chore(deps): update all non-major dependencies by renovate[bot] · Pull Request #446 · nuxt/scripts

renovate · 2025-04-05T00:27:07Z

This PR contains the following updates:

Package	Change	Type	Update
@antfu/eslint-config	`^7.6.1` → `^7.7.0`	pnpm.catalog.default	minor
@types/youtube (source)	`^0.1.0` → `^0.1.2`	peerDependencies	patch
@unhead/vue (source)	`^2.0.3` → `^2.1.10`	peerDependencies	minor
actions/checkout	`v6.0.1` → `v6.0.2`	action	patch
actions/stale	`v10.0.0` → `v10.2.0`	action	minor
eslint (source)	`^10.0.2` → `^10.0.3`	pnpm.catalog.default	patch
posthog-js (source)	`^1.359.0` → `^1.359.1`	pnpm.catalog.default	patch
posthog-js (source)	`^1.0.0` → `^1.359.1`	peerDependencies	minor

Release Notes

antfu/eslint-config (@antfu/eslint-config)

`v7.7.0`

Compare Source

🚀 Features

Zed support - by @hyoban in #827 (30fcb)
Integrate @e18e/eslint-plugin - by @9romise in #830 (ebd46)

🐞 Bug Fixes

markdown: Disable 'markdown/fenced-code-language' rule - by @jinghaihan in #831 (0c44d)

View changes on GitHub

unjs/unhead (@unhead/vue)

`v2.1.10`

Compare Source

🐞 Bug Fixes

solid-js: Correct peerDependency version - by @tyeporter in #671 (64e17)

View changes on GitHub

`v2.1.9`

Compare Source

🐞 Bug Fixes

schema-org: Nuxt test utils compat bug - by @harlan-zw (ef838)

View changes on GitHub

`v2.1.8`

Compare Source

🐞 Bug Fixes

schema-org: Avoid crashing from 3+ duplicate nodes - by @harlan-zw (4baf9)

View changes on GitHub

`v2.1.7`

Compare Source

🐞 Bug Fixes

unhead:
- deduplicate matching tags inside same render cycle - by @harlan-zw in #668 (5c0b2)

View changes on GitHub

`v2.1.6`

Compare Source

🐞 Bug Fixes

react: Ssr regression - by @harlan-zw (6adff)

View changes on GitHub

`v2.1.5`

Compare Source

🐞 Bug Fixes

react: Dispose head entries on unmount in React 18 StrictMode - by @harlan-zw in #664 (50ffe)
scripts: Prevent scope disposal from aborting unrelated trigger in useScript - by @cernymatej in #660 (e8f5b)
unhead: Dedupe link rel without hreflang or type - by @danielroe in #658 (1487d)

View changes on GitHub

`v2.1.4`

Compare Source

🐞 Bug Fixes

schema-org: Remove unimplemented SchemaOrgDebug - by @onmax in #649 (642dc)
unhead: Dedupe <link rel="alternate"> by hreflang/type only, drop href from key - by @harlan-zw in #656 (86175)

View changes on GitHub

`v2.1.3`

Compare Source

🐞 Bug Fixes

unhead:
- Dedupe <link rel="alternate"> - by @danielroe and onmax in #655 (fdabe)
vue:
- Support computed getter trigger - by @harlan-zw in #638 (fd63a)
- Guard s._statusRef - by @danielroe in #642 (4ef03)

🏎 Performance

vue: Avoid duplicating error message in the bundle - by @panstromek in #652 (194e5)

View changes on GitHub

`v2.1.2`

Compare Source

🐞 Bug Fixes

Broken cjs environment - by @harlan-zw (ce989)

View changes on GitHub

`v2.1.1`

Compare Source

No significant changes

View changes on GitHub

`v2.1.0`

Compare Source

🚀 Features

schema-org: 12 new nodes - by @harlan-zw in #612 (1a9b8)

🐞 Bug Fixes

react:
- Recursive function resolves broken - by @harlan-zw (4e0c7)
schema-org:
- Correct month off-by-one - by @harlan-zw in #603 (a3e70)
- Missing schema.org properties - by @harlan-zw in #614 (54e05)
unhead:
- Enforce boolean string meta contents - by @kfreezen in #594 (0b8e7)
- Capo module scripts ordering - by @Barbapapazes in #600 (3c661)
- Capo inline scripts ordering - by @Barbapapazes in #596 (7be75)
- Normalize script type - by @harlan-zw (e51b6)
- Safer handling of input - by @harlan-zw (b4b6c)

🏎 Performance

schema-org:
- Remove ohash and defu dependencies - by @harlan-zw in #605 (0d508)
- Rework graph resolution - by @harlan-zw in #616 (b79e4)

View changes on GitHub

`v2.0.19`

Compare Source

🐞 Bug Fixes

vue: Tree shaking breaking some reactivity - by @harlan-zw (7abb5)

View changes on GitHub

`v2.0.18`

Compare Source

🏎 Performance

unhead: Avoid server side effects - by @harlan-zw in #585 (3fd09)

View changes on GitHub

`v2.0.17`

Compare Source

No significant changes

View changes on GitHub

`v2.0.14`

Compare Source

🐞 Bug Fixes

unhead: Multiword attributes in template - by @NikSimonov in #568 (f635b)

View changes on GitHub

`v2.0.13`

Compare Source

🐞 Bug Fixes

unhead:
- Canonical plugin modifying non-url properties - by @paraboul (ee8fd)
- Avoid normalizing template param input - by @harlan-zw (1d205)
- Safer removal of leading / trailing separators - by @harlan-zw (d4501)

View changes on GitHub

`v2.0.12`

Compare Source

🐞 Bug Fixes

react: Force invalidation on entry disposal - by @harlan-zw in #559 (4ee5e)

View changes on GitHub

`v2.0.11`

Compare Source

🐞 Bug Fixes

Allow non-standard meta tags to be intentionally duped - by @harlan-zw (9a899)

View changes on GitHub

`v2.0.10`

Compare Source

🐞 Bug Fixes

Safer meta array deduping - by @harlan-zw (32486)

View changes on GitHub

`v2.0.9`

Compare Source

🏎 Performance

unhead: Normalize canonicalHost only once in canonical plugin - by @negezor in #550 (92713)

View changes on GitHub

`v2.0.8`

Compare Source

No significant changes

View changes on GitHub

`v2.0.7`

Compare Source

🐞 Bug Fixes

schema-org: unhead hoisting issue - by @harlan-zw (bb0e4)

View changes on GitHub

`v2.0.6`

Compare Source

🐞 Bug Fixes

ssr: Less aggressive encoding of non-title tags - by @harlan-zw (f4d4f)

View changes on GitHub

`v2.0.5`

Compare Source

🐞 Bug Fixes

vue: Use setTimeout as render's debounced delayer - by @kricsleo in #540 (8f7c5)

View changes on GitHub

`v2.0.4`

Compare Source

🐞 Bug Fixes

InferSeoMetaPlugin: Template param replacement broken - by @harlan-zw (4e1c8)

View changes on GitHub

actions/checkout (actions/checkout)

`v6.0.2`

Compare Source

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in #2356

actions/stale (actions/stale)

`v10.2.0`

Compare Source

`v10.1.1`

Compare Source

What's Changed

Bug Fix

Add Missing Input Reading for only-issue-types by @Bibo-Joshi in #1298

Improvement

Improves error handling when rate limiting is disabled on GHES. by @chiranjib-swain in #1300

Dependency Upgrades

Upgrade eslint-config-prettier from 8.10.0 to 10.1.8 by @dependabot in #1276
Upgrade @types/node from 20.10.3 to 24.2.0 and document breaking changes in v10 by @dependabot in #1280
Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot in #1291
Upgrade actions/checkout from 4 to 6 by @dependabot in #1306

New Contributors

@chiranjib-swain made their first contribution in #1300

Full Changelog: actions/stale@v10...v10.1.1

`v10.1.0`

Compare Source

What's Changed

Add only-issue-types option to filter issues by type by @Bibo-Joshi in #1255

New Contributors

@Bibo-Joshi made their first contribution in #1255

Full Changelog: actions/stale@v10...v10.1.0

eslint/eslint (eslint)

`v10.0.3`

Compare Source

PostHog/posthog-js (posthog-js)

`v1.359.1`

Compare Source

1.359.1

Patch Changes

#3204 2b0cd52 Thanks @marandaneto! - chore: upgrade dompurify to 3.3.2
(2026-03-06)
Updated dependencies []:
- @posthog/types@1.359.1

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

vercel · 2025-04-05T00:27:09Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
scripts-docs	Error		Mar 6, 2026 11:04pm
scripts-playground	Error		Mar 6, 2026 11:04pm

pkg-pr-new · 2025-07-16T18:29:18Z

Open in StackBlitz

npm i https://pkg.pr.new/@nuxt/scripts@446

commit: c3f46fd

pnpm-lock.yaml

vercel · 2025-11-25T02:47:14Z

docs/package.json

    "@nuxt/image": "^1.11.0",
    "@nuxt/scripts": "workspace:*",
-    "@nuxt/ui": "4.0.0",
+    "@nuxt/ui": "4.2.1",


Suggested change

"@nuxt/ui": "4.2.1",

"@nuxt/ui": "^4.2.1",

The @nuxt/ui dependency is pinned to 4.2.1 without a caret, which is inconsistent with all other dependencies in this file that use flexible versioning with the ^ prefix.

View Details

Analysis

Inconsistent version pinning for @nuxt/ui dependency

What fails: docs/package.json line 20 specifies @nuxt/ui as pinned version 4.2.1 (without caret prefix), while all 13 other dependencies use caret versioning (^) for flexible version constraints within the major version.

How to reproduce:

cat docs/package.json | grep -A 15 '"dependencies"'

Result: Shows "@nuxt/ui": "4.2.1" (pinned) while all surrounding dependencies have caret prefix:

"@nuxt/content": "^3.8.2"

"@nuxt/fonts": "^0.12.1"

"@nuxthq/studio": "^2.2.1"

All other 10 dependencies also use ^ prefix

Expected behavior: According to npm semantic versioning, caret versioning allows compatible updates (minor/patch versions) within a major version. The project consistently uses this pattern for all other dependencies, so @nuxt/ui should be ^4.2.1 to match the established convention and allow patch/minor updates like other dependencies.

Root cause: Automated dependency update (Renovate bot commit 0b37709) preserved the previous pinned format when bumping the version from 4.0.0 to 4.2.1, rather than applying the project's standard caret versioning pattern used throughout the file.

vercel · 2026-01-15T00:37:21Z

package.json

-    "posthog-js": "^1.0.0"
+    "@types/youtube": "^0.1.2",
+    "@unhead/vue": "^2.1.2",
+    "posthog-js": "^1.321.2"


Suggested change

"posthog-js": "^1.321.2"

"posthog-js": "^1.0.0"

The posthog-js peer dependency constraint changed from ^1.0.0 to ^1.321.2, which is unusually restrictive and appears unintentional given the patch version bump in devDependencies (1.321.1 → 1.321.2).

View Details

Analysis

Overly restrictive posthog-js peer dependency breaks backward compatibility

What fails: The posthog-js peer dependency constraint in package.json was changed from ^1.0.0 to ^1.321.2 (commit 1536ad2), restricting supported versions to 1.321.2+ and rejecting all prior versions (1.0.0-1.321.1) that would previously install.

How to reproduce:

# User has posthog-js 1.200.0 installed (legitimate version under old ^1.0.0 constraint) npm install @nuxt/scripts # After update, npm now rejects this version because 1.200.0 does not satisfy ^1.321.2

Result: npm/pnpm install fails with: "posthog-js@1.200.0 not satisfied by ^1.321.2"

Expected: The peer dependency should remain at ^1.0.0 (or similar permissive constraint) since:

Code only uses posthog.init() and basic config options (api_host, capture_pageview, disable_session_recording) available since 1.0.0

The devDependency update was only a patch bump (1.222.0 → 1.321.2), not a major version requiring API changes

Peer dependencies should be permissive to maximize compatibility

Semantic versioning guidance indicates patch/minor version updates within the same major version should be backward compatible

This change appears to be an error from automated dependency update tooling (Renovate) that applied the same pinpoint version to both devDependencies and peerDependencies.

renovate · 2026-03-04T13:32:15Z

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 3 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 31, reused 0, downloaded 0, added 0
Progress: resolved 47, reused 0, downloaded 0, added 0
Progress: resolved 50, reused 0, downloaded 0, added 0
Progress: resolved 114, reused 0, downloaded 0, added 0
Progress: resolved 167, reused 0, downloaded 0, added 0
Progress: resolved 216, reused 0, downloaded 0, added 0
Progress: resolved 238, reused 0, downloaded 0, added 0
Progress: resolved 262, reused 0, downloaded 0, added 0
Progress: resolved 343, reused 0, downloaded 0, added 0
Progress: resolved 381, reused 0, downloaded 0, added 0
Progress: resolved 398, reused 0, downloaded 0, added 0
Progress: resolved 456, reused 0, downloaded 0, added 0
Progress: resolved 529, reused 0, downloaded 0, added 0
Progress: resolved 554, reused 0, downloaded 0, added 0
Progress: resolved 575, reused 0, downloaded 0, added 0
Progress: resolved 578, reused 0, downloaded 0, added 0
Progress: resolved 617, reused 0, downloaded 0, added 0
Progress: resolved 656, reused 0, downloaded 0, added 0
Progress: resolved 717, reused 0, downloaded 0, added 0
Progress: resolved 719, reused 0, downloaded 0, added 0
Progress: resolved 793, reused 0, downloaded 0, added 0
Progress: resolved 808, reused 0, downloaded 0, added 0
Progress: resolved 872, reused 0, downloaded 0, added 0
Progress: resolved 889, reused 0, downloaded 0, added 0
Progress: resolved 953, reused 0, downloaded 0, added 0
Progress: resolved 982, reused 0, downloaded 0, added 0
Progress: resolved 1088, reused 0, downloaded 0, added 0
 WARN  Request took 27428ms: https://registry.npmjs.org/vite
Progress: resolved 1233, reused 0, downloaded 0, added 0
/tmp/renovate/repos/github/nuxt/scripts/client:
 ERR_PNPM_TRUST_DOWNGRADE  High-risk trust downgrade for "chokidar@4.0.3" (possible package takeover)

This error happened while installing the dependencies of nuxt@4.3.1
 at @nuxt/vite-builder@4.3.1
 at vite-plugin-checker@0.12.0

Trust checks are based solely on publish date, not semver. A package cannot be installed if any earlier-published version had stronger trust evidence. Earlier versions had provenance attestation, but this version has no trust evidence. A trust downgrade may indicate a supply chain incident.

renovate bot force-pushed the renovate/all-minor-patch branch from 9c4e39b to 5bfebea Compare April 5, 2025 00:30

vercel bot deployed to Preview – scripts-playground April 5, 2025 00:37 View deployment

vercel bot deployed to Preview – scripts-docs April 5, 2025 00:40 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from 5bfebea to 7804f68 Compare April 6, 2025 09:08

renovate bot changed the title ~~chore(deps): update resolutions typescript to v5.8.3~~ chore(deps): update all non-major dependencies Apr 6, 2025

vercel bot deployed to Preview – scripts-docs April 6, 2025 09:10 View deployment

vercel bot deployed to Preview – scripts-playground April 6, 2025 09:12 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from 7804f68 to 2d975ff Compare April 7, 2025 04:48

vercel bot deployed to Preview – scripts-docs April 7, 2025 04:51 View deployment

vercel bot deployed to Preview – scripts-playground April 7, 2025 04:53 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from 2d975ff to 0104ff1 Compare April 7, 2025 08:22

vercel bot deployed to Preview – scripts-playground April 7, 2025 08:24 View deployment

vercel bot deployed to Preview – scripts-docs April 7, 2025 08:26 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from 0104ff1 to 8120e32 Compare April 7, 2025 15:15

vercel bot deployed to Preview – scripts-playground April 7, 2025 15:17 View deployment

vercel bot deployed to Preview – scripts-docs April 7, 2025 15:20 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from 8120e32 to 5ec9f5e Compare April 7, 2025 18:22

vercel bot deployed to Preview – scripts-docs April 7, 2025 18:29 View deployment

vercel bot deployed to Preview – scripts-playground April 7, 2025 18:31 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from 5ec9f5e to efcb3b7 Compare April 8, 2025 08:39

vercel bot deployed to Preview – scripts-playground April 8, 2025 08:42 View deployment

vercel bot deployed to Preview – scripts-docs April 8, 2025 08:44 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from efcb3b7 to 1a61aec Compare April 10, 2025 00:28

vercel bot deployed to Preview – scripts-playground April 10, 2025 00:30 View deployment

vercel bot deployed to Preview – scripts-docs April 10, 2025 00:33 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from 1a61aec to cf8e7f8 Compare April 10, 2025 09:47

vercel bot deployed to Preview – scripts-playground April 10, 2025 09:50 View deployment

vercel bot deployed to Preview – scripts-docs April 10, 2025 09:52 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from cf8e7f8 to 2b13cf8 Compare April 11, 2025 01:12

renovate bot force-pushed the renovate/all-minor-patch branch from 64d7d5a to 6132302 Compare April 16, 2025 07:22

vercel bot deployed to Preview – scripts-playground April 16, 2025 07:26 View deployment

vercel bot had a problem deploying to Preview – scripts-docs April 16, 2025 07:27 Failure

renovate bot force-pushed the renovate/all-minor-patch branch from 6132302 to 360e116 Compare April 16, 2025 14:05

vercel bot deployed to Preview – scripts-playground April 16, 2025 14:07 View deployment

vercel bot had a problem deploying to Preview – scripts-docs April 16, 2025 14:08 Failure

renovate bot force-pushed the renovate/all-minor-patch branch from 360e116 to aa97a8b Compare April 17, 2025 00:59

vercel bot deployed to Preview – scripts-playground April 17, 2025 01:02 View deployment

vercel bot had a problem deploying to Preview – scripts-docs April 17, 2025 01:03 Failure

renovate bot force-pushed the renovate/all-minor-patch branch from aa97a8b to 714cf9d Compare April 17, 2025 08:46

vercel bot deployed to Preview – scripts-playground April 17, 2025 08:48 View deployment

vercel bot had a problem deploying to Preview – scripts-docs April 17, 2025 08:49 Failure

renovate bot force-pushed the renovate/all-minor-patch branch from 714cf9d to bdbb60c Compare April 17, 2025 18:14

vercel bot had a problem deploying to Preview – scripts-docs April 17, 2025 18:15 Failure

vercel bot deployed to Preview – scripts-playground April 17, 2025 18:17 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from bdbb60c to 9343bf3 Compare April 18, 2025 20:28

vercel bot had a problem deploying to Preview – scripts-docs April 18, 2025 21:10 Failure

vercel bot deployed to Preview – scripts-playground April 18, 2025 21:12 View deployment

renovate bot force-pushed the renovate/all-minor-patch branch from 9343bf3 to fb7fea7 Compare April 21, 2025 12:46

vercel bot deployed to Preview – scripts-playground April 21, 2025 12:48 View deployment

vercel bot had a problem deploying to Preview – scripts-docs April 21, 2025 12:49 Failure

renovate bot force-pushed the renovate/all-minor-patch branch from fb7fea7 to 556aaae Compare April 21, 2025 16:40

vercel bot deployed to Preview – scripts-playground April 21, 2025 16:42 View deployment

vercel bot had a problem deploying to Preview – scripts-docs April 21, 2025 16:43 Failure

vercel bot reviewed Sep 20, 2025

View reviewed changes

pnpm-lock.yaml Outdated Show resolved Hide resolved

vercel bot reviewed Nov 25, 2025

View reviewed changes

vercel bot reviewed Jan 15, 2026

View reviewed changes

chore(deps): update all non-major dependencies

3e70bce

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update all non-major dependencies#446

chore(deps): update all non-major dependencies#446
renovate[bot] wants to merge 1 commit intomainfrom
renovate/all-minor-patch

renovate bot commented Apr 5, 2025 •

edited

Loading

Uh oh!

vercel bot commented Apr 5, 2025 •

edited

Loading

Uh oh!

pkg-pr-new bot commented Jul 16, 2025 •

edited

Loading

Uh oh!

Uh oh!

vercel bot Nov 25, 2025

Uh oh!

vercel bot Jan 15, 2026

Uh oh!

renovate bot commented Mar 4, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate bot commented Apr 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

🚀 Features

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🏎 Performance

🐞 Bug Fixes

🚀 Features

🐞 Bug Fixes

🏎 Performance

🐞 Bug Fixes

🏎 Performance

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🏎 Performance

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

What's Changed

Bug Fix

Improvement

Dependency Upgrades

New Contributors

What's Changed

New Contributors

1.359.1

Patch Changes

Configuration

Uh oh!

vercel bot commented Apr 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

pkg-pr-new bot commented Jul 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

vercel bot Nov 25, 2025

Choose a reason for hiding this comment

Analysis

Inconsistent version pinning for @nuxt/ui dependency

Uh oh!

vercel bot Jan 15, 2026

Choose a reason for hiding this comment

Analysis

Overly restrictive posthog-js peer dependency breaks backward compatibility

Uh oh!

renovate bot commented Mar 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ Artifact update problem

File name: pnpm-lock.yaml

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate bot commented Apr 5, 2025 •

edited

Loading

vercel bot commented Apr 5, 2025 •

edited

Loading

pkg-pr-new bot commented Jul 16, 2025 •

edited

Loading

renovate bot commented Mar 4, 2026 •

edited

Loading