chore: Update dependencies & resolve type issue

[stefashkaa]

Description

I've just updated the project dependencies to utilize the latest tools regarding this project. Also, I've downgraded and used fixed nuxt version to resolve type issues in nuxt config

Works done

• Update dependencies
• Fix type issues in nuxt config

Summary by CodeRabbit

• Chores
  • Updated npm dependencies including Nuxt, PostHog, Vue, and Sass versions.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
desource-labs-web	Ready	Preview, Comment	Jun 2, 2026 10:37am

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

This PR updates four npm dependency versions in package.json: nuxt, posthog-js, vue in the dependencies block, and sass in the devDependencies block. No other configuration, scripts, or public entities are changed.

Changes

Dependency Version Updates

Layer / File(s)	Summary
Runtime and development dependency updates package.json	Runtime dependencies nuxt, posthog-js, and vue are bumped to newer patch and minor versions; sass in devDependencies is also updated to a newer minor version.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• DeSource-Labs/desource-labs-web#16: Both PRs only modify package.json dependency version numbers for the same packages.
• DeSource-Labs/desource-labs-web#13: Both PRs update package.json dependency versions for nuxt, posthog-js, vue, and sass.

Poem

🐰 A bump here, a version there,
Dependencies fresh and fair,
Nuxt, Vue, and Sass aligned,
PostHog tracking redesigned,
Package.json's gentle care! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main changes: updating dependencies and addressing type issues in Nuxt configuration, which aligns with the PR objectives and the changes in package.json.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/update-deps-and-fix-type-issues

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	posthog-js@​1.378.1
	vue@​3.5.35
	sass@​1.100.0
	nuxt@​4.4.6 ⏵ 4.4.5		-3

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm posthog-js is 88.0% likely obfuscated Confidence: 0.88 Location: Package overview From: package.json → npm/posthog-js@1.378.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/posthog-js@1.378.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm posthog-js is 85.0% likely obfuscated Confidence: 0.85 Location: Package overview From: package.json → npm/posthog-js@1.378.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/posthog-js@1.378.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[Copilot]

Pull request overview

Updates several dependencies to their latest versions and pins Nuxt to an older fixed version (4.4.5, down from ^4.4.6) to work around type issues in the Nuxt config.

Changes:

• Pin nuxt to 4.4.5 (downgrade from ^4.4.6)
• Bump posthog-js to ^1.378.1, vue to ^3.5.35, sass to ^1.100.0
• Regenerate pnpm-lock.yaml to reflect updated dependency graph

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
package.json	Pins nuxt to 4.4.5 and bumps posthog-js, vue, and sass minor versions
pnpm-lock.yaml	Lockfile regeneration matching the package.json updates

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c43333dc19

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Restore the patched Nuxt release

Pinning Nuxt to 4.4.5 reintroduces the version range affected by CVE-2026-47200: when component islands are enabled and protected pages rely on route middleware, direct __nuxt_island/page_* requests can bypass that middleware and return protected SSR HTML. This commit downgrades the resolved dependency from 4.4.6 (which includes the page-island middleware fix) to the vulnerable 4.4.5, so deployments with that route-middleware/auth pattern lose the security fix; keep this at 4.4.6 or a newer patched version instead.

Useful? React with 👍 / 👎.