Update dependency nuxt-og-image to v6 [SECURITY]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
nuxt-og-image (source)	5.1.12 → 6.2.5

GitHub Vulnerability Alerts

CVE-2026-34404

Product: Nuxt OG Image
Version: 6.1.2
CWE-ID: CWE-404: Improper Resource Shutdown or Release
Description: Failure to limit the length and width of the generated image results in a denial of service.
Impact: Denial of service
Exploitation condition: An external user
Mitigation: Implement a limitation on the width and length of the generated image.
Researcher: Dmitry Prokhorov (Positive Technologies)

Research

During the analysis of the nuxt-og-image package, which is shipped with the nuxt-seo package, a zero‑day vulnerability was discovered.
This research revealed that the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a Denial of Service (DoS) vulnerability. The issue arises because there is no restriction on the width and height parameters of the generated image. The vulnerability was reproduced using the standard configuration and the default templates.

Listing 1. The content of the configuration file nuxt.config.ts

export default defineNuxtConfig({
  modules: ['nuxt-og-image'],
  devServer: {
    host: 'web-test.local',
    port: 3000
  },
  site: {
    url: 'http://web-test.local:3000',
  },
  ogImage: {
    fonts: [
      'Inter:400', 
      'Inter:700'
    ],
  }
})

Vulnerability reproduction

To demonstrate the proof‑of‑concept, a request should be sent with the increased width and height parameters. This will cause a delay and exhaust the server’s resources during image generation.

Listing 2. HTTP-request example

GET /_og/d/og.png?width=20000&height=20000 HTTP/1.1
Host: web-test.local:3000

Figure 1. HTTP-response: denial-of-service error

After sending a HTTP-request, the test server's memory was exhausted.

Figure 2. Video memory exhausted error

Credits

Researcher: Dmitry Prokhorov (Positive Technologies)

GHSA-pqhr-mp3f-hrpp

Product: Nuxt OG Image
Version: < 6.2.5
CWE-ID: CWE-918: Server-Side Request Forgery

Description

The image generation endpoint (/_og/d/) accepts user-controlled parameters that are passed to the server-side renderer without proper validation or filtering. An attacker can trigger server-side requests to internal network addresses through multiple vectors.

Impact

• Scanning internal ports and services inaccessible from the outside
• Reading sensitive data from cloud infrastructure metadata services (tokens, credentials) when verbose error output is enabled

Attack Vectors

Three distinct vectors were identified, all exploiting the same underlying lack of URL validation:

Vector 1: CSS background-image injection via style parameter

GET /_og/d/og.png?style=background-image:+url('http://127.0.0.1:8888/secret')

Vector 2: <img src> injection via html parameter

GET /_og/d/og.png?html=<img src="http://127.0.0.1:8888/secret">

When verbose errors are enabled, the response content is leaked in base64-encoded error messages.

Vector 3: SVG <image href> injection via html parameter

GET /_og/d/og.png?html=<svg><image href="http://127.0.0.1:8888/secret"></svg>

Mitigation

Fixed in v6.2.5. The image source plugin now blocks requests to private IP ranges (IPv4/IPv6), loopback addresses, link-local addresses, and cloud metadata endpoints. Decimal/hexadecimal IP encoding bypasses are also handled.

Credits

Researcher: Dmitry Prokhorov (Positive Technologies)

CVE-2026-34405

Product: Nuxt OG Image
Version: 6.1.2
CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation
Description: Incorrect parsing of GET parameters leads to the possibility of HTML injection and JavaScript code injection.
Impact: Client-Side JavaScript Execution
Exploitation condition: An external user
Mitigation: Correct the logic of parsing GET parameters and their subsequent implementation into the generated page.
Researcher: Dmitry Prokhorov (Positive Technologies)

Research

During the analysis of the nuxt-og-image package, which is shipped with the nuxt-seo package, a zero‑day vulnerability was discovered.
This research revealed that the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. The vulnerability was reproduced using the standard configuration and the default templates.

Listing 1. The content of the configuration file nuxt.config.ts

export default defineNuxtConfig({
  modules: ['nuxt-og-image'],
  devServer: {
    host: 'web-test.local',
    port: 3000
  },
  site: {
    url: 'http://web-test.local:3000',
  },
  ogImage: {
    fonts: [
      'Inter:400', 
      'Inter:700'
    ],
  }
})

Vulnerability reproduction

To demonstrate the proof‑of‑concept, follow the URI: /_og/d/og.html?width=1000&height=1000&onmouseover=alert(document.cookie)&autofocus
The injected parameters onmouseover=alert(document.cookie) and autofocus are treated as attributes and are inserted directly into the generated HTML page.

Listing 2. HTTP-request example

GET /_og/d/og.html?width=1000&height=1000&onmouseover=alert(document.cookie) HTTP/1.1
Host: web-test.local:3000

Figure 1. The injected attribute in the HTML body

Figure 2. JavaScript code execution

Credits

Researcher: Dmitry Prokhorov (Positive Technologies)

---

Release Notes

nuxt-modules/og-image (nuxt-og-image)

v6.2.5

Compare Source

   🐞 Bug Fixes

• Hydration-issue warning due to SSR generated DateTime value  -  by @​khatastroffik in #​535 (92d9d)
• Sanitize component props  -  by @​harlan-zw in #​543 (3dcf8)
• Harden security defaults  -  by @​harlan-zw in #​540 (9902a)
• Whitelist component props to prevent cache key DoS  -  by @​harlan-zw in #​544 (bd05a)

    View changes on GitHub

v6.2.4

Compare Source

compare changes

🩹 Fixes

• Hydration-issue warning due to SSR generated DateTime value (#​535)
• Sanitize component props (#​543)
• Harden security defaults (#​540)
• Whitelist component props to prevent cache key DoS (#​544)

🏡 Chore

• Bump deps (a8a65b66)
• Bump deps (bcad7915)
• Artifact (284540a7)
• Sync (e7deb1f7)

❤️ Contributors

• Harlan Wilton (@​harlan-zw)
• Loïs Bégué (@​khatastroffik)

v6.2.3

Compare Source

   🐞 Bug Fixes

• cloudflare: Detect legacy assets mode  -  by @​harlan-zw (7f60a)

   🏎 Performance

• devtools: Drop json-editor-vue  -  by @​harlan-zw (14a58)

    View changes on GitHub

v6.2.2

Compare Source

compare changes

🔥 Performance

• devtools: Drop json-editor-vue (14a585b7)

🩹 Fixes

• cloudflare: Detect legacy assets mode (7f60a480)

🏡 Chore

• Bump deps (362cee2a)

❤️ Contributors

• Harlan Wilton (@​harlan-zw)

v6.2.1

Compare Source

compare changes

🏡 Chore

• Bump deps (caf70605)

❤️ Contributors

• Harlan Wilton (@​harlan-zw)

v6.2.0

Compare Source

compare changes

🩹 Fixes

• Missing compatibility config (4541033c)
• devtools: Broken resolution (57ac2647)

🏡 Chore

• Label devtools layout (ed041041)
• Bump deps (41fa2371)

❤️ Contributors

• Harlan Wilton (@​harlan-zw)

v6.1.2

Compare Source

compare changes

🚀 Enhancements

• content: Add defineOgImageSchema() composable (#​520)

🩹 Fixes

• Update pnpm-lock.yaml (0784c378)
• Broken slash decoding in some cases (6f8ac765)
• client: Resolve layer-devtools path via import.meta.resolve (dd4e0578)
• cloudflare: Resolve fonts via localFetch when ASSETS binding unavailable (#​527)
• B64 encode props with URL-sensitive characters (#​530)
• Resolve CI issues (f3e3045b)
• Use explicit imports mapping for #nuxtseo-shared (08594505)
• Use direct nuxtseo-shared/runtime imports, bump to ^0.3.0 (31b1a991)
• Resolve CI failures in lint, build, typecheck, and tests (47e85d35)
• Use dot-notation for ambiguous CalcTest component in type test (3ba63fef)

💅 Refactors

• Migrate to nuxtseo-shared for shared utilities (f909f014)
• client: Migrate devtools to nuxtseo-shared layer (48c15483)
• Use published nuxtseo-layer-devtools package (74393aa3)
• Remove dead defensive prerender initialization (3b0dae14)
• Use nuxtseo-shared subpath exports, bump to ^0.5.0 (bd50740f)
• Migrate to nuxtseo-shared (#​521)

🏡 Chore

• Sync (1f7cb2c4)
• Sync (ca0fb5b0)
• Update lockfile (162799b7)
• Bump nuxtseo-shared to ^0.2.0 (ecf3d6b0)
• Bump nuxtseo-shared to ^0.4.0, revert runtime to #alias (b368142f)
• Sync (f173a2a7)
• Sync (eb106f60)
• Sync (0f4b0f27)
• Sync (50f5e65e)
• Sync (787a087e)
• Remove unrelated files from PR (5f8ed2f2)
• Examples (73c36536)
• Sync (837a3e66)
• Sync (2d63ada7)

✅ Tests

• Update cloudflare-takumi snapshots after template redesign (66c2a80a)

❤️ Contributors

• Harlan Wilton (@​harlan-zw)

v6.1.1

Compare Source

compare changes

🩹 Fixes

• Auto-detect NuxtHub KV for cache storage (#​517)
• tw4: Use safe module resolution to prevent throws for unresolvable plugins (#​519)

🏡 Chore

• Sync (7019fa01)
• Sync (46d07288)

❤️ Contributors

• Harlan Wilton (@​harlan-zw)

v6.1.0

Compare Source

compare changes

🩹 Fixes

• Add missing option keys to URL encoding and prop separation (#​516)
• Defer x-nitro-prerender header to prevent stale hash URLs during prerender (#​514)
• Base64-encode non-ASCII values in URL path params (#​515)

🏡 Chore

• Lint (26863d01)

❤️ Contributors

• Harlan Wilton (@​harlan-zw)

v6.0.7

Compare Source

compare changes

🚀 Enhancements

• devtools: Add production preview toggle (#​509)
• cli: Add create and switch commands with DX improvements (#​508)
• devtools: Add component creation from empty state (#​510)

🩹 Fixes

• encoding: Avoid pre decoded params to be truncated (#​504)
• fonts: Detect font families from script setup computed properties (#​507)
• devtools: Use actual content width for preview scaling (#​506)
• Recover from v5 defineOgImage syntax (1e882060)

🏡 Chore

• Bump (f9725ffd)
• Lint (9bcb8358)

❤️ Contributors

• Harlan Wilton (@​harlan-zw)
• Baptiste Leproux (@​larbish)

v6.0.6

Compare Source

compare changes

🩹 Fixes

• Broken windows path resolutions (dd1ae90b)

🏡 Chore

• Bump (923c9f83)

❤️ Contributors

• Harlan Wilton (@​harlan-zw)

v6.0.5

Compare Source

compare changes

🩹 Fixes

• Prevent crash when defineOgImage runs client-side during layout transitions (#​502)
• takumi: Use real font family names for correct font-weight matching (#​503)

🏡 Chore

• Bump deps (06f54419)

❤️ Contributors

• Harlan Wilton (@​harlan-zw)

v6.0.4

Compare Source

compare changes

🏡 Chore

• Broken mock still (1f93bf7f)

❤️ Contributors

• Harlan Wilton (@​harlan-zw)

v6.0.3

Compare Source

compare changes

🩹 Fixes

• Don't mock null bindings (c46560be)

🏡 Chore

• Bump (47f57f51)

❤️ Contributors

• Harlan Wilton harlan@harlanzw.com

v6.0.2

Compare Source

   🐞 Bug Fixes

• migration:
  • Broken warning  -  by @​harlan-zw (d87d8)
• satori:
  • Better css var matching  -  by @​harlan-zw (251f1)
  • Infer SVG dimensions from parent  -  by @​harlan-zw (94ef0)
• takumi:
  • Broken font weight matching  -  by @​harlan-zw (3f0c5)
  • Html -> nodes attr ordering  -  by @​harlan-zw (35ea6)

    View changes on GitHub

v6.0.1

Compare Source

   🐞 Bug Fixes

• Support node cluster  -  by @​harlan-zw (e5c25)
• migration: defineOgImage({ url }) -> useSeoMeta  -  by @​harlan-zw in #​496 (2e762)

    View changes on GitHub

v6.0.0

Compare Source

Nuxt OG Image v6 is the next major release.

Nuxt OG Image v6 brings a complete overhaul focused on performance, modern tooling, and developer experience.

📣 Highlights

• 🚀 Takumi - Takumi is now the recommended renderer, offering 2-10x faster image generation with the same feature set as Satori
• 🎨 First-class CSS support - Tailwind v4, UnoCSS, CSS variables, and Nuxt UI v3 colors all just work out of the box
• 🖥️ Redesigned DevTools - improved OG image debugging experience with better previews, accessibility, and Bluesky social card support

📖 Migration Guide

Full migration guide: https://nuxtseo.com/og-image/migration-guide/v6

Quick Migration

npx nuxt-og-image migrate v6

Notable Changes

🚀 Takumi Renderer (Recommended)

Takumi is a Rust-based renderer that directly rasterizes to PNG/JPEG/WebP - no SVG intermediate step. It's 2-10x faster than Satori+Resvg.

See PR #​414.

Takumi and Satori are feature-compatible within Nuxt OG Image - both support Tailwind CSS, custom fonts, emoji, edge runtimes, and all the same template features. The difference is speed: Takumi is always faster thanks to its Rust-based direct rasterization.

Use Takumi by creating components with the .takumi.vue suffix:

components/OgImage/MyTemplate.takumi.vue

See the Takumi docs for the full feature list.

🎨 First-Class CSS Support

Nuxt OG Image now has first-class support for multiple CSS approaches - not just Tailwind. All of these work out of the box with zero configuration:

See PR #​430.

• Tailwind v4 - build-time class extraction with Tailwind's CSS engine, @theme values just work
• UnoCSS - full UnoCSS support
• CSS Variables - use your app's CSS custom properties directly in OG image templates
• Nuxt UI v3 - semantic colors (primary, secondary, etc.) are automatically resolved

No configuration needed.

🖥️ Redesigned DevTools

The OG image DevTools have been completely overhauled:

• Better image preview and debugging
• More accessible interface
• Improved error reporting and diagnostics
• Bluesky social card support

⚡ Install Renderer Dependencies

Renderer dependencies are no longer bundled. Install what you need based on your renderer and runtime.

See PR #​415.

Takumi (recommended):

npm i @​takumi-rs/core # Node.js
npm i @​takumi-rs/wasm # Edge runtimes

Satori:

npm i satori @​resvg/resvg-js # Node.js
npm i satori @​resvg/resvg-wasm # Edge runtimes

Browser:

npm i playwright-core

Running nuxi dev will prompt you to install missing dependencies automatically.

🖼️ Multiple OG Images Per Page

Define multiple images with different dimensions for different platforms. Shared props are passed once and applied to all variants.

See PR #​305.

Shared Props with Variants (Recommended)

Pass shared props as the second argument and size variants as the third — no prop duplication needed:

defineOgImage('NuxtSeo', { title: 'My Page' }, [
  { key: 'og' }, // Default 1200x600 for Twitter/Facebook
  { key: 'whatsapp', width: 800, height: 800 }, // Square for WhatsApp
])

Per-variant props override shared props when needed:

defineOgImage('NuxtSeo', { title: 'My Page', description: 'Full description' }, [
  { key: 'og' },
  { key: 'whatsapp', width: 800, height: 800, props: { description: 'Short' } },
])

Array Syntax

Alternatively, pass all options inline per variant:

defineOgImage('NuxtSeo', [
  { props: { title: 'My Page' } },
  { props: { title: 'My Page' }, key: 'whatsapp', width: 800, height: 800 },
])

🔤 @​nuxt/fonts Integration

Custom fonts now use @​nuxt/fonts instead of the legacy ogImage.fonts config.

See PR #​432.

export default defineNuxtConfig({
  modules: ['@​nuxt/fonts', 'nuxt-og-image'],
  fonts: {
    families: [
      { name: 'Inter', weights: [400, 700], global: true }
    ]
  }
})

The global: true option is required for fonts to be available in OG Image rendering.

📦 Component Renderer Suffix

OG Image components now require a renderer suffix in their filename. This enables automatic renderer detection, multiple renderer variants, and tree-shaking.

See PR #​433.

# Before
components/OgImage/MyTemplate.vue

# After
components/OgImage/MyTemplate.takumi.vue # Recommended
components/OgImage/MyTemplate.satori.vue

Run the migration CLI to rename automatically:

npx nuxt-og-image migrate v6

🏷️ Community Templates Must Be Ejected

Community templates (NuxtSeo, SimpleBlog, etc.) are no longer bundled in production. Eject them to your project before building.

See PR #​426.

npx nuxt-og-image eject NuxtSeo

Templates continue to work in development without ejecting.

🔗 New URL Structure

OG Image URLs now use a Cloudinary-style format with options encoded in the path. This enables better CDN caching since identical options produce identical URLs.

See PR #​305.

v5	v6
/__og-image__/image/	/_og/d/
/__og-image__/static/	/_og/s/

   🚨 Breaking Changes

• Tech debt cleanup for v6  -  by @​harlan-zw and Claude Opus 4.5 in #​410 (598f3)
• Multiple og images, reworked paths  -  by @​harlan-zw and Claude Opus 4.5 in #​305 (c9058)
• Require explicit provider dependencies  -  by @​harlan-zw and Claude Opus 4.5 in #​415 (94eae)
• Require ejecting community templates  -  by @​harlan-zw in #​426 (22cbd)
• Ignore query params in cache key by default  -  by @​harlan-zw in #​427 (407a4)
• Require component suffix for renderer target  -  by @​harlan-zw and Copilot Autofix powered by AI in #​433 (357e3)
• Native tailwind v4 support  -  by @​harlan-zw in #​430 (0e046)
• Nuxt/fonts integration  -  by @​harlan-zw and Claude Opus 4.5 in #​432 (c64fd)
• Rename chromium renderer to browser, add cloudflare support  -  by @​harlan-zw in #​461 (55594)
• Drop component support  -  by @​harlan-zw (d0d2f)
• Drop css-inline support  -  by @​harlan-zw (0936a)
• takumi: Revert back to default DPI 1  -  by @​harlan-zw (d60e2)

   🚀 Features

• Add Takumi renderer support  -  by @​harlan-zw and Claude Opus 4.5 (f1d1f)
• Add linkedom as explicit dependency for takumi renderer  -  by @​harlan-zw (0b9f8)
• CI build cache  -  by @​harlan-zw and Claude Opus 4.5 in #​413 (51f23)
• Add Takumi renderer support  -  by @​harlan-zw and Claude Opus 4.5 in #​414 (7a347)
• Local emoji sources  -  by @​harlan-zw and Claude Opus 4.5 (611d0)
• Local emoji sources  -  by @​harlan-zw and Claude Opus 4.5 in #​420 (c3db6)
• New templates  -  by @​harlan-zw in #​409 (43436)
• Add UnoCSS provider for OG image class resolution  -  by @​harlan-zw in #​442 (c5a14)
• Rework component resolution for multi-renderer support  -  by @​harlan-zw in #​450 (cde40)
• Per-component font loading and optimized font/renderer bundling  -  by @​harlan-zw in #​454 (dbee0)
• Optional @​nuxt/fonts with bundled Inter fallback  -  by @​harlan-zw in #​455 (7ad13)
• Refactor font system with multi-font family support  -  by @​harlan-zw in #​466 (81f05)
• Community template dark/light mode support  -  by @​harlan-zw (c8ee9)
• Support nested vue components  -  by @​harlan-zw (f9be0)
• Runtime unicode-range font filtering  -  by @​harlan-zw (a8c02)
• devtools: Major polishing  -  by @​harlan-zw (f1273)
• takumi: Community templates  -  by @​harlan-zw (527f4)

   🐞 Bug Fixes

• Resolve typecheck errors for takumi renderer  -  by @​harlan-zw and Claude Opus 4.5 (2cb46)
• Remove invalid eslint-disable comments  -  by @​harlan-zw (9be7b)
• Remove unused ts-expect-error directive  -  by @​harlan-zw and Claude Opus 4.5 (23efb)
• Light-weight emoji resolves  -  by @​harlan-zw (bbeee)
• Flakey images  -  by @​harlan-zw in #​421 (05f43)
• Warn when using route rule wildcards  -  by @​harlan-zw (1d142)
• Force social platform cache invalidation between builds  -  by @​harlan-zw in #​423 (16ed4)
• Dynamic runtime cache storage  -  by @​harlan-zw in #​425 (10886)
• Support error.vue navigation  -  by @​harlan-zw (d22ed)
• Support local fonts with zeroRuntime mode  -  by @​harlan-zw (7afb1)
• Support local fonts with zeroRuntime mode  -  by @​harlan-zw in #​428 (97fb4)
• Avoid crashing main thread with resvg errors  -  by @​harlan-zw (7b5b1)
• Always fallback to emoji fetching in edge runtimes  -  by @​harlan-zw in #​429 (4ccd2)
• Exclude default options from URLs  -  by @​harlan-zw in #​431 (09d24)
• Auto-eject components in dev  -  by @​harlan-zw (265ca)
• Improved HMR  -  by @​harlan-zw (055ea)
• Require nuxt/fonts v0.13  -  by @​harlan-zw (ff3bb)
• False detection of OgImageScreenshot.ts  -  by @​harlan-zw (4191d)
• Unref computed props in defineOgImage to prevent crash  -  by @​harlan-zw (6a4d7)
• Nicer migration warnings  -  by @​harlan-zw (e87dd)
• Edge detection for migration wizard  -  by @​harlan-zw (fd94e)
• Safer components check  -  by @​harlan-zw (a7658)
• Broken font cache for subsets  -  by @​harlan-zw (c07a7)
• Selective font subsets  -  by @​harlan-zw in #​445 (b1f4a)
• Allow disabling emoji support and remove 24MB bundle  -  by @​harlan-zw in #​444 (caaf8)
• Convert WOFF2 fonts to TTF for Satori compatibility  -  by @​harlan-zw in #​449 (0d68b)
• Filter fonts before WOFF2 conversion and use programmatic wawoff2  -  by @​harlan-zw in #​451 (ac3d1)
• Resolve dependencies up front  -  by @​harlan-zw in #​456 (1194b)
• Broken font resolution for woff2-only subsets and dev mode  -  by @​harlan-zw in #​458 (ef72b)
• Avoid encoded urls at runtime  -  by @​harlan-zw in #​459 (696d9)
• Path resolving bug  -  by @​harlan-zw (34976)
• Broken dev tools  -  by @​harlan-zw in #​460 (31979)
• Gracefully handle older nuxt/font versions  -  by @​harlan-zw (b14ae)
• Broken layer support  -  by @​harlan-zw in #​463 (3ad2f)
• Remove z-index from community templates  -  by @​harlan-zw (02369)
• Avoid prompting user on renderer if deps are installed  -  by @​harlan-zw (67dc8)
• Broken @​font-face for HTML preview  -  by @​harlan-zw (e4878)
• Compat check broken  -  by @​harlan-zw (057df)
• Strip !important  -  by @​harlan-zw (b5684)
• Warn when using unsupported font weight  -  by @​harlan-zw (c70c8)
• Warn when using unsupported font weight  -  by @​harlan-zw in #​467 (1d368)
• Misc style issues  -  by @​harlan-zw in #​468 (86068)
• Resolve fonts from @​theme when other fonts already exist  -  by @​harlan-zw in #​471 (cfcf4)
• HMR for OG image template components in DevTools  -  by @​harlan-zw in #​473 (15eec)
• Don't validate on nuxt prepare  -  by @​harlan-zw (76a85)
• Don't include empty props={} in URLs  -  by @​harlan-zw (7caa4)
• Map custom font names i.e font-display -> font file  -  by @​harlan-zw (3d4a5)
• Ensure correct template renders when using multiple OG image templates  -  by @​harlan-zw in #​470 (2e816)
• Tighten component name resolution to prevent false matches  -  by @​harlan-zw in #​469 (b4668)
• Broken reactive types on defineOgImage() props  -  by @​harlan-zw (4df12)
• Run nuxt prepare once migration is finished  -  by @​harlan-zw (e9aa0)
• Broken unocss parser  -  by @​harlan-zw (f88f8)
• Drop getNitroOrigin() fetch  -  by @​harlan-zw (6c3b0)
• Broken nuxt/font hints  -  by @​harlan-zw (d6db9)
• Prerender images all using the same key  -  by @​harlan-zw (40b43)
• Dev environment edge cases  -  by @​harlan-zw (56ad2)
• Font edge cases  -  by @​harlan-zw (e7aef)
• Drop jiti app.config.ts load  -  by @​harlan-zw (f1634)
• Prefer native mjs loading for app.config  -  by @​harlan-zw (8a02b)
• Font loading regression when fontRequirements.families excludes @​nuxt/fonts families  -  by @​harlan-zw (6c83b)
• Stripe gradient color interpolation  -  by @​harlan-zw (f4ddd)
• Quiter font warnings  -  by @​harlan-zw (e71ca)
• No font weight warnings from community templates  -  by @​harlan-zw (db043)
• No font warnings from community templates  -  by @​harlan-zw (541e1)
• Process <style> blocks  -  by @​harlan-zw (64d59)
• Circular dependency type issue  -  by @​harlan-zw (88054)
• On-demand font resolutions  -  by @​harlan-zw (6b505)
• Detect svg images properly  -  by @​harlan-zw (64e2a)
• Ensure root node fits container  -  by @​harlan-zw (bdde7)
• Font stability  -  by @​harlan-zw (b7735)
• Css stability  -  by @​harlan-zw (acb75)
• Tw v4.1 compat  -  by @​harlan-zw (a883f)
• Broken local fonts at runtime  -  by @​harlan-zw (c2a0b)
• Transform imported components  -  by @​harlan-zw (ad590)
• Nested component HMR  -  by @​harlan-zw (19bf8)
• Font issues  -  by @​harlan-zw (163c5)
• Font tree shaking  -  by @​harlan-zw in #​482 (a57c3)
• Quiter font warnings  -  by @​harlan-zw (c84be)
• Runtime unicode-range font filtering  -  by @​harlan-zw in #​483 (6c00c)
• Re-export getOgImagePath as deprecated  -  by @​harlan-zw (00497)
• Skip community components from font warnings  -  by @​harlan-zw (b3367)
• Support Devanagari and non-Latin fonts in Takumi renderer  -  by @​harlan-zw in #​485 (b7356)
• Simplify loadNuxtUiColors to use app:resolve hook  -  by @​harlan-zw in #​486 (682b5)
• Avoid trying to bundle mac native fonts from fallbacks  -  by @​harlan-zw (a5333)
• Improved font debugging  -  by @​harlan-zw (fdb7a)
• Avoid nitro r

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying launchpad with    Cloudflare Pages

Latest commit:	63a8768
Status:	🚫  Build failed.

View logs