Skip to content

chore(deps):(deps-dev): bump the security-patches-dev group across 1 directory with 11 updates#357

Open
dependabot[bot] wants to merge 1 commit intostagingfrom
dependabot/npm_and_yarn/security-patches-dev-eeadebedf0
Open

chore(deps):(deps-dev): bump the security-patches-dev group across 1 directory with 11 updates#357
dependabot[bot] wants to merge 1 commit intostagingfrom
dependabot/npm_and_yarn/security-patches-dev-eeadebedf0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 2, 2026
edited by cubic-dev-ai bot
Loading

Bumps the security-patches-dev group with 11 updates in the / directory:

Package From To
@mintlify/cli 4.0.1051 4.0.1076
@unocss/astro 66.6.6 66.6.7
@unocss/core 66.6.6 66.6.7
@unocss/reset 66.6.6 66.6.7
@vitest/coverage-v8 4.1.0 4.1.2
astro 6.1.2 6.1.3
axe-core 4.11.1 4.11.2
jsdom 29.0.0 29.0.1
msw 2.12.11 2.12.14
unocss 66.6.6 66.6.7
vitest 4.1.0 4.1.2

Updates @mintlify/cli from 4.0.1051 to 4.0.1076

Commits

Updates @unocss/astro from 66.6.6 to 66.6.7

Release notes

Sourced from @​unocss/astro's releases.

v66.6.7

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates @unocss/core from 66.6.6 to 66.6.7

Release notes

Sourced from @​unocss/core's releases.

v66.6.7

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates @unocss/reset from 66.6.6 to 66.6.7

Release notes

Sourced from @​unocss/reset's releases.

v66.6.7

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates @vitest/coverage-v8 from 4.1.0 to 4.1.2

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

    View changes on GitHub

v4.1.1

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates astro from 6.1.2 to 6.1.3

Release notes

Sourced from astro's releases.

astro@6.1.3

Patch Changes

  • #16161 b51f297 Thanks @​matthewp! - Fixes a dev rendering issue with the Cloudflare adapter where head metadata could be missing and dev CSS/scripts could be injected in the wrong place

  • #16110 de669f0 Thanks @​tmimmanuel! - Fixes skew protection query parameters not being appended to inter-chunk JavaScript imports in client bundles, which could cause version mismatches during rolling deployments on Vercel

  • #16162 a0a49e9 Thanks @​rururux! - Fixes an issue where HMR would not trigger when modifying files while using @​astrojs/cloudflare with prerenderEnvironment: 'node' enabled.

  • #16142 7454854 Thanks @​rururux! - Fixes HTML content being incorrectly escaped as plain text when rendering a MDX component using the AstroContainer APIs.

  • #16116 12602a9 Thanks @​riderx! - Fixes a bug where page-level CSS could leak between unrelated pages when traversing style parents across top-level route boundaries

  • #16178 a7e7567 Thanks @​matthewp! - Fixes SSR builds failing with "No matching renderer found" when a project only has injected routes and no src/pages/ directory

Changelog

Sourced from astro's changelog.

6.1.3

Patch Changes

  • #16161 b51f297 Thanks @​matthewp! - Fixes a dev rendering issue with the Cloudflare adapter where head metadata could be missing and dev CSS/scripts could be injected in the wrong place

  • #16110 de669f0 Thanks @​tmimmanuel! - Fixes skew protection query parameters not being appended to inter-chunk JavaScript imports in client bundles, which could cause version mismatches during rolling deployments on Vercel

  • #16162 a0a49e9 Thanks @​rururux! - Fixes an issue where HMR would not trigger when modifying files while using @​astrojs/cloudflare with prerenderEnvironment: 'node' enabled.

  • #16142 7454854 Thanks @​rururux! - Fixes HTML content being incorrectly escaped as plain text when rendering a MDX component using the AstroContainer APIs.

  • #16116 12602a9 Thanks @​riderx! - Fixes a bug where page-level CSS could leak between unrelated pages when traversing style parents across top-level route boundaries

  • #16178 a7e7567 Thanks @​matthewp! - Fixes SSR builds failing with "No matching renderer found" when a project only has injected routes and no src/pages/ directory

Commits
  • b5b8093 [ci] release (#16159)
  • 7454854 fix(astro): Fix isHTMLString check failing in multi-realm environments (#16...
  • a7e7567 Include injected routes when determining whether renderers are needed in SSR ...
  • a0a49e9 fix(cloudflare): ensure HMR works when prerenderEnvironment is set to 'node...
  • b51f297 Preserve head metadata in Cloudflare dev rendering (#16161)
  • 4eec0f1 test: don't use tmp fixtures (#16177)
  • a9138ab [ci] format
  • 34b5f13 chore: move unit tests to ts (#16157)
  • 6b6751d [ci] format
  • de669f0 fix(core): append assetQueryParams to inter-chunk JS imports (#15964) (#16110)
  • Additional commits viewable in compare view

Updates axe-core from 4.11.1 to 4.11.2

Release notes

Sourced from axe-core's releases.

Release 4.11.2

This release addresses a number of false positives, including ones related to target size. It adds new affordances for ARIA, and adds a clarification around the scrollable regions rule.

Bug Fixes

  • aria-valid-attr-value: handle multiple aria-errormessage IDs (#4973) (9322148)
  • aria: prevent getOwnedVirtual from returning duplicate nodes (#4987) (99d1e77), closes #4840
  • DqElement: avoid calling constructors with cloneNode (#5013) (88bc57f)
  • existing-rule: aria-busy now shows an error message for a use with unallowed children (#5017) (dded75a)
  • scrollable-region-focusable: clarify the issue is in safari (#4995) (2567afd), closes WebKit#190870 WebKit#277290
  • scrollable-region-focusable: do not fail scroll areas when all content is visible without scrolling (#4993) (240f8b5)
  • target-size: determine offset using clientRects if target is display:inline (#5012) (69d81c1)
  • target-size: ignore widgets that are inline with other inline elements (#5000) (cf8a3c0)
Changelog

Sourced from axe-core's changelog.

4.11.2 (2026-03-30)

Bug Fixes

  • aria-valid-attr-value: handle multiple aria-errormessage IDs (#4973) (9322148)
  • aria: prevent getOwnedVirtual from returning duplicate nodes (#4987) (99d1e77), closes #4840
  • DqElement: avoid calling constructors with cloneNode (#5013) (88bc57f)
  • existing-rule: aria-busy now shows an error message for a use with unallowed children (#5017) (dded75a)
  • scrollable-region-focusable: clarify the issue is in safari (#4995) (2567afd), closes WebKit#190870 WebKit#277290
  • scrollable-region-focusable: do not fail scroll areas when all content is visible without scrolling (#4993) (240f8b5)
  • target-size: determine offset using clientRects if target is display:inline (#5012) (69d81c1)
  • target-size: ignore widgets that are inline with other inline elements (#5000) (cf8a3c0)
Commits
  • 41093da chore(release): v4.11.2 (#5049)
  • 66c26aa chore(release): 4.11.2
  • cf8a3c0 fix(target-size): ignore widgets that are inline with other inline elements (...
  • 3d80a37 chore: add CLAUDE.md and pull request checklist (#5035)
  • a09204f chore: bump the npm-low-risk group with 6 updates (#5020)
  • 431f621 chore: bump jsdom from 27.4.0 to 28.1.0 (#5021)
  • 68aab66 test: fix chromedriver 146 failing to create session (#5026)
  • dded75a fix(existing-rule): aria-busy now shows an error message for a use with unall...
  • 69d81c1 fix(target-size): determine offset using clientRects if target is display:inl...
  • 99d1e77 fix(aria): prevent getOwnedVirtual from returning duplicate nodes (#4987)
  • Additional commits viewable in compare view

Updates jsdom from 29.0.0 to 29.0.1

Release notes

Sourced from jsdom's releases.

v29.0.1

  • Fixed CSS parsing of border, background, and their sub-shorthands containing keywords or var(). (@​asamuzaK)
  • Fixed getComputedStyle() to return a more functional CSSStyleDeclaration object, including indexed access support, which regressed in v29.0.0.
Commits
  • 34c7d6e 29.0.1
  • 8ffc811 Add benchmark for computed style property access
  • 5f2434c Update dependencies and dev dependencies
  • 1e8a7ff Handle global keywords in CSS shorthand property handlers
  • 0b79509 Wrap getComputedStyle return value for proper indexed access
  • d589a8e Fix border shorthand parsing
  • e528859 Modernize release infrastructure
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for jsdom since your current version.


Updates msw from 2.12.11 to 2.12.14

Release notes

Sourced from msw's releases.

v2.12.14 (2026-03-21)

Bug Fixes

v2.12.13 (2026-03-17)

Bug Fixes

  • GraphQL: support application/graphql-response+json response content-type (#2513) (4b8c330ac0dec25a61d21693ac38a097250f1255) @​phryneas @​kettanaito
  • HttpResponse: mark implicit content-type headers with a symbol (#2675) (98716e7b337aba0090695c2f70895f2f97afa3ee) @​kettanaito

v2.12.12 (2026-03-17)

Bug Fixes

Commits
  • afa3606 chore(release): v2.12.14
  • f90bf49 fix: support wildcard ports in url matching (#2677)
  • 002f3e7 test: fix flaky ws.clients.browser test (#2679)
  • 5f4ccce chore(release): v2.12.13
  • 4b8c330 fix(GraphQL): support application/graphql-response+json response `content-t...
  • 98716e7 fix(HttpResponse): mark implicit content-type headers with a symbol (#2675)
  • e6a7f81 chore(release): v2.12.12
  • 51e920e chore: fix flaky tests (#2673)
  • cd52873 fix: minor improvements (#2672)
  • b79d7ae fix: handle special characters in postinstall script (#2649)
  • Additional commits viewable in compare view

Updates unocss from 66.6.6 to 66.6.7

Release notes

Sourced from unocss's releases.

v66.6.7

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates vitest from 4.1.0 to 4.1.2

Release notes

Sourced from vitest's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

    View changes on GitHub

v4.1.1

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Commits
  • fc6f482 chore: release v4.1.2
  • 6f97b55 feat: disable colors if agent is detected (#9851)
  • b3c992c fix(coverage): correct coverageConfigDefaults values and types (#9940)
  • 7c06598 fix: ensure sequential mock/unmock resolution (#9830)
  • f54abad chore: add typo-checker skill and fix typos (#9963)
  • 7aa9377 fix: don't resolve setupFiles from parent directory (#9960)
  • 1f2d318 chore: release v4.1.1
  • ebfde79 refactor: rename matchesTagsFilter to matchesTags (#9956)
  • 5611500 feat(experimental): introduce experimental.vcsProvider (#9928)
  • eec53d9 feat(experimental): expose matchesTagsFilter to test if the current filter ...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by cubic

Update 11 dev/testing dependencies to latest patches to address security (flatted CVE via vitest) and improve stability in local dev and tests. No application code changes.

  • Dependencies
    • Testing: vitest 4.1.2 and @vitest/coverage-v8 4.1.2 resolve the flatted CVE and improve coverage behavior.
    • Astro/Styling: astro 6.1.3 fixes dev rendering/HMR/CSS issues; unocss 66.6.7 includes minor fixes.
    • Accessibility/DOM: axe-core 4.11.2 reduces false positives; jsdom 29.0.1 fixes CSS parsing and computed styles.
    • Tooling: msw 2.12.14 bug fixes (wildcard ports, GraphQL content-type); @mintlify/cli 4.0.1076 to latest patch.

Written for commit 9b2d41d. Summary will update on new commits.

@dependabot
chore(deps):(deps-dev): bump the security-patches-dev group across 1 …
9b2d41d 
…directory with 11 updates

Bumps the security-patches-dev group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@mintlify/cli](https://github.com/mintlify/mint/tree/HEAD/packages/cli) | `4.0.1051` | `4.0.1076` |
| [@unocss/astro](https://github.com/unocss/unocss/tree/HEAD/packages-integrations/astro) | `66.6.6` | `66.6.7` |
| [@unocss/core](https://github.com/unocss/unocss/tree/HEAD/packages-engine/core) | `66.6.6` | `66.6.7` |
| [@unocss/reset](https://github.com/unocss/unocss/tree/HEAD/packages-presets/reset) | `66.6.6` | `66.6.7` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.0` | `4.1.2` |
| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `6.1.2` | `6.1.3` |
| [axe-core](https://github.com/dequelabs/axe-core) | `4.11.1` | `4.11.2` |
| [jsdom](https://github.com/jsdom/jsdom) | `29.0.0` | `29.0.1` |
| [msw](https://github.com/mswjs/msw) | `2.12.11` | `2.12.14` |
| [unocss](https://github.com/unocss/unocss/tree/HEAD/packages-presets/unocss) | `66.6.6` | `66.6.7` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.0` | `4.1.2` |



Updates `@mintlify/cli` from 4.0.1051 to 4.0.1076
- [Commits](https://github.com/mintlify/mint/commits/HEAD/packages/cli)

Updates `@unocss/astro` from 66.6.6 to 66.6.7
- [Release notes](https://github.com/unocss/unocss/releases)
- [Commits](https://github.com/unocss/unocss/commits/v66.6.7/packages-integrations/astro)

Updates `@unocss/core` from 66.6.6 to 66.6.7
- [Release notes](https://github.com/unocss/unocss/releases)
- [Commits](https://github.com/unocss/unocss/commits/v66.6.7/packages-engine/core)

Updates `@unocss/reset` from 66.6.6 to 66.6.7
- [Release notes](https://github.com/unocss/unocss/releases)
- [Commits](https://github.com/unocss/unocss/commits/v66.6.7/packages-presets/reset)

Updates `@vitest/coverage-v8` from 4.1.0 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/coverage-v8)

Updates `astro` from 6.1.2 to 6.1.3
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@6.1.3/packages/astro)

Updates `axe-core` from 4.11.1 to 4.11.2
- [Release notes](https://github.com/dequelabs/axe-core/releases)
- [Changelog](https://github.com/dequelabs/axe-core/blob/develop/CHANGELOG.md)
- [Commits](dequelabs/axe-core@v4.11.1...v4.11.2)

Updates `jsdom` from 29.0.0 to 29.0.1
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Commits](jsdom/jsdom@v29.0.0...v29.0.1)

Updates `msw` from 2.12.11 to 2.12.14
- [Release notes](https://github.com/mswjs/msw/releases)
- [Changelog](https://github.com/mswjs/msw/blob/main/CHANGELOG.md)
- [Commits](mswjs/msw@v2.12.11...v2.12.14)

Updates `unocss` from 66.6.6 to 66.6.7
- [Release notes](https://github.com/unocss/unocss/releases)
- [Commits](https://github.com/unocss/unocss/commits/v66.6.7/packages-presets/unocss)

Updates `vitest` from 4.1.0 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/vitest)

---
updated-dependencies:
- dependency-name: "@mintlify/cli"
  dependency-version: 4.0.1076
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: "@unocss/astro"
  dependency-version: 66.6.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: "@unocss/core"
  dependency-version: 66.6.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: "@unocss/reset"
  dependency-version: 66.6.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: astro
  dependency-version: 6.1.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: axe-core
  dependency-version: 4.11.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: jsdom
  dependency-version: 29.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: msw
  dependency-version: 2.12.14
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: unocss
  dependency-version: 66.6.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
- dependency-name: vitest
  dependency-version: 4.1.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-patches-dev
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 2, 2026

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 2, 2026
@vercel
Copy link
Copy Markdown

vercel bot commented Apr 2, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
pixelated Ready Ready Preview, Comment Apr 2, 2026 5:56am

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants