chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@nuxt/kit	^3.4.1 -> ^3.4.2
@nuxt/schema	^3.4.1 -> ^3.4.2
@types/node (source)	^18.15.11 -> ^18.16.0
consola	^3.0.2 -> ^3.1.0
eslint (source)	^8.38.0 -> ^8.39.0
eslint-define-config	^1.18.0 -> ^1.19.0
pnpm (source)	8.2.0 -> 8.3.1
prettier (source)	^2.8.7 -> ^2.8.8
vite (source)	^4.2.1 -> ^4.3.1

---

Release Notes

nuxt/nuxt

v3.4.2

Compare Source

3.4.2 is a patch release with the latest bug fixes and performance improvements

✨ What's new?

Apart from the normal bug fixes, we have a couple things we should call out.

1. 🔥 We're now on Vite 4.3 (#​20405). This was a performance-focused release and hopefully you'll be enjoying the speed improvements! Check out the release announcement for more info.
2. 👀 It's now possible to experimentally enable @parcel/watcher for the Nuxt dev watcher (#​20179). This may improve performance if you're on Windows. You'll probably also want to install watchman in that case.

✅ Upgrading

As usual, our recommendation for upgrading is to run:

nuxi upgrade --force

This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.

👉 Changelog

compare changes

🔥 Performance

• nuxt: Share lazy component definitions (#​20259)
• Remove unused deps and add implicit deps (#​20356)
• Allow using @parcel/watcher for dev watcher (#​20179)

🩹 Fixes

• vite: Set different cache dirs for client/server (#​20276)
• nuxt: Generate hi-res sourcemaps (#​20280)
• nuxt: Return type directly if not picking asyncData (#​20288)
• nuxt: Provide more helpful error when instance unavailable (#​20289)
• nuxt: Mark useRequestHeaders keys as optional (#​20286)
• vite: Avoid serving arbitrary file in vite-node middleware (#​20345)
• nuxt: Swap preloads for json/js payloads (#​20375)
• nuxt: Handle pages with no content and log warning (#​20373)
• test-utils: Import jest functions from @jest/globals (#​20360)
• core,kit: Ensure module transpilation paths are dirs (#​20396)
• schema: Rely on installed telemetry types (#​19640)
• cli: Load kit from rootDir when preparing project (#​20401)
• nuxt: Clone app config on server (#​20278)

💅 Refactors

• nuxt: Rework and use isJS and isVue utilities consistently (#​20344)
• vite: Use native isFileServingAllowed util (#​20414)

📖 Documentation

• Update links on hooks page (#​20296)
• Add brief information on debugging a nuxt app (#​20282)
• Fix vue-tsc link (#​20350)
• Update lint command for the documentation (#​20399)

🏡 Chore

• Remove @ts-ignore and fix some issues (#​20273)
• Maintain a 'next release' PR (e6cc4aa02)
• Set git user (2a596c2b3)
• Don't list dep updates in auto-changelog (8234bc18d)
• Update vite to v4.3 (#​20405)

🤖 CI

• Don't run ci for release branches (f550976f7)
• Give write access to changelogensets (0518cdbff)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Harlan Wilton (@​harlan-zw)
• Preet Mishra (@​preetmishra)
• Lehoczky Zoltán (@​Lehoczky)
• @​BD103
• Anthony Fu (@​antfu)

unjs/consola

v3.1.0

Compare Source

compare changes

🚀 Enhancements

• Support fancy option for createConsola and improve docs (#​177)
• /basic, /core and /browser subpath exports (#​178)

🏡 Chore

• Add json example (943992d)
• Update the docs (a952bc2)

❤️ Contributors

• Pooya Parsa (@​pi0)

eslint/eslint

v8.39.0

Compare Source

Features

• 3f7af9f feat: Implement SourceCode#markVariableAsUsed() (#​17086) (Nicholas C. Zakas)

Documentation

• 6987dc5 docs: Fix formatting in Custom Rules docs (#​17097) (Milos Djermanovic)
• 4ee92e5 docs: Update README (GitHub Actions Bot)
• d8e9887 docs: Custom Rules cleanup/expansion (#​16906) (Ben Perlmutter)
• 1fea279 docs: Clarify how to add to tsc agenda (#​17084) (Nicholas C. Zakas)
• 970ef1c docs: Update triage board location (Nicholas C. Zakas)
• 6d8bffd docs: Update README (GitHub Actions Bot)

Chores

• 60a6f26 chore: upgrade @​eslint/js@​8.39.0 (#​17102) (Milos Djermanovic)
• d5ba5c0 chore: package.json update for @​eslint/js release (ESLint Jenkins)
• f57eff2 ci: run tests on Node.js v20 (#​17093) (Nitin Kumar)
• 9d1b8fc perf: Binary search in token store utils.search (#​17066) (Francesco Trotta)
• 07a4435 chore: Add request for minimal repro to bug report (#​17081) (Nicholas C. Zakas)
• eac4943 refactor: remove unnecessary use of SourceCode#getAncestors in rules (#​17075) (Milos Djermanovic)
• 0a7b60a chore: update description of SourceCode#getDeclaredVariables (#​17072) (Milos Djermanovic)
• 6e2df71 chore: remove unnecessary references to the LICENSE file (#​17071) (Milos Djermanovic)

Shinigami92/eslint-define-config

v1.19.0

Compare Source

diff

• Patch types generated by jsonschema compiler (#​190)
• Add support for vitest (#​191)
• Update rules for: [typescript-eslint, jsdoc]

pnpm/pnpm

v8.3.1

Compare Source

Patch Changes

• Patch node-fetch to fix an error that happens on Node.js 20 #​6424.

Our Gold Sponsors

Our Silver Sponsors

v8.3.0

Compare Source

Minor Changes

• A custom compression level may be specified for the pnpm pack command using the pack-gzip-level setting #​6393.
• Add --check flag to pnpm dedupe. No changes will be made to node_modules or the lockfile. Exits with a non-zero status code if changes are possible.
• pnpm install --resolution-only re-runs resolution to print out any peer dependency issues #​6411.

Patch Changes

• Warn user when publishConfig.directory of an injected workspace dependency does not exist #​6396.
• Use hard links to link the node executable on Windows machines #​4315.

Our Gold Sponsors

Our Silver Sponsors

prettier/prettier

v2.8.8

Compare Source

This version is a republished version of v2.8.7.
A bad version was accidentally published and it can't be unpublished, apologies for the churn.

vitejs/vite

v4.3.1

Compare Source

• fix: revert ensure module in graph before transforming (#​12774) (#​12929) (9cc93a5), closes #​12774 #​12929
• docs: 4.3 announcement and release notes (#​12925) (f29c582), closes #​12925
• chore: clean up 4.3 changelog (55ec023)

v4.3.0

Compare Source

Vite 4.3 is out! Read the announcement blog post here

In this minor, we focused on improving the dev server performance. The resolve logic got streamlined, improving hot paths and implementing smarter caching for finding package.json, TS config files, and resolved URL in general.

You can read a detailed walkthrough of the performance work done in this blog post by one of Vite Contributors: How we made Vite 4.3 faaaaster 🚀.

This sprint resulted in speed improvements across the board compared to Vite 4.2.

These are the performance improvements as measured by sapphi-red/performance-compare, which tests an app with 1000 React Components cold and warm dev server startup time as well as HMR times for a root and a leaf component:

Vite (babel)	Vite 4.2	Vite 4.3	Improvement
dev cold start	17249.0ms	5132.4ms	-70.2%
dev warm start	6027.8ms	4536.1ms	-24.7%
Root HMR	46.8ms	26.7ms	-42.9%
Leaf HMR	27.0ms	12.9ms	-52.2%

Vite (swc)	Vite 4.2	Vite 4.3	Improvement
dev cold start	13552.5ms	3201.0ms	-76.4%
dev warm start	4625.5ms	2834.4ms	-38.7%
Root HMR	30.5ms	24.0ms	-21.3%
Leaf HMR	16.9ms	10.0ms	-40.8%

You can read more information about the benchmark here

Features

• feat: expose isFileServingAllowed as public utility (#​12894) (93e095c), closes #​12894
• feat: reuse existing style elements in dev (#​12678) (3a41bd8), closes #​12678
• feat: skip pinging the server when the tab is not shown (#​12698) (bedcd8f), closes #​12698
• feat(create-vite): use typescript 5.0 in templates (#​12481) (8582e2d), closes #​12481
• feat: use preview server parameter in preview server hook (#​11647) (4c142ea), closes #​11647
• feat(reporter): show gzip info for all compressible files (fix #​11288) (#​12485) (03502c8), closes #​11288 #​12485
• feat(server): allow to import data: uris (#​12645) (4886d9f), closes #​12645
• feat: add opus filetype to assets & mime types (#​12526) (63524ba), closes #​12526

Performance

• perf: parallelize await exportsData from depsInfo (#​12869) (ab3a530), closes #​12869
• perf: avoid side effects resolving in dev and in the optimizer/scanner (#​12789) (fb904f9), closes #​12789
• perf: parallelize imports processing in import analysis plugin (#​12754) (037a6c7), closes #​12754
• perf: unresolvedUrlToModule promise cache (#​12725) (80c526e), closes #​12725
• perf(resolve): avoid tryFsResolve for /@​fs/ paths (#​12450) (3ef8aaa), closes #​12450
• perf(resolve): reduce vite client path checks (#​12471) (c49af23), closes #​12471
• perf: avoid new URL() in hot path (#​12654) (f4e2fdf), closes #​12654
• perf: improve isFileReadable performance (#​12397) (acf3a14), closes #​12397
• perf: module graph url shortcuts (#​12635) (c268cfa), closes #​12635
• perf: reduce runOptimizerIfIdleAfterMs time (#​12614) (d026a65), closes #​12614
• perf: shorcircuit resolve in ensure entry from url (#​12655) (82137d6), closes #​12655
• perf: skip es-module-lexer if have no dynamic imports (#​12732) (5d07d7c), closes #​12732
• perf: start preprocessing static imports before updating module graph (#​12723) (c90b46e), closes #​12723
• perf: use package cache for one off resolve (#​12744) (77bf4ef), closes #​12744
• perf(css): cache lazy import (#​12721) (fedb080), closes #​12721
• perf(hmr): keep track of already traversed modules when propagating update (#​12658) (3b912fb), closes #​12658
• perf(moduleGraph): resolve dep urls in parallel (#​12619) (4823fec), closes #​12619
• perf(resolve): skip for virtual files (#​12638) (9e13f5f), closes #​12638
• perf: avoid fsp.unlink if we don't use the promise (#​12589) (19d1980), closes #​12589
• perf: back to temporal optimizer dirs (#​12622) (8da0422), closes #​12622
• perf: cache depsCacheDirPrefix value for isOptimizedDepFile (#​12601) (edbd262), closes #​12601
• perf: improve cleanUrl util (#​12573) (68d500e), closes #​12573
• perf: non-blocking write of optimized dep files (#​12603) (2f5f968), closes #​12603
• perf: try using realpathSync.native in Windows (#​12580) (1cc99f8), closes #​12580
• perf: use fsp in more cases (#​12553) (e9b92f5), closes #​12553
• perf(html): apply preTransformRequest for html scripts (#​12599) (420782c), closes #​12599
• perf(optimizer): bulk optimizer delay (#​12609) (c881971), closes #​12609
• perf(optimizer): start optimizer early (#​12593) (4f9b8b4), closes #​12593
• perf(resolve): avoid isWorkerRequest and clean up .ts imported a .js (#​12571) (8ab1438), closes #​12571
• perf(resolve): findNearestMainPackageData instead of lookupFile (#​12576) (54b376f), closes #​12576
• perf(server): only watch .env files in envDir (#​12587) (26d8e72), closes #​12587
• perf: avoid execSync on openBrowser (#​12510) (a2af2f0), closes #​12510
• perf: extract regex and use Map in data-uri plugin (#​12500) (137e63d), closes #​12500
• perf: extract vite:resolve internal functions (#​12522) (6ea4be2), closes #​12522
• perf: improve package cache usage (#​12512) (abc2b9c), closes #​12512
• perf: more regex improvements (#​12520) (abf536f), closes #​12520
• perf: regex to startsWith/slice in utils (#​12532) (debc6e2), closes #​12532
• perf: remove regex in ImportMetaURL plugins (#​12502) (1030049), closes #​12502
• perf: replace endsWith with === (#​12539) (7eb52ec), closes #​12539
• perf: replace startsWith with === (#​12531) (9cce026), closes #​12531
• perf: reuse regex in plugins (#​12518) (da43936), closes #​12518
• perf: use safeRealpath in getRealpath (#​12551) (cec2320), closes #​12551
• perf(css): improve postcss config resolve (#​12484) (58e99b6), closes #​12484
• perf(esbuild): make tsconfck non-blocking (#​12548) (e5cdff7), closes #​12548
• perf(esbuild): update tsconfck to consume faster find-all implementation (#​12541) (b6ea25a), closes #​12541
• perf(resolve): fix browser mapping nearest package.json check (#​12550) (eac376e), closes #​12550
• perf(resolve): improve package.json resolve speed (#​12441) (1fc8c65), closes #​12441
• perf(resolve): refactor package.json handling for deep imports (#​12461) (596b661), closes #​12461
• perf(resolve): refactor tryFsResolve and tryResolveFile (#​12542) (3f70f47)
• perf(resolve): skip absolute paths in root as url checks (#​12476) (8d2931b), closes #​12476
• perf(resolve): support # in path only for dependencies (#​12469) (6559fc7), closes #​12469

Bug Fixes

• fix(build): do not repeatedly output warning message (#​12910) (251d0ab), closes #​12910
• fix: escape msg in render restricted error html (#​12889) (3aa2127), closes #​12889
• fix: yarn pnp considerBuiltins (#​12903) (a0e10d5), closes #​12903
• fix: broken middleware name (#​12871) (32bef57), closes #​12871
• fix: cleanUpStaleCacheDirs once per process (#​12847) (2c58b6e), closes #​12847
• fix(build): do not warn when URL in CSS is externalized (#​12873) (1510996), closes #​12873
• fix: build time deps optimization, and ensure single crawl end call (#​12851) (fa30879), closes #​12851
• fix: correct vite config temporary name (#​12833) (cdd9c23), closes #​12833
• fix(importAnalysis): warning on ExportAllDeclaration (#​12799) (5136b9b), closes #​12799
• fix(optimizer): start optimizer after buildStart (#​12832) (cfe75ee), closes #​12832
• fix: handle try-catch for fs promise when resolve https config (#​12808) (0bba402), closes #​12808
• fix(build): correctly handle warning ignore list (#​12831) (8830532), closes #​12831
• fix(resolve): use different importer check for css imports (#​12815) (d037327), closes #​12815
• fix: ignore sideEffects for scripts imported from html (#​12786) (f09551f), closes #​12786
• fix: warn on build when bundling code that uses nodejs built in module (#​12616) (72050f9), closes #​12616
• fix(cli): pass mode to optimize command (#​12776) (da38ad8), closes #​12776
• fix(css): resolve at import from dependency basedir (#​12796) (46bdf7d), closes #​12796
• fix(worker): asset in iife worker and relative base (#​12697) (ddefc06), closes #​12697
• fix(worker): return null for shouldTransformCachedModule (#​12797) (ea5f6fc), closes #​12797
• fix: allow onwarn to override vite default warning handling (#​12757) (f736930), closes #​12757
• fix: ensure module in graph before transforming (#​12774) (44ad321), closes #​12774
• fix: update package cache watcher (#​12772) (a78588f), closes #​12772
• fix: avoid clean up while committing deps folder (#​12722) (3f4d109), closes #​12722
• fix: ignore pnp resolve error (#​12719) (2d30ae5), closes #​12719
• fix: leave fully dynamic import.meta.url asset (fixes #​10306) (#​10549) (56802b1), closes #​10306 #​10549
• fix: output combined sourcemap in importAnalysisBuild plugin (#​12642) (d051639), closes #​12642
• fix: take in relative assets path fixes from rollup (#​12695) (81e44dd), closes #​12695
• fix: throws error when plugin tries to resolve ID to external URL (#​11731) (49674b5), closes #​11731
• fix(css): css file emit synchronously (#​12558) (8e30025), closes #​12558
• fix(import-analysis): escape quotes correctly (#​12688) (1638ebd), closes #​12688
• fix(optimizer): load the correct lock file (#​12700) (889eebe), closes #​12700
• fix(server): delay ws server listen when restart (#​12734) (abe9274), closes #​12734
• fix(ssr): load sourcemaps alongside modules (#​11780) (be95050), closes #​11780
• fix(ssr): show ssr module loader error stack (#​12651) (050c0f9), closes #​12651
• fix(worker): disable manifest plugins in worker build (#​12661) (20b8ef4), closes #​12661
• fix(worker): worker import.meta.url should not depends on document in iife mode (#​12629) (65f5ed2), closes #​12629
• fix: avoid temporal optimize deps dirs (#​12582) (ff92f2f), closes #​12582
• fix: await buildStart before server start (#​12647) (871d353), closes #​12647
• fix: call buildStart only once when using next port (#​12624) (e10c6bd), closes #​12624
• fix: sourcemapIgnoreList for optimizedDeps (#​12633) (c1d3fc9), closes #​12633
• fix: splitFileAndPostfix works as cleanUrl (#​12572) (276725f), closes #​12572
• fix: throw error on build optimizeDeps issue (#​12560) (02a46d7), closes #​12560
• fix: use nearest pkg to resolved for moduleSideEffects (#​12628) (1dfecc8), closes #​12628
• fix(css): use charset: 'utf8' by default for css (#​12565) (c20a064), closes #​12565
• fix(html): dont pretransform public scripts (#​12650) (4f0af3f), closes #​12650
• fix: avoid crash because of no access permission (#​12552) (eea1682), closes #​12552
• fix: esbuild complains with extra fields (#​12516) (7be0ba5), closes #​12516
• fix: escape replacements in clientInjections (#​12486) (3765067), closes #​12486
• fix: open browser reuse logic (#​12535) (04d14af), closes #​12535
• fix: prevent error on not set location href (#​12494) (2fb8527), closes #​12494
• fix: simplify prettyUrl (#​12488) (ebe5aa5), closes #​12488
• fix(config): add random number to temp transpiled file (#​12150) (2b2ba61), closes #​12150
• fix(deps): update all non-major dependencies (#​12389) (3e60b77), closes #​12389
• fix(html): public asset urls always being treated as paths (fix #​11857) (#​11870) (46d1352), closes #​11857 #​11870
• fix(ssr): hoist import statements to the top (#​12274) (33baff5), closes #​12274
• fix(ssr): hoist re-exports with imports (#​12530) (45549e4), closes #​12530
• fix: should generate Hi-res sourcemap for dev (#​12501) (1502617), closes #​12501

Clean up

• refactor: simplify crawlEndFinder (#​12868) (31f8b51), closes #​12868
• refactor: use simpler resolve for nested optimized deps ([#​12770](https://togithub.com/vitejs/vite/issues/

---

Configuration

📅 Schedule: Branch creation - "before 3am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[socket-security]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

---

👍 No new dependency issues detected in pull request

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

Pull request alert summary

Issue	Status
Install scripts	✅ 0 issues
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

---

📊 Modified Dependency Overview:

➕ Added Package	Capability Access	+/- Transitive Count	Publisher
[email protected]	eval, filesystem, environment	+0	prettier-bot
@types/[email protected]	None	+0	types
@nuxt/[email protected]	environment	+32	danielroe
@nuxt/[email protected]	eval	+46	danielroe

⬆️ Updated Package	Version Diff	Added Capability Access	+/- Transitive Count	Publisher
[email protected]	1.18.0...1.19.0	None	+0/-0	shinigami92

🚮 Removed packages: [email protected]