[Snyk] Upgrade nuxt from 3.12.4 to 3.15.0 #429
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade nuxt from 3.12.4 to 3.15.0. See this package in npm: nuxt See this project in Snyk: https://app.snyk.io/org/nerds-github/project/d13fd520-df96-4b88-87f8-38a6d7c57850?utm_source=github&utm_medium=referral&page=upgrade-pr
Reviewer's Guide by SourceryThis pull request upgrades the nuxt dependency from version 3.12.4 to 3.15.0. This upgrade includes several bug fixes, performance improvements, and new features. No diagrams generated as the changes look simple and do not need a visual representation. File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
We have skipped reviewing this pull request. Here's why:
- It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
- We don't review packaging changes - Let us know if you'd like us to change this.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade nuxt from 3.12.4 to 3.15.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 7 versions ahead of your current version.
The recommended version was released a month ago.
Issues fixed by the recommended upgrade:
SNYK-JS-BRACES-6838727
SNYK-JS-CROSSSPAWN-8303230
SNYK-JS-ES5EXT-6095076
SNYK-JS-MICROMATCH-6838728
SNYK-JS-VITE-8023174
SNYK-JS-NANOID-8492085
SNYK-JS-NANOID-8492085
SNYK-JS-ROLLUP-8073097
SNYK-JS-VITE-8022916
SNYK-JS-SEND-7926862
SNYK-JS-SERVESTATIC-7926865
Release notes
Package name: nuxt
👀 Highlights
❄️ Snowfall!
Happy holidays! You'll notice when you start Nuxt that (if you're in the Northern Hemisphere) there's some snow on the loading screen (#29871).
⚡️ Vite 6 included
Nuxt v3.15 includes Vite 6 for the first time. Although this is a major version, we expect that this won't be a breaking change for Nuxt users (see full migration guide). However, please take care if you have dependencies that rely on a particular Vite version.
One of the most significant changes with Vite 6 is the new Environment API, which we hope to use in conjunction with Nitro to improve the server dev environment. Watch this space!
You can read the full list of changes in the Vite 6 changelog.
🪵 Chromium devtools improvements
We talk a lot about the Nuxt DevTools, but v3.15 ships with better integration in dev mode for Chromium-based browser devtools.
We now use the Chrome DevTools extensibility API to add support for printing nuxt hook timings in the browser devtools performance panel.
🗺️ Navigation mode for
callOncecallOnceis a built-in Nuxt composable for running code only once. For example, if the code runs on the server it won't run again on the client. But sometimes you do want code to run on every navigation - just avoid the initial server/client double load. For this, there's a newmode: 'navigation'option that will run the code only once per navigation. (See #30260 for more info.)🥵 HMR for templates, pages + page metadata
We now implement hot module reloading for Nuxt's virtual files (like routes, plugins, generated files) as well as for the content of page metadata (within a
definePageMetamacro) (#30113).This should mean you have a faster experience in development, as well as not needing to reload the page when making changes to your routes.
📋 Page meta enhancements
We now support extracting extra page meta keys (likely used by module authors) via
experimental.extraPageMetaExtractionKeys(#30015). This enables module authors to use this information at build time, in thepages:resolvedhook.We also now support local functions in
definePageMeta(#30241). This means you can do something like this:return !!(route.params.id && !isNaN(Number(route.params.id)))
}
definePageMeta({
validate: validateIdParam,
})
🔥 Performance improvements
We now preload the app manifest in the browser if it will be used when hydrating the app (#30017).
We'll also tree shake vue-router's hash mode history out of your bundle if we can - specifically, if you haven't customised your
app/router.options.ts(#30297).🐣 v4 updates
A few more changes shipped for the new defaults for v4, including only inlining styles by default for Vue components (#30305).
✅ Upgrading
As usual, our recommendation for upgrading is to run:
This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.
👉 Changelog
compare changes
🚀 Enhancements
extraPageMetaExtractionKeys(#30015)definePageMeta(#30241)mode: 'navigation'tocallOnce(#30260)🔥 Performance
hashModeoption (#30297)🩹 Fixes
addServerTemplate(a02af2348)extraExtractionKeyson runtimeroute.meta(ae9f42f4a)stylevalue for head components (#29999)useIdimplementation (40f437d25)buildDirtonormalizeTemplate(#30115)useRequestFetch(#30117)nitropackrather thannitroimport (2d5b53b23)engines.nodeto match dependencies (#30139)routerOptions.historyto return null (#30192)useIdfor island client component teleport id (#30151)nuxtandnuxt/app(#30148)getRouteRulesworks with nitro signature (#30277)replacein middleware withnavigateTo(#30283)nitropack(f220314a5)<RouterLink>for links starting with#(#30190)#app-manifest(ec613e533)useIdforclient-fallbackcomponent uid (#30314)@ vitest/(4171a1076)addTemplateif undefined (#30348)import.meta.hot.data(b1cf5781d)💅 Refactors
composable-keysplugin into nuxt core (#30029)nuxt:(#30028)📖 Documentation
event.waitUntil(#29583)vite.dev(#30111)nuxi upgradechannel flag (#30184)useLazyFetch(#30171)vite.css.preprocessorMaxWorkers(eb1ba017c)compatibilityVersionfeature flag (#30274)nuxicommand pages (#30199)inlineStyles(2660bffbc)🏡 Chore
unimport(7ee455969)installed-checkdependency (0e84cb9a4)engines.nodeto reflect only deps (d3d276919)rimraf(cf9d82c5a)divwrapper in client-only page (#30359)✅ Tests
🤖 CI
❤️ Contributors
👉 Changelog
compare changes
🩹 Fixes
webpackbarwith support for rspack (#29823)dstto deduplicate templates when adding them (#29895)dstto invalidate modules (6cd3352de)changeevents (#29954)<NuxtWelcome>when building (#29956)💅 Refactors
📖 Documentation
🏡 Chore
✅ Tests
🤖 CI
❤️ Contributors
We're leaning into the π theme - future patch releases of this minor version will just continue adding digits. (Sorry for any inconvenience! 😆)
👉 Changelog
compare changes
🩹 Fixes
module.json(#29793)mllyto resolve module paths to avoid cjs fallback (#29799)webpack-dev-middleware(#29806)📖 Documentation
🏡 Chore
❤️ Contributors
👀 Highlights
Behind the scenes, a lot has been going on in preparation for the release of Nuxt v4 (particularly on the
unjsside with preparations for Nitro v3!)⚡️ Faster starts powered by
jitiLoading the nuxt config file, as well as modules and other build-time code, is now powered by
jitiv2. You can see more about the release in the jiti v2 release notes, but one of the most important pieces is native node esm import (where possible), which should mean a faster start. ✨📂 Shared folder for code and types shared with client/server
You should never import Vue app code in your nitro code (or the other way around). But this has meant a friction point when it comes to sharing types or utilities that don't rely on the nitro/vue contexts.
For this, we have a new
shared/folder (#28682). You can't import Vue or nitro code into files in this folder, but it produces auto-imports you can consume throughout the rest of your app.If needed you can use the new
#sharedalias which points to this folder.The shared folder is alongside your
server/folder. (If you're usingcompatibilityVersion: 4, this means it's not inside yourapp/folder.)🦀
rspackbuilderWe're excited to announce a new first-class Nuxt builder for
rspack. It's still experimental but we've refactored the internal Nuxt virtual file system to useunpluginto make this possible.Let us know if you like it - and feel free to raise any issues you experience with it.
👉 To try it out, you can use this starter - or just install
@ nuxt/rspack-builderand setbuilder: 'rspack'in your nuxt config file.✨ New composables
We have new
useResponseHeaderanduseRuntimeHookcomposables (#27131 and #29741).🔧 New module utilities
We now have a new
addServerTemplateutility (#29320) for adding virtual files for access inside nitro runtime routes.🚧 v4 changes
We've merged some changes which only take effect with
compatibilityVersion: 4, but which you can opt-into earlier.previously, if you had a component like
~/components/App/Header.vuethis would be visible in your devtools as<Header>. From v4 we ensure this is<AppHeader>, but it's opt-in to avoid breaking any manual<KeepAlive>you might have implemented. (#28745).Nuxt scans page metadata from your files, before calling
pages:extend. But this has led to some confusing behaviour, as pages added at this point do not end up having their page metadata respected. So we now do not scan metadata before callingpages:extend. Instead, we have a newpages:resolvedhook, which is called afterpages:extend, after all pages have been augmented with their metadata. I'd recommend opting into this by settingexperimental.scanPageMetatoafter-resolve, as it solves a number of bugs.🗺️ Roadmap to v3.15
They didn't quite make it in time for v3.14 but for the next minor release you can expect (among other things):
✅ Upgrading
As usual, our recommendation for upgrading is to run:
This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.
👉 Changelog
compare changes
🚀 Enhancements
jiti(#29073)addServerTemplateutility (#29320)useResponseHeadercomposable (#27131)rspackbuilder (#29142)pages:resolvedhook + scan meta post extend (#28861)definePageMeta(#29586)shared/folder and#sharedalias (#28682)