npm - create-nuxt-base - Versions diffs - 2.6.2 → 2.6.4 - Mend

create-nuxt-base 2.6.2 → 2.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/.oxfmtrc.jsonc CHANGED Viewed

@@ -4,4 +4,8 @@
   "printWidth": 180,
   "semi": true,
   "singleQuote": true,
+  // nuxt-base-template has its own .editorconfig with `[*.md] insert_final_newline = false`
+  // which doesn't propagate up when oxfmt runs from the starter root. Skip it here;
+  // the sub-project has its own `pnpm run format:check`.
+  "ignorePatterns": ["node_modules", "dist", "nuxt-base-template"],
 }

package/CHANGELOG.md CHANGED Viewed

@@ -2,12 +2,15 @@
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
-### [2.6.2](https://github.com/lenneTech/nuxt-base-starter/compare/v2.6.1...v2.6.2) (2026-04-17)
+### [2.6.4](https://github.com/lenneTech/nuxt-base-starter/compare/v2.6.3...v2.6.4) (2026-04-23)
+### [2.6.3](https://github.com/lenneTech/nuxt-base-starter/compare/v2.6.2...v2.6.3) (2026-04-18)
+### [2.6.2](https://github.com/lenneTech/nuxt-base-starter/compare/v2.6.1...v2.6.2) (2026-04-17)
 ### Bug Fixes
-* **deps:** sync pnpm-lock.yaml with pinned overrides ([26cf45d](https://github.com/lenneTech/nuxt-base-starter/commit/26cf45dad735f2ab9ba4f2e9f0870e3cc04c67e7))
+- **deps:** sync pnpm-lock.yaml with pinned overrides ([26cf45d](https://github.com/lenneTech/nuxt-base-starter/commit/26cf45dad735f2ab9ba4f2e9f0870e3cc04c67e7))
 ### [2.6.1](https://github.com/lenneTech/nuxt-base-starter/compare/v2.6.0...v2.6.1) (2026-04-17)

package/nuxt-base-template/.claude/agent-memory/lt-dev-npm-package-maintainer/MEMORY.md CHANGED Viewed

@@ -70,4 +70,4 @@ After maintenance, all packages at latest:
 - `@hey-api/openapi-ts`: 0.94.2 (from 0.94.0)
 - `jsdom`: 29.0.0 (from 28.1.0) - fixes undici vulnerabilities (jsdom 29 requires undici ^7.24.3)
 - Residual vulnerabilities: 0
-- `@hey-api/client-fetch`: moved from dependencies → devDependencies
+- `@hey-api/client-fetch`: moved from dependencies → devDependencies

package/nuxt-base-template/.claude/agent-memory/lt-dev-security-reviewer/MEMORY.md CHANGED Viewed

@@ -1,3 +1,3 @@
 # Security Reviewer Memory Index
-- [Dependency Maintenance Pattern](project_dep_maintenance.md) — pnpm overrides use open upper bounds (>=) by convention; h3-next is intentionally aliased to RC pre-release
+- [Dependency Maintenance Pattern](project_dep_maintenance.md) — pnpm overrides use open upper bounds (>=) by convention; h3-next is intentionally aliased to RC pre-release

package/nuxt-base-template/.claude/agent-memory/lt-dev-security-reviewer/project_dep_maintenance.md CHANGED Viewed

@@ -10,4 +10,4 @@ The `h3-next` alias is pinned to `npm:h3@2.0.1-rc.20` because the Nuxt/Nitro eco
 **Why:** Reviewed during 2026-04-04 dependency maintenance update (PR: TypeScript 5.9→6.0, @nuxtjs/seo 3.4→5.1, 14 overrides added/updated).
-**How to apply:** Do not flag open-upper-bound `>=` override targets as findings unless they allow a known-malicious version. Flag only if the lower bound is incorrect (allows still-vulnerable versions) or the target package name is suspicious.
+**How to apply:** Do not flag open-upper-bound `>=` override targets as findings unless they allow a known-malicious version. Flag only if the lower bound is incorrect (allows still-vulnerable versions) or the target package name is suspicious.

package/nuxt-base-template/.editorconfig ADDED Viewed

@@ -0,0 +1,18 @@
+# EditorConfig is awesome: https://EditorConfig.org
+# top-most EditorConfig file
+root = true
+# all files
+[*]
+charset = utf-8
+indent_style = space
+indent_size = 2
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+# Markdown files
+[*.md]
+insert_final_newline = false
+trim_trailing_whitespace = false

package/nuxt-base-template/CLAUDE.md CHANGED Viewed

@@ -146,6 +146,7 @@ All override targets use fixed versions (not ranges) to prevent silent major-ver
 | `defu@<=6.1.4`                   | GHSA-mchp-fgcf-hmfj                                                                                                          | Prototype pollution                                                                                          |
 | `devalue@<=5.6.3`                | GHSA-77p6-w3v8-rqwf                                                                                                          | XSS via crafted input                                                                                        |
 | `effect@<3.20.0`                 | GHSA-j44v-mmf2-xvm9                                                                                                          | Denial of service                                                                                            |
+| `fast-xml-parser@<5.7.0`         | GHSA-gh4j-gqv2-49f6                                                                                                          | XMLBuilder: XML comment and CDATA injection via unescaped delimiters; transitive via @nuxtjs/seo>sitemap     |
 | `h3@<1.15.9`                     | GHSA-wr4h-v87w-p3r7                                                                                                          | Path traversal                                                                                               |
 | `h3@>=2.0.0-0 <2.0.1-rc.18`      | GHSA-q5pr-72pq-83v3                                                                                                          | Cookie DoS + SSE injection                                                                                   |
 | `h3-next`                        | (alias fix)                                                                                                                  | `@nuxt/test-utils` pins h3-next to vulnerable RC; remove when h3 v2 stable releases                          |
@@ -169,4 +170,4 @@ The `ignoredOptionalDependencies` block suppresses 30 platform-specific native b
 ## Notable Version Changes (v2.5.x)
 - **TypeScript 5.9 -> 6.0:** Changes `erasableSyntaxOnly` default and tightens module resolution. Run `pnpm run build` to verify no type regressions after upgrading existing projects.
-- **@nuxtjs/seo 3.4 -> 5.1:** Major rewrite (v4 was skipped). The OG image engine switched to `@shikijs/*` for syntax highlighting (SSR/build-time only). `nuxt.config.ts` SEO options are backwards-compatible. The 30 `ignoredOptionalDependencies` entries are required for clean installs.
+- **@nuxtjs/seo 3.4 -> 5.1:** Major rewrite (v4 was skipped). The OG image engine switched to `@shikijs/*` for syntax highlighting (SSR/build-time only). `nuxt.config.ts` SEO options are backwards-compatible. The 30 `ignoredOptionalDependencies` entries are required for clean installs.

package/nuxt-base-template/README.md CHANGED Viewed

@@ -202,4 +202,4 @@ tests/               # Playwright E2E tests
 - [NuxtUI Documentation](https://ui.nuxt.com)
 - [Better Auth Documentation](https://www.better-auth.com)
 - [Tailwind CSS Documentation](https://tailwindcss.com/docs)
-- [Vue 3 Documentation](https://vuejs.org)
+- [Vue 3 Documentation](https://vuejs.org)

package/nuxt-base-template/package.json CHANGED Viewed

@@ -48,20 +48,20 @@
     "fix": "pnpm run lint:fix && pnpm run format"
   },
   "dependencies": {
-    "@better-auth/passkey": "1.6.5",
+    "@better-auth/passkey": "1.6.7",
     "@lenne.tech/bug.lt": "latest",
-    "@lenne.tech/nuxt-extensions": "1.5.3",
+    "@lenne.tech/nuxt-extensions": "1.5.4",
     "@nuxt/image": "2.0.0",
     "@nuxt/ui": "4.6.1",
     "@pinia/nuxt": "0.11.3",
     "@vueuse/nuxt": "14.2.1",
-    "better-auth": "1.6.5",
+    "better-auth": "1.6.7",
     "qrcode": "1.5.4",
     "tus-js-client": "4.3.1",
     "valibot": "1.3.1"
   },
   "devDependencies": {
-    "@hey-api/openapi-ts": "0.96.0",
+    "@hey-api/openapi-ts": "0.96.1",
     "@iconify-json/lucide": "1.2.102",
     "@nuxt/devtools": "3.2.4",
     "@nuxt/test-utils": "4.0.2",
@@ -69,24 +69,23 @@
     "@nuxtjs/seo": "5.1.3",
     "@playwright/test": "1.59.1",
     "@tailwindcss/typography": "0.5.19",
-    "@tailwindcss/vite": "4.2.2",
+    "@tailwindcss/vite": "4.2.4",
     "@types/node": "25.6.0",
     "@types/qrcode": "1.5.6",
     "@vitejs/plugin-vue": "6.0.6",
     "@vue/test-utils": "2.4.6",
     "dayjs-nuxt": "2.1.11",
     "happy-dom": "20.9.0",
-    "jsdom": "29.0.2",
     "lint-staged": "16.4.0",
-    "mongodb": "7.1.1",
+    "mongodb": "7.2.0",
     "nuxt": "4.4.2",
     "oxfmt": "latest",
     "oxlint": "latest",
     "rimraf": "6.1.3",
     "simple-git-hooks": "2.13.1",
-    "tailwindcss": "4.2.2",
+    "tailwindcss": "4.2.4",
     "typescript": "6.0.3",
-    "vitest": "4.1.4"
+    "vitest": "4.1.5"
   },
   "simple-git-hooks": {
     "pre-commit": "npx lint-staged",
@@ -154,6 +153,7 @@
       "defu@<=6.1.4": "6.1.7",
       "devalue@<=5.6.3": "5.7.1",
       "effect@<3.20.0": "3.21.0",
+      "fast-xml-parser@<5.7.0": "5.7.1",
       "h3@<1.15.9": "1.15.11",
       "h3@>=2.0.0-0 <2.0.1-rc.18": "2.0.1-rc.20",
       "h3-next": "npm:h3@2.0.1-rc.20",