fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@antfu/eslint-config	7.2.0 → 7.4.3
@nuxt/eslint (source)	1.13.0 → 1.15.1
@vueuse/core (source)	14.2.0 → 14.2.1
nuxt (source)	4.3.0 → 4.3.1
pnpm (source)	10.28.2 → 10.30.0
vue (source)	3.5.27 → 3.5.28

---

Release Notes

antfu/eslint-config (@​antfu/eslint-config)

v7.4.3

Compare Source

   🐞 Bug Fixes

• Formating regression  -  by @​antfu (2ef8a)

    View changes on GitHub

v7.4.2

Compare Source

   🐞 Bug Fixes

• Relax eslint peer deps range  -  by @​antfu (b5f53)

    View changes on GitHub

v7.4.1

Compare Source

   🐞 Bug Fixes

• Ignore typescript files when typescript is off  -  by @​antfu (bda75)

    View changes on GitHub

v7.4.0

Compare Source

   🚀 Features

• Angular support  -  by @​St2r and @​antfu in #​804 (67b1b)

   🐞 Bug Fixes

• Update peer dependency requirement for eslint-plugin-react-refresh  -  by @​hyoban in #​813 (19a43)

    View changes on GitHub

v7.3.0

Compare Source

   🚀 Features

• Upgrade eslint-plugin-react-refresh, eslint-plugin-regexp  -  by @​antfu (610e7)
• react: Sync recommend rules  -  by @​hyoban in #​810 (1b870)

   🐞 Bug Fixes

• Use ConfigWithExtends instead of Linter.Config  -  by @​hyoban in #​809 (ad4e5)

    View changes on GitHub

nuxt/eslint (@​nuxt/eslint)

v1.15.1

Compare Source

   🐞 Bug Fixes

• Downgrade @eslint/js, fix #​647  -  by @​antfu in #​647 (2c1c1)

    View changes on GitHub

v1.15.0

Compare Source

   🚀 Features

• Relax peer deps range to support ESLint v10, fix #​642  -  by @​antfu in #​642 (305a9)

    View changes on GitHub

v1.14.0

Compare Source

   🚀 Features

• eslint-config: Add no-page-meta-runtime-values  -  by @​danielroe in #​641 (b74a0)

    View changes on GitHub

vueuse/vueuse (@​vueuse/core)

v14.2.1

Compare Source

   🚀 Features

• Add skills at the root directory for skills cli  -  by @​antfu (c005d)
• skills: Transfer @vueuse/skills  -  by @​serkodev in #​5286 (532ac)

   🐞 Bug Fixes

• useRafFn: Resolve reactive null fpsLimit not being handled  -  by @​nemanjamalesija in #​5284 (8ce0d)

    View changes on GitHub

nuxt/nuxt (nuxt)

v4.3.1

Compare Source

4.3.1 is a regularly scheduled patch release.

👉 Changelog

compare changes

🩹 Fixes

• nuxt: Correct reference format of server builder (#​34177)
• nuxt: Add status/statusText getters to NuxtError (#​34188)
• nuxt: Don't inject shared types for differing auto-imports (#​34191)
• schema: Add direnv and vendor to default ignore (#​34190)
• nuxt: Focus hash links after navigation (#​34193)
• nuxt: Exclude head runtime from unhead imports transform (#​34195)
• kit: Include prereleases in semver satisfy check (#​34210)
• nitro: Encode unicode paths in x-nitro-prerender header (#​34202)
• nuxt: Watch server/ for builder:watch hook (#​34208)
• nitro: Preserve error.message for fatal errors (#​34226)
• Only enable dynamic imports when ts plugin (#​34205)
• webpack: Use H3Error for 403 in dev server (#​34233)
• nuxt: Ensure NuxtError extends Error type (#​34242)
• vite: Use H3Error for 404 in dev server (#​34225)
• nuxt: Add backwards compat for #app barrel export in keyed functions (#​34199)
• nuxt: Track + re-add custom routes on hmr (#​32044)
• nuxt: Keep vnode when leaving deeper nested route (#​33778)
• vite: Prevent CSS flickering in dev mode after config changes (#​33856)
• nuxt: Do not start view transition if there is no route (#​33723)
• nuxt: Call deferHydration done on NuxtPage unmount (#​34152)
• nuxt: Handle invalid datetime in ` (#​33992)
• nuxt: Preserve middleware error status in 404 fallback (#​34148)
• nitro: Do not augment nuxt/schema (#​34255)
• nuxt: Cache manifest files to preserve buildId (#​34002)
• nuxt: Don't decode query string in SSR context URL (#​34252)
• nuxt: Allow specifying moduleDependencies by meta.name (#​34263)
• nuxt: Resolve #components import mapping conflict for packages outside rootDir (#​34139)
• vite,webpack: Use node.res to send 403/404 (#​34266)
• nitro,nuxt: Align path encoding with vue-router (#​34265)
• nitro: Augment nuxt/schema once more (552bbd8d1)

💅 Refactors

• nuxt: Prefer genObjectKey to omit unnecessary quotes (#​34245)
• nuxt: Use ComponentProps helper to extract layout props (#​34248)

📖 Documentation

• Update roadmap dates (#​34166)
• Correct default value of nitroAutoImports (#​34182)
• Clarify shared type context limitations for custom imports (#​34194)
• Fix broken links (#​34223)
• Document payload extraction for ISR/SWR routes (#​34222)
• Update default aliases in configuration reference (#​34237)
• Update example of email validation (#​34247)
• Align server alias examples with #server and rootDir (#​34259)
• Add documentation for keyedComposables (#​34201)

🏡 Chore

• Remove px from width attribute (8d1cbb27a)
• Add ai config in gitignore (#​34220)

✅ Tests

• Vitest v4 compatibility (825b2c202)
• Add runtime tests for deeply nested <NuxtPage> navigation (048efc030)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Matej Černý (@​cernymatej)
• Octavio Araiza (@​8ctavio)
• Muhammad Yasir Ghaffar (@​M-YasirGhaffar)
• mrkaashee (@​mrkaashee)
• Max (@​onmax)
• Bobbie Goede (@​BobbieGoede)
• 纸鹿/Zhilu (@​L33Z22L11)
• Florian Heuberger (@​Flo0806)
• 山吹色御守 (@​KazariEX)
• ExXTreMe315 (@​ExXTreMe315)
• Eugene (@​FlexIDK)
• abeer0 (@​iiio2)
• Jonas Thelemann (@​dargmuesli)
• Erwan Jugand (@​erwanjugand)

pnpm/pnpm (pnpm)

v10.30.0

Compare Source

v10.29.3

Compare Source

v10.29.2

Compare Source

v10.29.1: pnpm 10.29.1

Compare Source

Minor Changes

• The pnpm dlx / pnpx command now supports the catalog: protocol. Example: pnpm dlx shx@catalog:.
• Support configuring auditLevel in the pnpm-workspace.yaml file #​10540.
• Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #​10436.

Patch Changes

• Fixed pnpm list --json returning incorrect paths when using global virtual store #​10187.

• Fix pnpm store path and pnpm store status using workspace root for path resolution when storeDir is relative #​10290.

• Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #​10497.

• Fixed a bug where catalogMode: strict would write the literal string "catalog:" to pnpm-workspace.yaml instead of the resolved version specifier when re-adding an existing catalog dependency #​10176.

• Fixed the documentation URL shown in pnpm completion --help to point to the correct page at https://pnpm.io/completion #​10281.

• Skip local file: protocol dependencies during pnpm fetch. This fixes an issue where pnpm fetch would fail in Docker builds when local directory dependencies were not available #​10460.

• Fixed pnpm audit --json to respect the --audit-level setting for both exit code and output filtering #​10540.

• update tar to version 7.5.7 to fix security issue

  Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842

• Fix pnpm audit --fix replacing reference overrides (e.g. $foo) with concrete versions #​10325.

• Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not being converted to publicHoistPattern #​10271.

• pnpm help should correctly report if the currently running pnpm CLI is bundled with Node.js #​10561.

• Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for node_modules/.bin, causing binaries to not be found when running commands like pnpm exec #​10457.

Platinum Sponsors

Gold Sponsors

vuejs/core (vue)

v3.5.28

Compare Source

Bug Fixes

• transition: avoid unexpected cancelled parameter in transition done callback (#​14391) (6798853)
• compiler-sfc: add resolution trying for .mts/.cts files (#​14402) (c09d41f), closes vuejs/router#2611
• compiler-sfc: no params were generated when using withDefaults (#​12823) (b0a1f05), closes #​12822
• reactivity: add __v_skip flag to EffectScope to prevent reactive conversion (#​14359) (48b7552), closes #​14357
• runtime-core: avoid retaining el on cached text vnodes during static traversal (#​14419) (4ace79a), closes #​14134
• runtime-core: prevent child component updates when style remains unchanged (#​12825) (57866b5), closes #​12826
• runtime-core: properly handle async component update before resolve (#​11619) (e71c26c), closes #​11617
• runtime-dom: handle null/undefined handler in withModifiers (#​14362) (261de54), closes #​14361
• teleport: properly handling disabled teleport target anchor (#​14417) (d7bcd85), closes #​14412
• transition-group: correct move translation under scale via element rect (#​14360) (0243a79), closes #​14356
• useTemplateRef: don't update setup ref for useTemplateRef key (#​12756) (fc40ca0), closes #​12749

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone Asia/Taipei, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[rileychh-dokploy-coscup]

🚨 Preview Deployment Blocked - Security Protection

Your pull request was blocked from triggering preview deployments

Why was this blocked?

• User: renovate[bot]
• Repository: 2026
• Permission Level: none
• Required Level: write, maintain, or admin

How to resolve this:

Option 1: Get Collaborator Access (Recommended)
Ask a repository maintainer to invite you as a collaborator with write permissions or higher.

Option 2: Request Permission Override
Ask a repository administrator to disable security validation for this specific application if appropriate.

For Repository Administrators:

To disable this security check (⚠️ not recommended for public repositories):
Enter to preview settings and disable the security check.

---

This security measure protects against malicious code execution in preview deployments. Only trusted collaborators should have the ability to trigger deployments.

🛡️ Learn more about this security feature

This protection prevents unauthorized users from:

• Executing malicious code on the deployment server
• Accessing environment variables and secrets
• Potentially compromising the infrastructure

Preview deployments are powerful but require trust. Only users with repository write access can trigger them.

[rileychh]

Blocked by https://redirect.github.com/antfu/eslint-config/issues/817