chore(deps): update dependency @nuxt/devtools to v2 [security] #608

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

renovate wants to merge 1 commit into master from renovate/npm-nuxt-devtools-vulnerability

Contributor

renovate bot commented Nov 9, 2025 •

edited

Loading

This PR contains the following updates:

Package	Change	Age	Confidence
@nuxt/devtools (source)	`^1.3.6` → `^2.0.0`

GitHub Vulnerability Alerts

CVE-2025-52662

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4*. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade.

Release Notes

nuxt/devtools (@nuxt/devtools)

`v2.6.4`

Bug Fixes

using textContent instead of innerHtml for auth pagechore: update lock (7cadbbe)

`v2.6.3`

`v2.6.2`

Bug Fixes

panel dragging issue, close #874, close #871, close #873 (619de37)

`v2.6.1`

Bug Fixes

deps: do not depend on @nuxt/schema (#872) (62443ec)

`v2.6.0`

Bug Fixes

timing labels wrapping (#866) (fd01e60)

Features

update deps (eef2c09)

`v2.5.0`

`v2.4.1`

Bug Fixes

devtools-kit: explicitly type return type of useDevtoolsHostClient (#861) (161e847)
StateEditor: add isPrimitive helper and support bigint type (#744) (#854) (f8eed63)
ui-kit: use object syntax for NButton slots (#857) (09002d2)

Features

improve modules view (807405f)
show docs link for components (9ab0ec8)

`v2.4.0`

Bug Fixes

devtools-kit: fix useDevtoolsClient return type (#845) (5ce9b47)
module setup times are multiplied by 1000 (#838) (d16aa96)
ui-kit: add [@unocss-include](https://redirect.github.com/unocss-include) magic string in NButton (#852) (f18de78)
watch() typeof check on array is always false (#850) (a873199)

2.3.2 (2025-03-26)

Bug Fixes

prioritize vue-devtools plugin registation, fix #823, fix #822 (259853b)
update vite-plugin-vue-tracer (0c1740c)

2.3.1 (2025-03-20)

Bug Fixes

downgrade execa to be compatible with Node v18, fix #821 (f15c7dc)

`v2.3.2`

Bug Fixes

prioritize vue-devtools plugin registation, fix #823, fix #822 (259853b)
update vite-plugin-vue-tracer (0c1740c)

`v2.3.1`

Bug Fixes

downgrade execa to be compatible with Node v18, fix #821 (f15c7dc)

`v2.3.0`

Features

debug page of module mutation (#770) (f7e9ab5)

2.2.1 (2025-03-05)

Bug Fixes

inspector: do not register instapector events if there is already any (db01e1b)

`v2.2.1`

Bug Fixes

inspector: do not register instapector events if there is already any (db01e1b)

`v2.2.0`

Features

component graph node name toogle (#797) (2eb2a37)
migrate to vite-plugin-vue-tracer (#803) (faa08d3)

2.1.3 (2025-03-03)

2.1.2 (2025-03-03)

2.1.1 (2025-02-28)

Bug Fixes

use shiki js engine instead of precompiled (d018045)

Features

update deps (15dbe6d)

`v2.1.3`

`v2.1.1`

Bug Fixes

use shiki js engine instead of precompiled (d018045)

Features

update deps (15dbe6d)

`v2.1.0`

Bug Fixes

hide inspector button when not available (684897f)

Features

allow override component inspector with __NUXT_INSPECTOR__ (9f3c8bf)
filter out installed modules in search result, closes #780 (#786) (fc8ced3)
option to disable vueDevTools (3e5251c)

`v2.0.0`

Features

add directives page (#740) (c20c724)

`v1.7.0`

Features

improves vscode integration, support multiple backends (#763) (463f6ad)

1.6.4 (2024-12-12)

Bug Fixes

upgrade @vue/devtools (8485fcb)

1.6.3 (2024-12-03)

Bug Fixes

revert #757, pin vite-plugin-inspect version (a399082)

1.6.2 (2024-12-03)

Bug Fixes

add v4 compatibility version handeling for pages tab (#758) (bd8651c)

Features

support vite-plugin-inspect for both Vite 5 and 6 (#757) (cfcbc24)

1.6.1 (2024-11-20)

Bug Fixes

missing pinia store modules (#751) (be243e4)

Features

apply lint, use explict import (2c6d2d3)

`v1.6.4`

Bug Fixes

upgrade @vue/devtools (8485fcb)

`v1.6.3`

Bug Fixes

revert #757, pin vite-plugin-inspect version (a399082)

`v1.6.2`

Bug Fixes

add v4 compatibility version handeling for pages tab (#758) (bd8651c)

Features

support vite-plugin-inspect for both Vite 5 and 6 (#757) (cfcbc24)

`v1.6.1`

Bug Fixes

missing pinia store modules (#751) (be243e4)

Features

apply lint, use explict import (2c6d2d3)

`v1.6.0`

Bug Fixes

devtools: remove cjs entrypoint (#746) (9e4a22e)

1.5.2 (2024-10-02)

Bug Fixes

try downgrade vite-plugin-vue-inspector (572a0d6)

1.5.1 (2024-09-23)

Bug Fixes

welcome page condition (#736) (d23ce09)

`v1.5.2`

Bug Fixes

try downgrade vite-plugin-vue-inspector (572a0d6)

`v1.5.1`

Bug Fixes

welcome page condition (#736) (d23ce09)

`v1.5.0`

Bug Fixes

avoid using top-level await, fix #723 (29b0e39)
disable quicktype schema generation temporary (c1554a3)
handle null in deepSync (#729) (8c0efdb)

1.4.2 (2024-09-10)

Bug Fixes

use explicit imports of types (#715) (4c54247)

1.4.1 (2024-08-26)

Bug Fixes

devtools-kit re-export (d16cafc)
state-editor: update deepSync function (#713) (a7b9efb)

`v1.4.2`

Bug Fixes

use explicit imports of types (#715) (4c54247)

`v1.4.1`

Bug Fixes

devtools-kit re-export (d16cafc)
state-editor: update deepSync function (#713) (a7b9efb)

`v1.4.0`

Features

kit: introduce host-client utility (167373c)

1.3.14 (2024-08-20)

1.3.13 (2024-08-20)

1.3.12 (2024-08-20)

1.3.11 (2024-08-20)

1.3.10 (2024-08-20)

Bug Fixes

color mode (19ac073)

Features

add search functionality to components graph (#696) (1a0f81a)

1.3.9 (2024-07-02)

Bug Fixes

capture for circular reference in state editor (841fd76)
introduce client.revision to trigger state editor update (418a22e)
modules: update compatibility check for Nuxt 3 and 4 (#689) (2354da7)
use ofetch for fast-npm-meta (4188f8d)

1.3.8 (2024-07-02)

Performance Improvements

avoid deps on npm-registry-fetch, save install size (3d74691)

1.3.7 (2024-06-27)

Bug Fixes

OpenGraph layout (#685) (760f149)
scrollable sidebar (#682) (df459f9)
server-routes: unable to clear all params (#684) (d88b003)

Features

use nuxt search api for showing docs (#681) (52b6468)

Performance Improvements

use npm-registry-fetch instead of pacote to deduce the package size (a049c52)

1.3.6 (2024-06-21)

Features

migrate vue-devtools to v7.3 (#675) (79e6d35)

1.3.5 (2024-06-21)

Bug Fixes

downgrade module-builder (de79dc4)

1.3.4 (2024-06-21)

Bug Fixes

color mode (#679) (d276b31)
navigate to pages with param (#678) (316bcd9)

1.3.3 (2024-06-04)

Bug Fixes

pin @vue/devtools-* (4c79fac)
sort items in fuse (#670) (8d052be)

1.3.2 (2024-05-27)

Bug Fixes

floating-vue style (7b7dc32)
sidebar scroll (946f930)
timeline: reduce warning (#661) (33fe685)

1.3.1 (2024-05-10)

Bug Fixes

module builder chunk path patch (87199a1)

`v1.3.14`

`v1.3.9`

Bug Fixes

capture for circular reference in state editor (841fd76)
introduce client.revision to trigger state editor update (418a22e)
modules: update compatibility check for Nuxt 3 and 4 (#689) (2354da7)
use ofetch for fast-npm-meta (4188f8d)

`v1.3.8`

Performance Improvements

avoid deps on npm-registry-fetch, save install size (3d74691)

`v1.3.7`

Bug Fixes

OpenGraph layout (#685) (760f149)
scrollable sidebar (#682) (df459f9)
server-routes: unable to clear all params (#684) (d88b003)

Features

use nuxt search api for showing docs (#681) (52b6468)

Performance Improvements

use npm-registry-fetch instead of pacote to deduce the package size (a049c52)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot added the dependencies label

renovate bot force-pushed the renovate/npm-nuxt-devtools-vulnerability branch from d0290e9 to fb7dd03 Compare

November 11, 2025 02:09

renovate bot force-pushed the renovate/npm-nuxt-devtools-vulnerability branch from fb7dd03 to d89e662 Compare

November 18, 2025 19:58

renovate bot force-pushed the renovate/npm-nuxt-devtools-vulnerability branch from d89e662 to d27f446 Compare

December 3, 2025 18:00

renovate bot force-pushed the renovate/npm-nuxt-devtools-vulnerability branch from d27f446 to fe1a935 Compare

December 31, 2025 14:01

renovate bot force-pushed the renovate/npm-nuxt-devtools-vulnerability branch from fe1a935 to 8986960 Compare

January 8, 2026 18:29

renovate bot force-pushed the renovate/npm-nuxt-devtools-vulnerability branch from 8986960 to 8b5349f Compare

January 19, 2026 15:07


          chore(deps): update dependency @nuxt/devtools to v2 [security]

42ec592

renovate bot force-pushed the renovate/npm-nuxt-devtools-vulnerability branch from 8b5349f to 42ec592 Compare

January 23, 2026 17:35

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels