chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@antfu/eslint-config	^7.7.2 → ^7.7.3			pnpm.catalog.dev	patch
@commitlint/cli (source)	^20.5.0 → ^20.5.3			pnpm.catalog.dev	patch
@commitlint/config-conventional (source)	^20.5.0 → ^20.5.3			pnpm.catalog.dev	patch
@date-fns/tz	^1.4.1 → ^1.5.0			pnpm.catalog.integrations	minor
@iconify-json/lucide	^1.2.98 → ^1.2.111			pnpm.catalog.dev	patch
@iconify-json/simple-icons	^1.2.74 → ^1.2.84			pnpm.catalog.dev	patch
@nuxt/devtools (source)	^3.2.3 → ^3.2.4			pnpm.catalog.dev	patch
@nuxt/ui (source)	^4.5.1 → ^4.8.1			pnpm.catalog.integrations	minor
@nuxtjs/i18n (source)	^10.2.3 → ^10.4.0			pnpm.catalog.dev	minor
@playwright/test (source)	^1.58.2 → ^1.60.0			pnpm.catalog.test	minor
@types/node (source)	^25.5.0 → ^25.9.1			pnpm.catalog.types	minor
@vitest/browser-playwright (source)	^4.1.0 → ^4.1.7			pnpm.catalog.test	patch
@vitest/coverage-v8 (source)	^4.1.0 → ^4.1.7			pnpm.catalog.test	patch
@vueuse/core (source)	^14.2.1 → ^14.3.0			pnpm.catalog.integrations	minor
@vueuse/nuxt (source)	^14.2.1 → ^14.3.0			pnpm.catalog.integrations	minor
bumpp	^11.0.1 → ^11.1.0			pnpm.catalog.dev	minor
libphonenumber-js	^1.12.40 → ^1.13.4			pnpm.catalog.integrations	minor
node (source)	>=24.14.0 → >=24.16.0			engines	minor
node	24-alpine → 24.16.0-alpine			final	minor
playwright (source)	^1.58.2 → ^1.60.0			pnpm.catalog.test	minor
pnpm (source)	10.32.1 → 10.34.1			packageManager	minor
pnpm (source)	>=10.32.1 → >=10.34.1			engines	minor
vitest (source)	^4.1.0 → ^4.1.7			pnpm.catalog.test	patch
vue-tsc (source)	^3.2.5 → ^3.3.3			pnpm.catalog.dev	minor
zod (source)	^4.3.6 → ^4.4.3			pnpm.catalog.integrations	minor

---

Release Notes

antfu/eslint-config (@​antfu/eslint-config)

v7.7.3

Compare Source

   🐞 Bug Fixes

• Disable some e18e rules  -  by @​antfu (7edec)

    View changes on GitHub

conventional-changelog/commitlint (@​commitlint/cli)

v20.5.3

Compare Source

Note: Version bump only for package @​commitlint/cli

v20.5.2

Compare Source

Note: Version bump only for package @​commitlint/cli

conventional-changelog/commitlint (@​commitlint/config-conventional)

v20.5.3

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

nuxt/devtools (@​nuxt/devtools)

v3.2.4

Compare Source

   🚀 Features

• Use ua-parser-modern  -  by @​antfu (114aa)

   🐞 Bug Fixes

• Nuxt devtools inspector style  -  by @​antfu (91f09)

    View changes on GitHub

nuxt/ui (@​nuxt/ui)

v4.8.1

Compare Source

Bug Fixes

• ContentSearch/DashboardSearch: proxy missing CommandPalette props (#​6505) (631f5dc)
• Form: add method="post" to prevent credential leaking via GET before hydration (#​6512) (7a0825a)
• Icon: avoid recursive icon resolution (#​6495) (d50c121)
• locale: improve Thai translation accuracy and consistency (#​6509) (5d82418)
• module: expose component theme keys in AppConfig type (#​6520) (ffaf163)
• module: revert tagPriority to -2 for inline style tag (2dac778)
• Select/SelectMenu/InputMenu: add fallback for max-height (#​6503) (f4d7cbe)

v4.8.0

Compare Source

⚠ BREAKING CHANGES

• InputMenu: rename autocomplete prop to mode to free up HTML attribute (#​6474)

Features

• Avatar/AvatarGroup: add color prop (#​6405) (6f2396f)
• Breadcrumb: add color prop (#​6406) (955dac1)
• ChatMessage: add body slot and improve actions alignment (#​6460) (48685b6)
• ChatMessage: add color prop and header slot (#​6407) (c6ce8ca)
• ChatPrompt: add submitOnEnter prop to control Enter behavior (b597f90), closes #​6177
• Checkbox/RadioGroup/Switch: add highlight prop for error ring styling (a0deee4)
• CommandPalette: search and highlight description field (524c34d)
• ContentSearch/DashboardSearch: enable Fuse.js token search by default (ba08220)
• ContentSearch: add async search support via useSearchCollection (#​6432) (a1bef8b)
• DashboardGroup: add storageOptions prop (8f0101b), closes #​6170
• Error: add icon prop and leading slot (e6ea707), closes #​6119
• Separator: add position prop (#​6415) (844660a)
• Theme: override component prop defaults (#​6031) (71c008e)

Bug Fixes

• ChatMessage: add wrap-break-word to content slot (#​6476) (eb468e6)
• CommandPalette: only split tokens in highlight when useTokenSearch is enabled (898fbce)
• CommandPalette: preserve relative order of ignoreFilter groups (e4c1787)
• CommandPalette: re-highlight first item after debounced results render (efd7b8e)
• CommandPalette: update default fuse keys in docs and search components (0d9cc0d)
• components: apply theme.prefix to hardcoded utility classes (f51b1e8)
• components: constrain popper content to available viewport height (007b136), closes #​6449
• ContentSearch: preserve intermediate ancestors in breadcrumb prefix (#​6466) (f639b19)
• ContentToc: apply ui.trigger prop to trigger elements (252b906), closes #​6428
• defineShortcuts: use e.code for alt shortcuts to handle macOS key remapping (231f156), closes #​6444
• FileUpload: pass disabled attribute to button variant (2890c83), closes #​6420
• Form: improve errors type (#​6208) (c1090ab)
• InputMenu/Select/SelectMenu: respect trailing: false over default trailingIcon (#​6457) (65b47ce)
• InputMenu: rename autocomplete prop to mode to free up HTML attribute (#​6474) (2799fa6)
• module: don't require @nuxtjs/mdc when using content option (89f7778)
• module: pass computed ref directly to useHead innerHTML (00b7476)
• module: ship stripped [#build](https://redirect.github.com/nuxt/ui/issues/build)/ui.css fallback for tooling (083c2a9), closes #​5504
• ProseKbd: add default slot and make value optional (f317c7f)
• Textarea: autoresize on mount with pre-filled value (e96a0b6), closes #​5962
• useComponentProps: treat array-typed theme values as ClassValue leaves (cac3860)

v4.7.1

Compare Source

Bug Fixes

• ChatMessage: make actions slot accessible on touch devices (f5a3349)
• Drawer: handle RTL mode (#​6396) (2e3fed2)
• Link: prevent double-prefixing with @nuxtjs/i18n auto-localization (#​6404) (dde09d0)
• ProseImg: close zoom overlay on Escape key (e3cdbc5)
• ProsePrompt: improve responsive (0a5b433)

v4.7.0

Compare Source

Features

• AuthForm: add separator slot (#​6305) (81c7ddb)
• Card: add title and description props (3cf7d75), closes #​6001
• CommandPalette: add group-label slot (#​6329) (7fc773c)
• CommandPalette: add searchDelay prop (7d2af05)
• EditorSuggestionMenu: expose suggestion matching options (#​6234) (4427824)
• Link: auto-localize internal links when @nuxtjs/i18n is installed (#​5537) (92cfda0)
• Listbox: new component (#​6307) (00c1651)
• ProsePrompt: new component (#​6362) (2451ac6)
• Table: support sticky header/footer in virtualized mode (#​6217) (15d32ce)
• Textarea: expose autoResize method (#​6120) (9c5c0df)

Bug Fixes

• Accordion/Tabs: use item value as stable key to avoid remounts (#​6380) (3cee610)
• Avatar: remove leading-none from fallback (#​6383) (77ce09a)
• ChatMessage/ChatMessages: preserve generic message type in slot scope (#​6391) (20f66db)
• ChatMessages: prevent layout shift caused by indicator during streaming (#​6297) (b7160e2)
• ChatMessages: use MutationObserver for auto-scroll during streaming (#​6357) (47bf3cb)
• ChatPromptSubmit: ignore disabled prop when status is not ready (600a2ca)
• components: resolve defaultVariants in template logic (#​6361) (75b37d0)
• ContentSearch/DashboardSearch: pick shared props from CommandPalette (cdcf2e5)
• ContentSearch: speed up navigation mapping (0faf2c2)
• ContentToc: use links for scrollspy instead of hardcoded h2/h3 (#​6282) (6aba2ea)
• FieldGroup: prevent context from leaking into portals (#​6313) (5155e27)
• FileUpload: use form field color and highlight instead of raw props (bb5a9ed)
• Header/DashboardSidebar/Sidebar: allow auto focus in menu for proper focus trapping (#​6266) (9b91ee4)
• InputDate/InputTime: increase segments width (#​6339) (4ebdb2f)
• InputTags: add missing field group variant (#​6326) (aae5378)
• Link: ensure single-root rendering for v-show and $el resolution (#​6310) (2c4ff35)
• Modal/Slideover: drop empty header wrapper when empty (#​6381) (1082960)
• module: use relative tagPriority for inline style tags (#​6299) (ae693d0)
• PricingTable: align header elements vertically (#​6111) (0daacb0)
• PricingTable: handle RTL mode (#​6382) (ab203db)
• ProseCodeCollapse: match background on overscroll (28c89fe)
• ProseImg: respect markdown width attribute (#​6350) (d4e4ea1)
• ProsePre: get code from DOM if code prop is missing (#​6333) (b808ce4)
• Select: support item-aligned position mode (#​6358) (255807a)

v4.6.1

Compare Source

Bug Fixes

• ai: use part.state for streaming detection and deprecate isReasoningStreaming (d2d7543)
• ChatMessage: hide files slot when no file parts exist (9cddc8e)
• ChatMessages: keep indicator visible until first content arrives (195cce8)
• ChatMessages: reset scroll icon when messages are cleared (#​6239) (4ba3eef)
• ChatPrompt: guard enter during composition (#​6280) (a911ca8)
• DashboardSidebar: always pass collapsed: false in mobile menu slots (957a0f5), closes #​6157
• Modal/Slideover/Drawer: suppress reka ui title and description warnings (3451b8d), closes #​6240
• module: inline defaultVariants and prefix in dev template (314e23b)
• module: transpile reka-ui to prevent injection errors (#​6286) (b822c43)

v4.6.0

Compare Source

⚠ BREAKING CHANGES

• module: use moduleDependencies to manipulate options (#​5384)

Features

• add standalone Vue REPL playground (#​6209) (390c4bd)
• ChatMessage: add files slot (12d6020)
• ChatReasoning: new component (#​6175) (6db594e)
• ChatShimmer: new component (#​6171) (8db9c54)
• ChatTool: new component (#​6176) (7849534)
• Checkbox/Switch: add support for trueValue / falseValue props (#​6150) (91c6356)
• ContentToc: add highlight-variant prop (#​5746) (df080ce)
• DropdownMenu: add filter prop (#​6153) (a529b43)
• FileUpload: add fileImage prop (#​5935) (40f9c2e)
• Icon: add global options on Vue-only side (#​5354) (566fbee)
• InputMenu: add autocomplete prop (#​6026) (ee8a248)
• InputTime: add range prop (#​6203) (c124f29)
• locale: add Icelandic language (#​6149) (f3ddc60)
• module: use moduleDependencies to manipulate options (#​5384) (dd3f5c5)
• Sidebar: new component (#​6038) (51a1f85)
• Table: implement row pinning (#​6115) (fbd60d9)
• Tooltip: support global content configuration via App tooltip prop (#​6152) (83afd9c)
• unplugin: add support for prose components (#​6198) (c58b9b2)

Bug Fixes

• Avatar: use resolved size for image width/height (#​6008) (6dd0fc4)
• ChatShimmer: handle RTL mode (#​6180) (51793a8)
• ContentNavigation: prevent toggling disabled parent items (#​6122) (0f1074f)
• ContentSurround: handle RTL mode (#​6148) (6921f13)
• ContentToc: reset start margin at lg breakpoint (8f24f79)
• DashboardSearchButton: use valid HTML structure for trailing slot (#​6194) (578a12f)
• Editor: guard lift calls for unavailable list extensions (#​6100) (065db6b)
• Error: support status and statusText properties (1350d62), closes #​6134
• FileUpload: make multiple, accept and reset options reactive (#​6204) (ae093df)
• Modal/Slideover/Popover/Drawer: prevent double close:prevent emit (#​6226) (9a0d501)
• module: only auto-import public composables and allow Vite opt-out (#​6197) (886f5fb)
• NavigationMenu: improve RTL support for viewport and indicator (#​6164) (755867b)
• NavigationMenu: propagate disabled state to item in vertical orientation (6d4d651)
• ProsePre: move shiki line highlight styles to theme (d663950)

nuxt-modules/i18n (@​nuxtjs/i18n)

v10.4.0

Compare Source

This changelog is generated by GitHub Releases

   🚀 Features

• First-class CDN support for lazy-loaded messages  -  by @​Hronom and Claude Opus 4.7 (1M context) in #​3976 (e4d6a)
• Experimental prerenderMessages option  -  by @​BobbieGoede in #​3991 (8cc7c)

   🐞 Bug Fixes

• Prevent silently disabling experimental.compactRoutes  -  by @​BobbieGoede in #​3972 (7789f)
• Compact routes prerender handling and router warnings  -  by @​BobbieGoede in #​3975 (131a5)
• Prevent redirection to catch-all for unlocalized routes  -  by @​fedetorre and Federico Torresan in #​3911 (1cf37)
• Skip path config generation for unlocalized routes  -  by @​tatakaisun in #​3993 (66322)
• Warn on missing vueI18n config in builds  -  by @​tatakaisun and @​BobbieGoede in #​3992 (26345)

    View changes on GitHub

v10.3.0

Compare Source

This changelog is generated by GitHub Releases

   🚀 Features

• Experimental regex routes  -  by @​BobbieGoede in #​3957 (07a9b)

   🐞 Bug Fixes

• Disable experimental.compactRoutes by default  -  by @​BobbieGoede (02e2a)
• Incorrect route group server redirection during ssg  -  by @​BobbieGoede in #​3965 (ce7f7)
• Stable locale message endpoint hash  -  by @​BobbieGoede in #​3966 (84525)

    View changes on GitHub

v10.2.4

Compare Source

This changelog is generated by GitHub Releases

   🐞 Bug Fixes

• Do not import from nuxt/schema  -  by @​danielroe in #​3925 (f57bb)
• Respect trailingSlash on root  -  by @​divine in #​3920 (9e504)
• Move typescript to dev dependencies  -  by @​BobbieGoede in #​3939 (3b0ad)
• Add warning for missing domains when multiDomainLocales is enabled  -  by @​DotwoodMedia in #​3938 (d9a1a)
• types: Allow mixing string and objects for locale file configuration  -  by @​richex-cn in #​3933 (b63d0)

    View changes on GitHub

microsoft/playwright (@​playwright/test)

v1.60.0

Compare Source

🌐 HAR recording on Tracing

tracing.startHar() / tracing.stopHar() expose HAR recording as a first-class tracing API, with the same content, mode and urlFilter options as recordHar. The returned Disposable makes it easy to scope a recording with await using:

await using har = await context.tracing.startHar('trace.har');
const page = await context.newPage();
await page.goto('https://playwright.dev');
// HAR is finalized when `har` goes out of scope.

🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:

await page.locator('#dropzone').drop({
  files: { name: 'note.txt', mimeType: 'text/plain', buffer: Buffer.from('hello') },
});

await page.locator('#dropzone').drop({
  data: {
    'text/plain': 'hello world',
    'text/uri-list': 'https://example.com',
  },
});

🎯 Aria snapshots

• expect(page).toMatchAriaSnapshot() now works on a Page, in addition to a Locator — equivalent to asserting against page.locator('body').
• New boxes option on locator.ariaSnapshot() / page.ariaSnapshot() appends each element's bounding box as [box=x,y,width,height], useful for AI consumption.

🛑 test.abort()

New test.abort() aborts the currently running test from a fixture, hook, or route handler with an optional message. Use it when you have detected an unrecoverable misuse and want to fail the test right away:

test('does not publish to the shared page', async ({ page }) => {
  await page.route('**/publish', route => {
    test.abort('Tests must not publish to the shared page. Use the `clone` option.');
    return route.abort();
  });
  // ...
});

New APIs

Browser, Context and Page

• Event browser.on('context') — fired when a new context is created on the browser.
• BrowserContext now mirrors lifecycle events from its pages: browserContext.on('download'), browserContext.on('frameattached'), browserContext.on('framedetached'), browserContext.on('framenavigated'), browserContext.on('pageclose'), browserContext.on('pageload').

Locators and Assertions

• New option description in page.getByRole() / locator.getByRole() / frame.getByRole() / frameLocator.getByRole() for matching the accessible description.
• New option pseudo in expect(locator).toHaveCSS() reads computed styles from ::before or ::after.
• New option style in locator.highlight() applies extra inline CSS to the highlight overlay, plus new page.hideHighlight() to clear all highlights.

Network

• webSocketRoute.protocols() returns the WebSocket subprotocols requested by the page.
• New option noDefaults in browserType.connectOverCDP() disables Playwright's default overrides on the default context (download behavior, focus emulation, media emulation), so attaching to a user's daily-driver browser doesn't disturb its state.

Errors and Reporting

• New webError.location() mirrors consoleMessage.location().
• consoleMessage.location() now exposes line / column properties (lineNumber / columnNumber are deprecated).
• New testInfoError.errorContext surfaces additional diagnostic context, such as the aria snapshot of the receiver at the time of an expect(...) matcher failure.
• reporter.onError() now receives a workerInfo argument with details about the worker for fixture teardown errors.

Test runner

• New {testFileBaseName} token in testProject.snapshotPathTemplate — file name without extension.
• Test runner now errors when a config tries to override a non-option fixture, and rejects workers: 0 or negative values.

🛠️ Other improvements

• HTML reporter:
  • npx playwright show-report accepts .zip files directly — no need to unzip first.
  • Steps that contain attachments inside nested children show an indicator on the parent step.
  • The repeatEachIndex is shown in the test header when non-zero.
• Trace Viewer adds a pretty-print toggle for JSON / form request and response bodies in the network details panel.

Breaking Changes ⚠️

• Removed long-deprecated APIs:
  • Locator.ariaRef() — use the standard locator.ariaSnapshot() pipeline.
  • handle option on BrowserContext.exposeBinding and Page.exposeBinding.
  • logger option on BrowserType.connect and BrowserType.connectOverCDP — use tracing instead.
  • Context options videosPath / videoSize — use recordVideo instead.

Browser Versions

• Chromium 148.0.7778.96
• Mozilla Firefox 150.0.2
• WebKit 26.4

This version was also tested against the following stable channels:

• Google Chrome 147
• Microsoft Edge 147

v1.59.1

Compare Source

v1.59.0

Compare Source

vitest-dev/vitest (@​vitest/browser-playwright)

v4.1.7

Compare Source

   🐞 Bug Fixes

• runner: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by @​hi-ogawa in #​10384 (4f0f2)

    View changes on GitHub

v4.1.6

Compare Source

   🐞 Bug Fixes

• browser: Provide project reference in ToMatchScreenshotResolvePath  -  by @​macarie and @​sheremet-va in #​10138 (31882)
• Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options  -  by @​hi-ogawa, Codex and @​sheremet-va in #​10196 (2847d)
• browser: Simplify orchestrator otel carrier  -  by @​hi-ogawa in #​10285 (18af9)

   🏎 Performance

• Stringify diff objects only once  -  by @​sheremet-va in #​10276 (9f7b1)

    View changes on GitHub

v4.1.5

Compare Source

   🚀 Experimental Features

• coverage: Istanbul to support instrumenter option  -  by @​BartWaardenburg and @​AriPerkkio in #​10119 [(0e0ff)](https://redirect.github.com/v

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "after 2am and before 3am"
• Automerge
  • "after 1am and before 2am"

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

No dependency changes detected. Learn more about Socket for GitHub.

👍 No dependency changes detected in pull request

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 7 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 22, reused 0, downloaded 0, added 0
Progress: resolved 33, reused 0, downloaded 0, added 0
Progress: resolved 35, reused 0, downloaded 0, added 0
Progress: resolved 36, reused 0, downloaded 0, added 0
Progress: resolved 132, reused 0, downloaded 0, added 0
Progress: resolved 189, reused 0, downloaded 0, added 0
Progress: resolved 287, reused 0, downloaded 0, added 0
Progress: resolved 351, reused 0, downloaded 0, added 0
Progress: resolved 507, reused 0, downloaded 0, added 0
Progress: resolved 547, reused 0, downloaded 0, added 0
Progress: resolved 706, reused 0, downloaded 0, added 0
Progress: resolved 718, reused 0, downloaded 0, added 0
Progress: resolved 736, reused 0, downloaded 0, added 0
 WARN  Request took 10347ms: https://registry.npmjs.org/@typescript-eslint%2Feslint-plugin
Progress: resolved 747, reused 0, downloaded 0, added 0
 WARN  Request took 11251ms: https://registry.npmjs.org/playwright-core
Progress: resolved 760, reused 0, downloaded 0, added 0
Progress: resolved 836, reused 0, downloaded 0, added 0
Progress: resolved 850, reused 0, downloaded 0, added 0
Progress: resolved 880, reused 0, downloaded 0, added 0
/tmp/renovate/repos/github/nextorders/food/apps/essence:
 ERR_PNPM_TRUST_DOWNGRADE  High-risk trust downgrade for "chokidar@4.0.3" (possible package takeover)

This error happened while installing the dependencies of nuxt@4.4.2
 at @nuxt/vite-builder@4.4.2
 at vite-plugin-checker@0.12.0

Trust checks are based solely on publish date, not semver. A package cannot be installed if any earlier-published version had stronger trust evidence. Earlier versions had provenance attestation, but this version has no trust evidence. A trust downgrade may indicate a supply chain incident.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud