chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@babel/core (source)	^7.26.0 -> ^7.26.7
@babel/standalone (source)	^7.26.4 -> ^7.26.7
@babel/types (source)	^7.26.3 -> ^7.26.7
@types/node (source)	^22.10.2 -> ^22.10.10
eslint (source)	^9.17.0 -> ^9.19.0
marked (source)	^15.0.4 -> ^15.0.6
nuxt (source)	^3.15.0 -> ^3.15.3
pnpm (source)	9.15.2 -> 9.15.4
typescript (source)	^5.7.2 -> ^5.7.3
unbuild	^3.2.0 -> ^3.3.1

---

Release Notes

babel/babel (@​babel/core)

v7.26.7

Compare Source

🐛 Bug Fix

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #​17086 Make "object without properties" helpers ES6-compatible (@​tquetano-netflix)
• babel-plugin-transform-typeof-symbol
  • #​17085 fix: Correctly handle typeof in arrow functions (@​liuxingbaoyu)
• babel-parser
  • #​17079 Respect ranges option in estree method value (@​JLHwung)
• babel-core
  • #​17052 Do not try to parse .ts configs as JSON if natively supported (@​nicolo-ribaudo)
• babel-plugin-transform-typescript
  • #​17050 fix: correctly resolve references to non-constant enum members (@​branchseer)
• babel-plugin-transform-typescript, babel-traverse, babel-types
  • #​17025 fix: Remove type-only import x = y.z (@​liuxingbaoyu)

eslint/eslint (eslint)

v9.19.0

Compare Source

v9.18.0

Compare Source

markedjs/marked (marked)

v15.0.6

Compare Source

Bug Fixes

• fix strikethrough inside strong and em to follow gfm (#​3577) (7712a53)

v15.0.5

Compare Source

Bug Fixes

• allow strikethrough inside strong and em to follow gfm (#​3569) (8a01658)

nuxt/nuxt (nuxt)

v3.15.3

Compare Source

3.15.3 is the next regularly scheduled patch release.

👀 Highlights

CORS configuration for dev server

Alongside a range of improvements, we've also shipped a significant fix to impose CORS origin restrictions on the dev server. This applies to your Vite or Webpack/Rspack dev middleware only.

This is a significant/breaking change we would not normally ship in a patch but it is a security fix (see GHSA-4gf7-ff8x-hq99 and GHSA-2452-6xj8-jh47) and we urge you to update ASAP.

You can configure the allowed origins and other CORS options via the devServer.cors options in your nuxt.config, which may be relevant if you are developing with a custom hostname:

export default defineNuxtConfig({
  devServer: {
    cors: {
      origin: ['https://custom-origin.com'],
    },
  },
})

✅ Upgrading

As usual, our recommendation for upgrading is to run:

npx nuxi@latest upgrade --force

This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.

👉 Changelog

compare changes

🔥 Performance

• kit,nuxt: Don't resolve paths from local layers/modules (#​30650)
• nuxt: Reduce number of mkdirSync calls (#​30651)
• nuxt: Reduce unnecessary template updating (#​30684)
• kit: Reduce duplication between findPath and resolvePath (#​30682)
• kit: Run components compat check synchronously (#​30685)
• nuxt: Early return from annotation for non-object syntax plugins (#​30683)
• nuxt: Enable Transition component only on client side (#​30720)

🩹 Fixes

• vite: Override previous #app-manifest alias (#​30618)
• kit,nuxt,schema,vite: Improve watching behaviour (#​30620)
• nuxt: Fall back to plugin.src for variable name generation (#​30649)
• schema: Allow overriding dev/test environment value (#​30667)
• vite: Drop unneeded call to invalidate module (d2a95c542)
• vite: Add back invalidateModule call (9bd71e498)
• nuxt: Do not warn about [[ optional dynamic params (#​30619)
• vite: Inline shared folder in dev mode (#​30690)
• nuxt: Deep clone extracted page meta (#​30717)
• vite,webpack: Restrict access via cors to local origins + allow configuration via devServer.cors (406db5b4d)

💅 Refactors

• vite: Drop externality and use vite internal config (#​30634)

📖 Documentation

• Add link to custom useFetch example (#​30629)
• Fix example command (#​30628)
• Fix links to nuxi source code (4fabe0025)
• Add description for prefetch and other details of NuxtLink (#​30614)
• Update nuxt/content example (542987627)
• Adjust examples, type and description for addRouteMiddleware (#​30656)
• Explain how to use ClientOnly with onMounted hook (#​30670)
• Update links to unhead source (eb5344b43)
• Add more context about navigation mode in callOnce composable (#​30612)
• Add example on how to disable default routes for ssg (#​30729)

📦 Build

• schema: Use new inlineDependencies option (01adefcec)

🏡 Chore

• kit: Explicitly inline lodash-es (0c01273f5)
• Add debug timing jiti/unbuild plugins (#​30648)
• Do not clobber global tracker objects (df8554331)
• Remove stray console log (47c40f310)
• Improve debugging plugins (492b1ec65)
• Write metrics to disk for better diffing (c5c6b8105)
• Lint (86aff854c)

🤖 CI

• Run bundle size assertion outside of matrix (#​30688)
• Reenable nuxt benchmarking (#​30711)

❤️ Contributors

• Alex Liu (@​Mini-ghost)
• Daniel Roe (@​danielroe)
• Alan Schio (@​schirrel)
• xjccc (@​xjccc)
• Saeid Zareie (@​Saeid-Za)
• Zakhar Shymanchyk (@​zshimanchik)
• Arturs Jansons (@​iegik)
• Maxime Pauvert (@​maximepvrt)

v3.15.2

Compare Source

3.15.2 is the next regularly scheduled patch release.

👀 Highlights

🔥 Startup performance improvements

It is worth noting that this release includes some pretty significant performance improvements which you should notice particularly in the startup time. In my tests in the nuxt monorepo,

fixture	time to vite build complete (v3.15.1)	time to vite build complete (v3.15.2)
minimal	850ms	710ms
everything bagel	3,021ms	1,690ms

There's more improvement to do here but hopefully these are good numbers!

📦 CLI refactor

To improve performance within Nuxt projects, we've published a new @nuxt/cli distribution of nuxi, which is used under-the-hood in nuxt (see issue). This should behave exactly the same and nothing needs to be updated in your projects (for example, you will continue to use the nuxi or nuxt commands). The only significant change is that it no longer inlines dependencies. Feedback is welcome 🙏

✅ Upgrading

As usual, our recommendation for upgrading is to run:

npx nuxi@latest upgrade --force

This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.

👉 Changelog

compare changes

🔥 Performance

• nuxt: Remove code duplication in client-only (#​30460)
• nuxt: Use lighter @nuxt/cli dependency (#​30526)
• kit: Remove iterations when resolving module path (#​30562)
• nuxt: Avoid checking fs for existence of scanned pages (#​30581)
• nuxt: Defer version/config warnings to after build (#​30567)

🩹 Fixes

• nuxt: Collect all identifiers before extracting page metadata (#​30478)
• nuxt: Don't hoist identifiers declared locally in definePageMeta when extracting page metadata (#​30490)
• kit: Reorder #build to the end of tsConfig paths (#​30520)
• nuxt: Use fullPath instead of empty string in router hmr (#​30500)
• Relax nuxt version constraints to current (23b968289)
• nuxt: Add import protection for @nuxt/cli (618bbc6da)
• kit: Fully resolve plugin paths when normalising them (#​30540)
• nuxt: Call page:loading:end only once with nested pages (#​29009)
• nuxt: Warn about ignored char while parsing route segment (#​30396)
• nuxt: Allow url-specific chars in vfs (#​30584)
• nuxt: Do not warn about invalid characters in route groups/catchalls (0249c74bc)
• vite: Provide fallback alias for #app-manifest (#​30587)
• nuxt: Avoid invoking shouldPrefetch on the server side (#​30591)
• nuxt: Decode id before resolving relative imports (#​30599)

💅 Refactors

• kit,nuxt,webpack: Reduce reassignments (#​30589)

📖 Documentation

• Document --dev option for the module command (#​30477)
• Document the add layer command (#​30476)
• Update v4 release date (#​30514)
• Ensure correct type for url in useFetch (#​30531)
• Update link to @nuxt/module-builder source (509cf4a5c)
• Add status detail and enhance getCachedData readability (#​30536)
• Update hash link to correct heading (#​30543)
• Update links to unhead source (fef3a59bb)
• Adjust example and additional instructions of useNuxtData (#​30570)
• Resolve many twoslash errors (#​30573)
• Add context for useAsyncData side effects (#​30479)
• Update examples to use function declarations for clarity (#​30588)

🏡 Chore

• Control dependency import into nuxt/app (1adf3e31f)
• Ignore automated renovate node engines updates (6895993fb)

🤖 CI

• Don't block release on fixtures + add pkg.pr.new (#​30548)
• Remove concurrency group from release-pr job (8ac54ff10)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Alex Liu (@​Mini-ghost)
• Anthony Fu (@​antfu)
• Camille Coutens (@​Kamsou)
• Julien Huang (@​huang-julien)
• Peter Buglavecz (@​buglavecz)
• ikxin (@​ikxin)
• Guspan Tanadi (@​guspan-tanadi)
• Vuk Marjanovic (@​vmrjnvc)
• Saeid Zareie (@​Saeid-Za)
• Matej Černý (@​cernymatej)
• Clément Ollivier (@​clemcode)

v3.15.1

Compare Source

3.15.1 is the next regularly scheduled patch release.

✅ Upgrading

As usual, our recommendation for upgrading is to run:

npx nuxi@latest upgrade --force

This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.

👉 Changelog

compare changes

🔥 Performance

• nuxt: Skip experimental async context transform in client build (#​30360)
• schema: Drop unneeded type-only schema dependencies (#​30411)
• rspack,webpack: Drop lodash-es dependency (#​30409)
• nuxt: Drop pathe browser dep for deep server components (#​30456)

🩹 Fixes

• nuxt: Update module path for defaults (#​30371)
• nuxt: Ignore non-reference identifiers when extracting page metadata (#​30381)
• nuxt: Pass nuxt instance to resolvePagesRoutes (e4a372e12)
• schema: Support pfx certificate for dev server (#​30412)
• nuxt: Use node location instead of range for route meta property extraction (#​30447)
• schema: Override vueCompilerOptions.plugins type (#​30454)
• nuxt: Respect baseURL when ignoring prerendered manifest (#​30446)
• nuxt: Respect router.options when hmring routes (#​30455)

💅 Refactors

• nuxt: Use consola with nuxt tag instead of console (#​30408)

📖 Documentation

• Update references to lodash and recommend es-toolkit (8e2ca5bdc)
• Add warning about prerendering (#​30437)

🏡 Chore

• Add configuration for JetBrains IDEs (#​30380)
• Update lockfile (db65a703b)
• Dedupe lockfile + bump nanoid (c5eb6a81d)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Anders Bootsmann Larsen (@​bootsmann1995)
• Alexander Lichter (@​TheAlexLichter)
• Matej Černý (@​cernymatej)
• Connor Roberts (@​murshex)
• Julien Huang (@​huang-julien)

pnpm/pnpm (pnpm)

v9.15.4: pnpm 9.15.4

Compare Source

Patch Changes

• Ensure that recursive pnpm update --latest <pkg> updates only the specified package, with dedupe-peer-dependents=true.

Platinum Sponsors

Gold Sponsors

v9.15.3

Compare Source

microsoft/TypeScript (typescript)

v5.7.3

Compare Source

unjs/unbuild (unbuild)

v3.3.1

Compare Source

compare changes

🩹 Fixes

• rollup: Improve external detection (#​488)

❤️ Contributors

• Pooya Parsa (@​pi0)

v3.3.0

Compare Source

compare changes

🚀 Enhancements

• Allow specifying dependencies to inline in inlineDependencies (#​480)

🩹 Fixes

• rollup: Resolve aliases using pathe utils (#​483)

💅 Refactors

• Inline withTrailingSlash util (#​482)

🏡 Chore

• Update deps (edc8784)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Kricsleo (@​kricsleo)
• Daniel Roe (@​danielroe)

---

Configuration

📅 Schedule: Branch creation - "after 2am and before 3am" (UTC), Automerge - "after 1am and before 2am" (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying untyped with    Cloudflare Pages

Latest commit:	c431a3f
Status:	✅  Deploy successful!
Preview URL:	https://39964808.untyped.pages.dev
Branch Preview URL:	https://renovate-all-minor-patch.untyped.pages.dev

View logs