changes on GitHub

vuejs/core (vue)

v3.5.34

Compare Source

Bug Fixes

• compiler-sfc: infer Vue ref wrapper types when source is unresolvable (#​14758) (7f46fd4), closes #​14729
• compiler-sfc: preserve hash hrefs on <image> elements (#​14756) ([090b2e3](https://redirect.github.com/vuejs/core/commit/090b2e3a5149ec951c5313b270e

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/@nuxtjs/robots@253

commit: 026ee1b