[Snyk] Security upgrade nuxt from 3.13.2 to 3.20.2

[kevin-benton]

Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the pnpm-lock.yaml, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Uncontrolled Recursion SNYK-JS-YAML-15765520	63

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[kevin-benton]

This upgrade from Nuxt 3.13.2 to 3.20.2 includes several minor versions with significant new features, major dependency updates, and a rework of core functionalities. While not a major version bump, these changes require careful verification.

Key Changes to Review:

• Data Fetching Rework (v3.17): A major reorganization of the useAsyncData and useFetch layer was introduced to improve consistency and performance. While backward compatibility was a priority, breaking changes were placed behind an experimental flag (granularCachedData). It is highly recommended to test all data-fetching logic thoroughly.

• Major Dependency Upgrades:

  • Vite 6 (v3.15): Nuxt now bundles Vite 6. While the Nuxt team expects this to be a non-breaking change for most users, projects with dependencies sensitive to specific Vite versions should be verified.
  • vue-router v5 (v3.20): The router has been upgraded to its next major version. For most applications, this should be a transparent upgrade, but it's a significant internal change.

• Security Fix (v3.15): A security fix was implemented that imposes stricter CORS origin restrictions on the development server. This was noted as a "significant/breaking change" and may require developers using custom hostnames to configure the devServer.cors options in their nuxt.config.

• ESM-only Dependencies (v3.16): Several internal dependencies from the unjs ecosystem were upgraded to ESM-only major versions. Nuxt includes compatibility layers, but this is a notable shift in the underlying tooling.

Recommendation:
Due to the rework of the data fetching layer and major dependency upgrades, a thorough regression test of the application is necessary. Pay close attention to data fetching, development server behavior with custom domains, and any custom Vite configurations.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.