chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@cloudflare/workers-types	^4.20240821.1 -> ^4.20240903.0
@types/node (source)	^20.16.1 -> ^20.16.5
eslint (source)	^9.9.0 -> ^9.10.0
miniflare (source)	^3.20240806.1 -> ^3.20240821.1
nuxt (source)	^3.12.4 -> ^3.13.1
pkg-types	^1.1.3 -> ^1.2.0
pnpm (source)	9.7.1 -> 9.10.0
typescript (source)	^5.5.4 -> ^5.6.2
wrangler (source)	^3.72.1 -> ^3.75.0

---

Release Notes

cloudflare/workerd (@​cloudflare/workers-types)

v4.20240903.0

Compare Source

eslint/eslint (eslint)

v9.10.0

Compare Source

v9.9.1

Compare Source

cloudflare/workers-sdk (miniflare)

v3.20240821.1

Compare Source

Patch Changes

• #​6564 e8975a9 Thanks @​emily-shen! - feat: add assets plugin to miniflare

  New miniflare plugin for Workers + Assets, with relevant services imported from workers-shared.

v3.20240821.0

Compare Source

Patch Changes

• #​6555 b0e2f0b Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20240806.0	1.20240821.1
  @​cloudflare/workers-types	^4.20240806.0	^4.20240821.1

nuxt/nuxt (nuxt)

v3.13.1

Compare Source

3.12.4 is the next regularly scheduled patch release.

👀 Highlights

Although this is a patch release, there are two features I'd love to draw your attention to.

1. 🆔 useId now uses a built-in Vue composable for stable ids between server + client! https://github.com/nuxt/nuxt/pull/28285
2. 🔥 a new experimental.buildCache feature now allows for quicker app rebuilds https://github.com/nuxt/nuxt/pull/28726

As always, feedback is appreciated 🙏 ❤️

✅ Upgrading

As usual, our recommendation for upgrading is to run:

npx nuxi@latest upgrade --force

This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.

👉 Changelog

compare changes

🔥 Performance

• nuxt: Cache vue app build outputs (#​28726)
• nuxt: Use ServerPlaceholder for ssr client components (#​28563)
• nuxt: Use reducer array + handle modified proto (#​28768)

🩹 Fixes

• schema: Resolve user-provided serverDir relative to root (#​28700)
• nuxt: Handle mismatching declaration/plugin extensions (#​28709)
• nuxt: Do not accept arbitrary strings for MiddlewareKey (#​28676)
• nuxt: Do not pass listeners to custom NuxtLink (#​28738)
• nuxt: Generate basic jsdoc for module config entry (#​27689)
• nuxt: Augment NuxtOptions as well as config (#​28747)
• nuxt: Improve error logging in import protections (#​28753)
• nuxt: Handle deleted cookies from CookieStore events (#​28760)
• nuxt: Allow updating appConfig with non-iterable objects (#​28773)
• nuxt: Improve isNuxtError type inference (#​28814)

💅 Refactors

• nuxt: Update to vue v3.5 + native useId (#​28285)

📖 Documentation

• Fix typo (#​28724)
• Update broken/redirected links (#​28739)
• Capitalize text (#​28734)
• Updated line number for nuxt build-time hooks (#​28746)
• Add missing query returned value from useRoute() (#​28743)
• Persist package manager choice in code blocks (#​28514)
• Fix postcss codeblock typo (#​28801)
• Include --frozen-lockfile when installing dependencies (#​28794)

🏡 Chore

• Use tinyexec internally (#​28684)
• Use tinyglobby internally (#​28686)
• Trim tag (#​28687)
• Fix ci typo (#​28721)
• Tidying workflows + add sherif workflow (#​28793)
• Ignore eslint warnings about console logging (#​28795)

✅ Tests

• Update bundle size (99df4c222)

❤️ Contributors

• Gianluca Di Francesco (@​gianlucadifrancesco)
• Daniel Roe (@​danielroe)
• Joaquín Sánchez (@​userquin)
• Heb (@​Hebilicious)
• Eckhardt (Kaizen) Dreyer (@​Eckhardt-D)
• Gustav Odinger (@​gustavwilliam)
• Julien Huang (@​huang-julien)
• Ismail Sabet (@​ismailsabet)
• Max (@​onmax)
• Anthony Fu (@​antfu)
• @​beer (@​iiio2)
• riskrole (@​riskrole)
• Thimo Sietsma (@​th1m0)

v3.13.0

Compare Source

👀 Highlights

I'm pretty excited about this release - we've ported some features we had planned for Nuxt v4 back to v3, as well as a raft of bug fixes and performance improvements - as usual.

Here are a few of things I'm most excited about.

🏘️ Route Groups

We now support naming directories with parentheses/brackets to organise your routes without affecting the path.

For example:

-| pages/
---| index.vue
---| (marketing)/
-----| about.vue
-----| contact.vue

This will produce /, /about and /contact pages in your app. The marketing group is ignored for purposes of your URL structure.

Read more in the original PR.

🏝️ Islands and Head Metadata

It's now possible for server component islands to manipulate the head, such as by adding SEO metadata when rendering.

Read more in #​27987.

🪝 Custom Prefetch Triggers

We now support custom prefetch triggers for NuxtLink (#​27846).

For example:

<template>
  <div>
    <NuxtLink prefetch-on="interaction">
      This will prefetch when hovered or when it gains focus
    </NuxtLink>
    <!-- note that you probably don't want both enabled! -->
    <NuxtLink :prefetch-on="{ visibility: true, interaction: true }">
      This will prefetch when hovered/focus - or when it becomes visible
    </NuxtLink>
  </div>
</template>

It's also possible to enable/disable these globally for your app and override them per link.

For example:

export default defineNuxtConfig({
  experimental: {
    defaults: {
      nuxtLink: {
        prefetch: true,
        prefetchOn: { visibility: false, interaction: true }
      }
    }
  }
})

🗺️ Better Server Source Maps

When running with node --enable-source-maps, you may have noticed that the source maps for the Vue files in your server build pointed to the Vite build output (something like .nuxt/dist/server/_nuxt/index-O15BBwZ3.js).

Now, even after your Nitro build, your server source maps will reference your original source files (#​28521).

Note that one of the easiest ways of improving your build performance is to turn off source maps if you aren't using them, which you can do easily in your nuxt.config:

export default defineNuxtConfig({
  sourcemap: {
    server: false,
    client: true,
  },
})

🎁 New Features for Module Authors

In the run-up to Nuxt v4, we're working on adding some key functionality for module authors, including a new isNuxtMajorVersion utility where required (#​27579) and better inferred typing for merged module options using the new defineNuxtModule().with() method (#​27520).

✨ Improved Dev Warnings

We no longer warn when using data fetching composables in middleware (#​28604) and we warn when user components' names begin with Lazy (#​27838).

🚨 Vue TypeScript Changes

For a while, in the Vue ecosystem, we've been augmenting @vue/runtime-core to add custom properties and more to vue. However, this inadvertently breaks the types for projects that augment vue - which is now the officially recommended in the docs way to augment these interfaces (for example, ComponentCustomProperties, GlobalComponents and so on).

This means all libraries must update their code (or it will break the types of libraries that augment vue instead).

We've updated our types in Nuxt along these lines but you may experience issues with the latest vue-router when used with libraries which haven't yet done so.

Please create an issue with a reproduction - I'll happily help create a PR to resolve in the upstream library in question. Or you may be able to work around the issue by creating a declarations.d.ts in the root of your project with the following code (credit):

import type {
  ComponentCustomOptions as _ComponentCustomOptions,
  ComponentCustomProperties as _ComponentCustomProperties,
} from 'vue';

declare module '@​vue/runtime-core' {
  interface ComponentCustomProperties extends _ComponentCustomProperties {}
  interface ComponentCustomOptions extends _ComponentCustomOptions {}
}

✅ Upgrading

As usual, our recommendation for upgrading is to run:

npx nuxi@latest upgrade --force

This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.

👉 Changelog

compare changes

🚀 Enhancements

• nuxt: Await custom routes function in router.options (#​27644)
• kit: Add new isNuxtMajorVersion compatibility util (#​27579)
• kit,schema: Add .with for better module options types (#​27520)
• nuxt: Warn when user components' names begin with Lazy (#​27838)
• nuxt: Allow specifying app id when creating a nuxt app (#​28392)
• nuxt: Custom enable/disable hooks for usePreviewMode (#​28371)
• kit: Add prepend option to addRouteMiddleware (#​28496)
• nuxt: Allow organising pages within route groups (#​28276)
• vite: Preserve vite sourcemaps for nitro build (#​28521)
• nuxt: Allow defining triggers for prefetching links (#​27846)
• nuxt: Namespace __NUXT__ when using multi-app (#​27263)
• nuxt: Allow server islands to manipulate head (#​27987)

🔥 Performance

• nuxt: Call cookie decode function only for named cookie (#​28215)
• nuxt: Avoid making client-only component setup async (#​28334)
• nuxt: Avoid multiple calls to getCachedData (#​28472)

🩹 Fixes

• nuxt: Don't warn for definePageMeta in client-only pages (#​28246)
• kit: Include module dist/runtime/ in tsconfig includes (#​28237)
• schema: Support absolute/relative paths for assetsDir (59f0099f4)
• schema: Do not override user serverDir (#​28249)
• schema: Use new options syntax for vite-plugin-vue (#​28307)
• schema: Export new module return types (c0ad8db93)
• kit: Add missing type import (1a60b4541)
• vite,webpack: Handle local postcss plugins (#​28481)
• nuxt: Handle scroll-padding-top: auto in scrollBehavior (#​28320)
• nuxt: Ensure runtimeConfig.public is reactive on client (#​28443)
• nuxt: Update renamed stub composables from nuxt/scripts (#​28449)
• nuxt: Augment @vue/runtime-core and @vue/runtime-dom (#​28446)
• nuxt: Scan jsx pages for page metadata (#​28479)
• nuxt: Handle plugin type extensions more correctly (#​28480)
• vite: Respect baseURL for public assets in dev (#​28482)
• vite: Add transformation result to log for parse errors (#​28508)
• vite: Include module symbols in generated code (#​28509)
• nuxt: Add reason when aborting request in useFetch (#​28517)
• nuxt: Only augment vue, not sub-packages (#​28542)
• nuxt: Avoid stripping js extensions in plugin injections (#​28593)
• nuxt: Preserve route-specific metadata on route.meta (#​28441)
• nuxt: Don't warn when data fetching in middleware (#​28604)
• nuxt: Extract route rules/page meta in 2+ script blocks (#​28625)
• nuxt: Allow customising status code in validate method (#​28612)
• nuxt: Do not provide default prefetchOn prop (#​28630)
• nuxt: Revert back to object syntax for island head (#​28656)

📖 Documentation

• Fix issue in cookie passing example (#​28223)
• Fix note in layers usage chapter (#​28236)
• Fix spaces (#​28233)
• Add vue lang to sample code (#​28247)
• Use splitSetCookieString from cookie-es (29f95ae0d)
• Use headers.getSetCookie (45c6df9a4)
• Fix codemod command typos (#​28279)
• bunx -> bun x (#​28277)
• Add missing comma to example (#​28300)
• Add language to example schema codeblock (#​28294)
• Update link to RuntimeNuxtHooks (#​28336)
• Update links to social media (cd5195047)
• Setup host property and usage example (#​28331)
• Fix TypeScript errors for examples (#​28403)
• Improve readability of link to mdn (#​28327)
• Use ts for create-error example (#​28411)
• Alias links in jsdoc @see blocks (#​28270)
• Link to vue test utils docs for mountSuspended (#​28463)
• Remove vue-tsc major version constraint (#​28484)
• Recommend '#teleports' target instead of 'body' (#​28489)
• Correct custom routing link (#​28497)
• Improve typing of default exports (#​28520)
• Fix options type in custom useFetch recipe (#​28389)
• Update useRuntimeConfig source path (#​28553)
• Add line-breaks to tips in Module Author Guide (#​28587)
• Update nuxt scripts status (#​28629)

🏡 Chore

• schema: Fix typo (#​28377)
• nuxt: Use router code reference permalink (#​28356)
• nuxt: Remove unnecessary await (#​28407)
• Upgrade vue in a separate pr (#​28414)
• Update docs typecheck command (49de5f731)
• Lint (cab9e5c35)
• Fix some typos in comments (#​28501)

✅ Tests

• Disable pageTransition in client-only page (#​27839)
• Ignore SharedComponent in server head (510f3e28f)
• Update bundle size (3ecb95a7c)

🤖 CI

• Add reproduire-sur-stackblitz workflow (#​28531)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Julien Huang (@​huang-julien)
• Maxime Pauvert (@​maximepvrt)
• felix-dolderer (@​felix-dolderer)
• Nicolas Payot (@​nicolaspayot)
• Kewin Szlezingier (@​kewinzaq1)
• Vasily Kuzin (@​ExEr7um)
• xjccc (@​xjccc)
• Martin André (@​Martichou)
• Mike Laumann Bellika (@​MikeBellika)
• Typed SIGTERM (@​typed-sigterm)
• Horu (@​HigherOrderLogic)
• Son Tran (@​trandaison)
• rubyisrust (@​rubyisrust)
• Matej Černý (@​CernyMatej)
• Riley Ho (@​rileychh)
• Adam DeHaven (@​adamdehaven)
• Potter (@​yxw007)
• Martin Masevski (@​Archetipo95)
• BoogieBen. (@​boogie-ben)
• Tobias Diez (@​tobiasdiez)
• Michael Brevard (@​GalacticHypernova)
• Damian Głowala (@​DamianGlowala)
• Lucie (@​lihbr)
• Yasser Lahbibi (@​yassilah)
• Sébastien Chopin (@​atinux)
• @​beer (@​iiio2)
• AuroraTea (@​AuroraTea)
• Bobbie Goede (@​BobbieGoede)
• Alexander Lichter (@​manniL)
• nuxt-studio[bot] (@​nuxt-studio[bot])
• Vaci (@​vacijj)
• FELIPE COSTA DE OLIVEIRA (@​FelipeO16)
• 一纸忘忧 (@​ikxin)
• Meo (@​miaobuao)
• Mohab Sameh (@​mohab-sameh)
• Quentin Macq (@​quentinmcq)
• Johan Krijt (@​johankrijt)

unjs/pkg-types (pkg-types)

v1.2.0

Compare Source

compare changes

🚀 Enhancements

• Add more fields into package.json (#​190)

🏡 Chore

• Ignore fixture for renovate (24c8fce)
• Update deps (b539054)

❤️ Contributors

• Kevin Deng 三咲智子 sxzz@sxzz.moe
• Pooya Parsa (@​pi0)
• 三咲智子 Kevin Deng sxzz@sxzz.moe

pnpm/pnpm (pnpm)

v9.10.0: pnpm 9.10

Compare Source

Minor Changes

• Support for a new CLI flag, --exclude-peers, added to the list and why commands. When --exclude-peers is used, peer dependencies are not printed in the results, but dependencies of peer dependencies are still scanned #​8506.

• Added a new setting to package.json at pnpm.auditConfig.ignoreGhsas for ignoring vulnerabilities by their GHSA code #​6838.

  For instance:

  {
    "pnpm": {
      "auditConfig": {
        "ignoreGhsas": [
          "GHSA-42xw-2xvc-qx8m",
          "GHSA-4w2v-q235-vp99",
          "GHSA-cph5-m8f7-6c5x",
          "GHSA-vh95-rmgr-6w4m"
        ]
      }
    }
  }

Patch Changes

• Throw an exception if pnpm switches to the same version of itself.
• Reduce memory usage during peer dependencies resolution.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v9.9.0

Compare Source

v9.8.0

Compare Source

microsoft/TypeScript (typescript)

v5.6.2

Compare Source

cloudflare/workers-sdk (wrangler)

v3.75.0

Compare Source

Minor Changes

• #​6603 a197460 Thanks @​taylorlee! - feature: log version preview url when previews exist

  The version upload API returns a field indicating whether
  a preview exists for that version. If a preview exists and
  workers.dev is enabled, wrangler will now log the full
  URL on version upload.

  This does not impact wrangler deploy, which only prints the
  workers.dev route of the latest deployment.

• #​6550 8d1d464 Thanks @​Pedr0Rocha! - feature: add RateLimit type generation to the ratelimit unsafe binding.

Patch Changes

• #​6615 21a09e0 Thanks @​RamIdeas! - chore: avoid potential double-install of create-cloudflare

  When wrangler init delegates to C3, it did so via npm create cloudflare@2.5.0. C3's v2.5.0 was the first to include auto-update support to avoid npx's potentially stale cache. But this also guaranteed a double install for users who do not have 2.5.0 cached. Now, wrangler delegates via npm create cloudflare@^2.5.0 which should use the latest version cached on the user's system or install and use the latest v2.x.x.

• #​6603 a197460 Thanks @​taylorlee! - chore: fix version upload log order

  Previously deploy prints:
  upload timings
  deploy timings
  current version id

  while version upload prints:
  worker version id
  upload timings

  This change makes version upload more similar to deploy by printing
  version id after upload, which also makes more sense, as version ID can
  only be known after upload has finished.

v3.74.0

Compare Source

Minor Changes

• #​6574 dff8d44 Thanks @​CarmenPopoviciu! - feat: add support for experimental assets in wrangler dev watch mode

Patch Changes

• #​6605 c4f0d9e Thanks @​WalshyDev! - fix: ensure we update non-versioned Worker settings for the new deploy path in wrangler deploy

• Updated dependencies [e8975a9]:

  • miniflare@3.20240821.1

v3.73.0

Compare Source

Minor Changes

• #​6571 a7e1bfe Thanks @​penalosa! - feat: Add deployment http targets to wrangler deploy logs, and add url to pages deploy logs

• #​6497 3bd833c Thanks @​WalshyDev! - chore: move wrangler versions ..., wrangler deployments ..., wrangler rollback and wrangler triggers ... out of experimental and open beta.
  These are now available to use without the --x-versions flag, you can continue to pass this however without issue to keep compatibility with all the usage today.

  A few of the commands had an output that wasn't guarded by --x-versions those have been updated to use the newer output, we have tried to keep compatibility where possible (for example: wrangler rollback will continue to output "Worker Version ID:" so users can continue to grab the ID).
  If you wish to use the old versions of the commands you can pass the --no-x-versions flag. Note, these will be removed in the future so please work on migrating.

• #​6586 72ea742 Thanks @​penalosa! - feat: Inject a 404 response for browser requested favicon.ico files when loading the /__scheduled page for scheduled-only Workers

• #​6497 3bd833c Thanks @​WalshyDev! - feat: update wrangler deploy to use the new versions and deployments API.
  This should have zero user-facing impact but sets up the most used command to deploy Workers to use the new recommended APIs and move away from the old ones.
  We will still call the old upload path where required (e.g. Durable Object migration or Service Worker format).

Patch Changes

• #​6563 da48a70 Thanks @​threepointone! - chore: remove the warning about local mode flag being removed in the future

• #​6595 0a76d7e Thanks @​vicb! - feat: update unenv to the latest available version

• #​5738 c2460c4 Thanks @​penalosa! - fix: Prevent spaces in names when validating

• #​6586 72ea742 Thanks @​penalosa! - chore: Improve Miniflare CRON warning wording

• #​6593 f097cb7 Thanks @​vicb! - fix: remove experimental: prefix requirement for nodejs_compat_v2

  See https://jira.cfdata.org/browse/DEVDASH-218

• #​6572 0d83428 Thanks @​penalosa! - fix: Show a clearer user error when trying to use a python worker without the python_workers compatibility flag specified

• #​6589 f4c8cea Thanks @​vicb! - feat: update unenv to the latest available version

• Updated dependencies [45ad2e0]:

  • @​cloudflare/workers-shared@​0.4.1

v3.72.3

Compare Source

Patch Changes

• #​6548 439e63a Thanks @​garvit-gupta! - fix: Fix Vectorize getVectors, deleteVectors payload in Wrangler Client; VS-271

• #​6554 46aee5d Thanks @​andyjessop! - fix: nodejs_compat flags no longer error when running wrangler types --x-include-runtime

• #​6548 439e63a Thanks @​garvit-gupta! - fix: Add content-type header to Vectorize POST operations; #​6516/VS-269

• #​6566 669ec1c Thanks @​penalosa! - fix: Ensure esbuild warnings are logged when running wrangler deploy

• Updated dependencies [6c057d1]:

  • @​cloudflare/workers-shared@​0.4.0

v3.72.2

Compare Source

Patch Changes

• #​6511 e75c581 Thanks @​petebacondarwin! - fix: allow Pages projects to use `experimental:nodejs_compat_v2" flag

  Fixes #​6288

• Updated dependencies [b0e2f0b, f5bde66]:

  • miniflare@3.20240821.0
  • @​cloudflare/workers-shared@​0.3.0

---

Configuration

📅 Schedule: Branch creation - "after 2am and before 3am" (UTC), Automerge - "after 1am and before 2am" (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.