Skip to content

chore(deps): weekly safe npm updates · 3 packages#32

Open
mendral-app[bot] wants to merge 2 commits into
mainfrom
mendral/deps/weekly-safe-npm-20260706
Open

chore(deps): weekly safe npm updates · 3 packages#32
mendral-app[bot] wants to merge 2 commits into
mainfrom
mendral/deps/weekly-safe-npm-20260706

Conversation

@mendral-app

@mendral-app mendral-app Bot commented Jul 6, 2026

Copy link
Copy Markdown

Packages bumped

Package Old New Published
nuxt 4.3.1 4.4.8 2026-06-08
vue 3.5.29 3.5.39 2026-06-25
@tailwindcss/typography 0.5.19 0.5.20 2026-06-08
Per-package changelog details

nuxt 4.3.1 → 4.4.8

  • Multiple security fixes in v4.4.7: path traversal, protocol validation, XSS prevention, CSRF/open redirect prevention
  • Performance optimizations: layer root caching, parallelized module loading
  • Fixed useFetch cache options, concurrent request handling, cookie serialization
  • Improved server components and island rendering
  • Impact: No breaking changes. Bug fixes and security patches — strongly beneficial.

vue 3.5.29 → 3.5.39

  • Patch releases within 3.5.x — bug fixes and performance improvements
  • Impact: No breaking changes. Lockfile-only update within existing ^3.5.28 range.

@tailwindcss/typography 0.5.19 → 0.5.20

  • Patch release within 0.5.x — minor fixes
  • Impact: No breaking changes. Dev dependency only, used for prose styling.

Files modified

  • landing/package.json
  • landing/pnpm-lock.yaml
Skipped this ecosystem
Package Current Latest Reason
parse5 8.0.0 8.0.1 Open PR #30
@nuxt/content 3.8.0 3.15.0 Latest (3.15.0) too fresh (4 days); 3.14.0 eligible but pnpm resolves to latest in range
remark-mdc 3.10.0 3.11.1 Cooldown (published 2026-07-02, 4 days ago); 3.11.0 eligible but pnpm resolves to latest
@nuxtjs/robots 5.7.0 6.1.2 Major bump (5→6), outside ^ range — separate risky PR needed
@nuxtjs/sitemap 7.6.0 8.2.2 Major bump (7→8), outside ^ range — separate risky PR needed
@nuxtjs/tailwindcss 6.13.2 7.0.0-beta.1 Pre-release only
vue-router 4.6.4 5.1.0 Major bump (4→5), outside ^ range — separate risky PR needed
better-sqlite3 12.6.2 Already at latest stable
debug 4.4.3 Already at latest
rehype-raw 7.0.0 Already at latest
remark-emoji 5.0.2 Already at latest
remark-gfm 4.0.1 Already at latest
remark-rehype 11.1.2 Already at latest
unified 11.0.5 Already at latest
unist-util-visit 5.1.0 Already at latest

Note

Created by Mendral. Tag @mendral-app with feedback or questions.

Bump nuxt 4.3.1 → 4.4.8, vue 3.5.28 → 3.5.39,
@tailwindcss/typography 0.5.19 → 0.5.20
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 6, 2026

Copy link
Copy Markdown

Deploying pratrol with  Cloudflare Pages  Cloudflare Pages

Latest commit: e9bced2
Status: ✅  Deploy successful!
Preview URL: https://9b83fa8d.pratrol.pages.dev
Branch Preview URL: https://mendral-deps-weekly-safe-npm-mely.pratrol.pages.dev

View logs

Required by new repository policy that enforces SHA-pinned actions.
@mendral-app mendral-app Bot marked this pull request as ready for review July 6, 2026 09:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants