chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@iconify-json/lucide	^1.2.90 → ^1.2.96
@iconify-json/simple-icons	^1.2.70 → ^1.2.73
@iconify-json/vscode-icons	^1.2.41 → ^1.2.45
@nuxt/content (source)	^3.11.2 → ^3.12.0
@nuxt/eslint (source)	^1.15.1 → ^1.15.2
@nuxt/hints	1.0.0-alpha.6 → 1.0.0-alpha.10
@nuxt/ui (source)	^4.4.0 → ^4.5.1
@shikijs/engine-javascript (source)	^3.22.0 → ^3.23.0
@unhead/vue (source)	^2.1.4 → ^2.1.12
eslint (source)	^9.39.2 → ^9.39.4
pnpm (source)	10.29.2 → 10.32.0
posthog-js (source)	^1.345.2 → ^1.360.0
vue-tsc (source)	^3.2.4 → ^3.2.5

---

Release Notes

nuxt/content (@​nuxt/content)

v3.12.0

Compare Source

Features

• llms: add related links to raw markdown endpoint (#​3724) (fadaf71)

Bug Fixes

• syntax error with datetime fields and standardize date/datetime formats (#​3698) (eb9f8b6)
• api: do not forward accept encoding header (#​3701) (1d92be5)
• collection: use UTF-8 byte length for SQL query size check (#​3717) (9f8402a)
• disable title extraction when contentHeading === false (#​3725) (f5a4679)
• llms: avoid import(variableName) pattern (#​3733) (89c0b25)
• queryCollectionSearchSections: fix options types (#​3705) (b3fa025)
• ssr: local content components on Cloudflare Workers (#​3704) (7cff2b9)

nuxt/eslint (@​nuxt/eslint)

v1.15.2

Compare Source

   🐞 Bug Fixes

• Prevent race condition of running checker module before eslint config is written  -  by @​sebbayer in #​653 (69aa4)

    View changes on GitHub

nuxt/hints (@​nuxt/hints)

v1.0.0-alpha.10

Compare Source

🚀 Enhancements

• Make features configurable (#​246)

🩹 Fixes

• Revert unocss config (#​250)

🏡 Chore

• Use npmx.dev links (#​249)

✅ Tests

• Patch test-utils and force dev mode (#​248)

❤️ Contributors

• Julien Huang (@​huang-julien)

v1.0.0-alpha.9

Compare Source

🩹 Fixes

• lazy-load: Fix potential TMZ violation (#​243)

💅 Refactors

• Move from NuxtApp augment to NuxtPayload (#​240)

❤️ Contributors

• Julien Huang (@​huang-julien)

v1.0.0-alpha.8

Compare Source

🩹 Fixes

• Skip hydration check if client only component (#​227)
• lazy-load: Prefer cloning component over wrapping component (#​232)
• client: Add empty unocss config object (#​233)
• lazy-load: Use NuxtComponent name for auto-imports (#​235)

✅ Tests

• Add basic sse tests (#​228)

❤️ Contributors

• Julien Huang (@​huang-julien)

v1.0.0-alpha.7

Compare Source

compare changes

🚀 Enhancements

• Initial component lazy load hints (#​212)
• Lazy load hints devtools integration (#​220)

🩹 Fixes

• Return correct data in endpoint (#​218)
• Use component filename if auto import for lazy-load hint (#​219)
• Move uid generation server side (#​222)

💅 Refactors

• Move to extensible hints handlers (#​208)
• Assign handler to context instead of waiting for hook result (#​213)
• Simplify handlers (#​216)

🏡 Chore

• playground: Remove relative path to use '@​nuxt/hint' (#​205)
• README: Add lazy-load hints to README (#​225)

🤖 CI

• renovate: Extend nuxt configuration (#​206)

❤️ Contributors

• Julien Huang (@​huang-julien)
• Jonas Thelemann e-mail@jonas-thelemann.de

nuxt/ui (@​nuxt/ui)

v4.5.1

Compare Source

Bug Fixes

• components: improve arrow styling with stroke-default and fill-bg (#​6095) (0e9198e)
• components: improve slots return types and tests (#​6109) (7d1e863)
• components: prevent transformUI from mutating cached useComponentUI value (286738a), closes #​6104 #​4387
• ContentToc: add relative positioning to content slot (fcdb231), closes #​6117
• ContentToc: use rem units for indicator size calculation (d631853)
• NavigationMenu: prevent navigation when clicking trailing area in horizontal orientation (8f84c90), closes #​6083
• Page: make slot presence reactive for variant computation (082ea41)
• types: resolve isArrayOfArray type return (#​6097) (04292d9)
• useResizable: use function declaration to prevent false auto-import (c22ecf4)

v4.5.0

Compare Source

Features

• DashboardSidebar/Header: add autoClose prop (#​6089) (2663deb)
• EditorDragHandle: proxy nested / nestedOptions props and emit hover event (#​5960) (ed60193)
• Form: add HTML5 validation to programmatic submit (#​6002) (ed552fc)
• locale: add Belarusian language (#​5972) (ac9e7b3)
• module: add support for taupe / mauve / mist / olive neutral colors (#​6081) (bc49d3f)
• NavigationMenu: allow tooltip usage in horizontal orientation (#​5682) (f46b504)
• NavigationMenu: handle chip in items (#​6064) (401a2c0)
• ScrollArea: add skipMeasurement virtualize option (#​5721) (548b711)
• Select/SelectMenu: add hover effects on outline and subtle variants (94b0c31)
• Theme: new component (#​4387) (c97047d)
• Toaster: prevent duplicate toasts and add pulse animation (3f6581a)

Bug Fixes

• BlogPost/ChangelogVersion: use ImgHTMLAttributes type for image prop (#​6007) (0185856)
• ChatMessages: allow message props to override role defaults (#​6000) (f64ec17)
• ChatMessages: prevent flash at top before scrolling to bottom on mount (4bdcb83)
• Checkbox/Switch: prevent data-state conflict when used inside Tooltip (2bb1a8b), closes #​3599
• CheckboxGroup: update update:modelValue emit type (#​5927) (64d2e88)
• ColorModeImage: add baseURL support for public paths (#​6006) (db510f3)
• components: add fixed prop to prevent responsive text size reduction (#​6074) (8f5f44c)
• components: nullable and optional type support (#​6060) (cd3432b)
• components: prevent iOS auto-zoom on input fields with font-size below 16px (#​6040) (1262016)
• ContentNavigation: pass nested child data to slots (#​6043) (e67f77e)
• defineShortcuts: add alt key guard (#​6020) (8451f45)
• defineShortcuts: allow shifted special character shortcuts (08facc0)
• Drawer/Modal/Popover/Slideover: prevent unexpected close on touch when interacting with other overlays (#​5695) (e2c038c)
• Editor: handle placeholder in RTL mode (#​5977) (3cc16e3)
• EditorMentionMenu: use char prop as mention prefix instead of always @ (0b9b097), closes #​6035
• EditorToolbar: proxy size prop to dropdown menu (8f8d989)
• InputMenu/InputNumber/SelectMenu: proxy size to buttons (1ec1698), closes #​5958
• InputMenu/Select/SelectMenu: exclude cosmetic items from model value type (#​6044) (22cf1ea)
• InputMenu/SelectMenu: sort filtered items by match relevance (058c66b), closes #​4672
• InputMenu: prevent focus on trailing button (88073b6)
• module: update icon cssLayer option from components to base (#​6076) (e8bc322)
• NavigationMenu: allow clicking trailing slot in horizontal orientation (7f9996f), closes #​5192 #​6083
• NavigationMenu: unique auto-generated item values for grouped items (7b317d9)
• PricingPlan: truncate title (#​6041) (8e86c51)
• Select: remove useless by prop (14dceaf)
• Table: improve perfs with shallowRef when watch deep is disabled (#​6023) (bc06ce2)
• Toast: allow update to keep toast open and reset duration (82afa0a)
• Toast: improve animation smoothness (#​6065) (ee2c0a5)
• types: improve DotPathKeys accuracy and GetItemKeys performance (#​6077) (6f7af3e)
• useEditorMenu: rank filtered results by relevance (f53484a)

shikijs/shiki (@​shikijs/engine-javascript)

v3.23.0

Compare Source

   🚀 Features

• Update grammar and themes  -  by @​antfu (9b4ca)
• cli:
  • Add stdin support and list commands  -  by @​Divyapahuja31 and DIVYA PAHUJA in #​1241 (213f1)
• transformers:
  • Add 'leading' position to transformerRenderWhitespace  -  by @​Divyapahuja31 and DIVYA PAHUJA in #​1236 (49cbb)
  • Add support for [!code info] notation  -  by @​Divyapahuja31 and DIVYA PAHUJA in #​1237 (cd2a6)

   🐞 Bug Fixes

• Add declare modifier to top level declarations in .d.ts  -  by @​KazariEX in #​1242 (142d5)
• cli: Normalize language/extension casing for CLI inputs  -  by @​Nandann018-ux and @​antfu in #​1245 (4bea1)

    View changes on GitHub

unjs/unhead (@​unhead/vue)

v2.1.12

Compare Source

v2.1.11

Compare Source

    ⚠️ Security

• Fixed XSS bypass in useHeadSafe via attribute name injection (GHSA-g5xx-pwrp-g3fv). Users handling untrusted input with useHeadSafe should upgrade immediately.

   🐞 Bug Fixes

• addons,schema-org: Permissive peer dependencies  -  by @​harlan-zw (4c5d1)

    View changes on GitHub

v2.1.10

Compare Source

   🐞 Bug Fixes

• solid-js: Correct peerDependency version  -  by @​tyeporter in #​671 (64e17)

    View changes on GitHub

v2.1.9

Compare Source

   🐞 Bug Fixes

• schema-org: Nuxt test utils compat bug  -  by @​harlan-zw (ef838)

    View changes on GitHub

v2.1.8

Compare Source

   🐞 Bug Fixes

• schema-org: Avoid crashing from 3+ duplicate nodes  -  by @​harlan-zw (4baf9)

    View changes on GitHub

v2.1.7

Compare Source

   🐞 Bug Fixes

• unhead:
  • deduplicate matching tags inside same render cycle  -  by @​harlan-zw in #​668 (5c0b2)

    View changes on GitHub

v2.1.6

Compare Source

   🐞 Bug Fixes

• react: Ssr regression  -  by @​harlan-zw (6adff)

    View changes on GitHub

v2.1.5

Compare Source

   🐞 Bug Fixes

• react: Dispose head entries on unmount in React 18 StrictMode  -  by @​harlan-zw in #​664 (50ffe)
• scripts: Prevent scope disposal from aborting unrelated trigger in useScript  -  by @​cernymatej in #​660 (e8f5b)
• unhead: Dedupe link rel without hreflang or type  -  by @​danielroe in #​658 (1487d)

    View changes on GitHub

eslint/eslint (eslint)

v9.39.4

Compare Source

Bug Fixes

• f18f6c8 fix: update dependency minimatch to ^3.1.5 (#​20564) (Milos Djermanovic)
• a3c868f fix: update dependency @​eslint/eslintrc to ^3.3.4 (#​20554) (Milos Djermanovic)
• 234d005 fix: minimatch security vulnerability patch for v9.x (#​20549) (Andrej Beles)
• b1b37ee fix: update ajv to 6.14.0 to address security vulnerabilities (#​20538) (루밀LuMir)

Documentation

• 4675152 docs: add deprecation notice partial (#​20520) (Milos Djermanovic)

Chores

• b8b4eb1 chore: update dependencies for ESLint v9.39.4 (#​20596) (Francesco Trotta)
• 71b2f6b chore: package.json update for @​eslint/js release (Jenkins)
• 1d16c2f ci: pin Node.js 25.6.1 (#​20563) (Milos Djermanovic)

v9.39.3

Compare Source

Bug Fixes

• 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

• 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#​20529) (Milos Djermanovic)
• 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
• af498c6 chore: ignore /docs/v9.x in link checker (#​20453) (Milos Djermanovic)

pnpm/pnpm (pnpm)

v10.32.0: pnpm 10.32

Compare Source

Minor Changes

• Added --all flag to pnpm approve-builds that approves all pending builds without interactive prompts #​10136.

Patch Changes

• Reverted change related to setting explicitly the npm config file path, which caused regressions.
• Reverted fix related to lockfile-include-tarball-url. Fixes #​10915.

Platinum Sponsors

Gold Sponsors

v10.31.0

Compare Source

v10.30.3

Compare Source

v10.30.2

Compare Source

v10.30.1: pnpm 10.30.1

Compare Source

Patch Changes

• Use the /-/npm/v1/security/audits/quick endpoint as the primary audit endpoint, falling back to /-/npm/v1/security/audits when it fails #​10649.

Platinum Sponsors

Gold Sponsors

v10.30.0: pnpm 10.30

Compare Source

Minor Changes

• pnpm why now shows a reverse dependency tree. The searched package appears at the root with its dependents as branches, walking back to workspace roots. This replaces the previous forward-tree output which was noisy and hard to read for deeply nested dependencies.

Patch Changes

• Revert pnpm why dependency pruning to prefer correctness over memory consumption. Reverted PR: #​7122.
• Optimize pnpm why and pnpm list performance in workspaces with many importers by sharing the dependency graph and materialization cache across all importers instead of rebuilding them independently for each one #​10596.

Platinum Sponsors

Gold Sponsors

v10.29.3

Compare Source

PostHog/posthog-js (posthog-js)

v1.360.0

Compare Source

1.360.0

Patch Changes

• #​3213 db089fd Thanks @​TueHaulund! - fix(replay): treat legacy configs without cache_timestamp as fresh

  Configs persisted by older SDK versions never include a cache_timestamp.
  Defaulting to 0 treats them as always stale, causing the persisted config
  to be cleared before start() runs — so recording never starts for
  customers on older core SDK versions paired with the latest CDN recorder. (2026-03-09)

• #​3207 c5a37cb Thanks @​dustinbyrne! - fix: PostHogFeatureFlags uses a TreeShakeable type
  (2026-03-09)

• Updated dependencies [c5a37cb]:

  • @​posthog/types@​1.360.0

v1.359.1

Compare Source

1.359.1

Patch Changes

• #​3204 2b0cd52 Thanks @​marandaneto! - chore: upgrade dompurify to 3.3.2
  (2026-03-06)
• Updated dependencies []:
  • @​posthog/types@​1.359.1

v1.359.0

Compare Source

1.359.0

Minor Changes

• #​3166 9180726 Thanks @​dustinbyrne! - feat: Tree-shake feature flags
  (2026-03-05)

Patch Changes

• Updated dependencies []:
  • @​posthog/types@​1.359.0

v1.358.1

Compare Source

1.358.1

Patch Changes

• #​3191 9f41d26 Thanks @​TueHaulund! - fix(replay): fall back to persisted config when remote config fetch fails

  When the remote config fetch failed (network error, ad blocker, CDN outage), the SDK received an empty {} response with no sessionRecording key. The onRemoteConfig handler returned early without ever setting _receivedFlags = true, leaving the recording permanently stuck in pending_config status for the entire page session.

  This removes the _receivedFlags gate entirely. The 1-hour TTL on persisted config (added in #​3051, increased from 5 minutes) and the stale-config retry in _onScriptLoaded (added in #​3093) already prevent recording from starting with outdated config. The additional gate was redundant and created a deadlock when the config fetch failed.

  Now when the config fetch fails, startIfEnabledOrStop() is called and falls back to persisted config from a previous page load. If no persisted config exists (first-ever visit), recording is correctly disabled rather than silently stuck. (2026-03-04)

• #​3198 9d0df0e Thanks @​TueHaulund! - Reduce session replay memory pressure by tracking per-event sizes in SnapshotBuffer, eliminating redundant JSON.stringify calls during buffer operations. Also bumps @​posthog/rrweb to 0.0.46 which uses FNV-1a hash-based canvas frame deduplication instead of storing full base64 strings.
  (2026-03-04)

• Updated dependencies []:

  • @​posthog/types@​1.358.1

v1.358.0

Compare Source

1.358.0

Minor Changes

• #​3165 0e08337 Thanks @​dustinbyrne! - feat: Tree-shake surveys, toolbar, exceptions, conversations, logs, experiments
  (2026-03-03)

Patch Changes

• #​3164 20c1ff2 Thanks @​dustinbyrne! - Add Extension interface for tree-shakable extensions
  (2026-03-03)
• Updated dependencies []:
  • @​posthog/types@​1.358.0

v1.357.2

Compare Source

1.357.2

Patch Changes

• #​3170 f485c92 Thanks @​slshults! - fix: Move tablet detection logic into detectDeviceType for consistent classification across all call sites
  (2026-03-03)
• Updated dependencies []:
  • @​posthog/types@​1.357.2

v1.357.1

Compare Source

1.357.1

Patch Changes

• #​3149 91223c5 Thanks @​adboio! - avoid re-checking URLs if they have not changed
  (2026-03-02)
• Updated dependencies [5e8d5fc]:
  • @​posthog/core@​1.23.2
  • @​posthog/types@​1

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.