chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@iconify-json/lucide	^1.2.87 → ^1.2.89
@iconify-json/simple-icons	^1.2.68 → ^1.2.69
@nuxt/content (source)	^3.11.0 → ^3.11.2
@nuxt/eslint (source)	^1.13.0 → ^1.14.0
@nuxtjs/mcp-toolkit (source)	0.6.2 → 0.6.3
@nuxtjs/mdc	^0.20.0 → ^0.20.1
@vueuse/core (source)	^14.1.0 → ^14.2.0
pnpm (source)	10.28.1 → 10.29.1

---

Release Notes

nuxt/content (@​nuxt/content)

v3.11.2

Compare Source

Bug Fixes

• studio: fallback to env variable to detect ai feature (#​3713) (3fc8b7b)

v3.11.1

Compare Source

Features

• collections: create studio collections for AI if detected (#​3709) (7744645)

Bug Fixes

• issue with disabling contentRawMarkdown (5be6b0c)

nuxt/eslint (@​nuxt/eslint)

v1.14.0

Compare Source

   🚀 Features

• eslint-config: Add no-page-meta-runtime-values  -  by @​danielroe in #​641 (b74a0)

    View changes on GitHub

nuxt-modules/mcp-toolkit (@​nuxtjs/mcp-toolkit)

v0.6.3

Compare Source

What's Changed

Bug Fixes 🐞

• fix(module): add server entrypoint by @​HugoRCD in #​106

Dependency Updates 📦

• chore: remove unused deps and drop runtimeConfig for MCP config by @​HugoRCD in #​117

• chore(deps): update all non-major dependencies by @​renovate[bot] in #​97

• chore(deps): update devdependency turbo to ^2.7.4 by @​renovate[bot] in #​98

• chore(deps): lock file maintenance by @​renovate[bot] in #​99

• chore(deps): update all non-major dependencies by @​renovate[bot] in #​100

• chore(deps): update all non-major dependencies by @​renovate[bot] in #​101

• chore(deps): update all non-major dependencies by @​renovate[bot] in #​103

• chore(deps): lock file maintenance by @​renovate[bot] in #​104

• chore(deps): update all non-major dependencies by @​renovate[bot] in #​105

• chore(deps): update dependency nuxt-studio to ^1.1.1 by @​renovate[bot] in #​107

• chore(deps): update nuxt framework to ^4.3.0 by @​renovate[bot] in #​108

• chore(deps): update all non-major dependencies by @​renovate[bot] in #​110

• chore(deps): lock file maintenance by @​renovate[bot] in #​111

• chore(deps): update pnpm to v10.28.2 by @​renovate[bot] in #​112

• chore(deps): update dependency @​clack/prompts to v1 by @​renovate[bot] in #​114

• chore(deps): update autofix-ci/action digest to 7a166d7 by @​renovate[bot] in #​115

• chore(deps): update all non-major dependencies by @​renovate[bot] in #​113

Full Changelog: nuxt-modules/mcp-toolkit@v0.6.2...v0.6.3

nuxt-content/mdc (@​nuxtjs/mdc)

v0.20.1

Compare Source

compare changes

🩹 Fixes

• parser: Remove duplicate props :name ~ name (deb07c8)
• Types (f82fed2)

❤️ Contributors

• Farnabaz farnabaz@gmail.com

vueuse/vueuse (@​vueuse/core)

v14.2.0

Compare Source

   🚀 Features

• Support configurable scheduler for timed composables  -  by @​9romise in #​5129 (66aad)
• Allow vue-router 5 as peer deps  -  by @​Ericlm in #​5269 (7c94a)
• useCssSupports: Add useCssSupports  -  by @​OrbisK in #​5266 (c1282)
• useDraggable: Auto-scroll with restricted dragging within the container  -  by @​Gazoon007, Alfarish Fizikri, Robin and @​OrbisK in #​4472 (a8a85)
• useElementVisibility: Inherit rootMargin from useIntersectionObserver  -  by @​9romise in #​5207 (46682)
• useIntersectionObserver: Make rootMargin reactive  -  by @​doyuli, @​ilyaliao and @​9romise in #​4934 (53abe)
• useSortable: Add watchElement option for auto-reinitialize on element change  -  by @​Mini-ghost and @​ilyaliao in #​5189 (17ea2)

   🐞 Bug Fixes

• nuxt: Ensure excludes disabledFunctions' alias  -  by @​jinyongp and @​9romise in #​5240 (76829)
• refManualReset: Add explicit return type annotation  -  by @​batuhan-bas in #​5246 (13bbb)
• useAsyncState: Ensure execute return the actual data  -  by @​9romise in #​5167 (0c346)
• useDocumentVisibility: Fix type inference from string to Documen…  -  by @​webfanzc and cowhorse in #​5248 (e8be8)
• useFocusTrap: Update focus-trap range to ^7  -  by ** ^8 (#​5270)** ()
• useInfiniteScroll: Improve promise handling and add flush post to watch  -  by @​nhquyss and @​9romise in #​5122 (abcea)
• useMagicKeys: Handle undefined key in keyboard events  -  by @​LouisLau-art, LouisLau-art and @​OrbisK in #​5225 (65e25)

    View changes on GitHub

pnpm/pnpm (pnpm)

v10.29.1: pnpm 10.29.1

Compare Source

Minor Changes

• The pnpm dlx / pnpx command now supports the catalog: protocol. Example: pnpm dlx shx@catalog:.
• Support configuring auditLevel in the pnpm-workspace.yaml file #​10540.
• Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #​10436.

Patch Changes

• Fixed pnpm list --json returning incorrect paths when using global virtual store #​10187.

• Fix pnpm store path and pnpm store status using workspace root for path resolution when storeDir is relative #​10290.

• Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #​10497.

• Fixed a bug where catalogMode: strict would write the literal string "catalog:" to pnpm-workspace.yaml instead of the resolved version specifier when re-adding an existing catalog dependency #​10176.

• Fixed the documentation URL shown in pnpm completion --help to point to the correct page at https://pnpm.io/completion #​10281.

• Skip local file: protocol dependencies during pnpm fetch. This fixes an issue where pnpm fetch would fail in Docker builds when local directory dependencies were not available #​10460.

• Fixed pnpm audit --json to respect the --audit-level setting for both exit code and output filtering #​10540.

• update tar to version 7.5.7 to fix security issue

  Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842

• Fix pnpm audit --fix replacing reference overrides (e.g. $foo) with concrete versions #​10325.

• Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not being converted to publicHoistPattern #​10271.

• pnpm help should correctly report if the currently running pnpm CLI is bundled with Node.js #​10561.

• Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for node_modules/.bin, causing binaries to not be found when running commands like pnpm exec #​10457.

Platinum Sponsors

Gold Sponsors

v10.28.2: pnpm 10.28.2

Compare Source

Patch Changes

• Security fix: prevent path traversal in directories.bin field.

• When pnpm installs a file: or git: dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into node_modules.

  This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., /etc/passwd, ~/.ssh/id_rsa) and have their contents copied when the package is installed.

  Note: This only affects file: and git: dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.

• Fixed optional dependencies to request full metadata from the registry to get the libc field, which is required for proper platform compatibility checks #​9950.

Platinum Sponsors

Gold Sponsors

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.