create-nuxt-base 2.5.2 → 2.5.3

package/CHANGELOG.md

@@ -2,28 +2,27 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+### [2.5.3](https://github.com/lenneTech/nuxt-base-starter/compare/v2.5.2...v2.5.3) (2026-04-06)
+
 ### [2.5.2](https://github.com/lenneTech/nuxt-base-starter/compare/v2.5.1...v2.5.2) (2026-04-04)
 
 ### [2.5.1](https://github.com/lenneTech/nuxt-base-starter/compare/v2.5.0...v2.5.1) (2026-03-16)
 
-
 ### Bug Fixes
 
-* prevent build-time baked API URLs by defaulting to empty strings resolved at runtimeOC ([e577648](https://github.com/lenneTech/nuxt-base-starter/commit/e577648a287e18a76c72564d68bacc277b04a500))
+- prevent build-time baked API URLs by defaulting to empty strings resolved at runtimeOC ([e577648](https://github.com/lenneTech/nuxt-base-starter/commit/e577648a287e18a76c72564d68bacc277b04a500))
 
 ## [2.5.0](https://github.com/lenneTech/nuxt-base-starter/compare/v2.3.1...v2.5.0) (2026-03-16)
 
-
 ### Features
 
-* add production default dockerfile ([e338c93](https://github.com/lenneTech/nuxt-base-starter/commit/e338c9363a348c1a63d40a71301240c8e8478835))
+- add production default dockerfile ([e338c93](https://github.com/lenneTech/nuxt-base-starter/commit/e338c9363a348c1a63d40a71301240c8e8478835))
 
 ## [2.4.0](https://github.com/lenneTech/nuxt-base-starter/compare/v2.3.1...v2.4.0) (2026-03-16)
 
-
 ### Features
 
-* add production default dockerfile ([e338c93](https://github.com/lenneTech/nuxt-base-starter/commit/e338c9363a348c1a63d40a71301240c8e8478835))
+- add production default dockerfile ([e338c93](https://github.com/lenneTech/nuxt-base-starter/commit/e338c9363a348c1a63d40a71301240c8e8478835))
 
 ### [2.3.1](https://github.com/lenneTech/nuxt-base-starter/compare/v2.3.0...v2.3.1) (2026-03-15)
 

package/nuxt-base-template/CLAUDE.md

@@ -81,6 +81,12 @@ This project depends on `@lenne.tech/nuxt-extensions`. The framework source is a
 4. **When debugging auth issues**, read the auth proxy server route and middleware source
 5. **Check `dist/runtime/composables/`** before creating new composables — may already exist
 
+## Authentication
+
+Auth is managed by `@lenne.tech/nuxt-extensions` via `useLtAuth()`. See the [nuxt-extensions CLAUDE.md](https://github.com/lenneTech/nuxt-extensions) for detailed auth cookie rules.
+
+Key rule: Never manually write to the `lt-auth-state` cookie from custom middleware. Use `useLtAuth().setUser()` / `clearUser()` exclusively.
+
 ## Security Overrides (pnpm)
 
 The `pnpm.overrides` in `package.json` force vulnerable transitive dependencies to patched versions. Each override addresses a specific CVE or security advisory:

package/nuxt-base-template/package.json

@@ -50,7 +50,7 @@
   "dependencies": {
     "@better-auth/passkey": "1.5.6",
     "@lenne.tech/bug.lt": "latest",
-    "@lenne.tech/nuxt-extensions": "1.5.2",
+    "@lenne.tech/nuxt-extensions": "1.5.3",
     "@nuxt/image": "2.0.0",
     "@nuxt/ui": "4.6.1",
     "@pinia/nuxt": "0.11.3",
@@ -61,7 +61,6 @@
     "valibot": "1.3.1"
   },
   "devDependencies": {
-    "@hey-api/client-fetch": "0.13.1",
     "@hey-api/openapi-ts": "0.95.0",
     "@iconify-json/lucide": "1.2.101",
     "@nuxt/devtools": "3.2.4",

package/nuxt-base-template/pnpm-lock.yaml

@@ -40,8 +40,8 @@ importers:
         specifier: latest
         version: 1.6.5(@babel/parser@7.29.2)(crossws@0.3.5)(db0@0.3.4(@electric-sql/pglite@0.3.15)(drizzle-orm@0.45.1(@electric-sql/pglite@0.3.15)(@opentelemetry/api@1.9.1)(@prisma/client@7.4.2(prisma@7.4.2(@types/react@19.2.14)(magicast@0.5.2)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)(typescript@6.0.2))(typescript@6.0.2))(kysely@0.28.15)(mysql2@3.15.3)(postgres@3.4.7)(prisma@7.4.2(@types/react@19.2.14)(magicast@0.5.2)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)(typescript@6.0.2)))(mysql2@3.15.3))(embla-carousel@8.6.0)(ioredis@5.9.2)(magicast@0.5.2)(qrcode@1.5.4)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)(typescript@6.0.2)(valibot@1.3.1(typescript@6.0.2))(vite@7.3.1(@types/node@25.5.2)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.46.0)(yaml@2.8.3))(vue-router@4.6.4(vue@3.5.30(typescript@6.0.2)))(vue@3.5.30(typescript@6.0.2))
       '@lenne.tech/nuxt-extensions':
-        specifier: 1.5.2
-        version: 1.5.2(@better-auth/passkey@1.5.6(@better-auth/core@1.5.6(@better-auth/utils@0.3.1)(@better-fetch/fetch@1.1.21)(@opentelemetry/api@1.9.1)(better-call@1.3.2(zod@4.3.6))(jose@6.1.3)(kysely@0.28.15)(nanostores@1.1.1))(@better-auth/utils@0.3.1)(@better-fetch/fetch@1.1.21)(better-auth@1.5.6(b30780dc8bc760c93f1eee811a4ad078))(better-call@1.3.2(zod@4.3.6))(nanostores@1.1.1))(@playwright/test@1.59.1)(better-auth@1.5.6(b30780dc8bc760c93f1eee811a4ad078))(magicast@0.5.2)(nuxt@4.4.2(469ac8679250cf62c9e726a96ed146de))(tus-js-client@4.3.1)
+        specifier: 1.5.3
+        version: 1.5.3(@better-auth/passkey@1.5.6(@better-auth/core@1.5.6(@better-auth/utils@0.3.1)(@better-fetch/fetch@1.1.21)(@opentelemetry/api@1.9.1)(better-call@1.3.2(zod@4.3.6))(jose@6.1.3)(kysely@0.28.15)(nanostores@1.1.1))(@better-auth/utils@0.3.1)(@better-fetch/fetch@1.1.21)(better-auth@1.5.6(b30780dc8bc760c93f1eee811a4ad078))(better-call@1.3.2(zod@4.3.6))(nanostores@1.1.1))(@playwright/test@1.59.1)(better-auth@1.5.6(b30780dc8bc760c93f1eee811a4ad078))(magicast@0.5.2)(nuxt@4.4.2(469ac8679250cf62c9e726a96ed146de))(tus-js-client@4.3.1)
       '@nuxt/image':
         specifier: 2.0.0
         version: 2.0.0(crossws@0.3.5)(db0@0.3.4(@electric-sql/pglite@0.3.15)(drizzle-orm@0.45.1(@electric-sql/pglite@0.3.15)(@opentelemetry/api@1.9.1)(@prisma/client@7.4.2(prisma@7.4.2(@types/react@19.2.14)(magicast@0.5.2)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)(typescript@6.0.2))(typescript@6.0.2))(kysely@0.28.15)(mysql2@3.15.3)(postgres@3.4.7)(prisma@7.4.2(@types/react@19.2.14)(magicast@0.5.2)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)(typescript@6.0.2)))(mysql2@3.15.3))(ioredis@5.9.2)(magicast@0.5.2)
@@ -67,9 +67,6 @@ importers:
         specifier: 1.3.1
         version: 1.3.1(typescript@6.0.2)
     devDependencies:
-      '@hey-api/client-fetch':
-        specifier: 0.13.1
-        version: 0.13.1(@hey-api/openapi-ts@0.95.0(magicast@0.5.2)(typescript@6.0.2))
       '@hey-api/openapi-ts':
         specifier: 0.95.0
         version: 0.95.0(magicast@0.5.2)(typescript@6.0.2)
@@ -870,12 +867,6 @@ packages:
   '@hexagon/base64@1.1.28':
     resolution: {integrity: sha512-lhqDEAvWixy3bZ+UOYbPwUbBkwBq5C1LAJ/xPC8Oi+lL54oyakv/npbA0aU2hgCsx/1NUd4IBvV03+aUBWxerw==}
 
-  '@hey-api/client-fetch@0.13.1':
-    resolution: {integrity: sha512-29jBRYNdxVGlx5oewFgOrkulZckpIpBIRHth3uHFn1PrL2ucMy52FvWOY3U3dVx2go1Z3kUmMi6lr07iOpUqqA==}
-    deprecated: Starting with v0.73.0, this package is bundled directly inside @hey-api/openapi-ts.
-    peerDependencies:
-      '@hey-api/openapi-ts': < 2
-
   '@hey-api/codegen-core@0.7.4':
     resolution: {integrity: sha512-DGd9yeSQzflOWO3Y5mt1GRXkXH9O/yIMgbxPjwLI3jwu/3nAjoXXD26lEeFb6tclYlg0JAqTIs5d930G/qxHeA==}
     engines: {node: '>=20.19.0'}
@@ -1001,8 +992,8 @@ packages:
   '@lenne.tech/bug.lt@1.6.5':
     resolution: {integrity: sha512-3aSfAcuizL8WvmDaHUlSjpLVdaeSRtNMrEPle7IoqA9VBmfaCfUKzOQmSdnz69Laeq6hn1a2P1HVcsj1QoOWuQ==}
 
-  '@lenne.tech/nuxt-extensions@1.5.2':
-    resolution: {integrity: sha512-z+mzLVMumka+mqiS4cBvaN1OkrV30hKpVYrAi5C4NYIpWgDNsP2TRUnmHv2Euq54brM9ZW4rGYNGSiHIAYACxQ==}
+  '@lenne.tech/nuxt-extensions@1.5.3':
+    resolution: {integrity: sha512-CABvWvBUYiFtfYkOHKH9WbDbAwqNSkPJAlje5qX+KqbP5GCXP9BdIOejKKehsD+P7Wfs/pjTns4Fo6PvjuTyjQ==}
     peerDependencies:
       '@better-auth/passkey': '>=1.0.0'
       '@playwright/test': '>=1.0.0'
@@ -7856,10 +7847,6 @@ snapshots:
 
   '@hexagon/base64@1.1.28': {}
 
-  '@hey-api/client-fetch@0.13.1(@hey-api/openapi-ts@0.95.0(magicast@0.5.2)(typescript@6.0.2))':
-    dependencies:
-      '@hey-api/openapi-ts': 0.95.0(magicast@0.5.2)(typescript@6.0.2)
-
   '@hey-api/codegen-core@0.7.4(magicast@0.5.2)':
     dependencies:
       '@hey-api/types': 0.1.4
@@ -8071,7 +8058,7 @@ snapshots:
       - vue-router
       - yup
 
-  '@lenne.tech/nuxt-extensions@1.5.2(@better-auth/passkey@1.5.6(@better-auth/core@1.5.6(@better-auth/utils@0.3.1)(@better-fetch/fetch@1.1.21)(@opentelemetry/api@1.9.1)(better-call@1.3.2(zod@4.3.6))(jose@6.1.3)(kysely@0.28.15)(nanostores@1.1.1))(@better-auth/utils@0.3.1)(@better-fetch/fetch@1.1.21)(better-auth@1.5.6(b30780dc8bc760c93f1eee811a4ad078))(better-call@1.3.2(zod@4.3.6))(nanostores@1.1.1))(@playwright/test@1.59.1)(better-auth@1.5.6(b30780dc8bc760c93f1eee811a4ad078))(magicast@0.5.2)(nuxt@4.4.2(469ac8679250cf62c9e726a96ed146de))(tus-js-client@4.3.1)':
+  '@lenne.tech/nuxt-extensions@1.5.3(@better-auth/passkey@1.5.6(@better-auth/core@1.5.6(@better-auth/utils@0.3.1)(@better-fetch/fetch@1.1.21)(@opentelemetry/api@1.9.1)(better-call@1.3.2(zod@4.3.6))(jose@6.1.3)(kysely@0.28.15)(nanostores@1.1.1))(@better-auth/utils@0.3.1)(@better-fetch/fetch@1.1.21)(better-auth@1.5.6(b30780dc8bc760c93f1eee811a4ad078))(better-call@1.3.2(zod@4.3.6))(nanostores@1.1.1))(@playwright/test@1.59.1)(better-auth@1.5.6(b30780dc8bc760c93f1eee811a4ad078))(magicast@0.5.2)(nuxt@4.4.2(469ac8679250cf62c9e726a96ed146de))(tus-js-client@4.3.1)':
     dependencies:
       '@nuxt/kit': 4.4.2(magicast@0.5.2)
       better-auth: 1.5.6(b30780dc8bc760c93f1eee811a4ad078)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-nuxt-base",
-  "version": "2.5.2",
+  "version": "2.5.3",
   "description": "Starter to generate a configured environment with VueJS, Nuxt, Tailwind, Linting, Unit Tests, Playwright etc.",
   "license": "MIT",
   "author": "lenne.Tech GmbH",
@@ -38,6 +38,9 @@
   },
   "pnpm": {
     "overrides": {
+      "brace-expansion@>=4.0.0 <5.0.5": ">=5.0.5",
+      "handlebars@>=4.0.0 <=4.7.8": ">=4.7.9",
+      "lodash@>=4.0.0 <=4.17.23": ">=4.18.0",
       "minimatch@<3.1.4": ">=3.1.4"
     }
   }