v4.0.0

[github-actions]

4.0.0 is the next major release.

Timetable: to be announced.

👉 Changelog

compare changes

🚀 Enhancements

• kit,nuxt,schema,vite,webpack: Nitropack v3 nightly (#27702)
• ui-templates: Update template branding for v4 (#27843)
• deps: Upgrade to latest versions of c12, jiti and unbuild (#27995)
• kit: Reimplement cjs utils using mlly (#28012)
• nuxt: Generate basic jsdoc for module config entry (#27689)
• schema: Split dev/prod build directories (#28594)
• nuxt: Cache vue app build outputs (#28726)
• deps: Update dependency vite to v6 (main) (#30042)

🔥 Performance

• nuxt: ⚠️ Don't call render:html for server islands (#27889)
• vite: Don't write stub manifest for legacy bundler (#27957)
• kit: Update env expansion regex to match nitro (#30766)

🩹 Fixes

• schema,vite: ⚠️ Do not allow configuring vite dev bundler (#27707)
• schema: ⚠️ Default to compatibilityVersion: 4 (#27710)
• nuxt: ⚠️ Emit absolute paths in builder:watch hook (#27709)
• nuxt: ⚠️ Improve default asyncData value behaviour (#27718)
• nuxt: ⚠️ Remove old experimental options (#27749)
• kit: ⚠️ Support loading nuxt 4 and drop support for <=2 (#27837)
• nuxt: ⚠️ Remove __NUXT__ after hydration (#27745)
• ui-templates: Add default title back (3415241a6)
• kit: ⚠️ Drop support for building nuxt 2 projects (1beddba6a)
• nuxt: ⚠️ Bump internal majorVersion to 4 (7aae4033b)
• kit: Mark resolvePath utils as sync (655e1473d)
• kit: Revert change to tryResolveModule (2d136e04c)
• kit: Add back requireModule and tryRequireModule (#28013)
• nuxt: Hide unhandled error messages in prod (#28156)
• nuxt: Add useScriptCrisp scripts stub (0c3cc4cf3)
• nuxt: ⚠️ Remove unused globalName property (#28391)
• nuxt: Use static import for updateAppConfig in HMR (#28349)
• vite: Write dev manifest when ssr: false (#28488)
• kit,nuxt,schema: ⚠️ Remove other support for nuxt2/bridge (#28936)
• webpack: Only insert dynamic require plugin when building (b619b35e9)
• nuxt: Guard window access (d874726ff)
• nuxt: Remove unneeded subpath import (18a6ef1ca)
• webpack: Handle new webpack chunk format (d293c06d2)
• nuxt: Wrap slot with h() in ClientOnly (#30664)
• kit: ⚠️ Do not check compatibility for nuxt version < 2.13 (f94cda4c8)
• nuxt: Ensure <NuxtLayout> fallback prop is typed (#30832)

💅 Refactors

• kit,nuxt: ⚠️ Drop nuxt 2 + ejs template compile support (#27706)
• nuxt: ⚠️ Move #app/components/layout -> #app/components/nuxt-layout (209e81b60)
• kit,nuxt,vite,webpack: ⚠️ Remove legacy require utils (#28008)
• nuxt: Simplify check of dedupe option (#28151)
• nuxt: Use direct import of installNuxtModule (501ccc375)

📖 Documentation

• Indicate what useAsyncData must return (#28259)
• Update deep default for useAsyncData & useFetch (#28564)
• Move custom directories note to the correct place (#29100)
• Add props to special metadata (#29708)
• Fix link to issue (4d13f1027)
• Fix typos (#30413)
• Tiny typo (#30799)
• Fix typo (#30817)
• Remove backslashes in spaLoadingTemplate example (#30830)

🏡 Chore

• Manage update to vite-plugin-checker separately (02d46dd3d)
• Update docs typecheck command (#28433)
• Improve accuracy of 4.x changelog (#28706)
• Bump package versions internally to v4 (16fab7778)
• kit: Fix regressed version v4 (a1c052057)
• Dedupe lockfile (f14ef6bc9)
• Update once more (4d22f4d5a)
• Specify workspace engines.node compatibility (a26322f5f)
• Remove special treatment for typescript (08766a0cd)
• Reenable quarantine for webpack/memfs (for 3.x benefit) (9cb94e55e)
• Add additional dummy url to ignore (3a37c74e1)
• Remove extra dep (f0ec34298)
• Add back nuxi (9aa4c7c3b)
• Remove stray nuxi version again (#30547)
• Fix lockfile (7d345c714)

✅ Tests

• Remove unused experimental options (6d971ddc9)
• Add additional attw test for built packages (#30206)
• Add minimal pages fixture (#30457)
• Update bundle size assertion (f458153d9)
• Update bundle size assertion (4cce6bf8d)

🤖 CI

• Bump node v22 (#30251)

⚠️ Breaking Changes

• nuxt: ⚠️ Don't call render:html for server islands (#27889)
• schema,vite: ⚠️ Do not allow configuring vite dev bundler (#27707)
• schema: ⚠️ Default to compatibilityVersion: 4 (#27710)
• nuxt: ⚠️ Emit absolute paths in builder:watch hook (#27709)
• nuxt: ⚠️ Improve default asyncData value behaviour (#27718)
• nuxt: ⚠️ Remove old experimental options (#27749)
• kit: ⚠️ Support loading nuxt 4 and drop support for <=2 (#27837)
• nuxt: ⚠️ Remove __NUXT__ after hydration (#27745)
• kit: ⚠️ Drop support for building nuxt 2 projects (1beddba6a)
• nuxt: ⚠️ Bump internal majorVersion to 4 (7aae4033b)
• nuxt: ⚠️ Remove unused globalName property (#28391)
• kit,nuxt,schema: ⚠️ Remove other support for nuxt2/bridge (#28936)
• kit: ⚠️ Do not check compatibility for nuxt version < 2.13 (f94cda4c8)
• kit,nuxt: ⚠️ Drop nuxt 2 + ejs template compile support (#27706)
• nuxt: ⚠️ Move #app/components/layout -> #app/components/nuxt-layout (209e81b60)
• kit,nuxt,vite,webpack: ⚠️ Remove legacy require utils (#28008)

❤️ Contributors

• Maik Kowol (@94726)
• Charlie ✨ (@CharleeWa)
• Hussain Panahy (@HP8585)
• @beer (@iiio2)
• Daniel Roe (@danielroe)
• Peter Radko (@Gwynerva)
• Lansi (@lansi951)
• Yauheni Vasiukevich (@EvgenyWas)
• Julien Huang (@huang-julien)
• Norbiros (@Norbiros)
• Alex Liu (@Mini-ghost)
• Alan Schio (@schirrel)
• xjccc (@xjccc)
• Saeid Zareie (@Saeid-Za)
• Zakhar Shymanchyk (@zshimanchik)
• Arturs Jansons (@iegik)
• Maxime Pauvert (@maximepvrt)
• Anthony Fu (@antfu)
• Camille Coutens (@Kamsou)
• Peter Buglavecz (@buglavecz)
• ikxin (@ikxin)
• Guspan Tanadi (@guspan-tanadi)
• Vuk Marjanovic (@vmrjnvc)
• Matej Černý (@cernymatej)
• Clément Ollivier (@clemcode)
• Anders Bootsmann Larsen (@bootsmann1995)
• Alexander Lichter (@TheAlexLichter)
• Connor Roberts (@murshex)
• Horu (@HigherOrderLogic)
• Mehmet (@productdevbook)
• Nishant Aanjaney Jalan (@cybercoder-naj)
• David Nahodyl (@Smef)
• Bobbie Goede (@BobbieGoede)
• derHodrig (@derHodrig)
• Martins Zeltins (@martinszeltins)
• Matt (@matt-clegg)
• Nikolay (@RokeAlvo)
• Joaquín Sánchez (@userquin)
• bjoaquinc (@bjoaquinc)
• wzc520pyfm (@wzc520pyfm)
• Kraig Burrows (@zync09)
• Harlan Wilton (@harlan-zw)
• Sébastien LeBlanc (@mrleblanc101)
• Teena (@franklin-tina)
• skmedix (@skmedix)
• Daniel Rentz (@danielrentz)
• Inesh Bose (@ineshbose)
• Felix Gabler (@felixgabler)
• mianlang (@mianlang)
• Tamás H. (@Tamas-hi)
• Guillaume Chau (@Akryum)
• Farnabaz (@farnabaz)
• Jan-Niklas W. (@niklas-wortmann)
• Gustavo Aquino Torres Teixeira (@guska8)
• Stephanie Smith (@stephiescastle)
• crisarji (@crisarji)
• RBV1 (@RBV1)
• Adrien Foulon (@Tofandel)
• Efraim (@EfraimGENC)
• Aurion SARL (@TonyFresneau)
• Erik Lilja (@Lilja)
• Markus Oberlehner (@maoberlehner)
• Lukas Bauer (@luxterful)
• Damian Głowala (@DamianGlowala)
• Till Sanders (@tillsanders)
• Nils (@BracketJohn)
• Estéban (@Barbapapazes)
• John Tanzer (@moshetanzer)
• Cruz (@SparK-Cruz)
• 翠 / green (@sapphi-red)
• Taras Batenkov (@enkot)
• Michael Brevard (@GalacticHypernova)
• Panopoulos Andreas (@b0ul17)
• Dawit (@oneminch)
• Ryota Watanabe (@wattanx)
• Alexander (@hywax)
• Ryoya (@harunari0928)
• Jelmer (@jelmerdemaat)
• Christoph Heike (@cheike569)
• Sébastien Chopin (@atinux)
• Jeremy Graziani (@AcelisWeaven)
• Domenik Reitzner (@dreitzner)
• Jeel Rupapara (@zeelrupapara)
• Pooya Parsa (@pi0)
• Leopold Kristjansson (@leopoldkristjansson)
• Horváth Bálint (@horvbalint)
• Bochkarev Ivan (@Ibochkarev)
• Joschua (@selfire1)
• Indrek Ardel (@Ingramz)
• DarkVen0m (@DarkVen0m)
• Ezra Ashenafi (@Eazash)
• Artem Maslov (@Twocram)
• Paulo Ricardo Severo (@prsevero)
• Liran Tal (@lirantal)
• Osama Abdallah Essa Haikal (@OsamaHaikal)
• Gianluca Di Francesco (@gianlucadifrancesco)
• Heb (@Hebilicious)
• Eckhardt (Kaizen) Dreyer (@Eckhardt-D)
• Ismail Sabet (@ismailsabet)
• Max (@onmax)
• riskrole (@riskrole)
• Thimo Sietsma (@th1m0)
• felix-dolderer (@felix-dolderer)
• Nicolas Payot (@nicolaspayot)
• Kewin Szlezingier (@kewinzaq1)
• Vasily Kuzin (@ExEr7um)
• Gustav Odinger (@gustavwilliam)
• Martin André (@Martichou)
• Mike Laumann Bellika (@MikeBellika)
• Typed SIGTERM (@typed-sigterm)
• Son Tran (@trandaison)
• rubyisrust (@rubyisrust)
• Riley Ho (@rileychh)
• Adam DeHaven (@adamdehaven)
• Potter (@yxw007)
• Martin Masevski (@Archetipo95)
• BoogieBen. (@boogie-ben)
• Tobias Diez (@tobiasdiez)
• Yasser Lahbibi (@yassilah)
• pan93412 (@pan93412)
• AuroraTea (@AuroraTea)
• nuxt-studio[bot] (@nuxt-studio[bot])
• Vaci (@vacijj)
• FELIPE COSTA DE OLIVEIRA (@FelipeO16)
• Aleksei Nagovitsyn (@nag5000)
• Meo (@miaobuao)
• Mohab Sameh (@mohab-sameh)
• Quentin Macq (@quentinmcq)
• Johan Krijt (@johankrijt)
• arshcodemod (@arshcodemod)
• Santiago A (@santiagoaloi)
• Thomas (@ThomasWT)
• Dominic (@rexhent)
• Florian Metz (@Timeraa)
• Daniel Kelly (@danielkellyio)
• Daniel Flanagan (@FlantasticDan)
• 山吹色御守 (@KazariEX)
• izzy goldman (@izzygld)
• Seno (@s-en-o)
• Aviv Keller (@avivkeller)
• Lucie (@lihbr)
• Idorenyin Udoh (@idorenyinudoh)

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/[email protected]	None	0	5.61 kB	danielroe
npm/[email protected]	Transitive: environment, filesystem, network, shell	+2	271 kB	hirokiosame
npm/[email protected]	environment, filesystem, network, shell	0	134 kB	evanw
npm/[email protected]	None	0	3.66 kB	sindresorhus
npm/[email protected]	None	0	11.6 kB	levibuzolic
npm/[email protected]	Transitive: environment, filesystem	+17	2.7 MB	azat-io
npm/[email protected]	Transitive: environment, eval, filesystem, network	+6	1.46 MB	antfu
npm/[email protected]	Transitive: environment, eval, filesystem, shell, unsafe	+46	9.17 MB	eslintbot, openjsfoundation
npm/[email protected]	None	0	17.6 kB	rich_harris
npm/[email protected]	Transitive: environment, filesystem, unsafe	+2	266 kB	danielroe
npm/[email protected]	None	0	38.1 kB	evilebottnawi
npm/[email protected]	environment, filesystem, shell	+23	1.38 MB	piotr-oles
npm/[email protected]	environment	0	24.6 kB	pi0
npm/[email protected]	Transitive: filesystem	+10	322 kB	sindresorhus
npm/[email protected]	None	+2	841 kB	pi0
npm/[email protected]	None	0	12.7 MB	davidortner
npm/[email protected]	None	0	39.9 kB	pi0
npm/[email protected]	environment, filesystem Transitive: eval, shell	+10	8.75 MB	ext
npm/[email protected]	Transitive: environment, filesystem	+5	1.88 MB	maltsev
npm/[email protected]	None	0	63.1 kB	kael
npm/[email protected]	None	+2	115 kB	danielroe
npm/[email protected]	None	+7	164 kB	voxpelli
npm/[email protected]	None	0	0 B

🚮 Removed packages: npm/[email protected]

View full report↗︎

[Nyantekyi]

Hello.. Please leave the debounce feature on useFetch and useAsyncData...

[danielroe]

@Nyantekyi we are not removing it, just you now need to set a more explicit name rather than true/false.

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	CI
Possible typosquat attack	npm/[email protected]	Did you mean: emoji-regex~~-xs~~	⚠︎

View full report↗︎

Next steps

What is a typosquat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]

[pkg-pr-new]

Open in Stackblitz

@nuxt/kit

npm i https://pkg.pr.new/@nuxt/kit@27716

@nuxt/rspack-builder

npm i https://pkg.pr.new/@nuxt/rspack-builder@27716

nuxt

npm i https://pkg.pr.new/nuxt@27716

@nuxt/schema

npm i https://pkg.pr.new/@nuxt/schema@27716

@nuxt/vite-builder

npm i https://pkg.pr.new/@nuxt/vite-builder@27716

@nuxt/webpack-builder

npm i https://pkg.pr.new/@nuxt/webpack-builder@27716

commit: fcc0aaf

[codspeed-hq]

CodSpeed Performance Report

Merging #27716 will not alter performance

_{Comparing v4.0.0 (fcc0aaf) with main (cf6dcc1)}

Summary

✅ 8 untouched benchmarks