chore(deps): update all non-major dependencies

renovate[bot] commented 1 year ago

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@nuxt/kit	`^3.5.3` -> `^3.6.0`
@nuxt/schema	`^3.5.3` -> `^3.6.0`
eslint-define-config	`^1.20.0` -> `^1.21.0`
pnpm (source)	`8.6.2` -> `8.6.4`
tsup (source)	`^7.0.0` -> `^7.1.0`

Release Notes

nuxt/nuxt (@nuxt/kit)

### [`v3.6.0`](https://togithub.com/nuxt/nuxt/releases/tag/v3.6.0) [Compare Source](https://togithub.com/nuxt/nuxt/compare/v3.5.3...v3.6.0) > 3.6.0 is the next minor release, packed with improvements and bug fixes. #### 📣 Upcoming news In the coming week you can expect two announcements: 1. The open-sourcing of `nuxt/cli` by [**@pi0**](https://togithub.com/pi0) - a new, drop-in replacement for `nuxi` featuring more extensibility and better DX. We are aiming to release this alongside Nuxt 3.7, but you would be very welcome to test and contribute to `nuxi-ng` before then! 2. Three significant RFCs: **Nuxt Font**, **Nuxt Assets** and **Nuxt Scripts**. We're expecting an initial POC to take shape in the next month, and would very much appreciate community feedback on this. #### 👀 Highlights This minor release contains quite a lot, and we have big plans #####

SPA loading indicator If your site is served with `ssr: false` or you have disabled server-rendering on some of your pages, you might be particularly interested in the new [built-in SPA loading indicator](https://togithub.com/nuxt/nuxt/pull/21640). You can now place an HTML file in `~/app/spa-loading-template.html` with some HTML you would like to use to render a loading screen that will be rendered until your app is hydrated on these pages. 👉 **By default an animated Nuxt icon is rendered**. You can completely disable this indicator by setting `spaLoadingTemplate: false` in your nuxt configuration file. ##### ⚡️ Performance improvements The first thing that happens when your app is hydrated is that your plugins run, and so we now perform [build-time optimisations on your plugins](https://togithub.com/nuxt/nuxt/pull/21611), meaning they do not need to be normalised or reordered at runtime. We also include your error component JS in your main entrypoint, meaning that if an error occurs when a user has no connectivity, you can still handle it with your `~/error.vue`. (This also should decrease your total bundle size.) 👉 Compared to Nuxt 3.5.3, the minimal client bundle has decreased by ~0.7kB. Let's keep this up! ##### 🔥 Fully static server components It has been possible to use server components on static pages, but until now they would increase the payload size of your application. That is no longer true. We now store [rendered server components as separate files, which are preloaded before navigation](https://togithub.com/nuxt/nuxt/pull/21461). 👉 **This does rely on the new, richer JSON payload format**, so make sure you have not disabled this by setting `experimental.renderJsonPayloads` to false. ##### 🎨 Better style inlining If you're monitoring your metrics closely and have not turned off `experimental.inlineSSRStyles`, you should see more CSS inlined in your page, and a significantly external CSS file. We're now [better at deduplicating global CSS](https://togithub.com/nuxt/nuxt/pull/21573), particularly added by libraries like tailwind or unocss. ##### 🎬 Animation controls To give you more fine-grained control over your page/layout components, for example to create custom transitions with GSAP or other libraries, we now allow you to set [`pageRef` on ``](https://togithub.com/nuxt/nuxt/pull/19403) and [`layoutRef` on `` ([#21613](https://togithub.com/nuxt/nuxt/pull/21613)) - **nuxt:** Replace `:` in rendered server components (for win) ([#21645](https://togithub.com/nuxt/nuxt/pull/21645)) - **cli:** Add back default `baseUrl` in `tsconfig.json` ([#21632](https://togithub.com/nuxt/nuxt/pull/21632)) - **nuxt:** Post non-proxied cookie value via `BroadcastChannel` ([#21653](https://togithub.com/nuxt/nuxt/pull/21653)) - **nuxt:** Stop indicator when not changing page component ([#21656](https://togithub.com/nuxt/nuxt/pull/21656)) - **nuxt:** Scroll to top in nested routes ([#21657](https://togithub.com/nuxt/nuxt/pull/21657)) - **nuxt:** Inline css directly in root component ([#21573](https://togithub.com/nuxt/nuxt/pull/21573)) - **nuxt:** Move to `@typescript-eslint/typescript-estree` ([#21664](https://togithub.com/nuxt/nuxt/pull/21664)) - **nuxt:** Guard `res.end()` calls with check if event is handled ([#21665](https://togithub.com/nuxt/nuxt/pull/21665)) - **nuxt:** Do not embed error path in payload ([#21671](https://togithub.com/nuxt/nuxt/pull/21671)) - **nuxt:** Use static nitro build if possible ([#21655](https://togithub.com/nuxt/nuxt/pull/21655)) - **nuxt:** Add aliases and augmentations for nitro context ([#21680](https://togithub.com/nuxt/nuxt/pull/21680)) - **nuxt,schema:** Prefer unknown rather than any for signatures ([#21700](https://togithub.com/nuxt/nuxt/pull/21700)) - **schema:** Change `redirect` type for `NuxtPage` type ([#21713](https://togithub.com/nuxt/nuxt/pull/21713)) - **nuxt:** Fix error on layout switching ([#21450](https://togithub.com/nuxt/nuxt/pull/21450)) ##### 📖 Documentation - Add info about vue configuration ([#21303](https://togithub.com/nuxt/nuxt/pull/21303)) - Include example for server utilities ([#21337](https://togithub.com/nuxt/nuxt/pull/21337)) - Improved recommended gitignore list ([#21451](https://togithub.com/nuxt/nuxt/pull/21451)) - Add info about merging strategy in app config ([#21462](https://togithub.com/nuxt/nuxt/pull/21462)) - Avoid using `render` when defining `rendering` ([#21490](https://togithub.com/nuxt/nuxt/pull/21490)) - Remove example of deprecated reactivity transform ([#21396](https://togithub.com/nuxt/nuxt/pull/21396)) - Fix `addTypeTemplate` typos ([#21520](https://togithub.com/nuxt/nuxt/pull/21520)) - Add warning about redirect check ([#20680](https://togithub.com/nuxt/nuxt/pull/20680)) - Remove link to closed RFC ([#21564](https://togithub.com/nuxt/nuxt/pull/21564)) - Info icon fix on "Standalone server" section ([#21589](https://togithub.com/nuxt/nuxt/pull/21589)) - Add note to use `nuxt` with bridge if `nitro` is false ([#21586](https://togithub.com/nuxt/nuxt/pull/21586)) - Add styling section ([#21525](https://togithub.com/nuxt/nuxt/pull/21525)) - Add full stop ([#21614](https://togithub.com/nuxt/nuxt/pull/21614)) - Reorder sfc blocks and add initial slash in link ([#21618](https://togithub.com/nuxt/nuxt/pull/21618)) - Add info on extending the HTML template ([#21615](https://togithub.com/nuxt/nuxt/pull/21615)) - Document `parallel` option on plugins ([#21622](https://togithub.com/nuxt/nuxt/pull/21622)) - Americanize spelling + fix typos ([#21627](https://togithub.com/nuxt/nuxt/pull/21627)) - Remove `examples/` from repository ([#21538](https://togithub.com/nuxt/nuxt/pull/21538)) - **examples:** Add bullet points ([9df892a17](https://togithub.com/nuxt/nuxt/commit/9df892a17)) - Add experimental features page ([#21617](https://togithub.com/nuxt/nuxt/pull/21617)) - Fix typo in experimental features ([#21663](https://togithub.com/nuxt/nuxt/pull/21663)) - Update specified Nuxt 2 version in migration guide ([#21699](https://togithub.com/nuxt/nuxt/pull/21699)) - Added `@latest` to install commands ([#21702](https://togithub.com/nuxt/nuxt/pull/21702)) ##### 🏡 Chore - Add `vitest` renovate group ([7695aca93](https://togithub.com/nuxt/nuxt/commit/7695aca93)) - Add full version for `octokit/request-action` ([dd5955caf](https://togithub.com/nuxt/nuxt/commit/dd5955caf)) - Widen peer deps in renovate updates ([b0ba4b864](https://togithub.com/nuxt/nuxt/commit/b0ba4b864)) - Bump bundle size 🤔 ([ce4f46385](https://togithub.com/nuxt/nuxt/commit/ce4f46385)) - Ignore `webpack-dev-middleware` updates on 2.x branch ([7f7ae96d1](https://togithub.com/nuxt/nuxt/commit/7f7ae96d1)) - Ignore vercel/netlify build directories ([5d4b71426](https://togithub.com/nuxt/nuxt/commit/5d4b71426)) ##### ✅ Tests - Update bundle size ([08df73801](https://togithub.com/nuxt/nuxt/commit/08df73801)) - Skip instance error test in vite ecosystem CI ([f97052cba](https://togithub.com/nuxt/nuxt/commit/f97052cba)) ##### 🤖 CI - Move bundle skipping logic to workflow ([#21448](https://togithub.com/nuxt/nuxt/pull/21448)) - Build project before calculating bundle size ([ce096da96](https://togithub.com/nuxt/nuxt/commit/ce096da96)) ##### ❤️ Contributors - Anthony Fu ([@antfu](https://togithub.com/antfu)) - Portnoy Vladislav ([@silencerspirit](https://togithub.com/silencerspirit)) - Roman Vašek ([@Droutin](https://togithub.com/Droutin)) - Daniel Roe ([@danielroe](https://togithub.com/danielroe)) - Damian Głowala ([@DamianGlowala](https://togithub.com/DamianGlowala)) - C-schwan ([@c-schwan](https://togithub.com/c-schwan)) - Vasily Kuzin ([@ExEr7um](https://togithub.com/ExEr7um)) - Hebilicious ([@Hebilicious](https://togithub.com/Hebilicious)) - Israel Ortuño ([@IsraelOrtuno](https://togithub.com/IsraelOrtuno)) - Sébastien Chopin ([@Atinux](https://togithub.com/Atinux)) - Lehoczky Zoltán ([@Lehoczky](https://togithub.com/Lehoczky)) - Julien Huang ([@huang-julien](https://togithub.com/huang-julien)) - Nozomu Ikuta ([@NozomuIkuta](https://togithub.com/NozomuIkuta)) - Bruno Braga ([@brunobragaw8t](https://togithub.com/brunobragaw8t)) - Inesh Bose ([@ineshbose](https://togithub.com/ineshbose)) - Quentin ([@quentint](https://togithub.com/quentint)) - Wattanx ([@wattanx](https://togithub.com/wattanx)) - Zaid Kureshi ([@imzedi](https://togithub.com/imzedi)) - Rodrigo Pimentel ([@RodrigoProjects](https://togithub.com/RodrigoProjects)) - Nicolas Payot ([@nicolaspayot](https://togithub.com/nicolaspayot)) - David De Sloovere ([@DavidDeSloovere](https://togithub.com/DavidDeSloovere)) - Miachel Brevard ([@GalacticHypernova](https://togithub.com/GalacticHypernova)) - Edward Hibbert ([@edwh](https://togithub.com/edwh)) - Žan Fras ([@frasza](https://togithub.com/frasza)) - Jongmin Yoon ([@jongmin4943](https://togithub.com/jongmin4943)) - Léonce Aklin ([@leonceaklin](https://togithub.com/leonceaklin)) - Wilson Pinto ([@wilsonpinto](https://togithub.com/wilsonpinto)) - Albaraa Hasan ([@Null78](https://togithub.com/Null78)) - Pooya Parsa ([@pi0](https://togithub.com/pi0)) - Markus ([@MSchutt](https://togithub.com/MSchutt)) - John Jenkins ([@johnjenkins](https://togithub.com/johnjenkins)) - Asher White ([@AWBroch](https://togithub.com/AWBroch)) - Harlan Wilton ([@harlan-zw](https://togithub.com/harlan-zw)) - Alexander B ([@xanderbarkhatov](https://togithub.com/xanderbarkhatov))

Shinigami92/eslint-define-config (eslint-define-config)

### [`v1.21.0`](https://togithub.com/Shinigami92/eslint-define-config/blob/HEAD/CHANGELOG.md#1210) [Compare Source](https://togithub.com/Shinigami92/eslint-define-config/compare/1.20.0...1.21.0) [diff](https://togithub.com/Shinigami92/eslint-define-config/compare/1.20.0...1.21.0) - Use esm by default ([#204]) - Update rules for: \[eslint, graphql-eslint, jsdoc, jsonc, testing-library, typescript-eslint, unicorn, vitest, vue] [#204]: https://togithub.com/Shinigami92/eslint-define-config/pull/204

pnpm/pnpm (pnpm)

### [`v8.6.4`](https://togithub.com/pnpm/pnpm/releases/tag/v8.6.4) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.6.3...v8.6.4) #### Patch Changes - In cases where both aliased and non-aliased dependencies exist to the same package, non-aliased dependencies will be used for resolving peer dependencies, addressing issue [#6588](https://togithub.com/pnpm/pnpm/issues/6588). - Ignore the port in the URL, while searching for authentication token in the `.npmrc` file [#6354](https://togithub.com/pnpm/pnpm/issues/6354). - Don't add the version of a local directory dependency to the lockfile. This information is not used anywhere by pnpm and is only causing more Git conflicts [#6695](https://togithub.com/pnpm/pnpm/pull/6695). #### Our Gold Sponsors

#### Our Silver Sponsors

### [`v8.6.3`](https://togithub.com/pnpm/pnpm/releases/tag/v8.6.3) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.6.2...v8.6.3) #### Patch Changes - When running a script in multiple projects, the script outputs should preserve colours [#2148](https://togithub.com/pnpm/pnpm/issues/2148). - Don't crash when the `APPDATA` env variable is not set on Windows [#6659](https://togithub.com/pnpm/pnpm/issues/6659). - Don't fail when a package is archived in a tarball with malformed tar headers [#5362](https://togithub.com/pnpm/pnpm/issues/5362). - Peer dependencies of subdependencies should be installed, when `node-linker` is set to `hoisted` [#6680](https://togithub.com/pnpm/pnpm/pull/6680). - Throw a meaningful error when applying a patch to a dependency fails. - `pnpm update --global --latest` should work [#3779](https://togithub.com/pnpm/pnpm/issues/3779). - `pnpm license ls` should work even when there is a patched git protocol dependency [#6595](https://togithub.com/pnpm/pnpm/issues/6595) #### Our Gold Sponsors

#### Our Silver Sponsors

egoist/tsup (tsup)

### [`v7.1.0`](https://togithub.com/egoist/tsup/releases/tag/v7.1.0) [Compare Source](https://togithub.com/egoist/tsup/compare/v7.0.0...v7.1.0) ##### Features - Ensure matching declaration file exists for each output bundle format ([#934](https://togithub.com/egoist/tsup/issues/934)) ([fb4c2b6](https://togithub.com/egoist/tsup/commit/fb4c2b6e75e29c58956eaaa6afab12b130accb14))

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

socket-security[bot] commented 1 year ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue	Package	Version	Note	Source
Network access	mz	2.7.0	Module: dns Location: dns.js	`pnpm-lock.yaml` via tsup@7.1.0

Next steps

What is network access?

This module accesses the network.

Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore mz@2.7.0

socket-security[bot] commented 1 year ago

New and updated dependency changes detected. Learn more about Socket for GitHub ↗︎

Packages		Version	New capabilities	Transitives^1	Size	Publisher
tsup	🆕	7.1.0	eval, network, filesystem, environment	`+35`	1.71 MB	egoist
eslint-define-config	⬆️	1.20.0...1.21.0	None	`+0/-0`	1.63 MB	shinigami92

🚮 Removed packages: @nuxt/kit@3.5.3, @nuxt/schema@3.5.3

sxzz / stale-dep