fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@ai-sdk/vue (source)	^2.0.121 → ^2.0.128
@nuxt/content (source)	^3.11.0 → ^3.11.2
@nuxt/eslint (source)	^1.12.1 → ^1.13.0
@nuxt/ui (source)	^4.3.0 → ^4.4.0
ai (source)	^5.0.121 → ^5.0.128
pnpm (source)	10.28.1 → 10.28.2
vue-tsc (source)	^3.2.2 → ^3.2.4
zod (source)	^4.3.5 → ^4.3.6

---

Release Notes

vercel/ai (@​ai-sdk/vue)

v2.0.128

Compare Source

Patch Changes

• ai@​5.0.126

v2.0.127

Compare Source

Patch Changes

• ai@​5.0.125

v2.0.126

Compare Source

Patch Changes

• ai@​5.0.124

v2.0.125

Compare Source

Patch Changes

• ai@​5.0.123

v2.0.124

Compare Source

Patch Changes

• ai@​5.0.122

v2.0.123

Compare Source

Patch Changes

• ai@​5.0.121

v2.0.122

Compare Source

Patch Changes

• ai@​5.0.120

nuxt/content (@​nuxt/content)

v3.11.2

Compare Source

Bug Fixes

• studio: fallback to env variable to detect ai feature (#​3713) (3fc8b7b)

v3.11.1

Compare Source

Features

• collections: create studio collections for AI if detected (#​3709) (7744645)

Bug Fixes

• issue with disabling contentRawMarkdown (5be6b0c)

nuxt/eslint (@​nuxt/eslint)

v1.13.0

Compare Source

   🚀 Features

• Upgrade eslint-flat-config-utils eslint-plugin-import-lite and eslint-plugin-jsdoc  -  by @​antfu (10bf9)

    View changes on GitHub

nuxt/ui (@​nuxt/ui)

v4.4.0

Compare Source

Features

• Calendar: add weekNumbers prop (#​4555) (7a1a71b)
• ChangelogVersions: handle scroll options in indicator prop (#​5257) (6a925cd)
• CommandPalette/InputMenu/SelectMenu/Tree: handle virtualizer estimateSize as function (#​5748) (d51b424)
• CommandPalette: add input prop (#​5736) (12052e8)
• CommandPalette: add size prop (#​5878) (3ae04c6)
• components: add by prop (#​5906) (36cd5e5)
• components: add valueKey prop (#​5905) (55646ea)
• Editor: add placeholder.mode prop (d90acb3), closes #​5785
• Editor: add size prop in menus (#​5889) (571d50d)
• Editor: add taskList handler (#​5837) (db04197)
• Editor: add support for code inside links (2ed2d5d)
• Editor: handle boolean in image and mention props (b6fa83a), closes #​5820
• EditorMentionMenu: handle async search with ignoreFilter prop (#​5880) (f8d1883)
• InputMenu/Select/SelectMenu: expose viewportRef for infinite scroll (#​5836) (f4a945c)
• InputMenu/SelectMenu: add clear prop (#​5643) (ec6b8ec)
• Link: support custom navigate function in vue (#​5860) (f51e58a)
• ProseTd/ProseTh: handle align prop (859390e), closes #​5795
• Timeline/Stepper: add wrapper slot and fix dynamic slot conditions (#​5868) (8610d4d)
• Timeline: add select event (#​5826) (8e431be)

Bug Fixes

• Banner: isolate banner visibility using per-instance CSS variables (#​5751) (c7332eb)
• Banner: prevent XSS via id prop injection (4e334a0)
• CommandPalette/ContextMenu/DropdownMenu: keyboard selection on link items (3f5bdb3)
• CommandPalette: prevent XSS in search highlight (e12ceb6)
• ContentSurround: align next link to right on tablet without prev (#​5833) (b3adccc)
• defineShortcuts: check shift modifier for special character shortcuts (bd344d7), closes #​5911
• Editor: set contentType when updating value (c37d6f7), closes #​5709
• Editor: support all heading levels by default (3046c3e)
• EditorToolbar: prevent onClick from being called twice on items (cbed0cc), closes #​5784
• EditorToolbar: prevent disabled dropdown when items have no kind (d473f63)
• Error/Main: render as main instead of div (6ccb1f5)
• FileUpload: emit null when clearing file (#​5892) (1d9a2fd)
• FileUpload: keep input visible when preview is disabled with multiple files (597ac29), closes #​5875
• locale: improve cs and sk terminology for correct inflection (#​5789) (af6f288)
• module: only override primary color and md size default variants (f422de8)
• ProseCodeTree: prevent infinite update loop with expandAll prop (c79cb77), closes #​5828
• useOverlay: refine close event argument extraction (#​5775) (182af20)

pnpm/pnpm (pnpm)

v10.28.2: pnpm 10.28.2

Compare Source

Patch Changes

• Security fix: prevent path traversal in directories.bin field.

• When pnpm installs a file: or git: dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into node_modules.

  This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., /etc/passwd, ~/.ssh/id_rsa) and have their contents copied when the package is installed.

  Note: This only affects file: and git: dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.

• Fixed optional dependencies to request full metadata from the registry to get the libc field, which is required for proper platform compatibility checks #​9950.

Platinum Sponsors

Gold Sponsors

vuejs/language-tools (vue-tsc)

v3.2.4

Compare Source

language-core

• feat: place plugin configs under ctx.config and support type annotation via generics (#​5944) - Thanks to @​KazariEX!

workspace

• chore: publish to npm with OIDC (#​5912) - Thanks to @​ghiscoding!

v3.2.3

Compare Source

language-core

• feat: support configuration for language plugins (#​5678) - Thanks to @​KazariEX!
• fix: avoid defineModel breaking ast in lang="js" (#​5935) - Thanks to @​KazariEX!
• fix: infer object keys as string if it does not extend string (#​5933) - Thanks to @​serkodev!

typescript-plugin

• feat: correct rename behavior on same name shorthands in template (#​5907) - Thanks to @​KazariEX!
• fix: only forward quick info for original results without tags (#​5938) - Thanks to @​KazariEX!

vscode

• fix: correct indent for <style> and <script> tags (#​5925) - Thanks to @​serkodev!

colinhacks/zod (zod)

v4.3.6

Compare Source

Commits:

• 9977fb0 Add brand.dev to sponsors
• f4b7bae Update pullfrog.yml (#​5634)
• 251d716 Clean up workflow_call
• edd4132 fix: add missing User-agent to robots.txt and allow all (#​5646)
• 85db85e fix: typo in codec.test.ts file (#​5628)
• cbf77bb Avoid non null assertion (#​5638)
• dfbbf1c Avoid re-exported star modules (#​5656)
• 762e911 Generalize numeric key handling
• ca3c862 v4.3.6

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.