[Snyk] Upgrade nuxt from 2.15.8 to 3.0.0

[snyk-bot]

Snyk has created this PR to upgrade nuxt from 2.15.8 to 3.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 16 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2022-11-16.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	375/1000 Why? CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: nuxt

• 3.0.0 - 2022-11-16
  

  ✨ Official Release Announcenment

  💬 Release Discussion

  📝 Changelog

  Check out v3.0.0-rc.14 for other recent changes.

  🩹 Fixes

  • nuxt: Removed auto imports (#9045)
  • schema: Initialise runtimeConfig.public with empty object (#9050)
  • cli: Upgrade with latest tag (#9060)
  • nuxt: Allow union type arguments for useAsyncData (#9061)

  📖 Documentation

  • New website design (#9007)
  • Update website theme version (819deb89)
  • Minor style improvements (9ab069b2)
  • Update website-theme (780b17b1)
  • Add warning about definePageMeta issues with transitions and NuxtLoadingIndicator (#9055)
  • Add missing agencies (#9059)

  🏡 Chore

  • Update readme design (#9048)
  • Ignore parse5 for renovate update (#9046)

  ❤️ Contributors

  • Toby Faux
  • Clément Ollivier (@ clemcode)
  • Pooya Parsa (@ pi0)
  • Conner (@ Intevel)
  • Sébastien Chopin (@ Atinux)
  • Daniel Roe [email protected]
• 3.0.0-rc.14 - 2022-11-16
  Read more
• 3.0.0-rc.13 - 2022-11-04
  Read more
• 3.0.0-rc.12 - 2022-10-18
  Read more
• 3.0.0-rc.11 - 2022-09-20
  

  💬 Join the release discussion

  🚀 How to Upgrade

  Note
  Make sure to recreate the lock file in the project in case of any issues after the upgrade.

  • Automated: npx nuxi@latest upgrade --force
  • Manual: Bump nuxt dependency to 3.0.0-rc.11 and then use npx nuxi@latest cleanup to cleanup any local caches

  ⭐ What is New?

  Full Static Enhancements

  We have introduced Full-Static mode payload extraction in RC.10. Many of the issues from the initial implementation are resolved with this release thanks to your amazing feedback! Notably for SPA routes and state that is now in the initial state.

  🧪 We understand that there might be still issues with the new implementation. Please report if spotted any. You can use new experimental.payloadExtraction: false flag in nuxt.config to opt-out as well.

  IPv6 and HTTPS support for nuxi dev and vite

  Nuxi CLI and unjs/listhen are improved and now support --https flag and ipv6 hosts out of the box with an auto-generated certificate. You can use --ssl-cert and --ssl-key to provide own generated SSL certificates with mkcert for example as well.

  Issues with vite HMR and vite-node should be resolved as well. If you were previously using NODE_TLS_REJECT_UNAUTHORIZED or custom vite.server.hmr options for a workaround, you can try to remove them.

  Note: If you see something like http://[::]:3000/ when running nuxi preview, it is all normal! The New IPv6 URL works in all modern browsers and is also backward compatible with IPv4 interfaces. If for some reason encountered any issues, try setting HOST to 0.0.0.0 to disable IPv6 listener.

  Nitro Improvements

  Nitro is the server engine for Nuxt 3. We had landed several fixes in 0.5.2 and 0.5.3 versions improving stability and bug fixes.

  Full Changelog

  compare changes

  🚀 Enhancements

  • kit: useNitro() utility (#7557)
  • Allow disabling payload extraction (#7588)

  🩹 Fixes

  • nuxt: Disable payload extraction for spa generated pages (#7535)
  • nuxt: Do not pass prefetched class to custom link (#7522)
  • cli: Improved self-signed certificate for nuxi dev --https (#7545)
  • vite: nuxi dev --https working out of the box (#7547)
  • schema: Update resolver for cssSourceMap with new sourcemap format [bridge] (#7541)
  • nuxt: Pass fully resolved path to nitro dist files (#7494)
  • nuxt: Remove modulepreload for spa fallback routes with ssr:true (#7553)
  • schema: Only disallow vite server port and host (#7554)
  • nuxi, vite: Ipv6 support for nuxi dev (#7560)
  • cli: Print resolved public directory after generate (#7577)
  • nuxt: Load payload after middleware and once final route is resolved (#7574)
  • nuxt: Keep state in the initial state instead of extracting it (#7567)
  • vite: Normalize vite-node error data from server (#7589)
  • vite: Include id and stack in vite-node fallback error handler (#7575)
  • vite: Respect ctx.nuxt.options.modulesDir for resolving externals with vite-node (#7612)
  • nuxt: Add missing process.client for early redirect in navigateTo(#7625)
  • vite-node: Include importer in error stack (#7607)
  • vite, webpack: Avoid generating keys where a key is already provided (#7622)
  • vite, webpack: Handle auto keys for composables without args (#7651)
  • nuxt: Don't tree shake client-only fallback templates (#7659)
  • nuxt: Strip non-.vue extensions from component types (#7673)
  • nuxt: Only observe tag elements for <NuxtLink> prefetching (#7679)
  • nuxi, vite: Support HTTPS with custom domain and HMR (#7680)

  📖 Documentation

  • Update auto-imports link (#7530)
  • Add note about link prefetching (#7540)
  • Improve NuxtLink prefetch explanation (#7540)
  • Add testing and addComponent to modules and update addImports (#7543)
  • Fix typo on directory-structure/pages (#7601)
  • Fix typo in custom router example (8621c860)
  • Fix typo in nitro options in wasm example (#7639)
  • Add addImportsSources to list of kit utils (#7636)
  • api: Add defineNuxtComponent page (#7618)
  • testing: Move modules testing section to module authors guide (#7643)
  • getting-started: Add views page (#7556)

  ❤️ Contributors

  • Alexander Lichter
  • Alper Doğan
  • Chenying
  • Clément Ollivier
  • Damian Głowala
  • Daniel Roe
  • Julien Huang
  • Krutie Patel
  • Lexpeartha
  • Pooya Parsa
  • YIngChenIt
• 3.0.0-rc.10 - 2022-09-14
  Read more
• 3.0.0-rc.9 - 2022-09-03
  Read more
• 3.0.0-rc.8 - 2022-08-12
  

  Note
  This version includes hotfixes from rc.7. Check v3.0.0-rc.7 release notes for all changes between rc.6...rc.8

  Warning
  There are slight API changes with this release candidate.

  💬 Join the release discussion

  🚀 How to upgrade

  • Automated: npx nuxi-edge@latest upgrade --force
  • Manual: Bump nuxt dependency to 3.0.0-rc.8 and then use npx nuxi-edge@latest cleanup to cleanup any local caches

  🩹 Fixes

  • cli: Fix issues with nuxi upgrade (#6514)
  • nuxt: ⚠️ Allow app:rendered to modify ssr context and add render:html (#6521)
  • vite: Remove /@ fs from external ids (#6529)
  • nuxt: Tree-shake devtools from production bundle (#6538)
  • vite, nuxt: Resolve relative to srcDir rather than rootDir (#6546)

  📦 Build

  • nuxt: Publish missing types (#6516)

  📖 Documentation

  • Change info to danger for the pages root element (#6528)
  • quick-start: Add the file path for disabling generating shim (#6519)
  • schema: Grammar, punctuation and typo fixes (#6469)

  ❤️ Contributors

  • Damian Głowala
  • Daniel Roe
  • Eugen Istoc
  • Jiang Menghao
  • Pooya Parsa
  • Timur Bolotov
• 3.0.0-rc.7 - 2022-08-11
  Read more
• 3.0.0-rc.6 - 2022-07-18
  Read more
• 3.0.0-rc.5 - 2022-07-13
• 3.0.0-rc.4 - 2022-06-13
• 3.0.0-rc.3 - 2022-05-10
• 3.0.0-rc.2 - 2022-05-02
• 3.0.0-rc.1 - 2022-04-20
• 3.0.0-rc.0 - 2022-04-20
• 2.15.8 - 2021-08-11

from nuxt GitHub release notes

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs