chore(deps): bump the prod-deps group across 1 directory with 6 updates

[dependabot]

Bumps the prod-deps group with 6 updates in the / directory:

Package	From	To
@nuxt/eslint	1.13.0	1.15.2
axios	1.13.4	1.13.6
nanoid	5.1.6	5.1.7
nuxt	4.3.0	4.4.2
vue	3.5.27	3.5.30
vue-router	5.0.1	5.0.4

Updates @nuxt/eslint from 1.13.0 to 1.15.2

Commits

• f852ae5 chore: release v1.15.2
• 69aa40e fix: prevent race condition of running checker module before eslint config is...
• 8961807 chore: release v1.15.1
• b554991 chore: release v1.15.0
• 305a9bb feat: relax peer deps range to support ESLint v10, fix #642
• 997aa95 chore: release v1.14.0
• See full diff in compare view

Updates axios from 1.13.4 to 1.13.6

Release notes

Sourced from axios's releases.

v1.13.6

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

• Breaking Changes: None identified in this release.
• Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

• React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @​moh3n9595 for the initial implementation. (#5764)
• Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#7385)

🐛 Bug Fixes

• Environment Compatibility:

  • Fixed module exports for React Native and Browserify environments. (#7386)
  • Added safe FormData detection for the WeChat Mini Program environment. (#7324)

• Error Handling:

  • AxiosError.message is now correctly enumerable. (#7392)
  • AxiosError.from now correctly copies the status property from the source error, ensuring better error propagation. (#7403)

🔧 Maintenance & Chores

• Dependencies: Updated the development_dependencies group (5 updates). (#7432)
• Infrastructure: Migrated @​rollup/plugin-babel from v5.3.1 to v6.1.0. (#7424)
• Documentation: Added missing JSDoc comments to utilities. (#7427)

🌟 New Contributors

We are thrilled to welcome our new contributors! Thank you for helping improve the project:

• @​Gudahtt (#7386)
• @​ybbus (#7392)
• @​Shiwaangee (#7324)
• @​skrtheboss (#7403)
• @​Janaka66 (#7427)
• @​moh3n9595 (#5764)
• @​digital-wizard48 (#7424)

Full Changelog: v1.13.5...v1.13.6

v1.13.5

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

... (truncated)

Commits

• 7108c88 chore(release): prepare release 1.13.6 (#7446)
• 20a0ba3 refactor(deps): migrate @​rollup/plugin-babel from v5.3.1 to v6.1.0 (#7424)
• 885b4af feat: support react native blob objects (#5764)
• 00d97b9 docs(utils): add missing JSDoc comments (#7427)
• 9712548 chore(deps-dev): bump the development_dependencies group across 1 directory w...
• d51accb fix(core): copy status from source error in AxiosError.from (#7403)
• 3e30bbf chore: fix publish to only run on v1 tags
• 672491d fix: safe FormData detection for WeChat Mini Program (#7306) (#7324)
• 822e3e4 fix: make AxiosError.message property enumerable (#7392)
• ef3711d feat: implement prettier and fix all issues (#7385)
• Additional commits viewable in compare view

Updates nanoid from 5.1.6 to 5.1.7

Release notes

Sourced from nanoid's releases.

5.1.7

• Added --version to CLI (by @​mahmoodhamdi).
• Updated nanoid.js for CDN (by @​mahmoodhamdi).
• Fixed docs (by @​mahmoodhamdi).
• Fixed customRandom types (by @​oguimbal).

Changelog

Sourced from nanoid's changelog.

5.1.7

• Added --version to CLI (by @​mahmoodhamdi).
• Updated nanoid.js for CDN (by @​mahmoodhamdi).
• Fixed docs (by @​mahmoodhamdi).
• Fixed customRandom types (by @​oguimbal).

Commits

• 90f047e Release 5.1.7 version
• 7071a42 Fix Node.js 18 support in CLI in another way
• 8239c4b Fix CLI support for Node.js 18
• 2db7c6b Fix ESLint warnings
• 1231ca7 Update clean-publish and ESLint config
• c7ca9e9 Fix outdated info and links in README (#566)
• e0a3080 Clean up code
• e9be4aa Add --version flag to CLI (#563)
• 1d6f2ff Improve prebuild control
• d8fba79 Update collision calculator URL in all README translations (#568)
• Additional commits viewable in compare view

Updates nuxt from 4.3.0 to 4.4.2

Release notes

Sourced from nuxt's releases.

v4.3.1

4.3.1 is a regularly scheduled patch release.

👉 Changelog

compare changes

🩹 Fixes

• nuxt: Correct reference format of server builder (#34177)
• nuxt: Add status/statusText getters to NuxtError (#34188)
• nuxt: Don't inject shared types for differing auto-imports (#34191)
• schema: Add direnv and vendor to default ignore (#34190)
• nuxt: Focus hash links after navigation (#34193)
• nuxt: Exclude head runtime from unhead imports transform (#34195)
• kit: Include prereleases in semver satisfy check (#34210)
• nitro: Encode unicode paths in x-nitro-prerender header (#34202)
• nuxt: Watch server/ for builder:watch hook (#34208)
• nitro: Preserve error.message for fatal errors (#34226)
• Only enable dynamic imports when ts plugin (#34205)
• webpack: Use H3Error for 403 in dev server (#34233)
• nuxt: Ensure NuxtError extends Error type (#34242)
• vite: Use H3Error for 404 in dev server (#34225)
• nuxt: Add backwards compat for #app barrel export in keyed functions (#34199)
• nuxt: Track + re-add custom routes on hmr (#32044)
• nuxt: Keep vnode when leaving deeper nested route (#33778)
• vite: Prevent CSS flickering in dev mode after config changes (#33856)
• nuxt: Do not start view transition if there is no route (#33723)
• nuxt: Call deferHydration done on NuxtPage unmount (#34152)
• nuxt: Handle invalid datetime in ` (#33992)
• nuxt: Preserve middleware error status in 404 fallback (#34148)
• nitro: Do not augment nuxt/schema (#34255)
• nuxt: Cache manifest files to preserve buildId (#34002)
• nuxt: Don't decode query string in SSR context URL (#34252)
• nuxt: Allow specifying moduleDependencies by meta.name (#34263)
• nuxt: Resolve #components import mapping conflict for packages outside rootDir (#34139)
• vite,webpack: Use node.res to send 403/404 (#34266)
• nitro,nuxt: Align path encoding with vue-router (#34265)
• nitro: Augment nuxt/schema once more (552bbd8d1)

💅 Refactors

• nuxt: Prefer genObjectKey to omit unnecessary quotes (#34245)
• nuxt: Use ComponentProps helper to extract layout props (#34248)

📖 Documentation

• Update roadmap dates (#34166)
• Correct default value of nitroAutoImports (#34182)
• Clarify shared type context limitations for custom imports (#34194)
• Fix broken links (#34223)
• Document payload extraction for ISR/SWR routes (#34222)
• Update default aliases in configuration reference (#34237)

... (truncated)

Commits

• d042505 v4.4.2
• 7781701 v4.4.1
• 5c3ca59 v4.4.0
• 31028d2 chore: lint
• df7ef5d feat(nuxt,kit,schema): add a factory function for useFetch and `useAsyncDat...
• 2dc5255 fix(nuxt): handle rejected promise in view transition abort (#34515)
• cf3e2ad fix(nuxt): fix cookie expiration timeout for long-lived cookies (#34513)
• 3b9d0bc fix(nuxt): pass deleteCount to splice in preloadRouteComponents (#34514)
• 414a283 fix(nuxt): never preload manifest (#34511)
• d586631 fix(nuxt): check file freshness before truncating in cache restore (#34509)
• Additional commits viewable in compare view

Updates vue from 3.5.27 to 3.5.30

Release notes

Sourced from vue's releases.

v3.5.30

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.29

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.28

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.30 (2026-03-09)

Bug Fixes

• compat: add entities to @​vue/compat deps to fix CJS edge cases (#12514) (e725a67), closes #10609
• custom-element: ensure child component styles are injected in correct order before parent styles (#13374) (1398bf8), closes #13029
• custom-element: properly locate parent when slotted in shadow dom (#12480) (f06c81a), closes #12479
• custom-element: should properly patch as props for vue custom elements (#12409) (740983e), closes #12408
• reactivity: avoid duplicate raw/proxy entries in Set.add (#14545) (d943612)
• reactivity: fix reduce on reactive arrays to preserve reactivity (#12737) (16ef165), closes #12735
• reactivity: handle Set with initial reactive values edge case (#12393) (5dc27ca), closes #8647
• runtime-core: warn about negative number in v-for (#12308) (9438cc5)
• ssr: prevent watch from firing after async setup await (#14547) (6cda71d), closes #14546
• types: make generics with runtime props in defineComponent work (fix #11374) (#13119) (cea3cf7), closes #13763
• types: narrow useAttrs class/style typing for TSX (#14492) (bbb8977), closes #14489

3.5.29 (2026-02-24)

Bug Fixes

• runtime-core: prevent instance leak in withAsyncContext (#14445) (702284f), closes nuxt/nuxt#33644
• server-renderer: render className as escaped string (#14469) (da6690c)
• transition: prevent enter if leave is in progress (#14443) (df059f8), closes #12091 #12133

3.5.28 (2026-02-09)

Bug Fixes

• transition: avoid unexpected cancelled parameter in transition done callback (#14391) (6798853)
• compiler-sfc: add resolution trying for .mts/.cts files (#14402) (c09d41f), closes vuejs/router#2611
• compiler-sfc: no params were generated when using withDefaults (#12823) (b0a1f05), closes #12822
• reactivity: add __v_skip flag to EffectScope to prevent reactive conversion (#14359) (48b7552), closes #14357
• runtime-core: avoid retaining el on cached text vnodes during static traversal (#14419) (4ace79a), closes #14134
• runtime-core: prevent child component updates when style remains unchanged (#12825) (57866b5), closes #12826
• runtime-core: properly handle async component update before resolve (#11619) (e71c26c), closes #11617
• runtime-dom: handle null/undefined handler in withModifiers (#14362) (261de54), closes #14361
• teleport: properly handling disabled teleport target anchor (#14417) (d7bcd85), closes #14412
• transition-group: correct move translation under scale via element rect (#14360) (0243a79), closes #14356
• useTemplateRef: don't update setup ref for useTemplateRef key (#12756) (fc40ca0), closes #12749

Commits

• fdd863f release: v3.5.30
• 6cda71d fix(ssr): prevent watch from firing after async setup await (#14547)
• 9438cc5 fix(runtime-core): warn about negative number in v-for (#12308)
• 1398bf8 fix(custom-element): ensure child component styles are injected in correct or...
• 0d63202 chore(deps): update dependency puppeteer to ~24.38.0 (#14544)
• 5098986 chore(deps): update all non-major dependencies (#14498)
• 5d98213 chore(deps): update dependency minimatch to v10.2.3 [security] (#14495)
• 6a06ee5 chore(deps): update actions/upload-artifact action to v7 (#14500)
• 34a5d84 fix(deps): update dependency postcss to ^8.5.8 (#14543)
• d4ea55b chore(deps): update build (#14497)
• Additional commits viewable in compare view

Updates vue-router from 5.0.1 to 5.0.4

Release notes

Sourced from vue-router's releases.

v5.0.4

   🐞 Bug Fixes

• Avoid iterator helpers for Node 20 compat  -  by @​cwandev in vuejs/router#2635 (47130)
• Escape backslahes in string literals  -  by @​posva (71fdb)
• Avoid false duplicate route warning for named views  -  by @​posva (72012)
• Allow pushing to auto routes  -  by @​posva (47f03)
• loaders: Restore context in sequential awaits  -  by @​posva (fce5d)

    View changes on GitHub

v5.0.3

   🚨 Breaking Changes

• experimental:
  • Make miss() throw internally and return never  -  by @​posva (077e1)
  • Add reroute() and deprecate NavigationResult  -  by @​posva (308db)
  • Remove selectNavigationResult  -  by @​posva (9e88a)

   🚀 Features

• Support _parent in nested folders  -  by @​posva (0a37f)
• Warn on _parent conflict  -  by @​posva (182fe)
• Set _parent as non matchable by default  -  by @​posva (8f91c)
• Warn on conflicting components for routes  -  by @​posva (34ace)
• Use type module  -  by @​posva (dc9ff)
• Add deprecation warning for next() callback in navigation guards  -  by @​posva (797f5)
• Extract alias from definePage  -  by @​posva (835df)
• Display aliases in logs  -  by @​posva (7aa60)
• Deprecate new NavigationResult(to) in favor of reroute(to)  -  by @​posva (382e3)
• experimental:
  • Handle aliasOf in resolvers  -  by @​posva (8fe45)
  • Generate aliases from override in resolver  -  by @​posva (a00ac)
  • Warn against non absolute aliases  -  by @​posva (476c6)

   🐞 Bug Fixes

• Avoid non matchable routes in auto-routes  -  by @​posva (48649)
• Handle quotes in d.ts  -  by @​posva (d7764)
• Avoid route entry in map for _parent  -  by @​posva (1dfcc)
• Handle nested groups  -  by @​posva (4a4be)
• Stable route ordering for group folders with same path  -  by @​posva (1db94)
• Correct route ordering for group nodes with inflated scores  -  by @​posva (515f4)
• Cleanup old route overrides  -  by @​posva (b28a7)
• Remove name from _parent.vue files  -  by @​posva (6e8f1)
• ci:
  • Format sponsor files before change detection  -  by @​posva (f68d6)
  • Use manual git commit in update-sponsors  -  by @​posva (8ee99)
• experimental:
  • Resolve TS errors in resolver/router type hierarchy  -  by @​posva (a86f1)

... (truncated)

Commits

• 7f32e99 release: vue-router@5.0.4
• 9036228 docs: typos (#2651)
• 47f0334 fix: allow pushing to auto routes
• ad6ba73 docs: no auto import section
• f6923a5 build: include link and view in size computation
• fce5d1e fix(loaders): restore context in sequential awaits
• 9ab4cbf refactor: rename var
• d030f2a chore: playground
• 7b3dc27 docs(zh): add file-based routing related configuration documentation (#2643)
• 0a01948 chore: hide route details in playground
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

PR Preview Action v1.8.1
🚀 View preview at https://beta.not-th.re/pr-preview/pr-105/
Built to branch html-previews at 2026-03-21 20:35 UTC. Preview will be ready when the GitHub Pages deployment is complete.