chore(deps): update npm non-major develop dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@nuxt/schema (source)	^3.20.1 → ^3.20.2
@nuxt/test-utils	^3.21.0 → ^3.23.0
@supabase/supabase-js (source)	^2.86.2 → ^2.91.0
@tanstack/query-core (source)	^5.90.12 → ^5.90.19
@tanstack/vue-query (source)	^5.92.1 → ^5.92.8
eslint (source)	^9.39.1 → ^9.39.2
nuxt (source)	^3.20.1 → ^3.20.2
release-it	^19.0.6 → ^19.2.4
turbo (source)	^2.6.3 → ^2.7.5
vue (source)	^3.5.25 → ^3.5.27
vue-router (source)	^4.6.3 → ^4.6.4

---

Release Notes

nuxt/nuxt (@​nuxt/schema)

v3.20.2

Compare Source

3.20.2 is the next patch release.

✅ Upgrading

Our recommendation for upgrading is to run:

npx nuxt upgrade --dedupe --channel=v3

This will deduplicate your lockfile as well, and help ensure that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.

[!NOTE]
This will only work if you already have a version of @nuxt/cli which has the --channel flag. If this does not work, you can instead run npx nuxi@latest for the initial upgrade.

👉 Changelog

compare changes

🩹 Fixes

• nitro: Do not show pretty error handler when testing (cc75ce409)
• nuxt: Generate valid references for component declaration items (#​33388)
• nuxt: Sync internal route before calling page:finish hook (#​33707)
• nitro: Ensure html is a string before injecting error handler (6f51a25e9)
• nitro: Include layer server directories in tsconfig.server.json (#​33510)
• nuxt: Ensure deduped async data executions return latest promise (#​33740)
• kit,nuxt: Type + respect moduleDependencies by meta name (#​33774)
• nuxt,schema: Ignore .d.vue.ts declarations (9a6a770ab)
• kit,nuxt: Protect against resolved nuxt module subpath (#​33767)
• nuxt: Re-execute callOnce during HMR (#​33810)
• nuxt: Resolve watch callback after reactive key change in useAsyncData (#​33802)
• nuxt: Escape HTML in development error page stack trace (#​33820)
• kit: Do not add resolved rootDir to cached layer config (#​33779)
• kit,schema: Add moduleDependencies -> installModule (#​33689)

💅 Refactors

• nuxt: Improve type safety within callOnce function (#​33825)

📖 Documentation

• Split directory structure and re-order guides (v3) (#​33690)
• Fix link (016ef66e3)
• Add hints release (#​33701)
• Fix link to vitest globals config (#​33702)
• Fix 404 link (5543b7cf7)
• Text consistency (#​33709)
• Type error as non-optional prop (#​33763)

🏡 Chore

• Update pnpm to 10.21 and enable trust policy (1cb55efc0)
• Revert pnpm trust policy and restore provenance action (103ae1351)
• Update markdownlint config to ignore mdc issues (d4933e26e)
• Pin to single version of unstorage (619956e7f)

✅ Tests

• Add patchProp and nodeOps to excluded Vue helpers (#​33754)
• Use fake timers for watch params test (58607fbea)
• Update test for v3 defaults (daa002638)

🤖 CI

• Add --pnpm flag to correctly publish prerelease (#​33688)
• Update action lint config (#​33710)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Alexander Lichter (@​TheAlexLichter)
• Florian Heuberger (@​Flo0806)
• Konstantin Telyakov (@​kTelyakov)
• abeer0 (@​iiio2)
• Julien Huang (@​huang-julien)
• Robin (@​OrbisK)
• Dheeraj Joshi (@​dheeraj3587)
• Edwin Samodra (@​edwinsamodra)
• edison (@​edison1105)
• 山吹色御守 (@​KazariEX)
• Sébastien Chopin (@​atinux)
• pierreoa (@​pierreoa)
• Maxime Pauvert (@​maximepvrt)

nuxt/test-utils (@​nuxt/test-utils)

v3.23.0

Compare Source

3.23.0 is the next minor release.

👉 Changelog

compare changes

🚀 Enhancements

• runtime-utils: Support h3 v2 (#​1515)
• module: Add install wizard when freshly installed (#​1538)

🩹 Fixes

• e2e: Ensure $fetch is not typed as any (1f4754ea9)

🏡 Chore

• Remove leftover console.log (aef693340)

✅ Tests

• Add cleanup to resolve-config tests (#​1537)

🤖 CI

• Prepare build environment in autofix workflow (2c0864ed6)

❤️ Contributors

• Daniel Roe (@​danielroe)
• yamachi4416 (@​yamachi4416)

v3.22.0

Compare Source

3.22.0 is the next minor release.

👉 Changelog

compare changes

🚀 Enhancements

• runtime-utils: Unify logic of mount + render helpers (#​1522)
• module: Run vitest in separate process (#​1524)
• runtime-utils: Allow skipping initial route change (fd77ec066)
• runtime: Skip route sync emulation when NuxtPage exists (#​1530)

🔥 Performance

• module: Skip nuxt-root stub plugin when building (#​1512)

🩹 Fixes

• runtime-utils: Reject promise on error render + mount helpers (#​1503)
• runtime-utils: Support new .sync method for syncing route (1148c3cf1)
• e2e: Always override global env options with inline options (c8f881b3d)
• runtime-utils: Avoid missing render warn on reject render + suspend helpers (#​1520)
• e2e: Use server.deps rather than deps (2b3c86921)
• config: Also call sync() in initial setup (ec555192c)
• module: Use devtools:before hook instead of direct config check (#​1532)
• config: Do not override vitest root with nuxt rootDir (#​1531)

💅 Refactors

• runtime-utils: Do not export addCleanup (86b4998bb)
• module: Extract nuxt environment options plugin (5ada22a9f)

📖 Documentation

• Fix link to module authors testing guide (#​1511)

🏡 Chore

• Use nuxt cli command in preference to nuxi (838ed8b6a)
• Add @vitest/ui to example (ffaccd8a1)
• Fix some example package.json names (417102718)
• Skip bun test (c19a659d3)
• Ignore root interfaces (9739057ae)

✅ Tests

• Use local kit version for module (79f1e14d5)
• Add defaultLocale in i18n test (059988fc3)
• Avoid definePageMeta compiler-hint warning (#​1523)

🤖 CI

• Run knip on pull requests (a94098671)

❤️ Contributors

• Daniel Roe (@​danielroe)
• yamachi4416 (@​yamachi4416)
• Maurice Putz (@​Shooteger)

supabase/supabase-js (@​supabase/supabase-js)

v2.91.0

Compare Source

🩹 Fixes

• supabase: resolve Firefox extension cross-context Promise error (#​2033)

❤️ Thank You

• Vaibhav @​7ttp

v2.90.1

Compare Source

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

v2.90.0

Compare Source

🩹 Fixes

• supabase: avoid edge runtime warnings in next.js (#​1998)
• supabase: inline string literal in databasewithoutinternals type (#​1986)
• supabase: split type-only exports to avoid unused import warnings (#​1979)

❤️ Thank You

• Nico Kempe @​nicokempe
• Vaibhav @​7ttp

v2.89.0

Compare Source

🚀 Features

• supabase: export DatabaseWithoutInternals utility type (#​1935)

❤️ Thank You

• Vaibhav @​7ttp

v2.88.0

Compare Source

🚀 Features

• repo: migrate build system to tsdown for proper ESM/CJS support (#​1961)
• auth: allow custom predicate for detectSessionInUrl option (#​1958)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.87.3

Compare Source

🩹 Fixes

• supabase: resolve jsDelivr CDN ESM import failure with .js extensions (#​1953)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.87.2

Compare Source

🩹 Fixes

• supabase: resolve jsDelivr CDN ESM import failure (#​1950)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.87.1

Compare Source

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

v2.87.0

Compare Source

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

TanStack/query (@​tanstack/query-core)

v5.90.19

Compare Source

Patch Changes

• fix stable combine reference not updating when queries change dynamically (#​9954)

v5.90.18

Compare Source

Patch Changes

• Align experimental_prefetchInRender promise rejection with Suspense behavior by only throwing when no data is available. (#​10025)

v5.90.17

Compare Source

Patch Changes

• fix(query-core): replaceEqualDeep max depth (#​10032)

v5.90.16

Compare Source

Patch Changes

• fix useQueries race condition on queries length change (#​9971) (#​9973)

v5.90.15

Patch Changes

• Fix: Always treat existing data as stale when query goes into error state. (#​9927)

v5.90.14

Patch Changes

• Fix streamedQuery reducer being called twice (#​9970)

v5.90.13

Patch Changes

• Made context.signal consume aware with streamedQuery (#​9963)

TanStack/query (@​tanstack/vue-query)

v5.92.8

Compare Source

Patch Changes

• Updated dependencies [53fc74e]:
  • @​tanstack/query-core@​5.90.19

v5.92.7

Compare Source

Patch Changes

• Updated dependencies [dea1614]:
  • @​tanstack/query-core@​5.90.18

v5.92.6

Compare Source

Patch Changes

• Updated dependencies [269351b]:
  • @​tanstack/query-core@​5.90.17

v5.92.5

Compare Source

Patch Changes

• Updated dependencies [7f47906]:
  • @​tanstack/query-core@​5.90.16

v5.92.4

Compare Source

Patch Changes

• Updated dependencies [fccef79]:
  • @​tanstack/query-core@​5.90.15

v5.92.3

Patch Changes

• Updated dependencies [d576092]:
  • @​tanstack/query-core@​5.90.14

v5.92.2

Patch Changes

• Updated dependencies [4a0a78a]:
  • @​tanstack/query-core@​5.90.13

release-it/release-it (release-it)

v19.2.4

Compare Source

• chore: update dependencies to resolve security vulnerabilities (#​1273) (b45dd1a) - thanks @​Yeom-JinHo!
• Update a few dev deps (cd8acdc)

v19.2.3

Compare Source

• Reuse generated changelog (316dbfa)
• Remove obsolete eslint compat packages/config (f6cc8f3)
• Update remark-preset-webpro and fix broken links (6e6dd4b)

v19.2.2

Compare Source

• Improve getChangelog method (7a56364)

v19.2.1

Compare Source

• Improve commit prompt (b7aca7c)
• Remedy potential edge case in template helper (5c0a6ee)

v19.2.0

Compare Source

• Add option to exit gracefully (e1f825d)
• Update dependencies (424c9f6)
• Auto-format docs (06f41bb)
• fix: add shell mode for npm commands on windows (#​1266) (382e346) - thanks @​julienbenac!
• Feat: Add publishPackageManager config option in NPM plugin to allow using different package manager for publishing (e.g. Bun) (#​1169) (0dafc0b) - thanks @​chrispader!
• Only use --workspaces=false with npm (12bb89c)
• Fix up docs/types a bit (05a5986)
• Format (c9d6ebf)

v19.1.0

Compare Source

• Ignore .npmrc (8ccd060)
• Update lockfile (c4cd2ba)
• Support interactive shell in non-CI mode for 2FA flow (resolve #​1263) (a10b20d)
• Add --workspaces=false to get rid of the null/matches error (14a4907)
• Remove npm config env var warnings (b8c1247)
• doc(readme): add release-it-beautiful-changelog plugin to list of plugins (#​1261) (1b68c21)
• Add 403 to consider resource alive (7969849)

vuejs/core (vue)

v3.5.27

Compare Source

Bug Fixes

• compile-sfc: correctly handle variable shadowing in for loop for defineProps destructuring. (#​14296) (6a1bb50), closes #​14294
• compiler-sfc: handle indexed access types in declare global blocks (#​14260) (e4091fe), closes #​14236
• compiler-sfc: use correct scope when resolving indexed access types from external files (#​14297) (f0f0a21), closes #​14292
• reactivity: collection iteration should inherit iterator instance methods (#​12644) (3c8b2fc), closes #​12615
• runtime-core: skip patching reserved props for custom elements (#​14275) (19cc7e2), closes #​14274
• server-renderer: use ssrRenderClass helper for className attribute (#​14327) (a4708f3)
• ssr: handle v-bind modifiers during render attrs (#​14263) (c2f5964), closes #​14262

v3.5.26

Compare Source

Bug Fixes

• compat: fix compat handler of draggable (#​12445) (ed85953), closes #​12444
• compat: handle v-model deprecation warning with missing appContext (#​14203) (945a543), closes #​14202
• compiler-sfc: demote const reactive bindings used in v-model (#​14214) (e24ff7d), closes #​11265 #​11275
• compiler-ssr: handle ssr attr fallthrough when preserve whitespace (#​12304) (4783118), closes #​8072
• hmr: handle cached text node update (#​14134) (69ce3c7), closes #​14127
• keep-alive: use resolved component name for async components in cache pruning (#​14212) (dfe667c), closes #​14210
• runtime-core: ensure correct anchor el for deeper unresolved async components (#​14182) (f5b3bf2), closes #​14173
• runtime-core: handle patch stable fragment edge case (#​12411) (94aeb64), closes #​12410
• runtime-core: pass component instance to flushPreFlushCbs on unmount (#​14221) (e857e12), closes #​14215

Performance Improvements

• compiler-core: use binary-search to get line and column (#​14222) (1904053)

vuejs/router (vue-router)

v4.6.4

Compare Source

   🚀 Features

• experimental:
  • Handle redirect types  -  by @​posva (92efb)
  • Basic alias  -  by @​posva (ded2d)

   🐞 Bug Fixes

• Make the build output compatible with v4.5  -  by @​drylint in #​2591 (42bc2)
• experimental: IsActive with custom params  -  by @​posva (edca6)

    View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - "after 1am and before 2am" (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codspeed-hq]

CodSpeed Performance Report

Merging this PR will not alter performance

_{Comparing renovate/npm-dev-minor-patch (3a49e48) with main (4de4e16)}

Summary

✅ 2 untouched benchmarks

[codecov]

⚠️ JUnit XML file not found

The CLI was unable to find any JUnit XML files to upload.
For more help, visit our troubleshooting guide.

[cloudflare-workers-and-pages]

Deploying ginjou with    Cloudflare Pages

Latest commit:	0d34354
Status:	🚫  Build failed.

View logs

[pkg-pr-new]

Open in StackBlitz

@ginjou/core

npm i https://pkg.pr.new/@ginjou/core@94

@ginjou/nuxt

npm i https://pkg.pr.new/@ginjou/nuxt@94

@ginjou/vue

npm i https://pkg.pr.new/@ginjou/vue@94

@ginjou/with-directus

npm i https://pkg.pr.new/@ginjou/with-directus@94

@ginjou/with-rest-api

npm i https://pkg.pr.new/@ginjou/with-rest-api@94

@ginjou/with-supabase

npm i https://pkg.pr.new/@ginjou/with-supabase@94

@ginjou/with-vue-i18n

npm i https://pkg.pr.new/@ginjou/with-vue-i18n@94

@ginjou/with-vue-router

npm i https://pkg.pr.new/@ginjou/with-vue-router@94

commit: 3a49e48

[socket-security]

No dependency changes detected. Learn more about Socket for GitHub.

👍 No dependency changes detected in pull request

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 15 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 29, reused 0, downloaded 0, added 0
packages/with-vue-i18n                   |  WARN  deprecated [email protected]
Progress: resolved 47, reused 0, downloaded 0, added 0
Progress: resolved 58, reused 0, downloaded 0, added 0
Progress: resolved 64, reused 0, downloaded 0, added 0
Progress: resolved 66, reused 0, downloaded 0, added 0
Progress: resolved 69, reused 0, downloaded 0, added 0
Progress: resolved 165, reused 0, downloaded 0, added 0
Progress: resolved 262, reused 0, downloaded 0, added 0
Progress: resolved 301, reused 0, downloaded 0, added 0
Progress: resolved 320, reused 0, downloaded 0, added 0
Progress: resolved 353, reused 0, downloaded 0, added 0
Progress: resolved 365, reused 0, downloaded 0, added 0
 ERR_PNPM_TRUST_DOWNGRADE  High-risk trust downgrade for "[email protected]" (possible package takeover)

This error happened while installing the dependencies of @types/[email protected]

Trust checks are based solely on publish date, not semver. A package cannot be installed if any earlier-published version had stronger trust evidence. Earlier versions had provenance attestation, but this version has no trust evidence. A trust downgrade may indicate a supply chain incident.