chore: Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@nuxt/ui (source)	^4.5.1 → ^4.6.0					dependencies	minor
@nuxtjs/i18n (source)	^10.2.3 → ^10.2.4					dependencies	patch
@vitest/coverage-v8 (source)	^4.1.0 → ^4.1.2					devDependencies	patch
giget	^3.1.2 → ^3.2.0					dependencies	minor
happy-dom	^20.8.4 → ^20.8.9					devDependencies	patch
knip (source)	^6.0.2 → ^6.1.0					devDependencies	minor
minimatch	^10.2.4 → ^10.2.5					dependencies	patch
node	24.14.0 → 24.14.1					uses-with	patch
unstorage (source)	^1.17.4 → ^1.17.5					dependencies	patch
vitest (source)	^4.1.0 → ^4.1.2					devDependencies	patch
vue (source)	^3.5.30 → ^3.5.31					dependencies	patch

---

Release Notes

nuxt/ui (@​nuxt/ui)

v4.6.0

Compare Source

⚠ BREAKING CHANGES

• module: use moduleDependencies to manipulate options (#​5384)

Features

• add standalone Vue REPL playground (#​6209) (390c4bd)
• ChatMessage: add files slot (12d6020)
• ChatReasoning: new component (#​6175) (6db594e)
• ChatShimmer: new component (#​6171) (8db9c54)
• ChatTool: new component (#​6176) (7849534)
• Checkbox/Switch: add support for trueValue / falseValue props (#​6150) (91c6356)
• ContentToc: add highlight-variant prop (#​5746) (df080ce)
• DropdownMenu: add filter prop (#​6153) (a529b43)
• FileUpload: add fileImage prop (#​5935) (40f9c2e)
• Icon: add global options on Vue-only side (#​5354) (566fbee)
• InputMenu: add autocomplete prop (#​6026) (ee8a248)
• InputTime: add range prop (#​6203) (c124f29)
• locale: add Icelandic language (#​6149) (f3ddc60)
• module: use moduleDependencies to manipulate options (#​5384) (dd3f5c5)
• Sidebar: new component (#​6038) (51a1f85)
• Table: implement row pinning (#​6115) (fbd60d9)
• Tooltip: support global content configuration via App tooltip prop (#​6152) (83afd9c)
• unplugin: add support for prose components (#​6198) (c58b9b2)

Bug Fixes

• Avatar: use resolved size for image width/height (#​6008) (6dd0fc4)
• ChatShimmer: handle RTL mode (#​6180) (51793a8)
• ContentNavigation: prevent toggling disabled parent items (#​6122) (0f1074f)
• ContentSurround: handle RTL mode (#​6148) (6921f13)
• ContentToc: reset start margin at lg breakpoint (8f24f79)
• DashboardSearchButton: use valid HTML structure for trailing slot (#​6194) (578a12f)
• Editor: guard lift calls for unavailable list extensions (#​6100) (065db6b)
• Error: support status and statusText properties (1350d62), closes #​6134
• FileUpload: make multiple, accept and reset options reactive (#​6204) (ae093df)
• Modal/Slideover/Popover/Drawer: prevent double close:prevent emit (#​6226) (9a0d501)
• module: only auto-import public composables and allow Vite opt-out (#​6197) (886f5fb)
• NavigationMenu: improve RTL support for viewport and indicator (#​6164) (755867b)
• NavigationMenu: propagate disabled state to item in vertical orientation (6d4d651)
• ProsePre: move shiki line highlight styles to theme (d663950)

nuxt-modules/i18n (@​nuxtjs/i18n)

v10.2.4

Compare Source

This changelog is generated by GitHub Releases

   🐞 Bug Fixes

• Do not import from nuxt/schema  -  by @​danielroe in #​3925 (f57bb)
• Respect trailingSlash on root  -  by @​divine in #​3920 (9e504)
• Move typescript to dev dependencies  -  by @​BobbieGoede in #​3939 (3b0ad)
• Add warning for missing domains when multiDomainLocales is enabled  -  by @​DotwoodMedia in #​3938 (d9a1a)
• types: Allow mixing string and objects for locale file configuration  -  by @​richex-cn in #​3933 (b63d0)

    View changes on GitHub

vitest-dev/vitest (@​vitest/coverage-v8)

v4.1.2

Compare Source

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (#​9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in #​9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in #​9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in #​9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in #​9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in #​9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in #​9851 (6f97b)

    View changes on GitHub

v4.1.1

Compare Source

   🚀 Features

• experimental:
  • Expose matchesTagsFilter to test if the current filter matches tags  -  by @​sheremet-va in #​9913 (eec53)
  • Introduce experimental.vcsProvider  -  by @​sheremet-va in #​9928 (56115)

   🐞 Bug Fixes

• Mark TestProject.testFilesList internal properly  -  by @​sapphi-red in #​9867 (54f26)
• Detect fixture that returns without calling use  -  by @​oilater in #​9831 and #​9861 (633ae)
• Drop vite 8.beta support  -  by @​AriPerkkio in #​9862 (b78f5)
• Type regression in vi.mocked() static class methods  -  by @​purepear and @​hi-ogawa in #​9857 (90926)
• Properly re-evaluate actual modules of mocked external  -  by @​hi-ogawa in #​9898 (ae5ec)
• Preserve coverage report when html reporter overlaps  -  by @​hi-ogawa in #​9889 (2d81a)
• Provide vi.advanceTimers to the preview provider  -  by @​sheremet-va in #​9891 (1bc3e)
• Don't leak event listener in playwright provider  -  by @​sheremet-va in #​9910 (d9355)
• Open browser in --standalone mode without running tests  -  by @​sheremet-va in #​9911 (e78ad)
• Guard disposable and optional body  -  by @​sheremet-va in #​9912 (6fdb2)
• Resolve retry.condition RegExp serialization issue  -  by @​nstepien and @​hi-ogawa in #​9942 (7b605)
• collect:
  • Don't treat extra props on test return as tests  -  by @​sheremet-va in #​9871 (141e7)
• coverage:
  • Simplify provider types  -  by @​AriPerkkio in #​9931 (aaf9f)
  • Load built-in provider without module runner  -  by @​AriPerkkio in #​9939 (bf892)
• expect:
  • Soft assertions continue after .resolves/.rejects promise errors  -  by @​mixelburg, Maks Pikov, Claude Opus 4.6 (1M context) and @​hi-ogawa in #​9843 (6d74b)
  • Fix sinon-chai style API  -  by @​hi-ogawa in #​9943 (0f08d)
• pretty-format:
  • Limit output for large object  -  by @​hi-ogawa and Claude Opus 4.6 (1M context) in #​9949 (0d5f9)

    View changes on GitHub

unjs/giget (giget)

v3.2.0

Compare Source

compare changes

🚀 Enhancements

• git: provider with sparse cloning support (#​211)

🩹 Fixes

• _utils: Move hyphens to start of character classes in parseGitURI regex (#​256)
• cli: Prevent duplicate error messages (#​220)
• gitlab: Support subgroups and :: subdir delimiter (#​141)

🏡 Chore

• Init agents.md (774822c)
• Update deps (ac02cb2)
• Fix type issues (bf48c80)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Michael Slowik (@​sl0wik)
• Ted Kesgar (@​tkesgar)
• Terminal Chai (@​terminalchai)

capricorn86/happy-dom (happy-dom)

v20.8.9

Compare Source

👷‍♂️ Patch fixes

• Fixes issue where cookies from the current origin was being forwarded to the target origin in fetch requests - By @​capricorn86 in task #​2117
  • A security advisory (GHSA-w4gp-fjgq-3q4g) was reported for this security vulnerability. Big thanks to @​r74tech for reporting this!

v20.8.8

Compare Source

👷‍♂️ Patch fixes

• Fixes issue where export names can be interpolated as executable code in ESM - By @​capricorn86 in task #​2113
  • A security advisory (GHSA-6q6h-j7hj-3r64) has been reported that shows a security vulnerability where it may be possible to escape the VM context and get access to process level functionality in unsafe environments using CommonJS. Big thanks to @​tndud042713 for reporting this!

v20.8.7

Compare Source

👷‍♂️ Patch fixes

• Replace implementing Node.js Console with common IConsole interface to support latest version of Bun - By @​YevheniiKotyrlo in task #​1845

v20.8.6

Compare Source

👷‍♂️ Patch fixes

• Request.formData() should honor "Content-Type" header - By @​brianhelba in task #​2106

v20.8.5

Compare Source

👷‍♂️ Patch fixes

• Fixes error thrown when modifying DOM structure in connectedCallback() - By @​capricorn86 in task #​2110

webpro-nl/knip (knip)

v6.1.0: Release 6.1.0

Compare Source

• Add knip.nodeRuntimePath setting (resolve #​1643) (65e943c)
• Swap Astro sharp detection to match default behavior (#​1559) (84968bb)
• feat: stencil plugin (#​1644) (d5d20e5) - thanks @​johnjenkins!
• Enable metro plugin when expo is installed (#​1600) (14bc9d7) - thanks @​DaniFoldi!
• Resolve jsPlugins dependencies in oxlint plugin (#​1576) (e11c962) - thanks @​nikolailehbrink!
• Wrap up oxlint jsPlugins support (209a9f7)
• Update dependencies (close #​1646) (869020f)
• Fix config hint filePath edge case (e79c302)
• Rename oxlint config file in fixtures (5630204)

v6.0.6: Release 6.0.6

Compare Source

• Suppress issues initially to not overwhelm agent in mcp server (7793962)
• Auto-format (346247a)
• Fix false positive unused deps when run from workspace dir (resolve #​1642) (95f4431)
• Move from convertPathsToAlias → compilePathMappings (resolve #​1641) (ccc62d6)

v6.0.5: Release 6.0.5

Compare Source

• Fix up ecosystem pipeline, add sanity (a338b21)
• Fix broken links in Writing a Plugin docs (#​1640) (963f206) - thanks @​skoeva!
• Minor alignment edits to MCP texts.js (714089f)
• Merge JSDoc tags across function overload signatures (resolve #​1639) (6269ec3)
• Housekeep tag matching (b15bc7e)
• Housekeep reference type matching (d9c8731)
• fix(nx): fall back to workspace cwd when run-commands target has no cwd (#​1638) (cf2dc7d) - thanks @​liorp!
• Release knip@​6.0.5 (289bd9a)

v6.0.4: Release 6.0.4

Compare Source

• Defer ns member ref resolution to post-walk batch pass (resolve #​1633) (304504f)
• Show namespace member statuses in trace output (47ddf43)
• Add shadow detection for function params, arrow params, and catch bindings (70ebb76)
• Strip trailing slashes from tsconfig outDir and rootDir (resolve #​1635) (1dcdb02)

v6.0.3: Release 6.0.3

Compare Source

• Handle symlinks → real paths from tsconfig files (#​1630) (529810a)
• Filter empty strings from Qwik routesDir values (resolve #​1632) (beb8ae3)

isaacs/minimatch (minimatch)

v10.2.5

Compare Source

actions/node-versions (node)

v24.14.1: 24.14.1

Compare Source

Node.js 24.14.1

unjs/unstorage (unstorage)

v1.17.5

Compare Source

compare changes

📦 Dependencies

• Update deps (h3 and lru-cache) (37e8958)

vuejs/core (vue)

v3.5.31

Compare Source

Bug Fixes

• compiler-sfc: allow Node.js subpath imports patterns in asset urls (#​13045) (95c3356), closes #​9919
• compiler-sfc: support template literal as defineModel name (#​14622) (bd7eef0), closes #​14621
• reactivity: normalize toRef property keys before dep lookup + improve types (#​14625) (1bb28d0), closes #​12427 #​12431
• runtime-core: invalidate detached v-for memo vnodes after unmount (#​14624) (560def4), closes #​12708 #​12710
• runtime-core: preserve nullish event handlers in mergeProps (#​14550) (5725222)
• runtime-core: prevent merging model listener when value is null or undefined (#​14629) (b39e032)
• runtime-dom: defer teleport mount/update until suspense resolves (#​8619) (88ed045), closes #​8603
• runtime-dom: handle activeElement check in Shadow DOM for v-model (#​14196) (959ded2)
• server-renderer: cleanup component effect scopes after SSR render (#​14548) (862f11e)
• suspense: avoid unmount activeBranch twice if wrapped in transition (#​9392) (908c6ad), closes #​7966
• suspense: update suspense vnode's el during branch self-update (#​12922) (a2c1700), closes #​12920
• transition: skip enter guard while hmr updating (#​14611) (be0a2f1), closes #​14608
• types: prevent shallowReactive marker from leaking into value unions (#​14493) (3b561db), closes #​14490

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.