Skip to content

chore(deps):(deps-dev): bump the security-patches-dev group across 1 directory with 10 updates#343

Closed
dependabot[bot] wants to merge 1 commit intostagingfrom
dependabot/npm_and_yarn/security-patches-dev-7e5acbdd4b
Closed

chore(deps):(deps-dev): bump the security-patches-dev group across 1 directory with 10 updates#343
dependabot[bot] wants to merge 1 commit intostagingfrom
dependabot/npm_and_yarn/security-patches-dev-7e5acbdd4b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026
edited
Loading

Bumps the security-patches-dev group with 10 updates in the / directory:

Package From To
@mintlify/cli 4.0.1051 4.0.1069
@unocss/astro 66.6.6 66.6.7
@unocss/core 66.6.6 66.6.7
@unocss/reset 66.6.6 66.6.7
@vitest/coverage-v8 4.1.0 4.1.2
axe-core 4.11.1 4.11.2
jsdom 29.0.0 29.0.1
msw 2.12.11 2.12.14
unocss 66.6.6 66.6.7
vitest 4.1.0 4.1.2

Updates @mintlify/cli from 4.0.1051 to 4.0.1069

Commits

Updates @unocss/astro from 66.6.6 to 66.6.7

Release notes

Sourced from @​unocss/astro's releases.

v66.6.7

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates @unocss/core from 66.6.6 to 66.6.7

Release notes

Sourced from @​unocss/core's releases.

v66.6.7

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates @unocss/reset from 66.6.6 to 66.6.7

Release notes

Sourced from @​unocss/reset's releases.

v66.6.7

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates @vitest/coverage-v8 from 4.1.0 to 4.1.2

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

    View changes on GitHub

v4.1.1

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates axe-core from 4.11.1 to 4.11.2

Release notes

Sourced from axe-core's releases.

Release 4.11.2

This release addresses a number of false positives, including ones related to target size. It adds new affordances for ARIA, and adds a clarification around the scrollable regions rule.

Bug Fixes

  • aria-valid-attr-value: handle multiple aria-errormessage IDs (#4973) (9322148)
  • aria: prevent getOwnedVirtual from returning duplicate nodes (#4987) (99d1e77), closes #4840
  • DqElement: avoid calling constructors with cloneNode (#5013) (88bc57f)
  • existing-rule: aria-busy now shows an error message for a use with unallowed children (#5017) (dded75a)
  • scrollable-region-focusable: clarify the issue is in safari (#4995) (2567afd), closes WebKit#190870 WebKit#277290
  • scrollable-region-focusable: do not fail scroll areas when all content is visible without scrolling (#4993) (240f8b5)
  • target-size: determine offset using clientRects if target is display:inline (#5012) (69d81c1)
  • target-size: ignore widgets that are inline with other inline elements (#5000) (cf8a3c0)
Changelog

Sourced from axe-core's changelog.

4.11.2 (2026-03-30)

Bug Fixes

  • aria-valid-attr-value: handle multiple aria-errormessage IDs (#4973) (9322148)
  • aria: prevent getOwnedVirtual from returning duplicate nodes (#4987) (99d1e77), closes #4840
  • DqElement: avoid calling constructors with cloneNode (#5013) (88bc57f)
  • existing-rule: aria-busy now shows an error message for a use with unallowed children (#5017) (dded75a)
  • scrollable-region-focusable: clarify the issue is in safari (#4995) (2567afd), closes WebKit#190870 WebKit#277290
  • scrollable-region-focusable: do not fail scroll areas when all content is visible without scrolling (#4993) (240f8b5)
  • target-size: determine offset using clientRects if target is display:inline (#5012) (69d81c1)
  • target-size: ignore widgets that are inline with other inline elements (#5000) (cf8a3c0)
Commits
  • 41093da chore(release): v4.11.2 (#5049)
  • 66c26aa chore(release): 4.11.2
  • cf8a3c0 fix(target-size): ignore widgets that are inline with other inline elements (...
  • 3d80a37 chore: add CLAUDE.md and pull request checklist (#5035)
  • a09204f chore: bump the npm-low-risk group with 6 updates (#5020)
  • 431f621 chore: bump jsdom from 27.4.0 to 28.1.0 (#5021)
  • 68aab66 test: fix chromedriver 146 failing to create session (#5026)
  • dded75a fix(existing-rule): aria-busy now shows an error message for a use with unall...
  • 69d81c1 fix(target-size): determine offset using clientRects if target is display:inl...
  • 99d1e77 fix(aria): prevent getOwnedVirtual from returning duplicate nodes (#4987)
  • Additional commits viewable in compare view

Updates jsdom from 29.0.0 to 29.0.1

Release notes

Sourced from jsdom's releases.

v29.0.1

  • Fixed CSS parsing of border, background, and their sub-shorthands containing keywords or var(). (@​asamuzaK)
  • Fixed getComputedStyle() to return a more functional CSSStyleDeclaration object, including indexed access support, which regressed in v29.0.0.
Commits
  • 34c7d6e 29.0.1
  • 8ffc811 Add benchmark for computed style property access
  • 5f2434c Update dependencies and dev dependencies
  • 1e8a7ff Handle global keywords in CSS shorthand property handlers
  • 0b79509 Wrap getComputedStyle return value for proper indexed access
  • d589a8e Fix border shorthand parsing
  • e528859 Modernize release infrastructure
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for jsdom since your current version.


Updates msw from 2.12.11 to 2.12.14

Release notes

Sourced from msw's releases.

v2.12.14 (2026-03-21)

Bug Fixes

v2.12.13 (2026-03-17)

Bug Fixes

  • GraphQL: support application/graphql-response+json response content-type (#2513) (4b8c330ac0dec25a61d21693ac38a097250f1255) @​phryneas @​kettanaito
  • HttpResponse: mark implicit content-type headers with a symbol (#2675) (98716e7b337aba0090695c2f70895f2f97afa3ee) @​kettanaito

v2.12.12 (2026-03-17)

Bug Fixes

Commits
  • afa3606 chore(release): v2.12.14
  • f90bf49 fix: support wildcard ports in url matching (#2677)
  • 002f3e7 test: fix flaky ws.clients.browser test (#2679)
  • 5f4ccce chore(release): v2.12.13
  • 4b8c330 fix(GraphQL): support application/graphql-response+json response `content-t...
  • 98716e7 fix(HttpResponse): mark implicit content-type headers with a symbol (#2675)
  • e6a7f81 chore(release): v2.12.12
  • 51e920e chore: fix flaky tests (#2673)
  • cd52873 fix: minor improvements (#2672)
  • b79d7ae fix: handle special characters in postinstall script (#2649)
  • Additional commits viewable in compare view

Updates unocss from 66.6.6 to 66.6.7

Release notes

Sourced from unocss's releases.

v66.6.7

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates vitest from 4.1.0 to 4.1.2

Release notes

Sourced from vitest's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

    View changes on GitHub

v4.1.1

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Commits
  • fc6f482 chore: release v4.1.2
  • 6f97b55 feat: disable colors if agent is detected (#9851)
  • b3c992c fix(coverage): correct coverageConfigDefaults values and types (#9940)
  • 7c06598 fix: ensure sequential mock/unmock resolution (#9830)
  • f54abad chore: add typo-checker skill and fix typos (#9963)
  • 7aa9377 fix: don't resolve setupFiles from parent directory (#9960)
  • 1f2d318 chore: release v4.1.1
  • ebfde79 refactor: rename matchesTagsFilter to matchesTags (#9956)
  • 5611500 feat(experimental): introduce experimental.vcsProvider (#9928)
  • eec53d9 feat(experimental): expose matchesTagsFilter to test if the current filter ...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by cubic

Updates the security-patches-dev group to patch vulnerabilities and improve test/tooling stability. Notable changes include fixing a flatted CVE via vitest, reducing axe-core false positives, and addressing jsdom CSS parsing regressions.

  • Dependencies
    • Testing: vitest and @vitest/coverage-v8 → 4.1.2 (resolves flatted CVE; stability fixes).
    • Accessibility: axe-core → 4.11.2 (fewer false positives; ARIA updates).
    • DOM emulation: jsdom → 29.0.1 (CSS shorthand and getComputedStyle fixes).
    • Mocking: msw → 2.12.14 (wildcard ports; GraphQL response content-type).
    • Styling: unocss, @unocss/* → 66.6.7 (minor fixes).
    • Docs: @mintlify/cli → 4.0.1069 (patch update).

Written for commit e11f324. Summary will update on new commits.

@dependabot
chore(deps):(deps-dev): bump the security-patches-dev group across 1 …
e11f324 
…directory with 10 updates

Bumps the security-patches-dev group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@mintlify/cli](https://github.com/mintlify/mint/tree/HEAD/packages/cli) | `4.0.1051` | `4.0.1069` |
| [@unocss/astro](https://github.com/unocss/unocss/tree/HEAD/packages-integrations/astro) | `66.6.6` | `66.6.7` |
| [@unocss/core](https://github.com/unocss/unocss/tree/HEAD/packages-engine/core) | `66.6.6` | `66.6.7` |
| [@unocss/reset](https://github.com/unocss/unocss/tree/HEAD/packages-presets/reset) | `66.6.6` | `66.6.7` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.0` | `4.1.2` |
| [axe-core](https://github.com/dequelabs/axe-core) | `4.11.1` | `4.11.2` |
| [jsdom](https://github.com/jsdom/jsdom) | `29.0.0` | `29.0.1` |
| [msw](https://github.com/mswjs/msw) | `2.12.11` | `2.12.14` |
| [unocss](https://github.com/unocss/unocss/tree/HEAD/packages-presets/unocss) | `66.6.6` | `66.6.7` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.0` | `4.1.2` |



Updates `@mintlify/cli` from 4.0.1051 to 4.0.1069
- [Commits](https://github.com/mintlify/mint/commits/HEAD/packages/cli)

Updates `@unocss/astro` from 66.6.6 to 66.6.7
- [Release notes](https://github.com/unocss/unocss/releases)
- [Commits](https://github.com/unocss/unocss/commits/v66.6.7/packages-integrations/astro)

Updates `@unocss/core` from 66.6.6 to 66.6.7
- [Release notes](https://github.com/unocss/unocss/releases)
- [Commits](https://github.com/unocss/unocss/commits/v66.6.7/packages-engine/core)

Updates `@unocss/reset` from 66.6.6 to 66.6.7
- [Release notes](https://github.com/unocss/unocss/releases)
- [Commits](https://github.com/unocss/unocss/commits/v66.6.7/packages-presets/reset)

Updates `@vitest/coverage-v8` from 4.1.0 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/coverage-v8)

Updates `axe-core` from 4.11.1 to 4.11.2
- [Release notes](https://github.com/dequelabs/axe-core/releases)
- [Changelog](https://github.com/dequelabs/axe-core/blob/develop/CHANGELOG.md)
- [Commits](dequelabs/axe-core@v4.11.1...v4.11.2)

Updates `jsdom` from 29.0.0 to 29.0.1
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Commits](jsdom/jsdom@v29.0.0...v29.0.1)

Updates `msw` from 2.12.11 to 2.12.14
- [Release notes](https://github.com/mswjs/msw/releases)
- [Changelog](https://github.com/mswjs/msw/blob/main/CHANGELOG.md)
- [Commits](mswjs/msw@v2.12.11...v2.12.14)

Updates `unocss` from 66.6.6 to 66.6.7
- [Release notes](https://github.com/unocss/unocss/releases)
- [Commits](https://github.com/unocss/unocss/commits/v66.6.7/packages-presets/unocss)

Updates `vitest` from 4.1.0 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/vitest)

---
updated-dependencies:
- dependency-name: "@mintlify/cli"
  dependency-version: 4.0.1069
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: "@unocss/astro"
  dependency-version: 66.6.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: "@unocss/core"
  dependency-version: 66.6.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: "@unocss/reset"
  dependency-version: 66.6.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: axe-core
  dependency-version: 4.11.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: jsdom
  dependency-version: 29.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: msw
  dependency-version: 2.12.14
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: unocss
  dependency-version: 66.6.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: vitest
  dependency-version: 4.1.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 1, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 1, 2026

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@vercel
Copy link
Copy Markdown

vercel bot commented Apr 1, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
pixelated Ready Ready Preview, Comment Apr 1, 2026 8:55am

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 2, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Apr 2, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/security-patches-dev-7e5acbdd4b branch April 2, 2026 05:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants