chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@iconify-json/lucide	^1.2.56 → ^1.2.96			dependencies	patch
@nuxt/cli (source)	^3.25.1 → ^3.33.1			devDependencies	minor
@nuxt/eslint (source)	^1.5.2 → ^1.15.2			devDependencies	minor
@nuxt/eslint-config (source)	^1.5.2 → ^1.15.2			devDependencies	minor
@playwright/test (source)	1.53.2 → 1.58.2			devDependencies	minor
danielroe/provenance-action	v0.1.0 → v0.1.1			action	patch
eslint (source)	^9.30.1 → ^9.39.4			devDependencies	patch
mcr.microsoft.com/playwright	v1.53.2-noble → v1.58.2-noble			container	minor
pkg-types	^2.2.0 → ^2.3.0			devDependencies	patch
pnpm (source)	10.21.0 → 10.30.3			packageManager	minor
tinyexec	^1.0.1 → ^1.0.2			devDependencies	patch
tinyglobby (source)	^0.2.14 → ^0.2.15			devDependencies	patch
turbo (source)	2.5.4 → 2.8.14			devDependencies	minor
typescript (source)	5.8.3 → 5.9.3			devDependencies	minor
vue-tsc (source)	3.0.4 → 3.2.5			devDependencies	minor

---

Release Notes

nuxt/cli (@​nuxt/cli)

v3.33.1

Compare Source

3.33.1 is the next patch release.

👉 Changelog

compare changes

🩹 Fixes

• Convert more errors to strings (3cef4f3)

🏡 Chore

• Migrate Renovate config (#​1215)
• Unpin @clack/prompts now that it's stable (d3cf87c)

❤️ Contributors

• Daniel Roe (@​danielroe)

v3.33.0

Compare Source

3.33.0 is the next minor release.

👉 Changelog

compare changes

🚀 Enhancements

• init: Add fuzzy search for module selection (#​1180)

🩹 Fixes

• nuxi: Pass --dotenv argument to showVersions in build command (#​1189)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Max (@​onmax)
• Florian Heuberger (@​Flo0806)

v3.32.0

Compare Source

3.32.0 is the next minor release.

👉 Changelog

compare changes

🚀 Enhancements

• add: Move module add -> add and add new template-add command (#​1176)

🩹 Fixes

• init: Silence dependency install logs (#​1172)
• add: Add better error fallbacks (#​1177)

❤️ Contributors

• Sébastien Chopin (@​atinux)
• Daniel Roe (@​danielroe)
• Konv Suu (@​kovsu)

v3.31.3

Compare Source

3.31.3 is the next patch release.

👉 Changelog

compare changes

🩹 Fixes

• info: Provide copyable info if clipboard copy fails (#​1164)
• init: Only show official modules compatible w/ current nuxt (#​1165)
• dev: Only override NODE_ENV override when initialising server (#​1161)

🤖 CI

• Use setup-deno v2 (77340dc)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Ivan (@​Mixerou)
• Robin (@​OrbisK)

v3.31.2

Compare Source

3.31.2 is the next patch release.

👉 Changelog

compare changes

📦 Build

• Enable shims in tsdown configuration (#​1151)

❤️ Contributors

• yamachi4416 (@​yamachi4416)

v3.31.1

Compare Source

3.31.1 is a patch release to address a regression when creating a new project.

👉 Changelog

compare changes

🔥 Performance

• dev: Use join rather than resolve if adding static string (b0b8fd5)

🩹 Fixes

• dev: Ensure tsconfig.json exists before starting dev server (0aa3a0f)
• dev: Handle completions when running npm create nuxt (#​1149)

✅ Tests

• Add e2e test for create-nuxt cli (3650f92)

❤️ Contributors

• Daniel Roe (@​danielroe)
• AmirHossein Sakhravi (@​AmirSa12)

v3.31.0

Compare Source

3.31.0 is the next minor release.

👉 Changelog

compare changes

🚀 Enhancements

• Add shell completions using @bomb.sh/tab (#​1082)
• Use clack to add more ✨ (#​1121)
• init: Prompt user to select a template (#​1147)

🩹 Fixes

• module,init,upgrade: Use updated @clack/prompts (#​1117)
• dev: Handle --host without explicit host (5278c9e)
• upgrade: Clean lockfile in workspace dir (01ca983)
• info: Support nitro version + remove buildModules for v3+ (3eaca44)
• info: Check if BuildModules is defined (ce9694f)
• build,dev: Respect NODE_PATH when loading kit/nuxt (d5f9331)
• dev: Respect https.xxx commandline arguments (#​1129)
• preview: Respect dotenv command-line arg (#​1144)
• dev: Prime mtimes cache when starting dev server (#​1137)

💅 Refactors

• init: Use clack for prettier box styling (#​1077)

🏡 Chore

• Lint (068c85f)
• Update pnpm to 10.21 and enable trust policy (7edcce5)
• Revert pnpm trust policy and restore provenance action (694e92b)
• Lint (1b26dec)
• Use github token from environment when fetching templates (7812d77)
• Lint (40c967f)

🤖 CI

• Pass token to ci workflow as well (b04de4f)
• Pass token in more places (fdafc3a)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Aron Nopanen (@​aroneous)
• yamachi4416 (@​yamachi4416)
• AmirHossein Sakhravi (@​AmirSa12)
• paul valladares (@​dreyfus92)

v3.30.0

Compare Source

3.30.0 is the next minor release.

👀 Highlights

The biggest change in this release is that we drop the built-in proxy server which we previously used.

this will mean that there's not a persistent connection, but it avoids a lot of the pain and potential problematic behaviour with having a proxy (either over socket, which can be flaky on different oses/runtimes - or over network, which is slow on windows).

we're also continuing to focus on performance, including dropping some dependencies, and migrating where possible to new unjs libraries like h3 v2 and srvx.

👉 Changelog

compare changes

🚀 Enhancements

• dev: Experimentally support nitro v3 + inline h3 (11f8bf7)

🔥 Performance

• info: Migrate from clipboardy to copy-paste (#​1087)
• preview: Inline port description (2b40c32)

🩹 Fixes

• build,dev: Support showing nitro version (70dcc9b)
• dev: Use proxy instead of web fetch handler (#​1104)
• module,upgrade: Allow adding module/nuxt version to pnpm workspace root (#​1109)

💅 Refactors

• analyze: Use srvx to serve analysis results (97d8172)
• dev: Remove proxy server in favour of direct listening (#​1105)

📦 Build

• Use tsdown + isolated declarations (#​1095)

🏡 Chore

• Update knip config (c23e915)
• Clean up playground console logging (3a92d84)
• Add verifyDepsBeforeRun: install (#​1106)
• Update ignoredBuiltDependencies (#​1107)

✅ Tests

• Remove separate socket runtime tests (df17ad4)

❤️ Contributors

• Damian Głowala (@​DamianGlowala)
• Daniel Roe (@​danielroe)

v3.29.3

Compare Source

👉 Changelog

compare changes

🩹 Fixes

• dev: Skip sending headers if they are already sent (4509643)
• dev: Handle multiple set-cookie headers correctly (#​1079)
• dev: Handle more kinds of fetch errors (#​1076)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Florian Heuberger (@​Flo0806)

v3.29.2

Compare Source

👉 Changelog

compare changes

🩹 Fixes

• Polyfill process.getBuiltinModule (fa5d5e6)
• dev: Use node pipelining on windows (#​1072)

🏡 Chore

• Lint lint lint (2b6b345)

🤖 CI

• Write pr number to artifact (5e9adc2)
• Debug artifact paths (5316bd4)
• Resolve statsDir + move checkout earlier (c94e144)
• Remove packages/ dir from size parsing script (5b3d7a3)

❤️ Contributors

• Daniel Roe (@​danielroe)

nuxt/eslint (@​nuxt/eslint)

v1.15.2

Compare Source

   🐞 Bug Fixes

• Prevent race condition of running checker module before eslint config is written  -  by @​sebbayer in #​653 (69aa4)

    View changes on GitHub

v1.15.1

Compare Source

   🐞 Bug Fixes

• Downgrade @eslint/js, fix #​647  -  by @​antfu in #​647 (2c1c1)

    View changes on GitHub

v1.15.0

Compare Source

   🚀 Features

• Relax peer deps range to support ESLint v10, fix #​642  -  by @​antfu in #​642 (305a9)

    View changes on GitHub

v1.14.0

Compare Source

   🚀 Features

• eslint-config: Add no-page-meta-runtime-values  -  by @​danielroe in #​641 (b74a0)

    View changes on GitHub

v1.13.0

Compare Source

   🚀 Features

• Upgrade eslint-flat-config-utils eslint-plugin-import-lite and eslint-plugin-jsdoc  -  by @​antfu (10bf9)

    View changes on GitHub

v1.12.1

Compare Source

No significant changes

    View changes on GitHub

v1.11.0

Compare Source

   🚀 Features

• Allow config key sorting on files not named nuxt.config  -  by @​benedictleejh in #​630 (be2e9)

    View changes on GitHub

v1.10.0

Compare Source

   🚀 Features

• Update deps  -  by @​antfu (23b8b)

   🐞 Bug Fixes

• Update icon path  -  by @​antfu (3f185)

    View changes on GitHub

v1.9.0

Compare Source

   🚀 Features

• Update plugins  -  by @​antfu (b80cb)

   🐞 Bug Fixes

• Add defineNuxtConfig as ESLint's globals, close #​603  -  by @​antfu in #​603 (2e67f)

    View changes on GitHub

v1.8.0

Compare Source

   🚀 Features

• Update plugins  -  by @​antfu (932a7)

    View changes on GitHub

v1.7.1

Compare Source

   🐞 Bug Fixes

• Include eslint-typegen.d.ts in nuxt.node.d.ts, close #​596  -  by @​antfu in #​596 (ab74e)

    View changes on GitHub

v1.7.0

Compare Source

   🚀 Features

• Upgrade eslint-plugin-unicorn  -  by @​antfu (b3b7d)

    View changes on GitHub

v1.6.0

Compare Source

   🐞 Bug Fixes

• Bring back eslint-plugin-import-x as default, close #​590  -  by @​antfu in #​590 (e43d6)

    View changes on GitHub

microsoft/playwright (@​playwright/test)

v1.58.2

Compare Source

v1.58.1

Compare Source

Highlights

#​39036 fix(msedge): fix local network permissions
#​39037 chore: update cft download location
#​38995 chore(webkit): disable frame sessions on fronzen builds

Browser Versions

• Chromium 145.0.7632.6
• Mozilla Firefox 146.0.1
• WebKit 26.0

v1.58.0

Compare Source

v1.57.0

Compare Source

v1.56.1

Compare Source

Highlights

#​37871 chore: allow local-network-access permission in chromium
#​37891 fix(agents): remove workspaceFolder ref from vscode mcp
#​37759 chore: rename agents to test agents
#​37757 chore(mcp): fallback to cwd when resolving test config

Browser Versions

• Chromium 141.0.7390.37
• Mozilla Firefox 142.0.1
• WebKit 26.0

v1.56.0

Compare Source

Playwright Agents

Introducing Playwright Agents, three custom agent definitions designed to guide LLMs through the core process of building a Playwright test:

• 🎭 planner explores the app and produces a Markdown test plan
• 🎭 generator transforms the Markdown plan into the Playwright Test files
• 🎭 healer executes the test suite and automatically repairs failing tests

Run npx playwright init-agents with your client of choice to generate the latest agent definitions:

### Generate agent files for each agentic loop
### Visual Studio Code
npx playwright init-agents --loop=vscode

### Claude Code
npx playwright init-agents --loop=claude

### opencode
npx playwright init-agents --loop=opencode

[!NOTE]
VS Code v1.105 (currently on the VS Code Insiders channel) is needed for the agentic experience in VS Code. It will become stable shortly, we are a bit ahead of times with this functionality!

Learn more about Playwright Agents

New APIs

• New methods page.consoleMessages() and page.pageErrors() for retrieving the most recent console messages from the page
• New method page.requests() for retrieving the most recent network requests from the page
• Added --test-list and --test-list-invert to allow manual specification of specific tests from a file

UI Mode and HTML Reporter

• Added option to 'html' reporter to disable the "Copy prompt" button
• Added option to 'html' reporter and UI Mode to merge files, collapsing test and describe blocks into a single unified list
• Added option to UI Mode mirroring the --update-snapshots options
• Added option to UI Mode to run only a single worker at a time

Breaking Changes

• Event browserContext.on('backgroundpage') has been deprecated and will not be emitted. Method browserContext.backgroundPages() will return an empty list

Miscellaneous

• Aria snapshots render and compare input placeholder
• Added environment variable PLAYWRIGHT_TEST to Playwright worker processes to allow discriminating on testing status

Browser Versions

• Chromium 141.0.7390.37
• Mozilla Firefox 142.0.1
• WebKit 26.0

v1.55.1

Compare Source

Highlights

#​37479 - [Bug]: Upgrade Chromium to 140.0.7339.186.
#​37147 - [Regression]: Internal error: step id not found.
#​37146 - [Regression]: HTML reporter displays a broken chip link when there are no projects.
#​37137 - Revert "fix(a11y): track inert elements as hidden".
#​37532 - chore: do not use -k option

Browser Versions

• Chromium 140.0.7339.186
• Mozilla Firefox 141.0
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 139
• Microsoft Edge 139

v1.55.0

Compare Source

New APIs

• New Property testStepInfo.titlePath Returns the full title path starting from the test file, including test and step titles.

Codegen

• Automatic toBeVisible() assertions: Codegen can now generate automatic toBeVisible() assertions for common UI interactions. This feature can be enabled in the Codegen settings UI.

Breaking Changes

• ⚠️ Dropped support for Chromium extension manifest v2.

Miscellaneous

• Added support for Debian 13 "Trixie".

Browser Versions

• Chromium 140.0.7339.16
• Mozilla Firefox 141.0
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 139
• Microsoft Edge 139

v1.54.2

Compare Source

Highlights

#​36714 - [Regression]: Codegen is not able to launch in Administrator Terminal on Windows (ProtocolError: Protocol error)
#​36828 - [Regression]: Playwright Codegen keeps spamming with selected option
#​36810 - [Regression]: Starting Codegen with target language doesn't work anymore

Browser Versions

• Chromium 139.0.7258.5
• Mozilla Firefox 140.0.2
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 140
• Microsoft Edge 140

v1.54.1

Compare Source

Highlights

#​36650 - [Regression]: 1.54.0 breaks downloading browsers when an HTTP(S) proxy is used

Browser Versions

• Chromium 139.0.7258.5
• Mozilla Firefox 140.0.2
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 140
• Microsoft Edge 140

v1.54.0

Compare Source

Highlights

• New cookie property partitionKey in browserContext.cookies() and browserContext.addCookies(). This property allows to save and restore partitioned cookies. See CHIPS MDN article for more information. Note that browsers have different support and defaults for cookie partitioning.

• New option noSnippets to disable code snippets in the html report.

  import { defineConfig } from '@​playwright/test';
  
  export default defineConfig({
    reporter: [['html', { noSnippets: true }]]
  });

• New property location in test annotations, for example in testResult.annotations and testInfo.annotations. It shows where the annotation like test.skip or test.fixme was added.

Command Line

• New option --user-data-dir in multiple commands. You can specify the same user data dir to reuse browsing state, like authentication, between sessions.

  npx playwright codegen --user-data-dir=./user-data

• Option -gv has been removed from the npx playwright test command. Use --grep-invert instead.

• npx playwright open does not open the test recorder anymore. Use npx playwright codegen instead.

Miscellaneous

• Support for Node.js 16 has been removed.
• Support for Node.js 18 has been deprecated, and will be removed in the future.

Browser Versions

• Chromium 139.0.7258.5
• Mozilla Firefox 140.0.2
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 140
• Microsoft Edge 140

danielroe/provenance-action (danielroe/provenance-action)

v0.1.1

Compare Source

compare changes

🚀 Enhancements

• Add support for bun.lock (#​12)

📖 Documentation

• Use @main constraint for example (237ceea)

❤️ Contributors

• Daniel Roe (@​danielroe)

eslint/eslint (eslint)

v9.39.4

Compare Source

Bug Fixes

• f18f6c8 fix: update dependency minimatch to ^3.1.5 (#​20564) (Milos Djermanovic)
• a3c868f fix: update dependency @​eslint/eslintrc to ^3.3.4 (#​20554) (Milos Djermanovic)
• 234d005 fix: minimatch security vulnerability patch for v9.x (#​20549) (Andrej Beles)
• b1b37ee fix: update ajv to 6.14.0 to address security vulnerabilities (#​20538) (루밀LuMir)

Documentation

• 4675152 docs: add deprecation notice partial (#​20520) (Milos Djermanovic)

Chores

• b8b4eb1 chore: update dependencies for ESLint v9.39.4 (#​20596) (Francesco Trotta)
• 71b2f6b chore: package.json update for @​eslint/js release (Jenkins)
• 1d16c2f ci: pin Node.js 25.6.1 (#​20563) (Milos Djermanovic)

pnpm/pnpm (pnpm)

v10.30.3

Compare Source

v10.30.2

Compare Source

v10.30.1: pnpm 10.30.1

Compare Source

Patch Changes

• Use the /-/npm/v1/security/audits/quick endpoint as the primary audit endpoint, falling back to /-/npm/v1/security/audits when it fails #​10649.

Platinum Sponsors

Gold Sponsors

v10.30.0: pnpm 10.30

Compare Source

Minor Changes

• pnpm why now shows a reverse dependency tree. The searched package appears at the root with its dependents as branches, walking back to workspace roots. This replaces the previous forward-tree output which was noisy and hard to read for deeply nested dependencies.

Patch Changes

• Revert pnpm why dependency pruning to prefer correctness over memory consumption. Reverted PR: #​7122.
• Optimize pnpm why and pnpm list performance in workspaces with many importers by sharing the dependency graph and materialization cache across all importers instead of rebuilding them independently for each one #​10596.

Platinum Sponsors

Gold Sponsors

v10.29.3

Compare Source

v10.29.2

Compare Source

v10.29.1: pnpm 10.29.1

Compare Source

Minor Changes

• The pnpm dlx / pnpx command now supports the catalog: protocol. Example: pnpm dlx shx@catalog:.
• Support configuring auditLevel in the pnpm-workspace.yaml file #​10540.
• Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #​10436.

Patch Changes

• Fixed pnpm list --json returning incorrect paths when using global virtual store #​10187.

• Fix pnpm store path and pnpm store status using workspace root for path resolution when storeDir is relative #​10290.

• Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #​10497.

• Fixed a bug where catalogMode: strict would write the literal string "catalog:" to pnpm-workspace.yaml instead of the resolved version specifier when re-adding an existing catalog dependency #​10176.

• Fixed the documentation URL shown in pnpm completion --help to point to the correct page at https://pnpm.io/completion #​10281.

• Skip local file: protocol dependencies during pnpm fetch. This fixes an issue where pnpm fetch would fail in Docker builds when local directory dependencies were not available #​10460.

• Fixed pnpm audit --json to respect the --audit-level setting for both exit code and output filtering #​10540.

• update tar to version 7.5.7 to fix security issue

  Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842

• Fix pnpm audit --fix replacing reference overrides (e.g. $foo) with concrete versions #​10325.

• Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not being converted to publicHoistPattern #​10271.

• pnpm help should correctly report if the currently running pnpm CLI is bundled with Node.js #​10561.

• Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for node_modules/.bin, causing binaries to not be found when running commands like pnpm exec #​10457.

Platinum Sponsors

Gold Sponsors

v10.28.2: pnpm 10.28.2

Compare Source

Patch Changes

• Security fix: prevent path traversal in directories.bin field.

• When pnpm installs a `file:

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
examples	Ready	Preview, Comment	Mar 7, 2026 11:00am