[Snyk] Security upgrade nuxt from 3.13.2 to 3.20.0

[yoon-chi]

Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the pnpm-lock.yaml, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	227

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection

[yoon-chi]

This upgrade from Nuxt 3.13.2 to 3.20.0 includes several minor versions with significant updates. While not a major version change, there are notable modifications that require developer verification.

Key Changes:

• Data Fetching Rework (v3.17): The data fetching layer (useAsyncData and useFetch) was substantially rewritten for performance and consistency. Although backward compatibility was a priority, the release notes recommend thorough testing as caching behavior has changed. This could impact applications with complex data fetching patterns.
• Dev Server CORS Policy (v3.15.3): A security fix introduced stricter Cross-Origin Resource Sharing (CORS) policies for the development server. This is noted as a significant change that may require developers using custom hostnames to configure the devServer.cors option in their nuxt.config file to avoid breaking their local development environment.
• Vite 6 Integration (v3.15): This version of Nuxt incorporates Vite 6. While the Nuxt team expects this to be a non-breaking change for most users, projects with dependencies tied to a specific Vite version should be verified.
• Head Management Upgrade (v3.16): Nuxt upgraded to unhead v2. A compatibility build was included to prevent issues, but some community reports mentioned problems with pinia devtools and tailwindcss styling after this update.

Recommendation:
Due to the significant changes in data fetching and the development server's CORS policy, this upgrade is assessed as medium risk. It is crucial to test data fetching logic and verify that the local development setup is unaffected by the new CORS restrictions.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.