chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@iconify-json/fluent-emoji-flat	^1.2.3 -> ^1.2.5
@iconify-json/simple-icons	^1.2.33 -> ^1.2.49
@iconify-json/vscode-icons	^1.2.20 -> ^1.2.30
@nuxt/eslint (source)	^1.3.0 -> ^1.9.0
@nuxt/fonts	^0.11.2 -> ^0.11.4
@nuxt/image (source)	^1.10.0 -> ^1.11.0
@nuxt/ui-pro (source)	^1.8.0 -> ^1.8.1
@nuxtjs/seo (source)	3.0.3 -> 3.1.0
@stefanobartoletti/nuxt-social-share	^1.2.2 -> ^1.2.3
eslint (source)	^9.25.1 -> ^9.34.0
nuxt-og-image (source)	^5.1.2 -> ^5.1.9
pnpm (source)	10.9.0 -> 10.15.0
posthog-js (source)	^1.236.7 -> ^1.260.3
typescript (source)	^5.8.3 -> ^5.9.2
vue-tsc (source)	^2.2.10 -> ^2.2.12
zod (source)	^3.24.3 -> ^3.25.76

---

Release Notes

nuxt/eslint (@​nuxt/eslint)

v1.9.0

Compare Source

   🚀 Features

• Update plugins  -  by @​antfu (b80cb)

   🐞 Bug Fixes

• Add defineNuxtConfig as ESLint's globals, close #​603  -  by @​antfu in #​603 (2e67f)

    View changes on GitHub

v1.8.0

Compare Source

   🚀 Features

• Update plugins  -  by @​antfu (932a7)

    View changes on GitHub

v1.7.1

Compare Source

   🐞 Bug Fixes

• Include eslint-typegen.d.ts in nuxt.node.d.ts, close #​596  -  by @​antfu in #​596 (ab74e)

    View changes on GitHub

v1.7.0

Compare Source

   🚀 Features

• Upgrade eslint-plugin-unicorn  -  by @​antfu (b3b7d)

    View changes on GitHub

v1.6.0

Compare Source

   🐞 Bug Fixes

• Bring back eslint-plugin-import-x as default, close #​590  -  by @​antfu in #​590 (e43d6)

    View changes on GitHub

v1.5.2

Compare Source

   🚀 Features

• Add option features.import.plugin to swap plugin implementation, close #​587  -  by @​antfu in #​587 (66f5e)

    View changes on GitHub

v1.5.1

Compare Source

   🐞 Bug Fixes

• eslint-config: Replace deprecated vue/object-property-newline option  -  by @​amery in #​586 (7805e)

    View changes on GitHub

v1.5.0

Compare Source

   🚀 Features

• Switch to eslint-plugin-import-lite, update deps  -  by @​antfu (31bd8)

   🐞 Bug Fixes

• eslint-config: Add file type restrictions to prevent CSS parsing errors  -  by @​amery in #​584 (40521)

    View changes on GitHub

v1.4.1

Compare Source

   🐞 Bug Fixes

• Add node: prefix to build-in modules  -  by @​danielroe in #​579 (8180f)
• Sort imports objects by from + name  -  by @​danielroe in #​578 (766ae)

    View changes on GitHub

v1.4.0

Compare Source

   🚀 Features

• Update deps  -  by @​antfu (afc42)
• Support type-aware rules, fix #​499  -  by @​antfu in #​499 (70d23)

    View changes on GitHub

v1.3.1

Compare Source

No significant changes

    View changes on GitHub

nuxt/fonts (@​nuxt/fonts)

v0.11.4

Compare Source

0.11.4 is a hotfix release to address a breaking change with variable fonts

👉 Changelog

compare changes

🩹 Fixes

• deps: Revert unifont upgrade (76a8f0d)

❤️ Contributors

• Daniel Roe (@​danielroe)

v0.11.3

Compare Source

0.11.3 is the next patch release.

Timetable: to be announced.

👉 Changelog

compare changes

🩹 Fixes

• Respect custom baseURL in devtools (29cdb31)
• Handle duplicate preloaded fonts correctly (3c3594c)
• Register font middleware for storybook module (db5fbf1)
• Only preload top priority fonts (#​617)

🏡 Chore

• deps-dev: Bump vite from 6.2.6 to 6.2.7 in the npm_and_yarn group across 1 directory (#​611)
• Unpin vite version (83fe597)
• Dedupe + upgrade vite (9d78888)

❤️ Contributors

• Daniel Roe (@​danielroe)
• dependabot[bot] (@​dependabot[bot])

nuxt/image (@​nuxt/image)

v1.11.0

Compare Source

compare changes

🚀 Enhancements

• Add support for image helpers in nitro endpoints (#​1473)
• ipx: Log the architecture of the build (#​1808)

🩹 Fixes

• Remove layer0 and edgio providers (#​1763)
• Add back layer0 and edgio providers (without) tests (a99ce09)
• cloudflare: Don't add baseURL if there are no operations (#​1790)
• ipx: Always use ipx provider if external baseURL is provided (#​1800)
• ipxStatic: Strip repeated slashes from image path (#​1801)
• Avoid deep type instantiation (12b37a2)

📖 Documentation

• Fix typo (#​1762)
• Fix link to runtime/providers (#​1819)

🏡 Chore

• Disable shamefully-hoist (#​1795)
• Do not ignore typescript upgrades (0809991)
• Switch to using typesVersions field (b4af05a)
• Allow major bumps in changelog (d486587)
• Enable oxc-resolver build (4be31c7)
• Release v1.11.0 (3123997)

✅ Tests

• Exclude layer0 + edgio from unit tests (3682a90)

🤖 CI

• Run tests against 1.x branch (0c83646)
• Add release workflow and add pkg.pr.new (#​1791)
• Set fetch-depth (18ae6c7)
• Test vs node 20 (e6babef)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Matis (@​matisbag)
• Amir Afshar (@​Afshar07)
• Sébastien Chopin (@​atinux)
• Nicolas Großmann (@​grossmann94)

nuxt/ui-pro (@​nuxt/ui-pro)

v1.8.1

Compare Source

harlan-zw/nuxt-seo (@​nuxtjs/seo)

v3.1.0

Compare Source

📦 Dependencies

Updated SEO related packages:

• @​nuxtjs/robots: 5.2.10 → 5.2.11
• @​nuxtjs/sitemap: 7.2.10 → 7.4.2 (minor version bump)
• nuxt-link-checker: 4.3.0 → 4.3.1
• nuxt-og-image: 5.1.2 → 5.1.8
• nuxt-schema-org: 5.0.5 → 5.0.6
• nuxt-seo-utils: 7.0.9 → 7.0.12
• nuxt-site-config: 3.1.9 → 3.2.2 (minor version bump)

These updates bring the latest bug fixes and improvements from the Nuxt SEO ecosystem, namely:

• 🐛 Improved stability for I18n integration
• 🐛 Nuxt Content v3.6.0 compatibility

stefanobartoletti/nuxt-social-share (@​stefanobartoletti/nuxt-social-share)

v1.2.3

Compare Source

• fix: allow sharing URLs with multiple parameters (0b78c1e)
• ci: remove GH pages workflow (5a035c7)
• chore: update deps (73076c8)
• chore(deps): update pnpm to v10 (#​354) (b8f9bc0), closes #​354

eslint/eslint (eslint)

v9.34.0

Compare Source

v9.33.0

Compare Source

v9.32.0

Compare Source

v9.31.0

Compare Source

v9.30.1

Compare Source

v9.30.0

Compare Source

v9.29.0

Compare Source

v9.28.0

Compare Source

v9.27.0

Compare Source

v9.26.0

Compare Source

nuxt-modules/og-image (nuxt-og-image)

v5.1.9

Compare Source

   🐞 Bug Fixes

• Maybe resolve nitro path resolution bug  -  by @​harlan-zw (118dd)

    View changes on GitHub

v5.1.8

Compare Source

   🐞 Bug Fixes

• Remove #imports  -  by @​harlan-zw (f2788)
• content: Type broken when augmenting  -  by @​harlan-zw (76b7c)

    View changes on GitHub

v5.1.7

Compare Source

   🐞 Bug Fixes

• Prefer nitro.static over _generate  -  by @​danielroe in #​372 (7a570)

    View changes on GitHub

v5.1.6

Compare Source

   🐞 Bug Fixes

• Explicit sharp dependency usage  -  by @​harlan-zw (9e522)

    View changes on GitHub

v5.1.5

Compare Source

   🐞 Bug Fixes

• Handle undefined link/style in server component response  -  by @​danielroe in #​368 (f8ae4)
• Reworked sharp compatibility checks for JPEG rendering  -  by @​harlan-zw in #​370 (f7bb7)

   🏎 Performance

• Persist font cache between og image versions  -  by @​harlan-zw (3967b)
• Pass SVG data directly to sharp for JPEG's  -  by @​harlan-zw (efcc4)

    View changes on GitHub

v5.1.4

Compare Source

   🐞 Bug Fixes

• Safer query param parsing  -  by @​harlan-zw (05b16)

    View changes on GitHub

v5.1.3

Compare Source

   🐞 Bug Fixes

• Prioritize implicit og:image:type  -  by @​harlan-zw (9c571)
• Clamp title and description lines  -  by @​harlan-zw (67836)

    View changes on GitHub

pnpm/pnpm (pnpm)

v10.15.0

Compare Source

Minor Changes

• Added the cleanupUnusedCatalogs configuration. When set to true, pnpm will remove unused catalog entries during installation #​9793.
• Automatically load pnpmfiles from config dependencies that are named @*/pnpm-plugin-* #​9780.
• pnpm config get now prints an INI string for an object value #​9797.
• pnpm config get now accepts property paths (e.g. pnpm config get catalog.react, pnpm config get .catalog.react, pnpm config get 'packageExtensions["@​babel/parser"].peerDependencies["@​babel/types"]'), and pnpm config set now accepts dot-leading or subscripted keys (e.g. pnpm config set .ignoreScripts true).
• pnpm config get --json now prints a JSON serialization of config value, and pnpm config set --json now parses the input value as JSON.

Patch Changes

• Semi-breaking. When automatically installing missing peer dependencies, prefer versions that are already present in the direct dependencies of the root workspace package #​9835.
• When executing the pnpm create command, must verify whether the node version is supported even if a cache already exists #​9775.
• When making requests for the non-abbreviated packument, add */* to the Accept header to avoid getting a 406 error on AWS CodeArtifact #​9862.
• The standalone exe version of pnpm works with glibc 2.26 again #​9734.
• Fix a regression in which pnpm dlx pkg --help doesn't pass --help to pkg #​9823.

v10.14.0

Compare Source

Minor Changes

• Added support for JavaScript runtime resolution

  Declare Node.js, Deno, or Bun in devEngines.runtime (inside package.json) and let pnpm download and pin it automatically.

  Usage example:

  {
    "devEngines": {
      "runtime": {
        "name": "node",
        "version": "^24.4.0",
        "onFail": "download" (we only support the "download" value for now)
      }
    }
  }

  How it works:

  1. pnpm install resolves your specified range to the latest matching runtime version.
  2. The exact version (and checksum) is saved in the lockfile.
  3. Scripts use the local runtime, ensuring consistency across environments.

  Why this is better:

  1. This new setting supports also Deno and Bun (vs. our Node-only settings useNodeVersion and executionEnv.nodeVersion)
  2. Supports version ranges (not just a fixed version).
  3. The resolved version is stored in the pnpm lockfile, along with an integrity checksum for future validation of the Node.js content's validity.
  4. It can be used on any workspace project (like executionEnv.nodeVersion). So, different projects in a workspace can use different runtimes.
  5. For now devEngines.runtime setting will install the runtime locally, which we will improve in future versions of pnpm by using a shared location on the computer.

  Related PR: #​9755.

• Add --cpu, --libc, and --os to pnpm install, pnpm add, and pnpm dlx to customize supportedArchitectures via the CLI #​7510.

Patch Changes

• Fix a bug in which pnpm add downloads packages whose libc differ from pnpm.supportedArchitectures.libc.
• The integrities of the downloaded Node.js artifacts are verified #​9750.
• Allow dlx to parse CLI flags and options between the dlx command and the command to run or between the dlx command and -- #​9719.
• pnpm install --prod should removing hoisted dev dependencies #​9782.
• Fix an edge case bug causing local tarballs to not re-link into the virtual store. This bug would happen when changing the contents of the tarball without renaming the file and running a filtered install.
• Fix a bug causing pnpm install to incorrectly assume the lockfile is up to date after changing a local tarball that has peers dependencies.

v10.13.1

Compare Source

Patch Changes

• Run user defined pnpmfiles after pnpmfiles of plugins.

v10.13.0

Compare Source

Minor Changes

• Added the possibility to load multiple pnpmfiles. The pnpmfile setting can now accept a list of pnpmfile locations #​9702.

• pnpm will now automatically load the pnpmfile.cjs file from any config dependency named @pnpm/plugin-* or pnpm-plugin-* #​9729.

  The order in which config dependencies are initialized should not matter — they are initialized in alphabetical order. If a specific order is needed, the paths to the pnpmfile.cjs files in the config dependencies can be explicitly listed using the pnpmfile setting in pnpm-workspace.yaml.

Patch Changes

• When patching dependencies installed via pkg.pr.new, treat them as Git tarball URLs #​9694.
• Prevent conflicts between local projects' config and the global config in dangerouslyAllowAllBuilds, onlyBuiltDependencies, onlyBuiltDependenciesFile, and neverBuiltDependencies #​9628.
• Sort keys in pnpm-workspace.yaml with deep #​9701.
• The pnpm rebuild command should not add pkgs included in ignoredBuiltDependencies to ignoredBuilds in node_modules/.modules.yaml #​9338.
• Replaced shell-quote with shlex for quoting command arguments #​9381.

v10.12.4

Compare Source

Patch Changes

• Fix pnpm licenses command for local dependencies #​9583.

• Fix a bug in which pnpm ls --filter=not-exist --json prints nothing instead of an empty array #​9672.

• Fix a deadlock that sometimes happens during peer dependency resolution #​9673.

• Running pnpm install after pnpm fetch should hoist all dependencies that need to be hoisted.
  Fixes a regression introduced in [v10.12.2] by [#​9648]; resolves [#​9689].

  [v10.12.2]: https://redirect.github.com/pnpm/pnpm/releases/tag/v10.12.2Add commentMore actions
  [#​9648]: https://github.com/pnpm/pnpm/pull/9648
  [#​9689]: https://github.com/pnpm/pnpm/issues/9689

v10.12.3

Compare Source

Patch Changes

• Restore hoisting of optional peer dependencies when installing with an outdated lockfile.
  Regression introduced in v10.12.2 by #​9648; resolves #​9685.

v10.12.2

Compare Source

Patch Changes

• Fixed hoisting with enableGlobalVirtualStore set to true #​9648.
• Fix the --help and -h flags not working as expected for the pnpm create command.
• The dependency package path output by the pnpm licenses list --json command is incorrect.
• Fix a bug in which pnpm deploy fails due to overridden dependencies having peer dependencies causing ERR_PNPM_OUTDATED_LOCKFILE #​9595.

v10.12.1

Minor Changes

• Experimental. Added support for global virtual stores. When enabled, node_modules contains only symlinks to a central virtual store, rather to node_modules/.pnpm. By default, this central store is located at <store-path>/links (you can find the store path by running pnpm store path).

  In the central virtual store, each package is hard linked into a directory whose name is the hash of its dependency graph. This allows multiple projects on the system to symlink shared dependencies from this central location, significantly improving installation speed when a warm cache is available.

  This is conceptually similar to how NixOS manages packages, using dependency graph hashes to create isolated and reusable package directories.

  To enable the global virtual store, set enableGlobalVirtualStore: true in your root pnpm-workspace.yaml, or globally via:

  pnpm config -g set enable-global-virtual-store true

  NOTE: In CI environments, where caches are typically cold, this setting may slow down installation. pnpm automatically disables the global virtual store when running in CI.

  Related PR: #​8190

• The pnpm update command now supports updating catalog: protocol dependencies and writes new specifiers to pnpm-workspace.yaml.
• Added two new CLI options (--save-catalog and --save-catalog-name=<name>) to pnpm add to save new dependencies as catalog entries. catalog: or catalog:<name> will be added to package.json and the package specifier will be added to the catalogs or catalog[<name>] object in pnpm-workspace.yaml #​9425.
• Semi-breaking. The keys used for side-effects caches have changed. If you have a side-effects cache generated by a previous version of pnpm, the new version will not use it and will create a new cache instead #​9605.
• Added a new setting called ci for explicitly telling pnpm if the current environment is a CI or not.

Patch Changes

• Sort versions printed by pnpm patch using semantic versioning rules.
• Improve the way the error message displays mismatched specifiers. Show differences instead of 2 whole objects #​9598.
• Revert #​9574 to fix a regression #​9596.

v10.11.1

Compare Source

Patch Changes

• Fix an issue in which pnpm deploy --legacy creates unexpected directories when the root package.json has a workspace package as a peer dependency #​9550.
• Dependencies specified via a URL that redirects will only be locked to the target if it is immutable, fixing a regression when installing from GitHub releases. (#​9531)
• Installation should not exit with an error if strictPeerDependencies is true but all issues are ignored by peerDependencyRules #​9505.
• Use pnpm_config_ env variables instead of npm_config_ #​9571.
• Fix a regression (in v10.9.0) causing the --lockfile-only flag on pnpm update to produce a different pnpm-lock.yaml than an update without the flag.
• Let pnpm deploy work in repos with overrides when inject-workspace-packages=true #​9283.
• Fixed the problem of path loss caused by parsing URL address. Fixes a regression shipped in pnpm v10.11 via #​9502.
• pnpm -r --silent run should not print out section #​9563.

v10.11.0

Compare Source

Minor Changes

• A new setting added for pnpm init to create a package.json with type=module, when init-type is module. Works as a flag for the init command too #​9463.

• Added support for Nushell to pnpm setup #​6476.

• Added two new flags to the pnpm audit command, --ignore and --ignore-unfixable #​8474.

  Ignore all vulnerabilities that have no solution:

  > pnpm audit --ignore-unfixable

  Provide a list of CVE's to ignore those specifically, even if they have a resolution.

  > pnpm audit --ignore=CVE-2021-1234 --ignore=CVE-2021-5678

• Added support for recursively running pack in every project of a workspace #​4351.

  Now you can run pnpm -r pack to pack all packages in the workspace.

Patch Changes

• pnpm version management should work, when dangerouslyAllowAllBuilds is set to true #​9472.
• pnpm link should work from inside a workspace #​9506.
• Set the default workspaceConcurrency to Math.min(os.availableParallelism(), 4) #​9493.
• Installation should not exit with an error if strictPeerDependencies is true but all issues are ignored by peerDependencyRules #​9505.
• Read updateConfig from pnpm-workspace.yaml #​9500.
• Add support for recursive pack
• Remove url.parse usage to fix warning on Node.js 24 #​9492.
• pnpm run should be able to run commands from the workspace root, if ignoreScripts is set tot true #​4858.

v10.10.0

Compare Source

Minor Changes

• Allow loading the preResolution, importPackage, and fetchers hooks from local pnpmfile.

Patch Changes

• Fix cd command, when shellEmulator is true #​7838.
• Sort keys in pnpm-workspace.yaml #​9453.
• Pass the npm_package_json environment variable to the executed scripts #​9452.
• Fixed a mistake in the description of the --reporter=silent option.

PostHog/posthog-js (posthog-js)

v1.260.3

Compare Source

1.260.3

Patch Changes

• #​2219 44d10c4 Thanks @​daibhin! - add @​posthog/core dependency

• Updated dependencies [44d10c4]:

  • @​posthog/core@​1.0.1

v1.260.2

Compare Source

1.260.2

Patch Changes

• #​2236 f3269f3 Thanks @​lucasheriques! - fix: set survey person properties on SDK <1.249.2

v1.260.1

Compare Source

1.260.1

Patch Changes

• #​2215 1e95d47 Thanks @​lucasheriques! - fix: always set surveySeen on local storage for old posthog-js versions

v1.260.0

Compare Source

1.260.0

Minor Changes

• #​2185 fda2932 Thanks @​robbie-c! - Support 2 cookieless modes - 'always' and 'on_reject'

Patch Changes

• #​2200 4387da4 Thanks @​daibhin! - expose captured exception to React error boundary fallback

v1.259.0

Compare Source

1.259.0

Minor Changes

• #​2192 dec3f44 Thanks @​marandaneto! - survey support for feature flag variants

v1.258.6

Compare Source

1.258.6

Patch Changes

• #​2194 faa2f28 Thanks @​realguse! - block vercel screenshot bot

v1.258.5

Compare Source

1.258.5

Patch Changes

• #​2178 db569fa Thanks @​lucasheriques! - - Fix surveys loading with advanced_enable_surveys config

v1.258.4

Compare Source

1.258.4

Patch Changes

• #​2172 ac254d9 Thanks @​lucasheriques! - Adds a new config, advanced_enable_surveys, to always enable surveys funcionality in the SDK

v1.258.3

Compare Source

1.258.3

Patch Changes

• #​2171 14adc01 Thanks @​lucasheriques! - Fix early access features accumulation in persistence

• #​2170 262cc5c Thanks @​lucasheriques! - Removes the _renderExternalSurvey method which is not needed anymore

v1.258.2

Compare Source

1.258.2

Patch Changes

• #​2111 7114593 Thanks @​pauldambra! - checks for session activity in other windows when timing out in any particular window, avoids a race condition when proactively marking a session as idle

v1.258.1

Compare Source

1.258.1

Patch Changes

• #​2120 c7b03cd Thanks @​lucasheriques! - Updates the renderSurvey and getActiveMatchingSurveys methods to not take any external surveys into consideration

v1.258.0

Compare Source

1.258.0

Minor Changes

• #​2089 0a19df2 Thanks @​daibhin! - feat: exclude exceptions autocaptured by extensions

Notes

This is the first posthog-js release after the posthog-js-lite migration, please open an issue if you see incompatible changes with your code.

v1.257.2: 1.257.2

Compare Source

1.257.2 - 2025-07-22

• chore: Safer iteration of experimental __add_tracing_headers (#​2100)

v1.257.1: 1.257.1

Compare Source

1.257.1 - 2025-07-21

• return capture results from captureException (#​2081)
• update posthog-js at workspace level (#​2096)
• chore(tests): use playwright for integration tests (#​2093)
• fix: Sync consent with persistence immediately (#​2082)
• Use posthog consent in next playground (#​2083)

v1.257.0: 1.257.0

Compare Source

1.257.0 - 2025-07-08

• one for flags and flags for all (#​2079)
• Fix comment (#​2078)
• feat: Enhance AssignableWindow type with additional properties for better SDK integration (#​2077)
• reset flags internal state when posthog.reset is called (#​2066)

v1.256.2: 1.256.2

Compare Source

1.256.2 - 2025-07-04

• fix: Fix backwards compatibility (#​2074)
• feat: Sdk spec gen (#​2029)
• Fix CHANGELOG.md (#​2068)

v1.256.1: 1.256.1

[Compare Source](https://redirect.git

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.