Skip to content

chore: bump the production-minor-patch-dependencies group across 1 directory with 5 updates#12

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-minor-patch-dependencies-d41bc782d0
Open

chore: bump the production-minor-patch-dependencies group across 1 directory with 5 updates#12
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-minor-patch-dependencies-d41bc782d0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026

Copy link
Copy Markdown
Contributor

Bumps the production-minor-patch-dependencies group with 5 updates in the / directory:

Package From To
@nuxt/ui 4.4.0 4.8.1
js-yaml 4.1.1 4.2.0
nuxt 4.3.1 4.4.7
vue 3.5.28 3.5.35
zod 4.3.6 4.4.3

Updates @nuxt/ui from 4.4.0 to 4.8.1

Release notes

Sourced from @​nuxt/ui's releases.

v4.8.1

🐛 Bug Fixes

  • ContentSearch/DashboardSearch: proxy missing CommandPalette props (#6505) (631f5dc)
  • Form: add method="post" to prevent credential leaking via GET before hydration (#6512) (7a0825a)
  • Icon: avoid recursive icon resolution (#6495) (d50c121)
  • locale: improve Thai translation accuracy and consistency (#6509) (5d82418)
  • module: expose component theme keys in AppConfig type (#6520) (ffaf163)
  • Select/SelectMenu/InputMenu: add fallback for max-height (#6503) (f4d7cbe)

👋 Contributors

Full Changelog: nuxt/ui@v4.8.0...v4.8.1

v4.8.0

✨ Highlights

🎨 Theme component prop defaults

The Theme component can now override default prop values for all descendant components. Pass a props object where keys are component names and values are their prop overrides:

\<template>
  <UTheme
    :props="{
      tooltip: { delayDuration: 0, arrow: true },
      button: { color: 'neutral', variant: 'subtle', size: 'lg' },
      input: { size: 'lg' }
    }"
  >
    <UTooltip text="Tooltip">
      <UButton label="Save" />
    </UTooltip>
&lt;UInput placeholder=&quot;Search...&quot; /&gt;

</UTheme>
</template>

Explicit props on a component always take priority. Theme components can be nested (innermost wins) and propagate through the entire tree via provide / inject.

🔍 ContentSearch async search

The ContentSearch component now supports FTS5 full-text search via the new search prop and the useSearchCollection composable (nuxt/content#3787, released in @nuxt/content v3.14.0). Instead of loading all content upfront with files and filtering client-side with Fuse.js, you can now run async queries with highlighted snippets:

... (truncated)

Changelog

Sourced from @​nuxt/ui's changelog.

4.8.1 (2026-05-28)

Bug Fixes

  • ContentSearch/DashboardSearch: proxy missing CommandPalette props (#6505) (631f5dc)
  • Form: add method="post" to prevent credential leaking via GET before hydration (#6512) (7a0825a)
  • Icon: avoid recursive icon resolution (#6495) (d50c121)
  • locale: improve Thai translation accuracy and consistency (#6509) (5d82418)
  • module: expose component theme keys in AppConfig type (#6520) (ffaf163)
  • module: revert tagPriority to -2 for inline style tag (2dac778)
  • Select/SelectMenu/InputMenu: add fallback for max-height (#6503) (f4d7cbe)

4.8.0 (2026-05-21)

⚠ BREAKING CHANGES

  • InputMenu: rename autocomplete prop to mode to free up HTML attribute (#6474)

Features

  • Avatar/AvatarGroup: add color prop (#6405) (6f2396f)
  • Breadcrumb: add color prop (#6406) (955dac1)
  • ChatMessage: add body slot and improve actions alignment (#6460) (48685b6)
  • ChatMessage: add color prop and header slot (#6407) (c6ce8ca)
  • ChatPrompt: add submitOnEnter prop to control Enter behavior (b597f90), closes #6177
  • Checkbox/RadioGroup/Switch: add highlight prop for error ring styling (a0deee4)
  • CommandPalette: search and highlight description field (524c34d)
  • ContentSearch/DashboardSearch: enable Fuse.js token search by default (ba08220)
  • ContentSearch: add async search support via useSearchCollection (#6432) (a1bef8b)
  • DashboardGroup: add storageOptions prop (8f0101b), closes #6170
  • Error: add icon prop and leading slot (e6ea707), closes #6119
  • Separator: add position prop (#6415) (844660a)
  • Theme: override component prop defaults (#6031) (71c008e)

Bug Fixes

  • ChatMessage: add wrap-break-word to content slot (#6476) (eb468e6)
  • CommandPalette: only split tokens in highlight when useTokenSearch is enabled (898fbce)
  • CommandPalette: preserve relative order of ignoreFilter groups (e4c1787)
  • CommandPalette: re-highlight first item after debounced results render (efd7b8e)
  • CommandPalette: update default fuse keys in docs and search components (0d9cc0d)
  • components: apply theme.prefix to hardcoded utility classes (f51b1e8)
  • components: constrain popper content to available viewport height (007b136), closes #6449
  • ContentSearch: preserve intermediate ancestors in breadcrumb prefix (#6466) (f639b19)
  • ContentToc: apply ui.trigger prop to trigger elements (252b906), closes #6428
  • defineShortcuts: use e.code for alt shortcuts to handle macOS key remapping (231f156), closes #6444
  • FileUpload: pass disabled attribute to button variant (2890c83), closes #6420
  • Form: improve errors type (#6208) (c1090ab)
  • InputMenu/Select/SelectMenu: respect trailing: false over default trailingIcon (#6457) (65b47ce)
  • InputMenu: rename autocomplete prop to mode to free up HTML attribute (#6474) (2799fa6)

... (truncated)

Commits
  • 00aded7 chore(release): v4.8.1
  • 80bd0cc docs(search): improve relevance and tooltip behavior (#6521)
  • ffaf163 fix(module): expose component theme keys in AppConfig type (#6520)
  • c9fc7a4 docs: fix missing CSS variables on prerendered pages (#6519)
  • 564adbf docs(toast): remove misleading AppConfig notes from examples
  • 7a0825a fix(Form): add method="post" to prevent credential leaking via GET before h...
  • fc6295b chore(playground): update vite optimizeDeps include list
  • a4dfa9e chore: add .cursor to .gitignore
  • 2dac778 fix(module): revert tagPriority to -2 for inline style tag
  • 5b9a9c9 chore(repl): use Vue-compatible component overrides for Icon and Link
  • Additional commits viewable in compare view

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3
Commits

Updates nuxt from 4.3.1 to 4.4.7

Release notes

Sourced from nuxt's releases.

v4.4.7

4.4.7 is the a security hotfix release.

👉 make sure to check https://github.com/nuxt/nuxt/security/advisories to view open advisories resolved by this release.

👉 Changelog

compare changes

🩹 Fixes

  • nitro: Assign noSSR before deciding payload extraction (#35108)
  • vite: Avoid filtering out dirs with shared prefix from allowDirs (#35112)
  • nuxt: Use resolve from pathe for buildCache path boundary check (#35111)
  • nuxt: Prevent sibling-directory traversal in test component wrapper (#35110)
  • nitro: Pass event data to isValid in dev clipboard-copy listener (#35109)
  • nuxt: Validate protocols in reloadNuxtApp path before reload (#35115)
  • vite: Prefix public asset virtuals with null byte (9e303b438)
  • nuxt: Re-run getCachedData after initial fetch (#35122)
  • nuxt: Propagate useFetch/useAsyncData factory types (#35133)
  • vite: Close vite dev server on nuxt close (a10a68abc)
  • kit,nuxt: Handle cancelling prompts to install packages (e84813229)
  • kit: Avoid excluding node-context files in legacy tsconfig (#35152)
  • nuxt: Handle missing payload in chunkError listener (#35155)
  • nuxt: Await in-lifght template generation when closing nuxt (#35181)
  • nuxt: Clarify page and layout usage warnings (#35184)
  • webpack: Surface compilation errors when stats.toString is empty (073b07851)
  • nuxt: Reject prototype-chain keys in the island registry (#35205)
  • nuxt: Apply isScriptProtocol guard to navigateTo open option (#35206)
  • nuxt: Prevent server-only page island from recursing via <NuxtPage> (#35198)
  • rspack,webpack: Require loopback host when missing same-origin signals (#35200)
  • nitro: Gate chrome devtools workspace endpoint to local requests (#35201)
  • nuxt: Escape props in <NuxtClientFallback> ssr output (#35199)
  • kit: Improve TS extension stripping/substitutions (#35233)
  • nuxt: Preserve .d.mts/.d.cts in resolveTypePaths (#35235)
  • nuxt: Escape <NoScript> slot content (4b054e9d9)
  • nuxt: Match route rules case-insensitively to mirror vue-router (07e39cd6f)
  • nuxt: Reject script-capable protocols in <NuxtLink> href (0103ce06f)
  • nuxt: Block path-normalization open redirect in navigateTo (2cce6fb02)
  • nuxt: Reject cross-origin paths in reloadNuxtApp (e447a793c)
  • vite: Bind vite-node IPC to a permissioned filesystem socket (1f9f4767a)

💅 Refactors

  • kit,nuxt,vite: Use es2023 array methods (#34980)
  • nuxt: Replace runInNewContext with AST walker (d72a89ef4)

📖 Documentation

  • Document vite client and server options (#35090)
  • Add dedicated module dependencies page (#35171)
  • Add nodeTsConfig and sharedTsConfig options (#35231)
  • Edit for clarity and grammar (#35214)

🏡 Chore

  • Use execFileSync for safety in release scripts (1d7baaf01)
  • Assert there is always a tag (e98c47c3c)

... (truncated)

Commits
  • b7d5790 v4.4.7
  • dbc5896 chore: lint
  • e447a79 fix(nuxt): reject cross-origin paths in reloadNuxtApp
  • d72a89e refactor(nuxt): replace runInNewContext with AST walker
  • 2cce6fb fix(nuxt): block path-normalization open redirect in navigateTo
  • 0103ce0 fix(nuxt): reject script-capable protocols in \<NuxtLink> href
  • 07e39cd fix(nuxt): match route rules case-insensitively to mirror vue-router
  • 4b054e9 fix(nuxt): escape \<NoScript> slot content
  • 03d83bf fix(nuxt): preserve .d.mts/.d.cts in resolveTypePaths (#35235)
  • 46960b2 fix(nuxt): escape props in \<NuxtClientFallback> ssr output (#35199)
  • Additional commits viewable in compare view

Updates vue from 3.5.28 to 3.5.35

Release notes

Sourced from vue's releases.

v3.5.35

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.34

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.33

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.32

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.31

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.30

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.29

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.35 (2026-05-27)

Bug Fixes

Performance Improvements

  • reactivity: skip type checks for cached proxies (#14860) (5734fe9)
  • runtime-dom: optimize array event handler dispatch (#14828) (bb18dc8)
  • server-renderer: avoid materializing iterables in ssrRenderList (#14821) (1b7a2cc)

3.5.34 (2026-05-06)

Bug Fixes

  • compiler-sfc: infer Vue ref wrapper types when source is unresolvable (#14758) (7f46fd4), closes #14729
  • compiler-sfc: preserve hash hrefs on <image> elements (#14756) (090b2e3)
  • compiler-sfc: resolve type re-exports inside declare global (#14766) (acfffe3)
  • reactivity: prevent orphan effect when created in a stopped scope (#14778) (c8e2d4a), closes #14777
  • runtime-core: avoid symbol coercion during props validation (#8539) (23d4fb5), closes #8487
  • suspense: avoid DOM leak with out-in transition in v-if fragment (#14762) (9667e0d), closes #14761

3.5.33 (2026-04-22)

Bug Fixes

3.5.32 (2026-04-03)

Bug Fixes

  • runtime-core: prevent currentInstance leak into sibling render during async setup re-entry (#14668) (f166353), closes #14667

... (truncated)

Commits
  • 8be32d6 release: v3.5.35
  • 80fc139 fix(runtime-core): skip idle persisted transition hooks in keep-alive moves (...
  • d6c7371 ci: use backup action for size report comments
  • bb18dc8 perf(runtime-dom): optimize array event handler dispatch (#14828)
  • 5734fe9 perf(reactivity): skip type checks for cached proxies (#14860)
  • 584beb1 fix(teleport): skip child unmount when pending mount discarded (#14876) (#14877)
  • 34a0ded fix(compiler-core): avoid double processing v-for keys with v-memo (#14861)
  • 170fc95 fix(runtime-core): avoid repeated hydration mismatch checks (#14857)
  • 1b7a2cc perf(server-renderer): avoid materializing iterables in ssrRenderList (#14821)
  • 3d077f2 fix(compiler-sfc): resolve top-level exports from files registered as global ...
  • Additional commits viewable in compare view

Updates zod from 4.3.6 to 4.4.3

Release notes

Sourced from zod's releases.

v4.4.3

Commits:

  • 4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo
  • 2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing
  • 7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones
  • 2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern
  • 9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)
  • b8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
  • 1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
  • c2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (#5941)
  • f3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3
  • 1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md

v4.4.2

Commits:

  • 0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (#5901)
  • 20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps
  • 6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (#5791)
  • 4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing
  • bbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents
  • cf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint
  • 292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor
  • 1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion
  • 1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance
  • e20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes
  • e58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights
  • 905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing
  • bf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md
  • 8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch
  • 02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (#5929)
  • 88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated baseUrl from tsconfig
  • c59d4474e3b4cad1b323462186cf607178ce8267 4.4.2

v4.4.1

Commits:

  • 481f7be4238c83ed58183f921b2646f340a91c6a ci: gate release publishing on full test workflow
  • 95ccab423aec720b2523c3a64cdc7e3204537cc7 test(v3): restore optional undefined expectations
  • cede2c63739a5823d6aa5093d291e9a111da943d fix(v4): reject tuple holes before required defaults (#5900)
  • edd0bf0f5ada4a8dc581c259407d7bbad0a71ea7 release: 4.4.1
  • 180d83d1dbe6a59260710cc8637a3dea2281ee56 docs: remove Jazz featured sponsor

v4.4.0

4.4.0

This is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.

Potentially breaking bug fixes

... (truncated)

Commits
  • 1fb56a5 docs: document release procedure in AGENTS.md
  • f3c9ec0 4.4.3
  • c2be4f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent...
  • 1cab693 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
  • b8dffe9 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
  • 9195250 docs: remove Mintlify from bronze sponsors (churned)
  • 2c70332 docs: normalize bronze sponsor logos to github avatar pattern
  • 7391be8 docs: prune lapsed silver/bronze sponsors and add active ones
  • 2aeec83 docs: prune lapsed gold sponsors and rebalance logo sizing
  • 4c2fa95 docs: use Zernio primary wordmark for gold sponsor logo
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for zod since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…rectory with 5 updates

Bumps the production-minor-patch-dependencies group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@nuxt/ui](https://github.com/nuxt/ui) | `4.4.0` | `4.8.1` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.2.0` |
| [nuxt](https://github.com/nuxt/nuxt/tree/HEAD/packages/nuxt) | `4.3.1` | `4.4.7` |
| [vue](https://github.com/vuejs/core) | `3.5.28` | `3.5.35` |
| [zod](https://github.com/colinhacks/zod) | `4.3.6` | `4.4.3` |



Updates `@nuxt/ui` from 4.4.0 to 4.8.1
- [Release notes](https://github.com/nuxt/ui/releases)
- [Changelog](https://github.com/nuxt/ui/blob/v4/CHANGELOG.md)
- [Commits](nuxt/ui@v4.4.0...v4.8.1)

Updates `js-yaml` from 4.1.1 to 4.2.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/commits)

Updates `nuxt` from 4.3.1 to 4.4.7
- [Release notes](https://github.com/nuxt/nuxt/releases)
- [Commits](https://github.com/nuxt/nuxt/commits/v4.4.7/packages/nuxt)

Updates `vue` from 3.5.28 to 3.5.35
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](vuejs/core@v3.5.28...v3.5.35)

Updates `zod` from 4.3.6 to 4.4.3
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v4.3.6...v4.4.3)

---
updated-dependencies:
- dependency-name: "@nuxt/ui"
  dependency-version: 4.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch-dependencies
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch-dependencies
- dependency-name: nuxt
  dependency-version: 4.4.7
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch-dependencies
- dependency-name: vue
  dependency-version: 3.5.35
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch-dependencies
- dependency-name: zod
  dependency-version: 4.4.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants