fix(deps): update dependency vue-router to v5

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
vue-router (source)	^4.6.4 → ^5.0.0

---

Release Notes

vuejs/router (vue-router)

v5.1.0

Compare Source

   🚀 Features

• Typed definePage params.path  -  by @​posva in #​2716 (d65de)
• Strict type for definePage param default  -  by @​posva (0ae10)
• Support raw param parsers  -  by @​posva (eadec)
• Force array type raw param parsers  -  by @​posva (7a68b)
• Allow overriding the global Router type  -  by @​posva (1cd93)
• Emit runtime warning for invalid format in query params  -  by @​posva (8259a)
• Override useRouter() return with experimental types config  -  by @​posva (39a34)
• Allow string as a param parser for convenience  -  by @​posva (be37b)

   🐞 Bug Fixes

• Fix auto import fixes and make experimental esm only  -  by @​posva (db3a6)
• Deterministic param parser types order  -  by @​posva (bf0fc)
• Avoid importing unused param parsers  -  by @​posva (41c00)
• Filter invalid query params without failing to match  -  by @​posva (db717)
• Detect not set format  -  by @​posva (aa89e)
• Allow undefined values for params in query  -  by @​posva (4726e)
• experimental: Repeatable params in subsegments  -  by @​posva (84664)
• types: Add vite as optional peer dependency  -  by @​ForgottenR, @​posva and shihuijie in #​2712 (facbf)

    View changes on GitHub

v5.0.7

Compare Source

   🚀 Features

• Upgrade to babel 8  -  by @​posva (8d3e6)
• Make defineParamParser() more intuitive  -  by @​posva (8715b)
• Upgrade @vue/devtools-api  -  by @​posva (87c3a)
• matcher: Hint at params: {} workaround in discarded params warning  -  by @​posva and shanliuling in #​2689 (c2b13)
• param-parsers: Add include/exclude options  -  by @​posva (91cde)

   🐞 Bug Fixes

• matcher:
  • Finalize param token before processing escaped colon  -  by @​babu-ch and @​posva in #​2654 (20521)
• query:
  • Use Object.create(null) to prevent prototype pollution  -  by @​wdskuki, wdsmini and @​posva in #​2661 (be88c)
• resolve:
  • Omit empty optional params from resolved params  -  by @​babu-ch and @​posva in #​2434 (1ef09)
• types:
  • Wire RouteNamedMap via generated routes.d.ts  -  by @​posva in #​2700 (aef99)
• unplugin:
  • Avoid generating empty routes  -  by @​FrontEndDog and @​posva in #​2642 (10a8b)
  • Apply definePage path-param parser overrides  -  by @​posva in #​2699 (c8074)
• volar:
  • Drop runtime @vue/language-core import  -  by @​danielroe in #​2710 (8af50)

    View changes on GitHub

v5.0.6

Compare Source

   🐞 Bug Fixes

• Missing closing quote in generated import  -  by @​zjy040525 and @​posva in #​2688 (32f78)

    View changes on GitHub

v5.0.5

Compare Source

   🚀 Features

• Enable standard schema param parsers  -  by @​posva (ea8e3)
• Normalize param parsers once  -  by @​posva (48087)

   🐞 Bug Fixes

• Track definePage imports per-file to fix named view race condition  -  by @​posva (11191)
• Avoid double decoding hash on string location  -  by @​posva (1578c)

    View changes on GitHub

v5.0.4

Compare Source

   🐞 Bug Fixes

• Avoid iterator helpers for Node 20 compat  -  by @​cwandev in #​2635 (47130)
• Escape backslahes in string literals  -  by @​posva (71fdb)
• Avoid false duplicate route warning for named views  -  by @​posva (72012)
• Allow pushing to auto routes  -  by @​posva (47f03)
• loaders: Restore context in sequential awaits  -  by @​posva (fce5d)

    View changes on GitHub

v5.0.3

Compare Source

   🚨 Breaking Changes

• experimental:
  • Make miss() throw internally and return never  -  by @​posva (077e1)
  • Add reroute() and deprecate NavigationResult  -  by @​posva (308db)
  • Remove selectNavigationResult  -  by @​posva (9e88a)

   🚀 Features

• Support _parent in nested folders  -  by @​posva (0a37f)
• Warn on _parent conflict  -  by @​posva (182fe)
• Set _parent as non matchable by default  -  by @​posva (8f91c)
• Warn on conflicting components for routes  -  by @​posva (34ace)
• Use type module  -  by @​posva (dc9ff)
• Add deprecation warning for next() callback in navigation guards  -  by @​posva (797f5)
• Extract alias from definePage  -  by @​posva (835df)
• Display aliases in logs  -  by @​posva (7aa60)
• Deprecate new NavigationResult(to) in favor of reroute(to)  -  by @​posva (382e3)
• experimental:
  • Handle aliasOf in resolvers  -  by @​posva (8fe45)
  • Generate aliases from override in resolver  -  by @​posva (a00ac)
  • Warn against non absolute aliases  -  by @​posva (476c6)

   🐞 Bug Fixes

• Avoid non matchable routes in auto-routes  -  by @​posva (48649)
• Handle quotes in d.ts  -  by @​posva (d7764)
• Avoid route entry in map for _parent  -  by @​posva (1dfcc)
• Handle nested groups  -  by @​posva (4a4be)
• Stable route ordering for group folders with same path  -  by @​posva (1db94)
• Correct route ordering for group nodes with inflated scores  -  by @​posva (515f4)
• Cleanup old route overrides  -  by @​posva (b28a7)
• Remove name from _parent.vue files  -  by @​posva (6e8f1)
• ci:
  • Format sponsor files before change detection  -  by @​posva (f68d6)
  • Use manual git commit in update-sponsors  -  by @​posva (8ee99)
• experimental:
  • Resolve TS errors in resolver/router type hierarchy  -  by @​posva (a86f1)
• types:
  • Relax RouteMapGeneric constraint for interface-based RouteNamedMap  -  by @​YevheniiKotyrlo in #​2624 (cdf7b)
• volar:
  • Use ts.getTokenPosOfNode instead of node.getStart  -  by @​KazariEX in #​2630 (0b050)

   🏎 Performance

• Avoid merging empty object in record  -  by @​posva (4213e)

    View changes on GitHub

v5.0.2

Compare Source

   🐞 Bug Fixes

• Remove devtools from iife build  -  by @​posva (58c03)
• Loose version check vue-router  -  by @​posva (90e4b)
• volar: Empty options  -  by @​posva (02275)

    View changes on GitHub

v5.0.1

Compare Source

   🐞 Bug Fixes

• volar: Make typed plugin work with vue-tsc  -  by @​peter50216 in #​2607 (7845e)

    View changes on GitHub

v5.0.0

Compare Source

Vue Router 5 is a boring release, it merges unplugin-vue-router into the core package with no breaking changes. The only exception is that the iife build no longer includes @vue/devtools-api because it has been upgraded to v8 and does not expose an IIFE build itself. You can track that change in this issue. See the migration guide for instructions on how to upgrade from unplugin-vue-router to Vue Router 5.

   🚀 Features

• experimental: Query params are optional by default  -  by @​posva (78913)
• Add volar plugins  -  by @​posva (530ac)
• Add data loaders as experimental  -  by @​posva (ab895)
• Add route json schema  -  by @​posva (20675)
• Upgrade devtools-api to v7  -  by @​posva (17b84)
• Upgrade devtools to v8  -  by @​posva (b8aa2)
• Runtime error on missing param parsers  -  by @​posva (3444b)
• volar: Allow rootDir option  -  by @​posva (df65a)

   🐞 Bug Fixes

• Avoid breaking older browsers support  -  by @​posva (c7ba4)
• Trigger navigation guards when keep-alive component is reactivated for different route  -  by @​babu-ch and @​posva in #​2604 (c7735)
• Add automatic types for param parsers  -  by @​posva (0fb5d)
• Param parsers when dts is not at root  -  by @​posva (16b39)
• Expose resolveOptions for unplugin  -  by @​posva (35543)
• Escape tildes in paths  -  by @​posva (aac2e)
• volar: Upgrade config read  -  by @​posva (e3024)

    View changes on GitHub

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
nuxt-evals	Ready	Preview, Comment	May 30, 2026 3:43pm

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

? Verifying lockfile against supply-chain policies (171 entries)...
✗ Lockfile failed supply-chain policy check (171 entries in 2.5s)
[ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION] 1 lockfile entries failed verification:
  @vercel/agent-eval@0.14.1 was published at 2026-05-20T15:27:28.000Z, within the minimumReleaseAge cutoff (2026-05-20T10:39:02.622Z)

The lockfile contains entries that the active policies reject. This can mean the lockfile is stale, or that someone committed a lockfile that bypassed the policy locally — inspect recent changes to pnpm-lock.yaml before trusting it. If the changes look expected, run "pnpm clean --lockfile" and then "pnpm install" to rebuild from a fresh resolution. Alternatively, relax the policy that flagged them.