chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@antfu/eslint-config	^7.7.2 → ^7.7.3			pnpm.catalog.dev	patch
@commitlint/cli (source)	^20.5.0 → ^20.5.3			pnpm.catalog.dev	patch
@commitlint/config-conventional (source)	^20.5.0 → ^20.5.3			pnpm.catalog.dev	patch
@iconify-json/lucide	^1.2.98 → ^1.2.106			pnpm.catalog.dev	patch
@iconify-json/simple-icons	^1.2.74 → ^1.2.81			pnpm.catalog.dev	patch
@nuxt/devtools (source)	^3.2.3 → ^3.2.4			pnpm.catalog.dev	patch
@nuxt/ui (source)	^4.5.1 → ^4.7.1			pnpm.catalog.integrations	minor
@nuxtjs/i18n (source)	^10.2.3 → ^10.3.0			pnpm.catalog.dev	minor
@playwright/test (source)	^1.58.2 → ^1.59.1			pnpm.catalog.test	minor
@types/node (source)	^25.5.0 → ^25.6.2			pnpm.catalog.types	minor
@vitest/browser-playwright (source)	^4.1.0 → ^4.1.5			pnpm.catalog.test	patch
@vitest/coverage-v8 (source)	^4.1.0 → ^4.1.5			pnpm.catalog.test	patch
@vueuse/core (source)	^14.2.1 → ^14.3.0			pnpm.catalog.integrations	minor
@vueuse/nuxt (source)	^14.2.1 → ^14.3.0			pnpm.catalog.integrations	minor
bumpp	^11.0.1 → ^11.1.0			pnpm.catalog.dev	minor
libphonenumber-js	^1.12.40 → ^1.13.0			pnpm.catalog.integrations	minor
node (source)	>=24.14.0 → >=24.15.0			engines	minor
node	24-alpine → 24.15.0-alpine			final	minor
nuxt (source)	^4.4.2 → ^4.4.4			pnpm.catalog.dev	patch
playwright (source)	^1.58.2 → ^1.59.1			pnpm.catalog.test	minor
pnpm (source)	10.32.1 → 10.33.4			packageManager	minor
pnpm (source)	>=10.32.1 → >=10.33.4			engines	minor
vitest (source)	^4.1.0 → ^4.1.5			pnpm.catalog.test	patch
vue-tsc (source)	^3.2.5 → ^3.2.8			pnpm.catalog.dev	patch
zod (source)	^4.3.6 → ^4.4.3			pnpm.catalog.integrations	minor

---

Release Notes

antfu/eslint-config (@​antfu/eslint-config)

v7.7.3

Compare Source

   🐞 Bug Fixes

• Disable some e18e rules  -  by @​antfu (7edec)

    View changes on GitHub

conventional-changelog/commitlint (@​commitlint/cli)

v20.5.3

Compare Source

Note: Version bump only for package @​commitlint/cli

v20.5.2

Compare Source

Note: Version bump only for package @​commitlint/cli

conventional-changelog/commitlint (@​commitlint/config-conventional)

v20.5.3

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

nuxt/devtools (@​nuxt/devtools)

v3.2.4

Compare Source

   🚀 Features

• Use ua-parser-modern  -  by @​antfu (114aa)

   🐞 Bug Fixes

• Nuxt devtools inspector style  -  by @​antfu (91f09)

    View changes on GitHub

nuxt/ui (@​nuxt/ui)

v4.7.1

Compare Source

Bug Fixes

• ChatMessage: make actions slot accessible on touch devices (f5a3349)
• Drawer: handle RTL mode (#​6396) (2e3fed2)
• Link: prevent double-prefixing with @nuxtjs/i18n auto-localization (#​6404) (dde09d0)
• ProseImg: close zoom overlay on Escape key (e3cdbc5)
• ProsePrompt: improve responsive (0a5b433)

v4.7.0

Compare Source

Features

• AuthForm: add separator slot (#​6305) (81c7ddb)
• Card: add title and description props (3cf7d75), closes #​6001
• CommandPalette: add group-label slot (#​6329) (7fc773c)
• CommandPalette: add searchDelay prop (7d2af05)
• EditorSuggestionMenu: expose suggestion matching options (#​6234) (4427824)
• Link: auto-localize internal links when @nuxtjs/i18n is installed (#​5537) (92cfda0)
• Listbox: new component (#​6307) (00c1651)
• ProsePrompt: new component (#​6362) (2451ac6)
• Table: support sticky header/footer in virtualized mode (#​6217) (15d32ce)
• Textarea: expose autoResize method (#​6120) (9c5c0df)

Bug Fixes

• Accordion/Tabs: use item value as stable key to avoid remounts (#​6380) (3cee610)
• Avatar: remove leading-none from fallback (#​6383) (77ce09a)
• ChatMessage/ChatMessages: preserve generic message type in slot scope (#​6391) (20f66db)
• ChatMessages: prevent layout shift caused by indicator during streaming (#​6297) (b7160e2)
• ChatMessages: use MutationObserver for auto-scroll during streaming (#​6357) (47bf3cb)
• ChatPromptSubmit: ignore disabled prop when status is not ready (600a2ca)
• components: resolve defaultVariants in template logic (#​6361) (75b37d0)
• ContentSearch/DashboardSearch: pick shared props from CommandPalette (cdcf2e5)
• ContentSearch: speed up navigation mapping (0faf2c2)
• ContentToc: use links for scrollspy instead of hardcoded h2/h3 (#​6282) (6aba2ea)
• FieldGroup: prevent context from leaking into portals (#​6313) (5155e27)
• FileUpload: use form field color and highlight instead of raw props (bb5a9ed)
• Header/DashboardSidebar/Sidebar: allow auto focus in menu for proper focus trapping (#​6266) (9b91ee4)
• InputDate/InputTime: increase segments width (#​6339) (4ebdb2f)
• InputTags: add missing field group variant (#​6326) (aae5378)
• Link: ensure single-root rendering for v-show and $el resolution (#​6310) (2c4ff35)
• Modal/Slideover: drop empty header wrapper when empty (#​6381) (1082960)
• module: use relative tagPriority for inline style tags (#​6299) (ae693d0)
• PricingTable: align header elements vertically (#​6111) (0daacb0)
• PricingTable: handle RTL mode (#​6382) (ab203db)
• ProseCodeCollapse: match background on overscroll (28c89fe)
• ProseImg: respect markdown width attribute (#​6350) (d4e4ea1)
• ProsePre: get code from DOM if code prop is missing (#​6333) (b808ce4)
• Select: support item-aligned position mode (#​6358) (255807a)

v4.6.1

Compare Source

Bug Fixes

• ai: use part.state for streaming detection and deprecate isReasoningStreaming (d2d7543)
• ChatMessage: hide files slot when no file parts exist (9cddc8e)
• ChatMessages: keep indicator visible until first content arrives (195cce8)
• ChatMessages: reset scroll icon when messages are cleared (#​6239) (4ba3eef)
• ChatPrompt: guard enter during composition (#​6280) (a911ca8)
• DashboardSidebar: always pass collapsed: false in mobile menu slots (957a0f5), closes #​6157
• Modal/Slideover/Drawer: suppress reka ui title and description warnings (3451b8d), closes #​6240
• module: inline defaultVariants and prefix in dev template (314e23b)
• module: transpile reka-ui to prevent injection errors (#​6286) (b822c43)

v4.6.0

Compare Source

⚠ BREAKING CHANGES

• module: use moduleDependencies to manipulate options (#​5384)

Features

• add standalone Vue REPL playground (#​6209) (390c4bd)
• ChatMessage: add files slot (12d6020)
• ChatReasoning: new component (#​6175) (6db594e)
• ChatShimmer: new component (#​6171) (8db9c54)
• ChatTool: new component (#​6176) (7849534)
• Checkbox/Switch: add support for trueValue / falseValue props (#​6150) (91c6356)
• ContentToc: add highlight-variant prop (#​5746) (df080ce)
• DropdownMenu: add filter prop (#​6153) (a529b43)
• FileUpload: add fileImage prop (#​5935) (40f9c2e)
• Icon: add global options on Vue-only side (#​5354) (566fbee)
• InputMenu: add autocomplete prop (#​6026) (ee8a248)
• InputTime: add range prop (#​6203) (c124f29)
• locale: add Icelandic language (#​6149) (f3ddc60)
• module: use moduleDependencies to manipulate options (#​5384) (dd3f5c5)
• Sidebar: new component (#​6038) (51a1f85)
• Table: implement row pinning (#​6115) (fbd60d9)
• Tooltip: support global content configuration via App tooltip prop (#​6152) (83afd9c)
• unplugin: add support for prose components (#​6198) (c58b9b2)

Bug Fixes

• Avatar: use resolved size for image width/height (#​6008) (6dd0fc4)
• ChatShimmer: handle RTL mode (#​6180) (51793a8)
• ContentNavigation: prevent toggling disabled parent items (#​6122) (0f1074f)
• ContentSurround: handle RTL mode (#​6148) (6921f13)
• ContentToc: reset start margin at lg breakpoint (8f24f79)
• DashboardSearchButton: use valid HTML structure for trailing slot (#​6194) (578a12f)
• Editor: guard lift calls for unavailable list extensions (#​6100) (065db6b)
• Error: support status and statusText properties (1350d62), closes #​6134
• FileUpload: make multiple, accept and reset options reactive (#​6204) (ae093df)
• Modal/Slideover/Popover/Drawer: prevent double close:prevent emit (#​6226) (9a0d501)
• module: only auto-import public composables and allow Vite opt-out (#​6197) (886f5fb)
• NavigationMenu: improve RTL support for viewport and indicator (#​6164) (755867b)
• NavigationMenu: propagate disabled state to item in vertical orientation (6d4d651)
• ProsePre: move shiki line highlight styles to theme (d663950)

nuxt-modules/i18n (@​nuxtjs/i18n)

v10.3.0

Compare Source

This changelog is generated by GitHub Releases

   🚀 Features

• Experimental regex routes  -  by @​BobbieGoede in #​3957 (07a9b)

   🐞 Bug Fixes

• Disable experimental.compactRoutes by default  -  by @​BobbieGoede (02e2a)
• Incorrect route group server redirection during ssg  -  by @​BobbieGoede in #​3965 (ce7f7)
• Stable locale message endpoint hash  -  by @​BobbieGoede in #​3966 (84525)

    View changes on GitHub

v10.2.4

Compare Source

This changelog is generated by GitHub Releases

   🐞 Bug Fixes

• Do not import from nuxt/schema  -  by @​danielroe in #​3925 (f57bb)
• Respect trailingSlash on root  -  by @​divine in #​3920 (9e504)
• Move typescript to dev dependencies  -  by @​BobbieGoede in #​3939 (3b0ad)
• Add warning for missing domains when multiDomainLocales is enabled  -  by @​DotwoodMedia in #​3938 (d9a1a)
• types: Allow mixing string and objects for locale file configuration  -  by @​richex-cn in #​3933 (b63d0)

    View changes on GitHub

microsoft/playwright (@​playwright/test)

v1.59.1

Compare Source

v1.59.0

Compare Source

vitest-dev/vitest (@​vitest/browser-playwright)

v4.1.5

Compare Source

   🚀 Experimental Features

• coverage: Istanbul to support instrumenter option  -  by @​BartWaardenburg and @​AriPerkkio in #​10119 (0e0ff)

   🐞 Bug Fixes

• --project negation excludes browser instances  -  by @​felamaslen in #​10131 (9423d)
• Project color label on html reporter  -  by @​hi-ogawa in #​10142 (596f7)
• Fix vi.defineHelper called as object method  -  by @​hi-ogawa in #​10163 (122c2)
• Alias agent reporter to minimal  -  by @​sheremet-va in #​10157 (663b9)
• Respect diff config options in soft assertions  -  by @​Copilot, sheremet-va and @​sheremet-va in #​8696 (9787d)
• Respect diff config options in soft assertions "  -  by @​sheremet-va in #​8696 (7dc6d)
• ast-collect: Recognize _vi_import prefix in static test discovery  -  by @​Yejneshwar in #​10129 (32546)
• coverage: Descriptive error message when reports directory is removed during test run  -  by @​DaveT1991 and @​AriPerkkio in #​10117 (14133)
• snapshot: Increase default snapshot max output length  -  by @​hi-ogawa and Codex in #​10150 (21e66)
• ui: Fix jsx/tsx syntax highlight  -  by @​hi-ogawa in #​10152 (f1b1f)
• web-worker: Support MessagePort objects referenced inside postMessage data  -  by @​whitphx and Claude Opus 4.6 (1M context) in #​9927 and #​10124 (7ad7d)
• api: Make test-specification options writable  -  by @​sheremet-va in #​10154 (6abd5)

    View changes on GitHub

v4.1.4

Compare Source

   🚀 Experimental Features

• coverage:
  • Default to text reporter skipFull if agent detected  -  by @​hi-ogawa in #​10018 (53757)
• experimental:
  • Expose assertion as a public field  -  by @​sheremet-va in #​10095 (a120e)
  • Support aria snapshot  -  by @​hi-ogawa, Claude Opus 4.6 (1M context), @​AriPerkkio, Codex and @​sheremet-va in #​9668 (d4fbb)
• reporter:
  • Add filterMeta option to json reporter  -  by @​nami8824 and @​sheremet-va in #​10078 (b77de)

   🐞 Bug Fixes

• Use "black" foreground for labeled terminal message to ensure contrast  -  by @​hi-ogawa in #​10076 (203f0)
• Make expect(..., message) consistent as error message prefix  -  by @​hi-ogawa and Codex in #​10068 (a1b5f)
• Do not hoist imports whose names match class properties .  -  by @​SunsetFi in #​10093 and #​10094 (0fc4b)
• browser: Spread user server options into browser Vite server in project  -  by @​GoldStrikeArch in #​10049 (65c9d)

    View changes on GitHub

v4.1.3

Compare Source

   🚀 Experimental Features

• Add experimental.preParse flag  -  by @​sheremet-va in #​10070 (78273)
• Support browser.locators.exact option  -  by @​sheremet-va in #​10013 (48799)
• Add TestAttachment.bodyEncoding  -  by @​hi-ogawa in #​9969 (89ca0)
• Support custom snapshot matcher  -  by @​hi-ogawa, Claude Sonnet 4.6 and Codex in #​9973 (59b0e)

   🐞 Bug Fixes

• Advance fake timers with expect.poll interval  -  by @​hi-ogawa and Claude Sonnet 4.6 in #​10022 (3f5bf)
• Add @vitest/coverage-v8 and @vitest/coverage-istanbul as optional dependency  -  by @​alan-agius4 in #​10025 (146d4)
• Fix defineHelper for webkit async stack trace + update playwright 1.59.0  -  by @​hi-ogawa in #​10036 (5a5fa)
• Fix suite hook throwing errors for unused auto test-scoped fixture  -  by @​hi-ogawa and Claude Sonnet 4.6 in #​10035 (39865)
• expect:
  • Remove JestExtendError.context from verbose error reporting  -  by @​hi-ogawa in #​9983 (66751)
  • Don't leak "runner" types  -  by @​sheremet-va in #​10004 (ec204)
• snapshot:
  • Fix flagging obsolete snapshots for snapshot properties mismatch  -  by @​hi-ogawa and Claude Sonnet 4.6 in #​9986 (6b869)
  • Export custom snapshot matcher helper from vitest  -  by @​hi-ogawa and Codex in #​10042 (691d3)
• ui:
  • Don't leak vite types  -  by @​sheremet-va in #​10005 (fdff1)
• vm:
  • Fix external module resolve error with deps optimizer query  -  by @​hi-ogawa and Claude Sonnet 4.6 in #​10024 (9dbf4)

    View changes on GitHub

v4.1.2

Compare Source

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (#​9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in #​9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in #​9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in #​9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in #​9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in #​9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in #​9851 (6f97b)

    View changes on GitHub

v4.1.1

Compare Source

   🚀 Features

• experimental:
  • Expose matchesTags to test if the current filter matches tags  -  by @​sheremet-va in #​9913 (eec53)
  • Introduce experimental.vcsProvider  -  by @​sheremet-va in #​9928 (56115)

   🐞 Bug Fixes

• Mark TestProject.testFilesList internal properly  -  by @​sapphi-red in #​9867 (54f26)
• Detect fixture that returns without calling use  -  by @​oilater in #​9831 and #​9861 (633ae)
• Drop vite 8.beta support  -  by @​AriPerkkio in #​9862 (b78f5)
• Type regression in vi.mocked() static class methods  -  by @​purepear and @​hi-ogawa in #​9857 (90926)
• Properly re-evaluate actual modules of mocked external  -  by @​hi-ogawa in #​9898 (ae5ec)
• Preserve coverage report when html reporter overlaps  -  by @​hi-ogawa in #​9889 (2d81a)
• Provide vi.advanceTimers to the preview provider  -  by @​sheremet-va in #​9891 (1bc3e)
• Don't leak event listener in playwright provider  -  by @​sheremet-va in #​9910 (d9355)
• Open browser in --standalone mode without running tests  -  by @​sheremet-va in #​9911 (e78ad)
• Guard disposable and optional body  -  by @​sheremet-va in #​9912 (6fdb2)
• Resolve retry.condition RegExp serialization issue  -  by @​nstepien and @​hi-ogawa in #​9942 (7b605)
• collect:
  • Don't treat extra props on test return as tests  -  by @​sheremet-va in #​9871 (141e7)
• coverage:
  • Simplify provider types  -  by @​AriPerkkio in #​9931 (aaf9f)
  • Load built-in provider without module runner  -  by @​AriPerkkio in #​9939 (bf892)
• expect:
  • Soft assertions continue after .resolves/.rejects promise errors  -  by @​mixelburg, Maks Pikov, Claude Opus 4.6 (1M context) and @​hi-ogawa in #​9843 (6d74b)
  • Fix sinon-chai style API  -  by @​hi-ogawa in #​9943 (0f08d)
• pretty-format:
  • Limit output for large object  -  by @​hi-ogawa and Claude Opus 4.6 (1M context) in #​9949 (0d5f9)

    View changes on GitHub

vueuse/vueuse (@​vueuse/core)

v14.3.0

Compare Source

   🚀 Features

• Expose pointer event onLongPress  -  by @​mrcwbr in #​5295 (b1688)
• createInjectionState: Non-undefined return when default specified  -  by @​Laupetin in #​5306 (b0c51)
• createReusableTemplate: Add support for specifying component names  -  by @​wbolster in #​5300 (ea29d)
• nuxt: Add composable variants to auto imports  -  by @​OrbisK in #​5285 (ac2ef)
• useElementVisibility: Add controls option  -  by @​kricsleo in #​5191 [(0cb03)</samp

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "after 2am and before 3am"
• Automerge
  • "after 1am and before 2am"

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

No dependency changes detected. Learn more about Socket for GitHub.

👍 No dependency changes detected in pull request

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 7 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 28, reused 0, downloaded 0, added 0
Progress: resolved 33, reused 0, downloaded 0, added 0
Progress: resolved 36, reused 0, downloaded 0, added 0
Progress: resolved 181, reused 0, downloaded 0, added 0
Progress: resolved 252, reused 0, downloaded 0, added 0
Progress: resolved 406, reused 0, downloaded 0, added 0
Progress: resolved 657, reused 0, downloaded 0, added 0
Progress: resolved 722, reused 0, downloaded 0, added 0
Progress: resolved 741, reused 0, downloaded 0, added 0
Progress: resolved 778, reused 0, downloaded 0, added 0
Progress: resolved 819, reused 0, downloaded 0, added 0
Progress: resolved 856, reused 0, downloaded 0, added 0
Progress: resolved 871, reused 0, downloaded 0, added 0
/tmp/renovate/repos/github/nextorders/food/apps/essence:
 ERR_PNPM_TRUST_DOWNGRADE  High-risk trust downgrade for "chokidar@4.0.3" (possible package takeover)

This error happened while installing the dependencies of nuxt@4.4.4
 at @nuxt/vite-builder@4.4.4
 at vite-plugin-checker@0.13.0

Trust checks are based solely on publish date, not semver. A package cannot be installed if any earlier-published version had stronger trust evidence. Earlier versions had provenance attestation, but this version has no trust evidence. A trust downgrade may indicate a supply chain incident.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud