chore(deps): update dependency @nuxt/devtools to v2 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@nuxt/devtools (source)	^1.0.2 -> ^2.6.4

GitHub Vulnerability Alerts

CVE-2025-52662

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4*. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade.

---

Release Notes

nuxt/devtools (@​nuxt/devtools)

v2.6.4

Compare Source

Bug Fixes

• using textContent instead of innerHtml for auth pagechore: update lock (7cadbbe)

v2.6.3

Compare Source

v2.6.2

Compare Source

Bug Fixes

• panel dragging issue, close #​874, close #​871, close #​873 (619de37)

v2.6.1

Compare Source

Bug Fixes

• deps: do not depend on @nuxt/schema (#​872) (62443ec)

v2.6.0

Compare Source

Bug Fixes

• timing labels wrapping (#​866) (fd01e60)

Features

• update deps (eef2c09)

v2.5.0

Compare Source

v2.4.1

Compare Source

Bug Fixes

• devtools-kit: explicitly type return type of useDevtoolsHostClient (#​861) (161e847)
• StateEditor: add isPrimitive helper and support bigint type (#​744) (#​854) (f8eed63)
• ui-kit: use object syntax for NButton slots (#​857) (09002d2)

Features

• improve modules view (807405f)
• show docs link for components (9ab0ec8)

v2.4.0

Compare Source

Bug Fixes

• devtools-kit: fix useDevtoolsClient return type (#​845) (5ce9b47)
• module setup times are multiplied by 1000 (#​838) (d16aa96)
• ui-kit: add [@unocss-include](https://redirect.github.com/unocss-include) magic string in NButton (#​852) (f18de78)
• watch() typeof check on array is always false (#​850) (a873199)

2.3.2 (2025-03-26)

Bug Fixes

• prioritize vue-devtools plugin registation, fix #​823, fix #​822 (259853b)
• update vite-plugin-vue-tracer (0c1740c)

2.3.1 (2025-03-20)

Bug Fixes

• downgrade execa to be compatible with Node v18, fix #​821 (f15c7dc)

v2.3.2

Compare Source

Bug Fixes

• prioritize vue-devtools plugin registation, fix #​823, fix #​822 (259853b)
• update vite-plugin-vue-tracer (0c1740c)

v2.3.1

Compare Source

Bug Fixes

• downgrade execa to be compatible with Node v18, fix #​821 (f15c7dc)

v2.3.0

Compare Source

Features

• debug page of module mutation (#​770) (f7e9ab5)

2.2.1 (2025-03-05)

Bug Fixes

• inspector: do not register instapector events if there is already any (db01e1b)

v2.2.1

Compare Source

Bug Fixes

• inspector: do not register instapector events if there is already any (db01e1b)

v2.2.0

Compare Source

Features

• component graph node name toogle (#​797) (2eb2a37)
• migrate to vite-plugin-vue-tracer (#​803) (faa08d3)

2.1.3 (2025-03-03)

2.1.2 (2025-03-03)

2.1.1 (2025-02-28)

Bug Fixes

• use shiki js engine instead of precompiled (d018045)

Features

• update deps (15dbe6d)

v2.1.3

Compare Source

v2.1.1

Compare Source

Bug Fixes

• use shiki js engine instead of precompiled (d018045)

Features

• update deps (15dbe6d)

v2.1.0

Compare Source

Bug Fixes

• hide inspector button when not available (684897f)

Features

• allow override component inspector with __NUXT_INSPECTOR__ (9f3c8bf)
• filter out installed modules in search result, closes #​780 (#​786) (fc8ced3)
• option to disable vueDevTools (3e5251c)

v2.0.0

Compare Source

Features

• add directives page (#​740) (c20c724)

v1.7.0

Compare Source

Features

• improves vscode integration, support multiple backends (#​763) (463f6ad)

1.6.4 (2024-12-12)

Bug Fixes

• upgrade @vue/devtools (8485fcb)

1.6.3 (2024-12-03)

Bug Fixes

• revert #​757, pin vite-plugin-inspect version (a399082)

1.6.2 (2024-12-03)

Bug Fixes

• add v4 compatibility version handeling for pages tab (#​758) (bd8651c)

Features

• support vite-plugin-inspect for both Vite 5 and 6 (#​757) (cfcbc24)

1.6.1 (2024-11-20)

Bug Fixes

• missing pinia store modules (#​751) (be243e4)

Features

• apply lint, use explict import (2c6d2d3)

v1.6.4

Compare Source

Bug Fixes

• upgrade @vue/devtools (8485fcb)

v1.6.3

Compare Source

Bug Fixes

• revert #​757, pin vite-plugin-inspect version (a399082)

v1.6.2

Compare Source

Bug Fixes

• add v4 compatibility version handeling for pages tab (#​758) (bd8651c)

Features

• support vite-plugin-inspect for both Vite 5 and 6 (#​757) (cfcbc24)

v1.6.1

Compare Source

Bug Fixes

• missing pinia store modules (#​751) (be243e4)

Features

• apply lint, use explict import (2c6d2d3)

v1.6.0

Compare Source

Bug Fixes

• devtools: remove cjs entrypoint (#​746) (9e4a22e)

1.5.2 (2024-10-02)

Bug Fixes

• try downgrade vite-plugin-vue-inspector (572a0d6)

1.5.1 (2024-09-23)

Bug Fixes

• welcome page condition (#​736) (d23ce09)

v1.5.2

Compare Source

Bug Fixes

• try downgrade vite-plugin-vue-inspector (572a0d6)

v1.5.1

Compare Source

Bug Fixes

• welcome page condition (#​736) (d23ce09)

v1.5.0

Compare Source

Bug Fixes

• avoid using top-level await, fix #​723 (29b0e39)
• disable quicktype schema generation temporary (c1554a3)
• handle null in deepSync (#​729) (8c0efdb)

1.4.2 (2024-09-10)

Bug Fixes

• use explicit imports of types (#​715) (4c54247)

1.4.1 (2024-08-26)

Bug Fixes

• devtools-kit re-export (d16cafc)
• state-editor: update deepSync function (#​713) (a7b9efb)

v1.4.2

Compare Source

Bug Fixes

• use explicit imports of types (#​715) (4c54247)

v1.4.1

Compare Source

Bug Fixes

• devtools-kit re-export (d16cafc)
• state-editor: update deepSync function (#​713) (a7b9efb)

v1.4.0

Compare Source

Features

• kit: introduce host-client utility (167373c)

1.3.14 (2024-08-20)

1.3.13 (2024-08-20)

1.3.12 (2024-08-20)

1.3.11 (2024-08-20)

1.3.10 (2024-08-20)

Bug Fixes

• color mode (19ac073)

Features

• add search functionality to components graph (#​696) (1a0f81a)

1.3.9 (2024-07-02)

Bug Fixes

• capture for circular reference in state editor (841fd76)
• introduce client.revision to trigger state editor update (418a22e)
• modules: update compatibility check for Nuxt 3 and 4 (#​689) (2354da7)
• use ofetch for fast-npm-meta (4188f8d)

1.3.8 (2024-07-02)

Performance Improvements

• avoid deps on npm-registry-fetch, save install size (3d74691)

1.3.7 (2024-06-27)

Bug Fixes

• OpenGraph layout (#​685) (760f149)
• scrollable sidebar (#​682) (df459f9)
• server-routes: unable to clear all params (#​684) (d88b003)

Features

• use nuxt search api for showing docs (#​681) (52b6468)

Performance Improvements

• use npm-registry-fetch instead of pacote to deduce the package size (a049c52)

1.3.6 (2024-06-21)

Features

• migrate vue-devtools to v7.3 (#​675) (79e6d35)

1.3.5 (2024-06-21)

Bug Fixes

• downgrade module-builder (de79dc4)

1.3.4 (2024-06-21)

Bug Fixes

• color mode (#​679) (d276b31)
• navigate to pages with param (#​678) (316bcd9)

1.3.3 (2024-06-04)

Bug Fixes

• pin @vue/devtools-* (4c79fac)
• sort items in fuse (#​670) (8d052be)

1.3.2 (2024-05-27)

Bug Fixes

• floating-vue style (7b7dc32)
• sidebar scroll (946f930)
• timeline: reduce warning (#​661) (33fe685)

1.3.1 (2024-05-10)

Bug Fixes

• module builder chunk path patch (87199a1)

v1.3.14

Compare Source

v1.3.9

Compare Source

Bug Fixes

• capture for circular reference in state editor (841fd76)
• introduce client.revision to trigger state editor update (418a22e)
• modules: update compatibility check for Nuxt 3 and 4 (#​689) (2354da7)
• use ofetch for fast-npm-meta (4188f8d)

v1.3.8

Compare Source

Performance Improvements

• avoid deps on npm-registry-fetch, save install size (3d74691)

v1.3.7

Compare Source

Bug Fixes

• OpenGraph layout (#​685) (760f149)
• scrollable sidebar (#​682) (df459f9)
• server-routes: unable to clear all params (#​684) (d88b003)

Features

• use nuxt search api for showing docs (#​681) (52b6468)

Performance Improvements

• use npm-registry-fetch instead of pacote to deduce the package size (a049c52)

v1.3.6

Compare Source

Features

• migrate vue-devtools to v7.3 (#​675) (79e6d35)

v1.3.5

Compare Source

Bug Fixes

• downgrade module-builder (de79dc4)

v1.3.4

Compare Source

Bug Fixes

• color mode (#​679) (d276b31)
• navigate to pages with param (#​678) (316bcd9)

v1.3.3

Compare Source

Bug Fixes

• pin @vue/devtools-* (4c79fac)
• sort items in fuse (#​670) (8d052be)

v1.3.2

Compare Source

Bug Fixes

• floating-vue style (7b7dc32)
• sidebar scroll (946f930)
• timeline: reduce warning (#​661) (33fe685)

v1.3.1

Compare Source

v1.3.0

Compare Source

Bug Fixes

• devtools: optimize the home page layout (#​654) (a1ad266)
• upgrade vite-plugin-vue-inspector, fix #​657 (f67f0f2)

Features

• components tree panel (#​655) (3162269)
• hide devtools when printing (#​648) (1be7b2d)

v1.2.0

Compare Source

Bug Fixes

• adopt forward-compatible approach to builder:watch (#​637) (800d71f)
• opt in to import.meta.* properties (#​635) (ce60ab4)

1.1.5 (2024-03-28)

Features

• update @vue/devtools-applet, fix #​640 (cbb711d)

1.1.4 (2024-03-26)

Bug Fixes

• update vue devtools applet (5163c0d)
• vite-inspect iframe url (#​633) (2c942e5)

1.1.3 (2024-03-21)

Bug Fixes

• devtools: do not try to overlay on server (#​630) (9b633cd)

1.1.2 (2024-03-21)

Bug Fixes

• pinia: pinia module searching null safety (#​628) (8937b78)
• scheduledTasks can be undefined (#​626) (7044c47)

Features

• enable picture in picture for localhost (#​627) (c43500a)

1.1.1 (2024-03-20)

Bug Fixes

• client: pinia panel visible logic (#​624) (ed599ab)
• use RPC to get tasks (#​625) (4f347a2)

v1.1.5

Compare Source

Features

• update @vue/devtools-applet, fix #​640 (cbb711d)

v1.1.4

Compare Source

Bug Fixes

• update vue devtools applet (5163c0d)
• vite-inspect iframe url (#​633) (2c942e5)

v1.1.3

Compare Source

Bug Fixes

• devtools: do not try to overlay on server (#​630) (9b633cd)

v1.1.2

Compare Source

Bug Fixes

• pinia: pinia module searching null safety (#​628) (8937b78)
• scheduledTasks can be undefined (#​626) (7044c47)

Features

• enable picture in picture for localhost (#​627) (c43500a)

v1.1.1

Compare Source

Bug Fixes

• client: pinia panel visible logic (#​624) (ed599ab)
• use RPC to get tasks (#​625) (4f347a2)

v1.1.0

Compare Source

Bug Fixes

• augment runtime config correctly (2d199b8)
• devtools border-radius (#​617) (36c300a)
• floating-vue arrow style (#​578) (4553d50)
• floating-vue arrow style in dark (#​582) (0023611)
• inspect tab when custom buildAssetsDir is configured, fixes #​589 (#​588) (97386b2)
• override tsx dependency to known fixed version (broken on Node v18.19.0+) (#​606) (1bc2e71)
• provide a label for accessbility (#​591) (6cb9220)
• remove unnecessary line + open devtools calling twice syncClient (#​584) (9a2dbc2)
• support for resizing window in touch screen (#​616) (31e01fb)
• ui: @​apply conflict with tailwind (#​619) (4e1d329)
• ui: Added composable to build config (#​579) (f3c3de1)
• ui: disabled NButton. Also disable NuxtLink when used with to. (#​581) (12dae59)

Features

• assets: support for layers (#​618) (b8572b6)
• pinia panel (#​621) (56be5a7)
• Server Tasks tab (#​614) (bee12e8)
• ui: added autocomplete props to NTextInput component (#​574) (46cc36f)

1.0.8 (2024-01-11)

Bug Fixes

• remove debugging code (f05143b)

1.0.7 (2024-01-11)

Bug Fixes

• devtools: update default types to module.d.ts/.mts (#​559) (2ecd32c)
• make twitter og tags optional (41ee5ec)
• open-graph: fix type error, close #​563 (c63055a)
• support iframeProps option for CSP, fix Stackblitz (0eb7a82)
• timeline-helper-wrapper: Fix return value in timeline wrapper for promises (#​567) (0645e35)
• update title of Eye Dropper command (#​558) (ea58139)

Features

• server-routes: implement persisting input values in localStorage (#​545) (67dbf65)

1.0.6 (2023-12-13)

Bug Fixes

• improve rpc import message, close #​528 (721dda8)
• server-routes: improve filterByCollection for runtime routes (#​538) (ec144d1)
• SideNav: logo text color in light mode (#​537) (4dbe60d)
• stable integrations setup to have consistent plugins order (#​542) (310929b)

1.0.5 (2023-12-07)

Bug Fixes

• allow iframe to work in stricter cross-origin policy (7ec0d3c)
• devtools: don't enable devtools when in test mode (#​532) (3a7f143)

Features

• add Eye Dropper command (#​530) (25584b9)

1.0.4 (2023-11-27)

Bug Fixes

• pip: check for https support (#​522) (5360cf4)
• require auth token with getImageMeta and getTextAssetContent (69316c4)
• require token for restartNuxt (09384af)

Features

• devtools: support for xdg-home-config (#​526) (4abd280)
• error tab (#​520) (68b8cfc)

1.0.3 (2023-11-20)

Bug Fixes

• support user baseURL, close #​506 (2697340)
• tolerant parse error for local options, close #​518 (e604124)

Features

• disable devtools in test mode (51e8de6)

1.0.2 (2023-11-11)

Bug Fixes

• do not show false connecting overlay on legacy Vite, close #​497 (a48c248)
• timeline: do not inject for macro module, close #​507 (923edaf)

1.0.1 (2023-11-09)

Bug Fixes

• assets: remove dot from file extension (#​512) (8e4ec7b)
• blurred font (#​485) (9a52925)
• dark mode compatibility with vite-inspect (#​501) (2785fa6)
• devtools: import app utilities from #imports (#​500) (68efb1b)
• doc: active status of project cards (#​502) (25bba74)

v1.0.8

Compare Source

Bug Fixes

• remove debugging code (f05143b)

v1.0.7

Compare Source

Bug Fixes

• devtools: update default types to module.d.ts/.mts (#​559) (2ecd32c)
• make twitter og tags optional (41ee5ec)
• open-graph: fix type error, close #​563 (c63055a)
• support iframeProps option for CSP, fix Stackblitz (0eb7a82)
• timeline-helper-wrapper: Fix return value in timeline wrapper for promises (#​567) (0645e35)
• update title of Eye Dropper command (#​558) (ea58139)

Features

• server-routes: implement persisting input values in localStorage (#​545) (67dbf65)

v1.0.6

Compare Source

Bug Fixes

• improve rpc import message, close #​528 (721dda8)
• server-routes: improve filterByCollection for runtime routes (#​538) (ec144d1)
• SideNav: logo text color in light mode (#​537) (4dbe60d)
• stable integrations setup to have consistent plugins order (#​542) (310929b)

v1.0.5

Compare Source

Bug Fixes

• allow iframe to work in stricter cross-origin policy (7ec0d3c)
• devtools: don't enable devtools when in test mode (#​532) (3a7f143)

Features

• add Eye Dropper command (#​530) (25584b9)

v1.0.4

Compare Source

Bug Fixes

• pip: check for https support (#​522) (5360cf4)
• require auth token with getImageMeta and getTextAssetContent (69316c4)
• require token for restartNuxt (09384af)

Features

• devtools: support for xdg-home-config (#​526) (4abd280)
• error tab (#​520) (68b8cfc)

v1.0.3

Compare Source

Bug Fixes

• support user baseURL, close #​506 (2697340)
• tolerant parse error for local options, close #​518 (e604124)

Features

• disable devtools in test mode (51e8de6)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: fb502a9

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[cloudflare-workers-and-pages]

Deploying form-actions-nuxt with    Cloudflare Pages

Latest commit:	fb502a9
Status:	🚫  Build failed.

View logs