Skip to content

chore(deps): update dependency nuxt-og-image to v6#90

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/nuxt-og-image-6.x
Open

chore(deps): update dependency nuxt-og-image to v6#90
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/nuxt-og-image-6.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Mar 16, 2026
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
nuxt-og-image (source) ^5.1.1^6.0.0 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

nuxt-modules/og-image (nuxt-og-image)

v6.5.0

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v6.4.11

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v6.4.10

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v6.4.9

Compare Source

compare changes

🩹 Fixes
  • More helpful font warnings (78ca997b)
  • Resolve Cloudflare runtime og image secret (#​596)
🏡 Chore
❤️ Contributors

v6.4.8

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v6.4.7

Compare Source

compare changes

🩹 Fixes
  • takumi: Restore non-latin glyph support regressed in v6.2.0 (#​587)
🏡 Chore
❤️ Contributors

v6.4.6

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v6.4.5

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v6.4.4

Compare Source

compare changes

🩹 Fixes
  • takumi: Serialize WASM calls (#​583)
🏡 Chore
❤️ Contributors

v6.4.3

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v6.4.2

Compare Source

compare changes

🩹 Fixes
  • Dispose prior og:image head entry on client navigation (d709ecf1)
  • Add image fetch timeouts and Server-Timing instrumentation (#​581)
🏡 Chore
❤️ Contributors

v6.4.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v6.4.0

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v6.3.10

Compare Source

compare changes

🚀 Enhancements
  • Add /_og/r/<path> resolver endpoint (#​572)
🩹 Fixes
🏡 Chore
❤️ Contributors

v6.3.9

Compare Source

compare changes

🏡 Chore
❤️ Contributors

v6.3.8

Compare Source

compare changes

🩹 Fixes
  • Fallback to internal handler when font origin is unreachable (#​566)
❤️ Contributors

v6.3.7

Compare Source

compare changes

🩹 Fixes
  • Resolve :style object literal bindings to inline CSS (#​562)
  • Misc cache improvements (#​564)
🏡 Chore
  • Takumi v1 (cdf161b3)
  • test: Update takumi wasm import for new package structure (#​565)
❤️ Contributors

v6.3.6

Compare Source

compare changes

🩹 Fixes
  • prerender: Compat issue with html validator (51aa00d3)
🏡 Chore
❤️ Contributors

v6.3.5

Compare Source

compare changes

🩹 Fixes
  • prerender: Edge cases in option caching (93ab1c67)
❤️ Contributors

v6.3.4

Compare Source

compare changes

🩹 Fixes
  • prerender: Sign dynamic URLs in strict mode and handle orphan hashes (#​560)
🏡 Chore
❤️ Contributors

v6.3.3

Compare Source

compare changes

🩹 Fixes
  • Add missing nitro presets to compatibility map (#​559)
🏡 Chore
❤️ Contributors

v6.3.2

Compare Source

No significant changes

    View changes on GitHub

v6.3.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v6.3.0

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v6.2.6

Compare Source

compare changes

🚀 Enhancements
  • security: Add URL signing to prevent parameter tampering (#​546)
🩹 Fixes
  • security: Strict mode, deprecate html (#​545)
❤️ Contributors

v6.2.5

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v6.2.4

Compare Source

compare changes

🩹 Fixes
  • Hydration-issue warning due to SSR generated DateTime value (#​535)
  • Sanitize component props (#​543)
  • Harden security defaults (#​540)
  • Whitelist component props to prevent cache key DoS (#​544)
🏡 Chore
❤️ Contributors

v6.2.3

Compare Source

   🐞 Bug Fixes
   🏎 Performance
    View changes on GitHub

v6.2.2

Compare Source

compare changes

🔥 Performance
  • devtools: Drop json-editor-vue (14a585b7)
🩹 Fixes
  • cloudflare: Detect legacy assets mode (7f60a480)
🏡 Chore
❤️ Contributors

v6.2.1

Compare Source

compare changes

🏡 Chore
❤️ Contributors

v6.2.0

Compare Source

compare changes

🩹 Fixes
  • Missing compatibility config (4541033c)
  • devtools: Broken resolution (57ac2647)
🏡 Chore
❤️ Contributors

v6.1.2

Compare Source

compare changes

🚀 Enhancements
  • content: Add defineOgImageSchema() composable (#​520)
🩹 Fixes
  • Update pnpm-lock.yaml (0784c378)
  • Broken slash decoding in some cases (6f8ac765)
  • client: Resolve layer-devtools path via import.meta.resolve (dd4e0578)
  • cloudflare: Resolve fonts via localFetch when ASSETS binding unavailable (#​527)
  • B64 encode props with URL-sensitive characters (#​530)
  • Resolve CI issues (f3e3045b)
  • Use explicit imports mapping for #nuxtseo-shared (08594505)
  • Use direct nuxtseo-shared/runtime imports, bump to ^0.3.0 (31b1a991)
  • Resolve CI failures in lint, build, typecheck, and tests (47e85d35)
  • Use dot-notation for ambiguous CalcTest component in type test (3ba63fef)
💅 Refactors
  • Migrate to nuxtseo-shared for shared utilities (f909f014)
  • client: Migrate devtools to nuxtseo-shared layer (48c15483)
  • Use published nuxtseo-layer-devtools package (74393aa3)
  • Remove dead defensive prerender initialization (3b0dae14)
  • Use nuxtseo-shared subpath exports, bump to ^0.5.0 (bd50740f)
  • Migrate to nuxtseo-shared (#​521)
🏡 Chore
✅ Tests
  • Update cloudflare-takumi snapshots after template redesign (66c2a80a)
❤️ Contributors

v6.1.1

Compare Source

compare changes

🩹 Fixes
  • Auto-detect NuxtHub KV for cache storage (#​517)
  • tw4: Use safe module resolution to prevent throws for unresolvable plugins (#​519)
🏡 Chore
❤️ Contributors

v6.1.0

Compare Source

compare changes

🩹 Fixes
  • Add missing option keys to URL encoding and prop separation (#​516)
  • Defer x-nitro-prerender header to prevent stale hash URLs during prerender (#​514)
  • Base64-encode non-ASCII values in URL path params (#​515)
🏡 Chore
❤️ Contributors

v6.0.7

Compare Source

compare changes

🚀 Enhancements
  • devtools: Add production preview toggle (#​509)
  • cli: Add create and switch commands with DX improvements (#​508)
  • devtools: Add component creation from empty state (#​510)
🩹 Fixes
  • encoding: Avoid pre decoded params to be truncated (#​504)
  • fonts: Detect font families from script setup computed properties (#​507)
  • devtools: Use actual content width for preview scaling (#​506)
  • Recover from v5 defineOgImage syntax (1e882060)
🏡 Chore
❤️ Contributors

v6.0.6

Compare Source

compare changes

🩹 Fixes
  • Broken windows path resolutions (dd1ae90b)
🏡 Chore
❤️ Contributors

v6.0.5

Compare Source

compare changes

🩹 Fixes
  • Prevent crash when defineOgImage runs client-side during layout transitions (#​502)
  • takumi: Use real font family names for correct font-weight matching (#​503)
🏡 Chore
❤️ Contributors

v6.0.4

Compare Source

compare changes

🏡 Chore
❤️ Contributors

v6.0.3

Compare Source

compare changes

🩹 Fixes
🏡 Chore
❤️ Contributors

v6.0.2

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v6.0.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v6.0.0

Compare Source

Nuxt OG Image v6 is the next major release.

Nuxt OG Image v6 brings a complete overhaul focused on performance, modern tooling, and developer experience.

📣 Highlights

  • 🚀 Takumi - Takumi is now the recommended renderer, offering 2-10x faster image generation with the same feature set as Satori
  • 🎨 First-class CSS support - Tailwind v4, UnoCSS, CSS variables, and Nuxt UI v3 colors all just work out of the box
  • 🖥️ Redesigned DevTools - improved OG image debugging experience with better previews, accessibility, and Bluesky social card support

📖 Migration Guide

Full migration guide: https://nuxtseo.com/og-image/migration-guide/v6

Quick Migration
npx nuxt-og-image migrate v6

Notable Changes

🚀 Takumi Renderer (Recommended)

Takumi is a Rust-based renderer that directly rasterizes to PNG/JPEG/WebP - no SVG intermediate step. It's 2-10x faster than Satori+Resvg.

See PR #​414.

Takumi and Satori are feature-compatible within Nuxt OG Image - both support Tailwind CSS, custom fonts, emoji, edge runtimes, and all the same template features. The difference is speed: Takumi is always faster thanks to its Rust-based direct rasterization.

Use Takumi by creating components with the .takumi.vue suffix:

components/OgImage/MyTemplate.takumi.vue

See the Takumi docs for the full feature list.

🎨 First-Class CSS Support

Nuxt OG Image now has first-class support for multiple CSS approaches - not just Tailwind. All of these work out of the box with zero configuration:

See PR #​430.

  • Tailwind v4 - build-time class extraction with Tailwind's CSS engine, @theme values just work
  • UnoCSS - full UnoCSS support
  • CSS Variables - use your app's CSS custom properties directly in OG image templates
  • Nuxt UI v3 - semantic colors (primary, secondary, etc.) are automatically resolved

No configuration needed.

🖥️ Redesigned DevTools

The OG image DevTools have been completely overhauled:

  • Better image preview and debugging
  • More accessible interface
  • Improved error reporting and diagnostics
  • Bluesky social card support
⚡ Install Renderer Dependencies

Renderer dependencies are no longer bundled. Install what you need based on your renderer and runtime.

See PR #​415.

Takumi (recommended):

npm i @&#8203;takumi-rs/core # Node.js
npm i @&#8203;takumi-rs/wasm # Edge runtimes

Satori:

npm i satori @&#8203;resvg/resvg-js # Node.js
npm i satori @&#8203;resvg/resvg-wasm # Edge runtimes

Browser:

npm i playwright-core

Running nuxi dev will prompt you to install missing dependencies automatically.

🖼️ Multiple OG Images Per Page

Define multiple images with different dimensions for different platforms. Shared props are passed once and applied to all variants.

See PR #​305.

Shared Props with Variants (Recommended)

Pass shared props as the second argument and size variants as the third — no prop duplication needed:

defineOgImage('NuxtSeo', { title: 'My Page' }, [
  { key: 'og' }, // Default 1200x600 for Twitter/Facebook
  { key: 'whatsapp', width: 800, height: 800 }, // Square for WhatsApp
])

Per-variant props override shared props when needed:

defineOgImage('NuxtSeo', { title: 'My Page', description: 'Full description' }, [
  { key: 'og' },
  { key: 'whatsapp', width: 800, height: 800, props: { description: 'Short' } },
])
Array Syntax

Alternatively, pass all options inline per variant:

defineOgImage('NuxtSeo', [
  { props: { title: 'My Page' } },
  { props: { title: 'My Page' }, key: 'whatsapp', width: 800, height: 800 },
])
🔤 @​nuxt/fonts Integration

Custom fonts now use @​nuxt/fonts instead of the legacy ogImage.fonts config.

See PR #​432.

export default defineNuxtConfig({
  modules: ['@&#8203;nuxt/fonts', 'nuxt-og-image'],
  fonts: {
    families: [
      { name: 'Inter', weights: [400, 700], global: true }
    ]
  }
})

The global: true option is required for fonts to be available in OG Image rendering.

📦 Component Renderer Suffix

OG Image components now require a renderer suffix in their filename. This enables automatic renderer detection, multiple renderer variants, and tree-shaking.

See PR #​433.

# Before
components/OgImage/MyTemplate.vue

# After
components/OgImage/MyTemplate.takumi.vue # Recommended
components/OgImage/MyTemplate.satori.vue

Run the migration CLI to rename automatically:

npx nuxt-og-image migrate v6
🏷️ Community Templates Must Be Ejected

Community templates (NuxtSeo, SimpleBlog, etc.) are no longer bundled in production. Eject them to your project before building.

See PR #​426.

npx nuxt-og-image eject NuxtSeo

Templates continue to work in development without ejecting.

🔗 New URL Structure

OG Image URLs now use a Cloudinary-style format with options encoded in the path. This enables better CDN caching since identical options produce identical URLs.

See PR #​305.

v5 v6
/__og-image__/image/ /_og/d/
/__og-image__/static/ /_og/s/
   🚨 Breaking Changes
   🚀 Features
   🐞 Bug Fixes

Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "on Monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented Mar 16, 2026
edited
Loading

Deploying dev-mode with  Cloudflare Pages  Cloudflare Pages

Latest commit: 0607082
Status:🚫  Build failed.

View logs

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Mar 16, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednuxt-og-image@​5.1.4 ⏵ 6.5.086 -11100 +497 +396 +4100

View full report

@renovate renovate Bot force-pushed the renovate/nuxt-og-image-6.x branch 3 times, most recently from e096203 to e4b903a Compare March 19, 2026 09:02
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Mar 19, 2026
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm culori is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/nuxt-og-image@6.5.0npm/culori@4.0.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/culori@4.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm nuxt-og-image is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/nuxt-og-image@6.5.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/nuxt-og-image@6.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate renovate Bot force-pushed the renovate/nuxt-og-image-6.x branch 10 times, most recently from 776778b to 0af21a2 Compare March 26, 2026 09:42
@renovate renovate Bot force-pushed the renovate/nuxt-og-image-6.x branch 7 times, most recently from 4a9e52b to a665195 Compare April 1, 2026 20:17
@renovate renovate Bot force-pushed the renovate/nuxt-og-image-6.x branch 7 times, most recently from e26b182 to c78a36e Compare April 13, 2026 17:03
@renovate renovate Bot force-pushed the renovate/nuxt-og-image-6.x branch 4 times, most recently from 9e03055 to d546daf Compare April 20, 2026 09:54
@renovate renovate Bot force-pushed the renovate/nuxt-og-image-6.x branch 2 times, most recently from 0607082 to 7566613 Compare April 22, 2026 18:41
@renovate renovate Bot force-pushed the renovate/nuxt-og-image-6.x branch from 7566613 to 83c9768 Compare May 7, 2026 21:38
@renovate renovate Bot force-pushed the renovate/nuxt-og-image-6.x branch from 83c9768 to 9027fea Compare May 12, 2026 09:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants