chore(deps): update nuxt framework to ^4.4.7

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
nuxt (source)	^4.4.4 → ^4.4.7

---

Release Notes

nuxt/nuxt (nuxt)

v4.4.7

Compare Source

4.4.7 is the a security hotfix release.

👉 make sure to check https://github.com/nuxt/nuxt/security/advisories to view open advisories resolved by this release.

👉 Changelog

compare changes

🩹 Fixes

• nitro: Assign noSSR before deciding payload extraction (#​35108)
• vite: Avoid filtering out dirs with shared prefix from allowDirs (#​35112)
• nuxt: Use resolve from pathe for buildCache path boundary check (#​35111)
• nuxt: Prevent sibling-directory traversal in test component wrapper (#​35110)
• nitro: Pass event data to isValid in dev clipboard-copy listener (#​35109)
• nuxt: Validate protocols in reloadNuxtApp path before reload (#​35115)
• vite: Prefix public asset virtuals with null byte (9e303b438)
• nuxt: Re-run getCachedData after initial fetch (#​35122)
• nuxt: Propagate useFetch/useAsyncData factory types (#​35133)
• vite: Close vite dev server on nuxt close (a10a68abc)
• kit,nuxt: Handle cancelling prompts to install packages (e84813229)
• kit: Avoid excluding node-context files in legacy tsconfig (#​35152)
• nuxt: Handle missing payload in chunkError listener (#​35155)
• nuxt: Await in-lifght template generation when closing nuxt (#​35181)
• nuxt: Clarify page and layout usage warnings (#​35184)
• webpack: Surface compilation errors when stats.toString is empty (073b07851)
• nuxt: Reject prototype-chain keys in the island registry (#​35205)
• nuxt: Apply isScriptProtocol guard to navigateTo open option (#​35206)
• nuxt: Prevent server-only page island from recursing via <NuxtPage> (#​35198)
• rspack,webpack: Require loopback host when missing same-origin signals (#​35200)
• nitro: Gate chrome devtools workspace endpoint to local requests (#​35201)
• nuxt: Escape props in <NuxtClientFallback> ssr output (#​35199)
• kit: Improve TS extension stripping/substitutions (#​35233)
• nuxt: Preserve .d.mts/.d.cts in resolveTypePaths (#​35235)
• nuxt: Escape <NoScript> slot content (4b054e9d9)
• nuxt: Match route rules case-insensitively to mirror vue-router (07e39cd6f)
• nuxt: Reject script-capable protocols in <NuxtLink> href (0103ce06f)
• nuxt: Block path-normalization open redirect in navigateTo (2cce6fb02)
• nuxt: Reject cross-origin paths in reloadNuxtApp (e447a793c)
• vite: Bind vite-node IPC to a permissioned filesystem socket (1f9f4767a)

💅 Refactors

• kit,nuxt,vite: Use es2023 array methods (#​34980)
• nuxt: Replace runInNewContext with AST walker (d72a89ef4)

📖 Documentation

• Document vite client and server options (#​35090)
• Add dedicated module dependencies page (#​35171)
• Add nodeTsConfig and sharedTsConfig options (#​35231)
• Edit for clarity and grammar (#​35214)

🏡 Chore

• Use execFileSync for safety in release scripts (1d7baaf01)
• Assert there is always a tag (e98c47c3c)
• Add autofix action tag in comment (ffa5c0098)
• Fix type in test (a549652e2)
• Update renovate minimum release age (d12d5e58a)
• Fix lychee dynamic composable exclude (#​35119)
• Update lockfile (91186dc51)
• Lint (dbc58965c)

✅ Tests

• Update test for js payload rendering (bdcb81536)
• Cover add regression test for hmr in sibling local layers (#​35125)
• Improve reliability of hmr test (1d709b3cc)

🤖 CI

• Always run all tests for 4.x/3.x (0dc4665cf)
• Migrate from tibdex (ded29dc0f)
• Add zizmor github actions check (#​35089)
• Update to agentscan v1.8.0 (#​35120)
• Automatically close PRs from automated accounts (#​35161)
• Disable provenance-change enforcement in dependency-review (a2cf43e68)

❤️ Contributors

• Daniel Roe (@​danielroe)
• David Stack (@​davidstackio)
• David De Sloovere (@​DavidDeSloovere)
• anton-gor-dev (@​anton-gor-dev)
• Noah3521 (@​Noah3521)
• Shahar Aviram (@​ShaharAviram1)
• Matej Černý (@​cernymatej)
• Mohit Kumar (@​mohitkum4r)
• Matteo Gabriele (@​MatteoGabriele)
• Julien Huang (@​huang-julien)
• Damian Głowala (@​DamianGlowala)

v4.4.6

Compare Source

4.4.6 is the next patch release.

👉 Changelog

compare changes

🩹 Fixes

• vite: Use spa entry for vite-node fallback (#​35037)
• vite: Invalidate SSR module cache when modules are invalidated via plugin hooks (a86657a0e)
• nuxt: Match deduplicated resolveComponent calls in jsx blocks (#​35028)
• nuxt: Prefer our own builder/server deps (#​35029)
• nuxt: Update useFetch key even with watch: false (#​35002)
• nitro: Mark @babel/plugin-syntax-typescript as optional peer dep (#​35041)
• nitro: Add json extension to payload cache items (#​35043)
• nuxt: Handle errors fetching app manifest (#​35050)
• nuxt: Encode html-significant characters in external redirect body (#​35052)
• nuxt: Preserve setPageLayout props on same-path navigation (#​35055)
• vite: Don't strip buildAssetsDir from vite-node SSR ids (#​35040)
• nuxt: Mark useLoadingIndicator properties as readonly (#​35062)
• vite: Strip queries in css inline styles map (#​35067)
• nitro: Validate island request hash matches props (#​35077)
• nitro: Use regexp to strip query (163e18d4b)
• nitro: Use statusCode for nitro v2 compatibility (952f6841e)
• nitro-server: Re-export h3 named symbols statically (cd99001c8)
• nuxt: Render component-less parent routes during client-side nav (#​35036)
• kit: Respect tsConfig.exclude in legacy tsconfig.json (#​35079)
• nuxt: Run middleware for page islands (#​35092)

💅 Refactors

• rspack,webpack: Extract same-origin check for dev middleware (#​35051)

📖 Documentation

• Remove CSB, set node 22 and use steps for clarity (#​35066)

🏡 Chore

• One more type, one more (50dcf15bb)
• Remove unneeded (?) overrides (6997093af)
• Use explicit versions for fixture dependencies (294a734d4)
• Ignore link-like syntax in code (2584a549c)
• Narrow engines.node in test (5bb17fb47)
• Remove unused import (a52d78626)

✅ Tests

• Relax relative time assertion (c3dcd16f9)
• Add type (732d844ad)
• Drop h3 v2 types (8286e5fcd)

🤖 CI

• Clean up agent-scan workflow (ab8317547)
• Continue autofix workflow when test:engines fails (3025e561e)
• Improve workflows (#​35088)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Tim (@​timhn-bm)
• Julien Huang (@​huang-julien)
• Damian Głowala (@​DamianGlowala)
• Sébastien Chopin (@​atinux)
• Adrien Foulon (@​Tofandel)
• Sami El Achi (@​samiashi)

v4.4.5

Compare Source

4.4.5 is the next patch release.

👉 Changelog

compare changes

🔥 Performance

• kit: Cache layer roots and short-circuit isIgnored relative (#​35015)

🩹 Fixes

• vite: Resolve vite clientServer with ssr: false (#​34959)
• nitro: Correct payload route rule for / + override ssr: true (#​34990)
• nitro: Break recursive rendering deadlocks during prerender (#​34939)
• vite: Drop redundant css link when entry styles are inlined (#​34950)
• vite: Sort optimizeDeps.include in pre-bundle hint (#​34976)
• nuxt: Only force suspense remount after first resolve (#​34949)
• kit: Read .env before resolving nuxt schema (#​34958)
• nitro: Preserve serverHandlers array after nitro:config (#​34985)
• nuxt: Cast partial nitro handlers when prepending to server arrays (61dcde4db)
• vite: Only consider CSS inlined when styles are actually emitted (#​35006)
• nuxt: Dedupe getCachedData for concurrent callers sharing a key (#​34999)
• nuxt: Respect factory fetch/baseURL options in server useFetch (#​35003)
• nuxt: Handle string presets in auto-imports (#​35013)
• nuxt: Correct island transform for server pages and 'deep' mode (#​35005)
• vite: Inline css for non-island children of server components (#​35001)
• nuxt: Defer head DOM updates until page transition finishes (#​35016)
• nuxt: Explicitly freeze head during island plugin phase (#​35010)
• vite: Inline css imported from non-vue js modules (#​35020)

📖 Documentation

• Add warning about routing in server components (#​34994)

🏡 Chore

• Fix lockfile (c3ee07801)
• Pin jiti (c8102228f)
• Lint (39422b6d2)
• Pin @vue/compiler-sfc (cd404a14c)
• Ignore pnpm cyclic workspace deps warn (#​34998)
• Remove jiti from build steps (#​35004)

✅ Tests

• Extract server components fixture + add some failing tests (#​34995)
• Isolate buildDir per matrix project for shared fixtures (#​35007)
• Remove tests for 5.x runtimeBaseURL fature (816c25487)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Harlan Wilton (@​harlan-zw)
• Jonazzzz (@​Bombastickj)
• Damian Głowala (@​DamianGlowala)
• Florian Heuberger (@​Flo0806)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Every minute (* * * * *)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.