Skip to content

chore: bump nuxt from 3.19.2 to 3.21.7#1110

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/nuxt-3.21.6
Closed

chore: bump nuxt from 3.19.2 to 3.21.7#1110
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/nuxt-3.21.6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 19, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps nuxt from 3.19.2 to 3.21.7.

Release notes

Sourced from nuxt's releases.

v3.21.7

3.21.7 is the a security hotfix release.

👉 make sure to check https://github.com/nuxt/nuxt/security/advisories to view open advisories resolved by this release.

👉 Changelog

compare changes

🩹 Fixes

  • nitro: Assign noSSR before deciding payload extraction (#35108)
  • vite: Avoid filtering out dirs with shared prefix from allowDirs (#35112)
  • nuxt: Use resolve from pathe for buildCache path boundary check (#35111)
  • nuxt: Prevent sibling-directory traversal in test component wrapper (#35110)
  • nitro: Pass event data to isValid in dev clipboard-copy listener (#35109)
  • nuxt: Validate protocols in reloadNuxtApp path before reload (#35115)
  • vite: Resolve vite clientServer with ssr: false (#34959)
  • vite: Prefix public asset virtuals with null byte (38d330179)
  • nuxt: Handle missing payload in chunkError listener (#35155)
  • vite: Close vite dev server on nuxt close (d007d7060)
  • kit,nuxt: Handle cancelling prompts to install packages (59821a5ca)
  • nuxt: Await in-lifght template generation when closing nuxt (#35181)
  • webpack: Surface compilation errors when stats.toString is empty (71dccff2b)
  • kit: Improve TS extension stripping/substitutions (#35233)
  • nuxt: Preserve .d.mts/.d.cts in resolveTypePaths (#35235)
  • nuxt: Reject prototype-chain keys in the island registry (#35205)
  • nitro: Gate chrome devtools workspace endpoint to local requests (#35201)
  • nuxt: Escape props in <NuxtClientFallback> ssr output (#35199)
  • nuxt: Apply isScriptProtocol guard to navigateTo open option (#35206)
  • rspack,webpack: Require loopback host when missing same-origin signals (#35200)
  • nuxt: Absolutely resolve defu in app config template (40bedf0db)
  • nuxt: Match route rules case-insensitively to mirror vue-router (3f3e3fa7b)
  • nuxt: Escape <NoScript> slot content (7fea9fd68)
  • nuxt: Block path-normalization open redirect in navigateTo (1f2dd5e78)
  • nuxt: Reject cross-origin paths in reloadNuxtApp (6497d99dd)
  • vite: Bind vite-node IPC to a permissioned filesystem socket (c293bf950)
  • nuxt: Reject script-capable protocols in <NuxtLink> href (53284043d)
  • nuxt: Clarify page and layout usage warnings (#35184)
  • nuxt: Do not absolutely resolve defu (d11d7b1b5)

📖 Documentation

  • Edit for clarity and grammar (#35214)
  • Add dedicated module dependencies page (#35171)

🏡 Chore

  • Use execFileSync for safety in release scripts (9a455a658)
  • Assert there is always a tag (8da21fba8)
  • Fix type in test (bc2837125)
  • Fix lychee dynamic composable exclude (#35119)
  • Add autofix action tag in comment (70eba297f)
  • Update renovate minimum release age (27a6821a1)

✅ Tests

  • Update test for js payload rendering (b51a80840)

... (truncated)

Commits
  • fd806be v3.21.7
  • d11d7b1 fix(nuxt): do not absolutely resolve defu
  • 13e177e fix(nuxt): clarify page and layout usage warnings (#35184)
  • 5328404 fix(nuxt): reject script-capable protocols in \<NuxtLink> href
  • 6497d99 fix(nuxt): reject cross-origin paths in reloadNuxtApp
  • 1f2dd5e fix(nuxt): block path-normalization open redirect in navigateTo
  • 7fea9fd fix(nuxt): escape \<NoScript> slot content
  • 3f3e3fa fix(nuxt): match route rules case-insensitively to mirror vue-router
  • 40bedf0 fix(nuxt): absolutely resolve defu in app config template
  • 62fc32e fix(nuxt): apply isScriptProtocol guard to navigateTo open option (#35206)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 19, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/nuxt-3.21.6 branch from bda5c37 to d23e81e Compare June 16, 2026 08:39
@dependabot
chore: bump nuxt from 3.19.2 to 3.21.7
5248613 
Bumps [nuxt](https://github.com/nuxt/nuxt/tree/HEAD/packages/nuxt) from 3.19.2 to 3.21.7.
- [Release notes](https://github.com/nuxt/nuxt/releases)
- [Commits](https://github.com/nuxt/nuxt/commits/v3.21.7/packages/nuxt)

---
updated-dependencies:
- dependency-name: nuxt
  dependency-version: 3.21.6
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore: bump nuxt from 3.19.2 to 3.21.6 chore: bump nuxt from 3.19.2 to 3.21.7 Jun 17, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/nuxt-3.21.6 branch from d23e81e to 5248613 Compare June 17, 2026 02:03
@dependabot @github

dependabot Bot commented on behalf of github Jun 17, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #1131.

@dependabot dependabot Bot closed this Jun 17, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/nuxt-3.21.6 branch June 17, 2026 02:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants