chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@nuxt/eslint (source)	1.4.1 → 1.16.0			dependencies	minor
@nuxt/scripts (source)	1.1.0 → 1.2.1			dependencies	minor
@playwright/test (source)	1.60.0 → 1.61.0			devDependencies	minor
@vue/test-utils	2.4.6 → 2.4.11			devDependencies	patch
@vueuse/nuxt (source)	14.0.0 → 14.3.0			dependencies	minor
danielroe/provenance-action	v0.1.0 → v0.1.1			action	patch
mcr.microsoft.com/playwright	v1.60.0-noble → v1.61.0-noble			container	minor
nuxt-og-image (source)	5.1.4 → 5.1.13			dependencies	patch
pnpm (source)	11.1.2 → 11.8.0			packageManager	minor
simple-git-hooks	2.13.0 → 2.13.1			devDependencies	patch
unplugin-vue-router (source)	^0.12.0 → ^0.19.0			dependencies	minor
vue-sonner	2.0.0 → 2.0.9			dependencies	patch
vue-tsc (source)	3.0.1 → 3.3.5			devDependencies	minor

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

nuxt/eslint (@​nuxt/eslint)

v1.16.0

Compare Source

   🚀 Features

• Update deps  -  by @​antfu (008ad)

    View changes on GitHub

v1.15.2

Compare Source

   🐞 Bug Fixes

• Prevent race condition of running checker module before eslint config is written  -  by @​sebbayer in #​653 (69aa4)

    View changes on GitHub

v1.15.1

Compare Source

   🐞 Bug Fixes

• Downgrade @eslint/js, fix #​647  -  by @​antfu in #​647 (2c1c1)

    View changes on GitHub

v1.15.0

Compare Source

   🚀 Features

• Relax peer deps range to support ESLint v10, fix #​642  -  by @​antfu in #​642 (305a9)

    View changes on GitHub

v1.14.0

Compare Source

   🚀 Features

• eslint-config: Add no-page-meta-runtime-values  -  by @​danielroe in #​641 (b74a0)

    View changes on GitHub

v1.13.0

Compare Source

   🚀 Features

• Upgrade eslint-flat-config-utils eslint-plugin-import-lite and eslint-plugin-jsdoc  -  by @​antfu (10bf9)

    View changes on GitHub

v1.12.1

Compare Source

No significant changes

    View changes on GitHub

v1.11.0

Compare Source

   🚀 Features

• Allow config key sorting on files not named nuxt.config  -  by @​benedictleejh in #​630 (be2e9)

    View changes on GitHub

v1.10.0

Compare Source

   🚀 Features

• Update deps  -  by @​antfu (23b8b)

   🐞 Bug Fixes

• Update icon path  -  by @​antfu (3f185)

    View changes on GitHub

v1.9.0

Compare Source

   🚀 Features

• Update plugins  -  by @​antfu (b80cb)

   🐞 Bug Fixes

• Add defineNuxtConfig as ESLint's globals, close #​603  -  by @​antfu in #​603 (2e67f)

    View changes on GitHub

v1.8.0

Compare Source

   🚀 Features

• Update plugins  -  by @​antfu (932a7)

    View changes on GitHub

v1.7.1

Compare Source

   🐞 Bug Fixes

• Include eslint-typegen.d.ts in nuxt.node.d.ts, close #​596  -  by @​antfu in #​596 (ab74e)

    View changes on GitHub

v1.7.0

Compare Source

   🚀 Features

• Upgrade eslint-plugin-unicorn  -  by @​antfu (b3b7d)

    View changes on GitHub

v1.6.0

Compare Source

   🐞 Bug Fixes

• Bring back eslint-plugin-import-x as default, close #​590  -  by @​antfu in #​590 (e43d6)

    View changes on GitHub

v1.5.2

Compare Source

   🚀 Features

• Add option features.import.plugin to swap plugin implementation, close #​587  -  by @​antfu in #​587 (66f5e)

    View changes on GitHub

v1.5.1

Compare Source

   🐞 Bug Fixes

• eslint-config: Replace deprecated vue/object-property-newline option  -  by @​amery in #​586 (7805e)

    View changes on GitHub

v1.5.0

Compare Source

   🚀 Features

• Switch to eslint-plugin-import-lite, update deps  -  by @​antfu (31bd8)

   🐞 Bug Fixes

• eslint-config: Add file type restrictions to prevent CSS parsing errors  -  by @​amery in #​584 (40521)

    View changes on GitHub

nuxt/scripts (@​nuxt/scripts)

v1.2.1

Compare Source

   🐞 Bug Fixes

• Provide SpeedCurve snippet fallback  -  by @​sjh9714 in #​811 (c1322)

    View changes on GitHub

v1.2.0

Compare Source

   🚀 Features

• SpeedCurve LUX  -  by @​zizzfizzix and @​harlan-zw in #​782 (82696)
• globals: Runtime disable + scripts:globals hook  -  by @​harlan-zw in #​808 (62b04)

   🐞 Bug Fixes

• deps: Add support for unhead v3  -  by @​danielroe and @​harlan-zw in #​795 (fefd9)
• google-maps: Deprecate heatmap component  -  by @​harlan-zw in #​809 (c92ac)
• google-maps,gravatar: A11y misc fixes  -  by @​harlan-zw in #​802 (bb42b)
• instagram-embed: Use facebookexternalhit UA & don't cache empty shells  -  by @​harlan-zw in #​806 (87b13)
• proxy: Strip hop-by-hop request headers (RFC 7230)  -  by @​harlan-zw in #​804 (da57b)
• speedcurve: Vendor LUX snippet and group schema options  -  by @​harlan-zw in #​805 (ac0ad)
• stripe: Allow selecting Stripe.js SDK version  -  by @​harlan-zw in #​799 (ae8d2)
• vimeo: A11y keyboard and video placeholder alt text  -  by @​harlan-zw in #​803 (33a11)
• youtube-player: A11y keyboard-accessible  -  by @​harlan-zw in #​798 (8b4e9)

    View changes on GitHub

v1.1.1

Compare Source

   🐞 Bug Fixes

• security:
  • Allow opting out of proxy page token in SSR payload  -  by @​harlan-zw in #​789 (4738a)
  • Allow disabling proxy signing with security: false  -  by @​harlan-zw in #​790 (dc11a)
• tiktok-pixel:
  • Use TikTok's array snippet protocol  -  by @​harlan-zw in #​786 (f46cc)

    View changes on GitHub

microsoft/playwright (@​playwright/test)

v1.61.0

Compare Source

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

const context = await browser.newContext();

// Seed a passkey your backend provisioned for a test user.
await context.credentials.create('example.com', {
  id: credentialId,
  userHandle,
  privateKey,
  publicKey,
});
await context.credentials.install();

const page = await context.newPage();
await page.goto('https://example.com/login');
// The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with credentials.get(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via page.localStorage and page.sessionStorage, reads and writes the page's storage for the current origin:

await page.localStorage.setItem('token', 'abc');
const token = await page.localStorage.getItem('token');
const items = await page.sessionStorage.items();

New APIs

Network

• apiResponse.securityDetails() and apiResponse.serverAddr() mirror the browser-side response.securityDetails() and response.serverAddr().

Browser and Screencast

• New option artifactsDir in browserType.connectOverCDP() controls where artifacts such as traces and downloads are stored when attached to an existing browser.
• New option cursor in screencast.showActions() controls the cursor decoration rendered for pointer actions.
• The onFrame callback in screencast.start() now receives a timestamp of when the frame was presented by the browser.

Test runner

• The testOptions.video option now supports the same set of modes as trace: new 'on-all-retries', 'retain-on-first-failure' and 'retain-on-failure-and-retries' values. See the video modes table for which runs are recorded and kept in each mode.
• Supported expect.soft.poll(...).
• New fullConfig.argv — a snapshot of process.argv from the runner process, handy for reading custom arguments passed after the -- separator.
• New fullConfig.failOnFlakyTests mirrors the config option, so reporters can explain why a flaky run failed.
• testInfo.errors now lists each sub-error of an AggregateError as a separate entry.
• New -G command line shorthand for --grep-invert.

🛠️ Other improvements

• Playwright now supports Ubuntu 26.04.
• HAR and trace recordings now include WebSocket requests.

Browser Versions

• Chromium 149.0.7827.55
• Mozilla Firefox 151.0
• WebKit 26.5

This version was also tested against the following stable channels:

• Google Chrome 149
• Microsoft Edge 149

vuejs/test-utils (@​vue/test-utils)

v2.4.11

Compare Source

compare changes

🩹 Fixes

• Drop legacy Mutation Event listener entries (#​2844)
• Handle setData() correctly for components using both setup() and data() (#​2846)
• Export GlobalMountOptions type (#​2851)
• Set spec-compliant event.code on keydown/keyup (#​2850)

❤️ Contributors

• Cédric Exbrayat (@​cexbrayat)
• Renato de Leão (@​renatodeleao)
• Matt Van Horn (@​mvanhorn)
• Carsten Brachem (@​cbrachem)
• Ahmad Hanan (@​AhmadHannan037)
• Paul Cochrane (@​paultcochrane)
• Arpit Jain (@​arpitjain099)

v2.4.10

Compare Source

v2.4.9

Compare Source

compare changes

🩹 Fixes

• Tolerate duplicate attachTo cleanup (#​2830)

📖 Documentation

• Document release process (#​2834)

🏡 Chore

• Migrate renovate config (5d37934)

🤖 CI

• Pin github actions to commit hashes (75dcef3)

❤️ Contributors

• Cédric Exbrayat (@​cexbrayat)
• Daniel Roe (@​danielroe)

v2.4.8

Compare Source

compare changes

🩹 Fixes

• Correct declaration entrypoint (#​2826)

🤖 CI

• Enable pkg.pr.new (#​2827)

❤️ Contributors

• Cédric Exbrayat (@​cexbrayat)
• Daniel Roe (@​danielroe)

v2.4.7

Compare Source

compare changes

🚀 Enhancements

• Add Chinese docs translation (#​2552)
• SetData()/shallowMount with initialData for components using the Composition API / <script setup> (#​2655)

🩹 Fixes

• Preserve code from keyboard events (#​2434)
• Switch browser and require exports definitions (#​2501)
• Re-add peer dependencies but with wider range (#​2511)
• Resolve warnings in docs:dev (30b7491)
• Resolve TypeScript type errors in .vitepress/config (#​2549)
• Accept FunctionalComponent as selector (0bb947f)
• Text() misses content for array functional component (#​2579)
• Use await in test (c5482b4)
• deps: Update dependency vue-component-type-helpers to v3 (#​2683)
• Remove wrapper div when unmount (#​2700)
• Make mount options slots compatible with noUncheckedIndexedAccess true (#​2713)
• Add missing peerDependency @​vue/compiler-dom (75801ba)
• docs: Declare css module for vitepress typecheck (ddaca97)

💅 Refactors

• Enforce consistent usage of type imports (#​2734)

📖 Documentation

• Clarify findComponent vs getComponent (#​2435)
• Update fr docs (67064ef)
• Add note about partial transition stub support (#​2431)
• Fix missing data at passing data section essentials guide (dda205e)
• Fix missing data at passing data section essentials guide fr (ae2c72c)
• Fix plugin TS declaration example (#​2466)
• Fixed incorrect checkbox value check (#​2495)
• Capital letter in sentence fix (#​2499)
• Import missing DOMWrapper on Implementation of the plugin section (#​2519)
• Add migration step for deprecated ref syntax in findAllComponents (#​2498)
• Correct anchor hash links and fix typo (#​2551)
• Center logo on home (#​2559)
• zh-cn: Review a-crash-course (#​2563)
• Use code-group for install commands (#​2571)
• zh-cn: Review event-handing.md (#​2572)
• zh-cn: Enhance conditional-rendering.md (#​2562)
• zh-cn: Review easy-to-test (#​2567)
• zh-cn: Review passing-data.md (#​2575)
• zh-cn: Review async-suspense.md (#​2576)
• zh: 优化 API 文档格式和内容 (#​2569)
• zh: 更新 Vitest 模拟日期和计时器的说明 (#​2578)
• zh-cn: Review http-requests.md (#​2580)
• zh-cn: Review forms (#​2582)
• zh-cn: Guide/advanced/slots.md (#​2565)
• zh: Review extending-vtu (#​2583)
• zh: Review index (#​2584)
• Fix modelValue test example (85bfdf4)
• Removes broken link from plugins.md (69bc1ce)
• zh: Review transitions, component-instance, and reusability-composition (#​2616)
• zh: Review v-model and vuex (#​2617)
• zh: Review all the rest advanced guide (#​2619)
• zh: Review migration (#​2623)
• Fix a typo in transitions.md (#​2635)
• Update crash-course to script setup (c81aa79)
• Update Essentials section to setup (composition api) (#​2647)
• Typos in examples (#​2678)
• Typo in easy-to-test.md (#​2710)
• Add note about mocking requestAnimationFrame for transitions (2324c65)
• Updated example TodoApp to script setup (#​2727)
• Remove "Using data" section from "Conditional Rendering" guide and fix passing data test example (#​2743)
• Follow-up fixes for the conditional rendering guide (#​2744)
• Mention shallowMount stub name changes in migration guide (80e051a)
• Update conditional rendering documentation to clarify isVisible() usage with attachTo (#​2799)
• Restore Options API component for data() mounting example (#​2804)
• Promote Vitest as recommended test runner (#​2805)
• api: Note that setValue does not accept objects on <select> (#​2819)

🏡 Chore

• Add api/index.md to docs:translation:compare (6b8681c)
• Remove unnecessary generic arguments (cfd70c6)
• Ignore TS error in config object (9d0a618)
• Simplify eslint packages (c1d0ffd)
• Use eslint v9 with flat config (2f19fdf)
• Expose Stubs type publicly (#​2492)
• Update documentation file path (9c96594)
• Use pnpm v10 (e4c2cb3)
• Pnpm approve build (81c54e9)
• Use github issue forms (#​2673)
• Exclude class components from test type-checking (0899008)
• Add explicit coverage include for vitest v4 (51672b9)
• Update to prettier v3.7 (fed9e7c)
• Migrate to oxfmt (81c1de9)
• Migrate to oxlint (a361908)
• Prepare TypeScript 6 migration settings (55e1262)
• Adjust tsd config for TypeScript 6 (7d23eb5)
• Avoid TypeScript 6 target deprecation warning (81d063c)

🤖 CI

• Remove node v22 build (7ebf58d)
• Add node v22 build (57540ee)
• Use "pool: threads" instead of vmThreads (d0cbb54)
• Remove node v18 and add v24 (fd9cf95)
• Add trusted publishing release workflow (#​2825)

❤️ Contributors

• Lachlan Miller (@​lmiller1990)
• cexbrayat (@​cexbrayat)
• Nicolas Bonamy (@​nbonamy)
• KatWorkGit (@​KatWorkGit)
• Wouter Kroes (@​wouterkroes)
• Rama Muhammad Murshal (@​ramammurshal)
• Evan You (@​yyx990803)
• Vlad Starkovsky (@​starkovsky)
• Joe (@​joaoprp)
• Priyadarshi Kumar (@​Psingh132)
• Sébastien Ronveaux (@​sronveaux)
• Gilliam (@​Gi11i4m)
• Baranov Dmytro (@​dimas7001)
• BrendonHenrique (@​BrendonHenrique)
• Lorenz van Herwaarden (@​lorenzvanherwaarden)
• wuzhiqing (@​DDDDD12138)
• 阿菜 Cai (@​RSS1102)
• Jinjiang (@​Jinjiang)
• Kylin (@​lxKylin)
• Qianhe Chen (@​chenqianhe)
• 时瑶 (@​KiritaniAyaka)
• h7ml (@​h7ml)
• Nicander (@​Nicander93)
• Take-John (@​takejohn)
• ilyasherstoboev (@​ilyasherstoboev)
• aimerie (@​aimerie)
• Miguel Rincon (@​miguelrincon)
• bcastlel (@​bcastlel)
• Claudiu (@​sofuxro)
• Artem Dragunov (@​dragunovartem99)
• Robin (@​OrbisK)
• Koen Mertens (@​KCMertens)
• meomking (@​CaptainWang98)
• Pepijn Olivier (@​pepijnolivier)
• Tomina (@​Thomaash)
• Gareth Jones (@​G-Rath)
• Jerry Hogan (@​hdJerry)
• Marco Pasqualetti (@​marcalexiei)
• guoxk (@​guoxk-me)
• kimulaco (@​kimulaco)
• Erwan IQUEL (@​Olympus5)
• Matt Van Horn (@​mvanhorn)
• Daniel Roe (@​danielroe)

vueuse/vueuse (@​vueuse/nuxt)

v14.3.0

Compare Source

   🚀 Features

• Expose pointer event onLongPress  -  by @​mrcwbr in #​5295 (b1688)
• createInjectionState: Non-undefined return when default specified  -  by @​Laupetin in #​5306 (b0c51)
• createReusableTemplate: Add support for specifying component names  -  by @​wbolster in #​5300 (ea29d)
• nuxt: Add composable variants to auto imports  -  by @​OrbisK in #​5285 (ac2ef)
• useElementVisibility: Add controls option  -  by @​kricsleo in #​5191 (0cb03)
• useTextareaAutosize: Add optional maxHeight to limit autosize growth  -  by @​palamarchukser, @​antfu and @​9romise in #​5324 (1a3e5)

   🐞 Bug Fixes

• Add explicit ./package.json export to all packages  -  by @​babu-ch and @​OrbisK in #​5343 (0d989)
• core: Always return ssrValue in useCssSupports before mounted  -  by @​danielroe in #​5290 (76b0b)
• directive: Create disposable directive func cleanup of side effects unmounted  -  by @​kalu5, @​43081j, Raman Paulau and @​OrbisK in #​5244 (52d68)
• docs: Typos in useManualRefHistory, useFocusWithin, useStorageAsync, useIntersectionObserver  -  by @​blowsie, Sam Blowes and @​OrbisK in #​5329 (1d9c4)
• docs: Add ignoreDeprecations for twoslash TS 6.0 compat  -  by @​antfu and Claude Opus 4.6 (1M context) in #​5367 (9d1eb)
• metadata: Cleanup removed function resolveRef  -  by @​ntnyq in #​5307 (49da8)
• onClickOutside: Detect iframe inside shadow DOM with detectIframe option  -  by @​babu-ch and @​OrbisK in #​5336 (1a77b)
• shared: Align overloads order of watch functions with original version  -  by @​KazariEX in #​5288 (f1d32)
• useAxios: Handle optional response data safely  -  by @​jahnli in #​5318 (51198)
• useCached: Update comparator type and improve documentation  -  by @​IceMooncake in #​5376 (d886c)
• useClipboard: Prevents fail in Safari for async operation  -  by @​MatteoGabriele in #​5369 (5ec56)
• useSortable: Re-query DOM on every start() for string selectors  -  by @​Mini-ghost in #​5374 (3341f)
• useVirtualList: React to changes made in mutable arrays properly  -  by @​dcherman in #​5267 (7069e)
• useWakeLock: Auto-release wake lock on component unmount  -  by @​ProgrammingWithSid and @​OrbisK in #​5271 (43937)
• useWebSocket: Race condition caused by onopen/onclose events.  -  by @​DanCardin, @​antfu and @​9romise in #​5175 (6661c)
• whenever: Improve old value types  -  by @​VChet in #​5096 (979c6)

   🏎 Performance

• Replace deepRef with shallowRef where appropriate  -  by @​9romise in #​5293 (80004)

    View changes on GitHub

v14.2.1

Compare Source

   🚀 Features

• Add skills at the root directory for skills cli  -  by @​antfu (c005d)
• skills: Transfer @vueuse/skills  -  by @​serkodev in #​5286 (532ac)

   🐞 Bug Fixes

• useRafFn: Resolve reactive null fpsLimit not being handled  -  by @​nemanjamalesija in #​5284 (8ce0d)

    View changes on GitHub

v14.2.0

Compare Source

   🚀 Features

• Support configurable scheduler for timed composables  -  by @​9romise in #​5129 (66aad)
• Allow vue-router 5 as peer deps  -  by @​Ericlm in #​5269 (7c94a)
• useCssSupports: Add useCssSupports  -  by @​OrbisK in #​5266 (c1282)
• useDraggable: Auto-scroll with restricted dragging within the container  -  by @​Gazoon007, Alfarish Fizikri, Robin and @​OrbisK in #​4472 (a8a85)
• useElementVisibility: Inherit rootMargin from useIntersectionObserver  -  by @​9romise in #​5207 (46682)
• useIntersectionObserver: Make rootMargin reactive  -  by @​doyuli, @​ilyaliao and @​9romise in #​4934 (53abe)
• useSortable: Add watchElement option for auto-reinitialize on element change  -  by @​Mini-ghost and @​ilyaliao in #​5189 (17ea2)

   🐞 Bug Fixes

• nuxt: Ensure excludes disabledFunctions' alias  -  by @​jinyongp and @​9romise in #​5240 (76829)
• refManualReset: Add explicit return type annotation  -  by @​batuhan-bas in #​5246 (13bbb)
• useAsyncState: Ensure execute return the actual data  -  by @​9romise in #​5167 (0c346)
• useDocumentVisibility: Fix type inference from string to Documen…  -  by @​webfanzc and cowhorse in #​5248 (e8be8)
• useFocusTrap: Update focus-trap range to ^7  -  by ** ^8 (#​5270)** ()
• useInfiniteScroll: Improve promise handling and add flush post to watch  -  by @​nhquyss and @​9romise in #​5122 (abcea)
• useMagicKeys: Handle undefined key in keyboard events  -  by @​LouisLau-art, LouisLau-art and @​OrbisK in #​5225 (65e25)

    View changes on GitHub

v14.1.0

Compare Source

   🚀 Features

• useDropZone: Add checkValidity function  -  by @​kolaente in #​5169 (aee84)
• useElementVisibility: Add initialValue option  -  by @​kricsleo and @​9romise in #​5159 (13f36)
• useMouseInElement: Add support for tracking inline-level elements  -  by @​siavava and @​9romise in #​5049 (62dfb)
• useTimeAgoIntl: Custom units  -  by @​Menci in #​5188 (c7d09)
• useWebSocket: autoConnect.delay support function  -  by @​YuchenWell, Anthony Fu and @​9romise in #​5089 (176f2)

   🐞 Bug Fixes

• Typescript type of isIOS constant  -  by @​toofishes in [#​5163]

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying dev-mode with    Cloudflare Pages

Latest commit:	a6593b8
Status:	✅  Deploy successful!
Preview URL:	https://b4871a9a.dev-mode.pages.dev
Branch Preview URL:	https://renovate-all-minor-patch.dev-mode.pages.dev

View logs

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @typescript-eslint/eslint-plugin is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/@nuxt/eslint@1.16.0 → npm/@typescript-eslint/eslint-plugin@8.61.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/eslint-plugin@8.61.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm eslint-plugin-jsdoc is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/@nuxt/eslint@1.16.0 → npm/eslint-plugin-jsdoc@63.0.6 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-jsdoc@63.0.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm execa is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/nuxt-og-image@5.1.13 → npm/execa@9.6.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/execa@9.6.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm js-yaml is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/eslint@9.39.4 → npm/@nuxt/eslint@1.16.0 → npm/js-yaml@4.2.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/js-yaml@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm satori is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/nuxt-og-image@5.1.13 → npm/satori@0.18.4 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/satori@0.18.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	simple-git-hooks@​2.13.1
	@​nuxt/​scripts@​1.2.1
	@​nuxt/​eslint@​1.16.0
	vue-sonner@​2.0.9
	@​vueuse/​nuxt@​14.3.0
	@​vue/​test-utils@​2.4.11
	vue-tsc@​3.3.5
	nuxt-og-image@​5.1.13
	@​playwright/​test@​1.61.0

View full report