[Snyk] Security upgrade devalue from 5.0.0 to 5.3.2

[geekswagg]

Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

• packages/nuxt/package.json

⚠️ Warning

Failed to update the pnpm-lock.yaml, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-DEVALUE-12205530	786

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[Copilot]

Pull Request Overview

This PR is a security upgrade that updates the devalue package from version 5.0.0 to 5.3.2 to fix a critical Prototype Pollution vulnerability (SNYK-JS-DEVALUE-12205530) with a severity score of 786/1000. The devalue package is used by Nuxt for serializing and deserializing data in payloads transferred between server and client.

Key Changes

• Updated devalue dependency from ^5.0.0 to ^5.3.2 in packages/nuxt/package.json

Comments suppressed due to low confidence (1)

packages/nuxt/package.json:1

• The root package.json still uses devalue version 5.0.0 which contains the same critical Prototype Pollution vulnerability (SNYK-JS-DEVALUE-12205530). This devDependency should also be updated to version 5.3.2 to maintain consistency and ensure the vulnerability is fully addressed across the entire project.

{

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.