chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@iconify-json/lucide	^1.2.102 → ^1.2.104			dependencies	patch
@iconify-json/simple-icons	^1.2.78 → ^1.2.80			dependencies	patch
@iconify-json/vscode-icons	^1.2.41 → ^1.2.46			devDependencies	patch
@nuxt/content (source)	^3.12.0 → ^3.13.0			dependencies	patch
@nuxt/hints	1.0.0-alpha.6 → 1.0.3			dependencies	patch
@nuxt/scripts (source)	1.0.3 → 1.0.4			dependencies	patch
@nuxt/ui (source)	^4.6.1 → ^4.7.1			dependencies	patch
@unhead/vue (source)	^2.1.4 → ^2.1.13			dependencies	patch
eslint (source)	^10.2.0 → ^10.2.1			devDependencies	patch
feed	^5.2.0 → ^5.2.1			dependencies	patch
github/gh-aw-actions	v0.64.4 → v0.71.1			action	minor
pnpm (source)	10.33.0 → 10.33.2			packageManager	patch
posthog-js (source)	^1.345.2 → ^1.372.3			dependencies	minor
submitjson (source)	^0.14.0 → ^0.16.0			dependencies	minor
tailwindcss (source)	^4.2.2 → ^4.2.4			dependencies	patch
typescript (source)	^6.0.2 → ^6.0.3			devDependencies	patch
vue-tsc (source)	^3.2.6 → ^3.2.7			devDependencies	patch

---

Release Notes

nuxt/hints (@​nuxt/hints)

v1.0.3

Compare Source

🩹 Fixes

• third-party: Wrap hookable callHook with promise.resolve (#​310)

❤️ Contributors

• Julien Huang (@​huang-julien)

v1.0.2

Compare Source

🩹 Fixes

• Write hints-config.mjs to fs (#​296)

❤️ Contributors

• Julien Huang (@​huang-julien)

v1.0.1

Compare Source

🩹 Fixes

• Prevent circular reference stack overflow in payload.__hints (#​289)
• Fix #hints-config alias resolution (#​292)

🏡 Chore

• README: Add modules options explanaition (#​285)

❤️ Contributors

• Julien Huang (@​huang-julien)
• Martijn De Wit martijn@ablerz.nl

v1.0.0

Compare Source

Nuxt Hints v1.0.0

We are very excited to move Nuxt hints from alpha stage to 1.0.0 !

Developer experience in Nuxt is truly something we treasure and we hope this module will help you out on finding different ways to make your Nuxt application more performant.
We also want to thank every contributors and users of the modules. It is thanks to them that @​nuxt/hints is reaching 1.0.0

Vision

Our vision at Nuxt has always been that better DX will have an impact on end-user's UX. By releasing this module, the goal is to help Nuxt developers to improve their Nuxt applications.

Roadmap

• Production build integration
  • Having runtime warning in production could help users to actually get what happens in production
• Font and scripts performance hints
• Your ideas !
  • Nuxt is what it is thanks to it's incredible community. Your ideas and feedbacks are always welcomed and have an impact on the future of Nuxt.

Features

v1.0.0 comes with several improvement:

🚀 Enhancements

• Html-validate integration (#​253)
• hydration: Improve hydration log (#​258)
• client: Allow to open potential lazy load components in editor (#​270)
• Add feature related configuration (#​261)

🩹 Fixes

• lazy-load: Avoid wrapping glob imports (#​264)
• TDZ violation in lazy-hydration plugin with .client components (#​265)
• web-vitals: Report all changes for CLS (#​266)
• client: Remove shiki fit content style (#​272)
• web-vitals: Correct next-gen image format detection logic (#​273)
• Set correct tsconfig.json (#​274)

❤️ Thank you to all contributors

• Julien Huang (@​huang-julien)
• @​dargmuesli
• @​Baroshem
• @​danielroe
• @​Mini-ghost
• @​atinux
• @​TheAlexLichter
• @​gmercey
• @​aussieboi
• @​IO-Fire
• @​KazariEX
• @​Razzaghnoori
• @​oritwoen

v1.0.0-alpha.10

Compare Source

🚀 Enhancements

• Make features configurable (#​246)

🩹 Fixes

• Revert unocss config (#​250)

🏡 Chore

• Use npmx.dev links (#​249)

✅ Tests

• Patch test-utils and force dev mode (#​248)

❤️ Contributors

• Julien Huang (@​huang-julien)

v1.0.0-alpha.9

Compare Source

🩹 Fixes

• lazy-load: Fix potential TMZ violation (#​243)

💅 Refactors

• Move from NuxtApp augment to NuxtPayload (#​240)

❤️ Contributors

• Julien Huang (@​huang-julien)

v1.0.0-alpha.8

Compare Source

🩹 Fixes

• Skip hydration check if client only component (#​227)
• lazy-load: Prefer cloning component over wrapping component (#​232)
• client: Add empty unocss config object (#​233)
• lazy-load: Use NuxtComponent name for auto-imports (#​235)

✅ Tests

• Add basic sse tests (#​228)

❤️ Contributors

• Julien Huang (@​huang-julien)

v1.0.0-alpha.7

Compare Source

compare changes

🚀 Enhancements

• Initial component lazy load hints (#​212)
• Lazy load hints devtools integration (#​220)

🩹 Fixes

• Return correct data in endpoint (#​218)
• Use component filename if auto import for lazy-load hint (#​219)
• Move uid generation server side (#​222)

💅 Refactors

• Move to extensible hints handlers (#​208)
• Assign handler to context instead of waiting for hook result (#​213)
• Simplify handlers (#​216)

🏡 Chore

• playground: Remove relative path to use '@​nuxt/hint' (#​205)
• README: Add lazy-load hints to README (#​225)

🤖 CI

• renovate: Extend nuxt configuration (#​206)

❤️ Contributors

• Julien Huang (@​huang-julien)
• Jonas Thelemann e-mail@jonas-thelemann.de

nuxt/scripts (@​nuxt/scripts)

v1.0.4

Compare Source

   🐞 Bug Fixes

• google-analytics: Allow ga-audiences regional Google domains through proxy  -  by @​harlan-zw in #​729 (9ac99)
• google-maps: Preserve user pan and re-emit ready on color-mode re-init  -  by @​harlan-zw in #​731 (ceecf)
• proxy: Cover dynamic third-party domains for Clarity and PostHog  -  by @​harlan-zw in #​732 (985d5)

    View changes on GitHub

nuxt/ui (@​nuxt/ui)

v4.7.1

Compare Source

Bug Fixes

• ChatMessage: make actions slot accessible on touch devices (f5a3349)
• Drawer: handle RTL mode (#​6396) (2e3fed2)
• Link: prevent double-prefixing with @nuxtjs/i18n auto-localization (#​6404) (dde09d0)
• ProseImg: close zoom overlay on Escape key (e3cdbc5)
• ProsePrompt: improve responsive (0a5b433)

unjs/unhead (@​unhead/vue)

v2.1.13

Compare Source

   🐞 Bug Fixes

• schema-org: Normalize target to array before merging potentialAction  -  by @​harlan-zw and Claude Opus 4.6 (1M context) in #​709 (22ac9)

    View changes on GitHub

v2.1.12

Compare Source

   🐞 Bug Fixes

• Harden prototype pollution  -  by @​harlan-zw (a6ed9)
• Case insensitive attr dedupe  -  by @​harlan-zw (3146b)

    View changes on GitHub

v2.1.11

Compare Source

    ⚠️ Security

• Fixed XSS bypass in useHeadSafe via attribute name injection (GHSA-g5xx-pwrp-g3fv). Users handling untrusted input with useHeadSafe should upgrade immediately.

   🐞 Bug Fixes

• addons,schema-org: Permissive peer dependencies  -  by @​harlan-zw (4c5d1)

    View changes on GitHub

v2.1.10

Compare Source

   🐞 Bug Fixes

• solid-js: Correct peerDependency version  -  by @​tyeporter in #​671 (64e17)

    View changes on GitHub

v2.1.9

Compare Source

   🐞 Bug Fixes

• schema-org: Nuxt test utils compat bug  -  by @​harlan-zw (ef838)

    View changes on GitHub

v2.1.8

Compare Source

   🐞 Bug Fixes

• schema-org: Avoid crashing from 3+ duplicate nodes  -  by @​harlan-zw (4baf9)

    View changes on GitHub

v2.1.7

Compare Source

   🐞 Bug Fixes

• unhead:
  • deduplicate matching tags inside same render cycle  -  by @​harlan-zw in #​668 (5c0b2)

    View changes on GitHub

v2.1.6

Compare Source

   🐞 Bug Fixes

• react: Ssr regression  -  by @​harlan-zw (6adff)

    View changes on GitHub

v2.1.5

Compare Source

   🐞 Bug Fixes

• react: Dispose head entries on unmount in React 18 StrictMode  -  by @​harlan-zw in #​664 (50ffe)
• scripts: Prevent scope disposal from aborting unrelated trigger in useScript  -  by @​cernymatej in #​660 (e8f5b)
• unhead: Dedupe link rel without hreflang or type  -  by @​danielroe in #​658 (1487d)

    View changes on GitHub

jpmonette/feed (feed)

v5.2.1

Compare Source

What's Changed

• fix exports field in package.json by @​yshrsmz in #​238
• fix(rss/atom): sanitize enclosure URLs containing & by @​chick-p in #​228

New Contributors

• @​yshrsmz made their first contribution in #​238
• @​chick-p made their first contribution in #​228

Full Changelog: jpmonette/feed@5.2.0...5.2.1

github/gh-aw-actions (github/gh-aw-actions)

v0.71.1

Compare Source

Sync of actions from gh-aw at v0.71.1.

v0.71.0

Compare Source

Sync of actions from gh-aw at v0.71.0.

v0.70.0

Compare Source

Sync of actions from gh-aw at v0.70.0.

v0.69.3

Compare Source

Sync of actions from gh-aw at v0.69.3.

v0.69.2

Compare Source

Sync of actions from gh-aw at v0.69.2.

v0.69.1

Compare Source

Sync of actions from gh-aw at v0.69.1.

v0.69.0

Compare Source

Sync of actions from gh-aw at v0.69.0.

v0.68.7

Compare Source

Sync of actions from gh-aw at v0.68.7.

v0.68.6

Compare Source

Sync of actions from gh-aw at v0.68.6.

v0.68.5

Compare Source

Sync of actions from gh-aw at v0.68.5.

v0.68.4

Compare Source

Sync of actions from gh-aw at v0.68.4.

v0.68.3

Compare Source

Sync of actions from gh-aw at v0.68.3.

v0.68.2

Compare Source

Sync of actions from gh-aw at v0.68.2.

v0.68.1

Compare Source

Sync of actions from gh-aw at v0.68.1.

v0.68.0

Compare Source

Sync of actions from gh-aw at v0.68.0.

v0.67.4

Compare Source

Sync of actions from gh-aw at v0.67.4.

v0.67.3

Compare Source

Sync of actions from gh-aw at v0.67.3.

v0.67.2

Compare Source

Sync of actions from gh-aw at v0.67.2.

v0.67.1

Compare Source

Sync of actions from gh-aw at v0.67.1.

v0.67.0

Compare Source

Sync of actions from gh-aw at v0.67.0.

v0.66.1

Compare Source

Sync of actions from gh-aw at v0.66.1.

v0.66.0

Compare Source

Sync of actions from gh-aw at v0.66.0.

v0.65.7

Compare Source

Sync of actions from gh-aw at v0.65.7.

v0.65.6

Compare Source

Sync of actions from gh-aw at v0.65.6.

v0.65.5

Compare Source

Sync of actions from gh-aw at v0.65.5.

v0.65.4

Compare Source

Sync of actions from gh-aw at v0.65.4.

v0.65.3

Compare Source

Sync of actions from gh-aw at v0.65.3.

v0.65.2

Compare Source

Sync of actions from gh-aw at v0.65.2.

v0.65.1

Compare Source

Sync of actions from gh-aw at v0.65.1.

v0.65.0

Compare Source

Sync of actions from gh-aw at v0.65.0.

v0.64.5

Compare Source

Sync of actions from gh-aw at v0.64.5.

pnpm/pnpm (pnpm)

v10.33.2

Compare Source

v10.33.1: pnpm 10.33.1

Compare Source

Patch Changes

• When a project's packageManager field selects pnpm v11 or newer, commands that v10 would have passed through to npm (version, login, logout, publish, unpublish, deprecate, dist-tag, docs, ping, search, star, stars, unstar, whoami, etc.) are now handed over to the wanted pnpm, which implements them natively. Previously they silently shelled out to npm — making, for example, pnpm version --help print npm's help on a project with packageManager: pnpm@11.0.0-rc.3 #​11328.

Platinum Sponsors

Gold Sponsors

PostHog/posthog-js (posthog-js)

v1.372.3

Compare Source

1.372.3

Patch Changes

• #​3488 5b8efc3 Thanks @​lucasheriques! - Add browser survey translation rendering and language tracking.
  (2026-04-27)
• Updated dependencies []:
  • @​posthog/types@​1.372.3
  • @​posthog/core@​1.27.7

v1.372.2

Compare Source

1.372.2

Patch Changes

• #​3484 cba2570 Thanks @​veryayskiy! - Fix autofocus
  (2026-04-27)
• Updated dependencies []:
  • @​posthog/types@​1.372.2
  • @​posthog/core@​1.27.6

v1.372.1

Compare Source

1.372.1

Patch Changes

• #​3464 70508df Thanks @​dustinbyrne! - Avoid using Blob.stream() for native async gzip compression to prevent Safari NotReadableError stream failures.
  (2026-04-24)
• Updated dependencies [70508df]:
  • @​posthog/core@​1.27.5
  • @​posthog/types@​1.372.1

v1.372.0

Compare Source

1.372.0

Minor Changes

• #​3470 eaa1322 Thanks @​veryayskiy! - You cannot write to a resolve ticket. Start a new one.
  (2026-04-24)

Patch Changes

• Updated dependencies []:
  • @​posthog/types@​1.372.0
  • @​posthog/core@​1.27.4

v1.371.4

Compare Source

1.371.4

Patch Changes

• #​3469 3c4fc1e Thanks @​fasyy612! - bump rrweb to 0.0.60
  (2026-04-24)
• Updated dependencies []:
  • @​posthog/types@​1.371.4
  • @​posthog/core@​1.27.3

v1.371.3

Compare Source

1.371.3

Patch Changes

• #​3445 61cf83e Thanks @​dustinbyrne! - Fix session recording in the full no-external browser bundles
  (2026-04-24)
• Updated dependencies [daf028d]:
  • @​posthog/core@​1.27.2
  • @​posthog/types@​1.371.3

v1.371.2

Compare Source

1.371.2

Patch Changes

• #​3453 96f19b7 Thanks @​turnipdabeets! - Lift OTLP log serialization helpers from posthog-js into @​posthog/core so the
  upcoming React Native logs feature consumes the same builders. Browser gains
  two fixes as a side effect: NaN and ±Infinity attribute values no longer get
  silently dropped during JSON encoding, and the scope.version OTLP field is
  now populated with the SDK version (changes the server's instrumentation_scope
  column from "posthog-js@" to "posthog-js@"). (2026-04-23)
• Updated dependencies [96f19b7]:
  • @​posthog/types@​1.371.2
  • @​posthog/core@​1.27.1

v1.371.1

Compare Source

1.371.1

Patch Changes

• #​3425 2da17e8 Thanks @​marandaneto! - Classify SDK-owned persistence keys with an explicit event exposure policy so new internal persistence state must be intentionally marked as event-visible, hidden, or derived.
  (2026-04-23)
• Updated dependencies []:
  • @​posthog/types@​1.371.1

v1.371.0

Compare Source

1.371.0

Patch Changes

• #​3432 1a8b727 Thanks @​richardsolomou! - refactor: rename __add_tracing_headers to addTracingHeaders. The __ prefix signalled an internal/experimental option, but the config is a public API (documented for linking LLM traces to session replays). __add_tracing_headers continues to work as a deprecated alias on the browser SDK.

  Also exposes patchFetchForTracingHeaders from @posthog/core so non-browser SDKs can reuse the implementation. (2026-04-23)

• Updated dependencies [1a8b727]:

  • @​posthog/core@​1.27.0
  • @​posthog/types@​1.371.0

v1.370.1

Compare Source

1.370.1

Patch Changes

• #​3442 6f19ce8 Thanks @​marandaneto! - fix(surveys): guard survey seen localStorage access
  (2026-04-22)
• Updated dependencies []:
  • @​posthog/types@​1.370.1

v1.370.0

Compare Source

1.370.0

Minor Changes

• #​3389 922a1c1 Thanks @​hpouillot! - Add exception steps to error tracking (aka breadcrumbs)
  (2026-04-22)

Patch Changes

• Updated dependencies [922a1c1]:
  • @​posthog/types@​1.370.0
  • @​posthog/core@​1.26.0

v1.369.5

Compare Source

1.369.5

Patch Changes

• Updated dependencies [1a0b58d]:
  • @​posthog/core@​1.25.3
  • @​posthog/types@​1.369.5

v1.369.4

Compare Source

1.369.4

Patch Changes

• #​3362 d61bce1 Thanks @​sampennington! - fix(cookieless): start in cookieless mode when opt_out_capturing_by_default is set
  (2026-04-21)
• Updated dependencies []:
  • @​posthog/types@​1.369.4

v1.369.3

Compare Source

1.369.3

Patch Changes

• #​3419 ea08727 Thanks @​haacked! - Reinstate $feature_flag_payloads and $surveys_activated in captured event properties.
  (2026-04-18)

• #​3416 3d8b2e2 Thanks @​feliperalmeida! - Updated dependencies: - protobufjs@​7.5.5
  (2026-04-18)

• Updated dependencies []:

  • @​posthog/types@​1.369.3

v1.369.2

Compare Source

1.369.2

Patch Changes

• #​3386 4a65604 Thanks @​dustinbyrne! - Add a preview flag for versioned browser lazy bundle asset paths.
  (2026-04-16)
• Updated dependencies [4a65604]:
  • @​posthog/types@​1.369.2

v1.369.1

Compare Source

1.369.1

Patch Changes

• #​3393 85ae4d9 Thanks @​haacked! - Exclude active feature flag payloads from event properties
  (2026-04-16)

• #​3392 00cd1ce Thanks @​haacked! - Fix unnecessary persisted config and activation properties (including product tours, surveys, and session recording config) added to captured events
  (2026-04-16)

• Updated dependencies []:

  • @​posthog/types@​1.369.1

v1.369.0

Compare Source

1.369.0

Minor Changes

• #​3342 eea5260 Thanks @​ksvat! - Account for property filters on events in recording triggers for v2 triggers
  (2026-04-14)

• #​3281 b1fd228 Thanks @​ksvat! - Add session replay trigger groups handling (V2)
  (2026-04-14)

Patch Changes

• Updated dependencies []:
  • @​posthog/types@​1.369.0

v1.368.2

Compare Source

1.368.2

Patch Changes

• #​3378 f1bea33 Thanks @​marandaneto! - Disable native gzip compression after a NotReadableError in the browser SDK
  (2026-04-14)
• Updated dependencies []:
  • @​posthog/types@​1.368.2

v1.368.1

Compare Source

1.368.1

Patch Changes

• #​3379 d7c71b1 Thanks @​dmarticus! - Fix bootstrapped feature flags being overwritten by partial /flags response when advanced_only_evaluate_survey_feature_flags is enabled
  (2026-04-14)
• Updated dependencies []:
  • @​posthog/types@​1.368.1

v1.368.0

Compare Source

1.368.0

Minor Changes

• #​3345 3fcf5c4 Thanks @​jonmcwest! - Add posthog.captureLog() API for sending structured log entries to PostHog logs
  (2026-04-13)

Patch Changes

• #​3373 f5fe0a8 Thanks @​ksvat! - bump rrweb version
  (2026-04-13)
• Updated dependencies [3fcf5c4]:
  • @​posthog/types@​1.368.0

v1.367.0

Compare Source

1.367.0

Minor Changes

• #​3242 353be9a Thanks @​dustinbyrne! - feat: Add support for pre-loaded remote-config
  (2026-04-09)

Patch Changes

• Updated dependencies []:
  • [

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.