security: raise Nuxt to ~3.16.0 for patched releases

Pins nuxt and @nuxt/kit to the 3.16 line (resolves to 3.16.2) so installs
include the cache-poisoning DoS fix (GHSA-jvhm-gjrh-3h93) and updated
devtools transitive dependencies (e.g. simple-git GHSA-r275-fr43-pm7q).

Uses ~3.16.0 instead of ^3.16.0 to avoid unintentionally jumping to Nuxt
3.17+ during this security pass.

Made-with: Cursor

Author: thomasrockhu-codecov

examples/nuxt/package.json

@@ -9,7 +9,7 @@
     "preview": "nuxt preview"
   },
   "dependencies": {
-    "nuxt": "^3.14.1592",
+    "nuxt": "~3.16.0",
     "vue": "^3.5.13",
     "vue-router": "^4.5.0"
   },

integration-tests/package.json

@@ -50,7 +50,7 @@
     "@types/node": "^20.11.15",
     "bun": "^1.1.4",
     "isbot": "^4.1.0",
-    "nuxt": "3.14.1592",
+    "nuxt": "~3.16.0",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
     "rollupV3": "npm:rollup@3.29.5",

integration-tests/test-apps/nuxt/package.json

@@ -9,7 +9,7 @@
     "preview": "nuxt preview"
   },
   "dependencies": {
-    "nuxt": "^3.14.1592",
+    "nuxt": "~3.16.0",
     "vue": "^3.5.13",
     "vue-router": "^4.5.0"
   },

packages/nuxt-plugin/package.json

@@ -47,7 +47,7 @@
   "dependencies": {
     "@codecov/bundler-plugin-core": "workspace:^",
     "@codecov/vite-plugin": "workspace:^",
-    "@nuxt/kit": "3.14.159",
+    "@nuxt/kit": "~3.16.0",
     "unplugin": "^1.10.1"
   },
   "devDependencies": {
@@ -59,7 +59,7 @@
     "ts-node": "^10.9.2",
     "typedoc": "^0.27.5",
     "typescript": "^5.3.3",
-    "nuxt": "3.14.1592",
+    "nuxt": "~3.16.0",
     "unbuild": "^2.0.0",
     "vite": "6.3.5",
     "vitest": "^2.1.9"