Skip to content

Chore(deps): Bump the frontend-minor-patch group across 1 directory with 12 updates#1710

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/webroot/frontend-minor-patch-8e251adc8e
Open

Chore(deps): Bump the frontend-minor-patch group across 1 directory with 12 updates#1710
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/webroot/frontend-minor-patch-8e251adc8e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the frontend-minor-patch group with 11 updates in the /webroot directory:

Package From To
@statsig/js-client 3.33.2 3.33.3
@statsig/session-replay 3.33.2 3.33.3
@statsig/web-analytics 3.33.2 3.33.3
@vue/compat 3.5.35 3.5.39
axios 1.17.0 1.18.1
caniuse-lite 1.0.30001797 1.0.30001799
libphonenumber-js 1.13.6 1.13.7
uuid 14.0.0 14.0.1
vue 3.5.35 3.5.39
axe-core 4.12.0 4.12.1
sharp 0.34.5 0.35.2

Updates @statsig/js-client from 3.33.2 to 3.33.3

Release notes

Sourced from @​statsig/js-client's releases.

3.33.3 - Fix persist human-readable group_name in @​statsig/js-user-persisted-storage

New Features

Improvements

Fixes

  • Fix persist human-readable group_name in @​statsig/js-user-persisted-storage

Included In This Release

  • 178cd0cfb0b35e81d8b5a55d0c29bf7435b03062 Xinyi Ye
    • fix: persist human-readable group_name in UserPersistentOverrideAdapter (#888)
  • 3f495a4ce18c5b414dd601a2c18afa24defcc1fe Lew Gordon
    • perf: iterative _fastApproxSizeOf (#877)
  • a7f321ecaaf8f85b375eb5e48afc8d00c6544dce Daniel Graham
    • chore: require npm release environment (#887)
  • 7725f550c0105e5f85d36cb6d5a213aa92faeeff Xinyi Ye
    • fix: deflake StatsigUpdateDetails InitializeAsync Success duration assert (#886)

[!NOTE] Low Risk Version and lockfile-only changes with no behavioral code in the diff; standard low-risk release tagging.

Overview This PR bumps the entire JS client monorepo from 3.33.2 to 3.33.3: root and every @statsig/* package version, aligned internal dependency specifiers, and matching pnpm-lock.yaml entries.

It also updates SDK_VERSION in packages/client-core/src/StatsigMetadata.ts, so runtime metadata and network headers report 3.33.3. There are no application or library source changes in the diff beyond that constant—it's the release cut that packages commits already on the branch (e.g. persisted group_name in user storage, per the PR title).

Reviewed by Cursor Bugbot for commit c0c90263f9e2c82221a6a667334a7095dfdb8ea8. Bugbot is set up for automated code reviews on this repo. Configure here.

Full Changelog: statsig-io/js-client-monorepo@3.33.2...3.33.3

Commits
  • 3eb0927 [release] 3.33.3 - Fix persist human-readable group_name in @​statsig/js-user-...
  • See full diff in compare view

Updates @statsig/session-replay from 3.33.2 to 3.33.3

Release notes

Sourced from @​statsig/session-replay's releases.

3.33.3 - Fix persist human-readable group_name in @​statsig/js-user-persisted-storage

New Features

Improvements

Fixes

  • Fix persist human-readable group_name in @​statsig/js-user-persisted-storage

Included In This Release

  • 178cd0cfb0b35e81d8b5a55d0c29bf7435b03062 Xinyi Ye
    • fix: persist human-readable group_name in UserPersistentOverrideAdapter (#888)
  • 3f495a4ce18c5b414dd601a2c18afa24defcc1fe Lew Gordon
    • perf: iterative _fastApproxSizeOf (#877)
  • a7f321ecaaf8f85b375eb5e48afc8d00c6544dce Daniel Graham
    • chore: require npm release environment (#887)
  • 7725f550c0105e5f85d36cb6d5a213aa92faeeff Xinyi Ye
    • fix: deflake StatsigUpdateDetails InitializeAsync Success duration assert (#886)

[!NOTE] Low Risk Version and lockfile-only changes with no behavioral code in the diff; standard low-risk release tagging.

Overview This PR bumps the entire JS client monorepo from 3.33.2 to 3.33.3: root and every @statsig/* package version, aligned internal dependency specifiers, and matching pnpm-lock.yaml entries.

It also updates SDK_VERSION in packages/client-core/src/StatsigMetadata.ts, so runtime metadata and network headers report 3.33.3. There are no application or library source changes in the diff beyond that constant—it's the release cut that packages commits already on the branch (e.g. persisted group_name in user storage, per the PR title).

Reviewed by Cursor Bugbot for commit c0c90263f9e2c82221a6a667334a7095dfdb8ea8. Bugbot is set up for automated code reviews on this repo. Configure here.

Full Changelog: statsig-io/js-client-monorepo@3.33.2...3.33.3

Commits
  • 3eb0927 [release] 3.33.3 - Fix persist human-readable group_name in @​statsig/js-user-...
  • See full diff in compare view

Updates @statsig/web-analytics from 3.33.2 to 3.33.3

Release notes

Sourced from @​statsig/web-analytics's releases.

3.33.3 - Fix persist human-readable group_name in @​statsig/js-user-persisted-storage

New Features

Improvements

Fixes

  • Fix persist human-readable group_name in @​statsig/js-user-persisted-storage

Included In This Release

  • 178cd0cfb0b35e81d8b5a55d0c29bf7435b03062 Xinyi Ye
    • fix: persist human-readable group_name in UserPersistentOverrideAdapter (#888)
  • 3f495a4ce18c5b414dd601a2c18afa24defcc1fe Lew Gordon
    • perf: iterative _fastApproxSizeOf (#877)
  • a7f321ecaaf8f85b375eb5e48afc8d00c6544dce Daniel Graham
    • chore: require npm release environment (#887)
  • 7725f550c0105e5f85d36cb6d5a213aa92faeeff Xinyi Ye
    • fix: deflake StatsigUpdateDetails InitializeAsync Success duration assert (#886)

[!NOTE] Low Risk Version and lockfile-only changes with no behavioral code in the diff; standard low-risk release tagging.

Overview This PR bumps the entire JS client monorepo from 3.33.2 to 3.33.3: root and every @statsig/* package version, aligned internal dependency specifiers, and matching pnpm-lock.yaml entries.

It also updates SDK_VERSION in packages/client-core/src/StatsigMetadata.ts, so runtime metadata and network headers report 3.33.3. There are no application or library source changes in the diff beyond that constant—it's the release cut that packages commits already on the branch (e.g. persisted group_name in user storage, per the PR title).

Reviewed by Cursor Bugbot for commit c0c90263f9e2c82221a6a667334a7095dfdb8ea8. Bugbot is set up for automated code reviews on this repo. Configure here.

Full Changelog: statsig-io/js-client-monorepo@3.33.2...3.33.3

Commits
  • 3eb0927 [release] 3.33.3 - Fix persist human-readable group_name in @​statsig/js-user-...
  • See full diff in compare view

Updates @vue/compat from 3.5.35 to 3.5.39

Release notes

Sourced from @​vue/compat's releases.

v3.5.39

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.38

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.37

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from @​vue/compat's changelog.

3.5.39 (2026-06-25)

Bug Fixes

3.5.38 (2026-06-11)

3.5.37 (2026-06-11)

3.5.36 (2026-06-11)

Bug Fixes

  • compiler-core: avoid crash on CDATA at the document root (#14916) (0ea17e2)
  • compiler-core: prefix dynamic keys on v-memo elements (#14922) (68e978e), closes #14920
  • compiler-sfc: handle vue-ignore on leading intersection/union type (#14950) (0dcd225), closes #12254
  • compiler-sfc: respect var hoisting in props destructure (48ad452)
  • reactivity: preserve watch callback return value when wrapped for once: true (#14902) (450a8a8)
  • runtime-core: add dev warning for silent catch in compat mode and fix test description typo (#14891) (db3e117)
  • runtime-core: force model update when reverted before sync (#14897) (7f76378), closes #13524
  • runtime-core: skip async component callbacks after unmount (#14911) (5300ead)
  • transition: avoid move transition for hidden v-show group children (#14895) (c11f6ee), closes #14894
  • watch: trigger immediate callback for empty sources (#14914) (1f2ca7e), closes #14898
Commits
  • c0606e9 release: v3.5.39
  • 4b659e6 fix(runtime-dom): preserve option modifier event names (#8338)
  • 232f402 fix(types): support named tuple emits (#12676)
  • 671997a fix(teleport): handle teleport unmount edge case (#12705)
  • 164af63 fix(hydration): respect data-allow-mismatch on conditional branches (#12801)
  • 2f374cd fix(runtime-core): normalize function children for elements and Teleport (#9108)
  • 87b73b6 fix(runtime-core): preserve once event listener name (#8341)
  • 027da6b fix(ssr): dedupe inherited scope ids during vnode rendering (#15005)
  • 024cf06 fix(hydration): force patch dynamic props when hydrating (#9083)
  • be7ce31 fix(compiler-core): correct filter rewrite recursion (#14959)
  • Additional commits viewable in compare view

Updates axios from 1.17.0 to 1.18.1

Release notes

Sourced from axios's releases.

v1.18.1 — June 21, 2026

This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.

🐛 Bug Fixes

  • AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#10913)
  • Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#10917, #10930, #10942, #10993)
  • Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#10959, #11021)
  • AxiosURLSearchParams: Switched the encoder callback to an arrow function so encoder.call(this) receives the AxiosURLSearchParams instance correctly. (#11019)

🔧 Maintenance & Chores

  • Documentation: Documented sensitive headers and status transition behaviour, prepared cleaned-up docs, added Deno install instructions, and clarified that request data is request-specific (#11007, #11010, #11023, #11025)

  • Dependencies: Bumped vite, rollup, form-data, js-yaml, and multer across the root project, docs, smoke tests, and module test workspaces. (#11011, #11012, #11013, #11014, #11015, #11016, #11017, #11026)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Commits
  • a209bfb chore(release): prepare release 1.18.1 (#11027)
  • fa6a55e chore(deps-dev): bump multer from 2.1.1 to 2.2.0 (#11026)
  • 40e7be8 docs: clarifies that request data is request-specific in axios (#11025)
  • a446b39 fix(AxiosURLSearchParams): use arrow function so encoder.call(this) receives ...
  • cf1306a docs: add Deno to install instructions (#11023)
  • b32880a fix: incorrect use of error (#11021)
  • 1792eda fix: ensure maxBodyLength is explicitly passed to follow-redirects (#10993)
  • 30499d6 fix: various runtime crashes and type definition mismatches (#10959)
  • 20ce9c4 fix(http): defer env proxy handling to Node (#10942)
  • e64bcf9 chore(deps): merge branch 'v1.x' into tests/module/cjs (#11014)
  • Additional commits viewable in compare view

Updates caniuse-lite from 1.0.30001797 to 1.0.30001799

Commits

Updates libphonenumber-js from 1.13.6 to 1.13.7

Changelog

Sourced from libphonenumber-js's changelog.

1.13.7 / 18.6.2026

  • Updated metadata to version 9.0.33:
    • Updated phone metadata for region code(s): BF, KE, MC, MW, NO, SG, SI, UG, VN
    • Updated geocoding data for country calling code(s): 47 (en)
    • Updated carrier data for country calling code(s): 36 (en), 40 (en), 65 (en), 84 (en), 232 (en), 235 (en), 250 (en), 256 (en), 265 (en), 386 (en), 503 (en), 1868 (en)
Commits

Updates uuid from 14.0.0 to 14.0.1

Release notes

Sourced from uuid's releases.

v14.0.1

14.0.1 (2026-06-20)

Bug Fixes

  • add types condition to node export for moduleResolution bundler (#961) (27ffae5)
Changelog

Sourced from uuid's changelog.

14.0.1 (2026-06-20)

Bug Fixes

  • add types condition to node export for moduleResolution bundler (#961) (27ffae5)
Commits
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates vue from 3.5.35 to 3.5.39

Release notes

Sourced from vue's releases.

v3.5.39

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.38

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.37

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.39 (2026-06-25)

Bug Fixes

3.5.38 (2026-06-11)

3.5.37 (2026-06-11)

3.5.36 (2026-06-11)

Bug Fixes

  • compiler-core: avoid crash on CDATA at the document root (#14916) (0ea17e2)
  • compiler-core: prefix dynamic keys on v-memo elements (#14922) (68e978e), closes #14920
  • compiler-sfc: handle vue-ignore on leading intersection/union type (#14950) (0dcd225), closes #12254
  • compiler-sfc: respect var hoisting in props destructure (48ad452)
  • reactivity: preserve watch callback return value when wrapped for once: true (#14902) (450a8a8)
  • runtime-core: add dev warning for silent catch in compat mode and fix test description typo (#14891) (db3e117)
  • runtime-core: force model update when reverted before sync (#14897) (7f76378), closes #13524
  • runtime-core: skip async component callbacks after unmount (#14911) (5300ead)
  • transition: avoid move transition for hidden v-show group children (#14895) (c11f6ee), closes #14894
  • watch: trigger immediate callback for empty sources (#14914) (1f2ca7e), closes #14898
Commits
  • c0606e9 release: v3.5.39
  • 4b659e6 fix(runtime-dom): preserve option modifier event names (#8338)
  • 232f402 fix(types): support named tuple emits (#12676)
  • 671997a fix(teleport): handle teleport unmount edge case (#12705)
  • 164af63 fix(hydration): respect data-allow-mismatch on conditional branches (#12801)
  • 2f374cd fix(runtime-core): normalize function children for elements and Teleport (#9108)
  • 87b73b6 fix(runtime-core): preserve once event listener name (#8341)
  • 027da6b fix(ssr): dedupe inherited scope ids during vnode rendering (#15005)
  • 024cf06 fix(hydration): force patch dynamic props when hydrating (#9083)
  • be7ce31 fix(compiler-core): correct filter rewrite recursion (#14959)
  • Additional commits viewable in compare view

Updates @vue/compiler-sfc from 3.5.35 to 3.5.39

Release notes

Sourced from @​vue/compiler-sfc's releases.

v3.5.39

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.38

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.37

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from @​vue/compiler-sfc's changelog.

3.5.39 (2026-06-25)

Bug Fixes

3.5.38 (2026-06-11)

3.5.37 (2026-06-11)

3.5.36 (2026-06-11)

Bug Fixes

  • compiler-core: avoid crash on CDATA at the document root (#14916) (0ea17e2)
  • compiler-core: prefix dynamic keys on v-memo elements (#14922) (68e978e), closes #14920
  • compiler-sfc: handle vue-ignore on leading intersection/union type (#14950) (0dcd225), closes #12254
  • compiler-sfc: respect var hoisting in props destructure (48ad452)
  • reactivity: preserve watch callback return value when wrapped for once: true (#14902) (450a8a8)
  • runtime-core: add dev warning for silent catch in compat mode and fix test description typo (#14891) (db3e117)
  • runtime-core: force model update when reverted before sync (#14897) (7f76378), closes #13524
  • runtime-core: skip async component callbacks after unmount (#14911) (5300ead)
  • transition: avoid move transition for hidden v-show group children (#14895) (c11f6ee), closes #14894
  • watch: trigger immediate callback for empty sources (#14914) (1f2ca7e), closes #14898
Commits

…ith 12 updates

Bumps the frontend-minor-patch group with 11 updates in the /webroot directory:

| Package | From | To |
| --- | --- | --- |
| [@statsig/js-client](https://github.com/statsig-io/js-client-monorepo/tree/HEAD/packages/js-client) | `3.33.2` | `3.33.3` |
| [@statsig/session-replay](https://github.com/statsig-io/js-client-monorepo/tree/HEAD/packages/session-replay) | `3.33.2` | `3.33.3` |
| [@statsig/web-analytics](https://github.com/statsig-io/js-client-monorepo/tree/HEAD/packages/web-analytics) | `3.33.2` | `3.33.3` |
| [@vue/compat](https://github.com/vuejs/core) | `3.5.35` | `3.5.39` |
| [axios](https://github.com/axios/axios) | `1.17.0` | `1.18.1` |
| [caniuse-lite](https://github.com/browserslist/caniuse-lite) | `1.0.30001797` | `1.0.30001799` |
| [libphonenumber-js](https://gitlab.com/catamphetamine/libphonenumber-js) | `1.13.6` | `1.13.7` |
| [uuid](https://github.com/uuidjs/uuid) | `14.0.0` | `14.0.1` |
| [vue](https://github.com/vuejs/core) | `3.5.35` | `3.5.39` |
| [axe-core](https://github.com/dequelabs/axe-core) | `4.12.0` | `4.12.1` |
| [sharp](https://github.com/lovell/sharp) | `0.34.5` | `0.35.2` |



Updates `@statsig/js-client` from 3.33.2 to 3.33.3
- [Release notes](https://github.com/statsig-io/js-client-monorepo/releases)
- [Commits](https://github.com/statsig-io/js-client-monorepo/commits/3.33.3/packages/js-client)

Updates `@statsig/session-replay` from 3.33.2 to 3.33.3
- [Release notes](https://github.com/statsig-io/js-client-monorepo/releases)
- [Commits](https://github.com/statsig-io/js-client-monorepo/commits/3.33.3/packages/session-replay)

Updates `@statsig/web-analytics` from 3.33.2 to 3.33.3
- [Release notes](https://github.com/statsig-io/js-client-monorepo/releases)
- [Commits](https://github.com/statsig-io/js-client-monorepo/commits/3.33.3/packages/web-analytics)

Updates `@vue/compat` from 3.5.35 to 3.5.39
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](vuejs/core@v3.5.35...v3.5.39)

Updates `axios` from 1.17.0 to 1.18.1
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.17.0...v1.18.1)

Updates `caniuse-lite` from 1.0.30001797 to 1.0.30001799
- [Commits](browserslist/caniuse-lite@1.0.30001797...1.0.30001799)

Updates `libphonenumber-js` from 1.13.6 to 1.13.7
- [Changelog](https://gitlab.com/catamphetamine/libphonenumber-js/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/catamphetamine/libphonenumber-js/commits/master)

Updates `uuid` from 14.0.0 to 14.0.1
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v14.0.0...v14.0.1)

Updates `vue` from 3.5.35 to 3.5.39
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](vuejs/core@v3.5.35...v3.5.39)

Updates `@vue/compiler-sfc` from 3.5.35 to 3.5.39
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vuejs/core/commits/v3.5.39/packages/compiler-sfc)

Updates `axe-core` from 4.12.0 to 4.12.1
- [Release notes](https://github.com/dequelabs/axe-core/releases)
- [Changelog](https://github.com/dequelabs/axe-core/blob/develop/CHANGELOG.md)
- [Commits](dequelabs/axe-core@v4.12.0...v4.12.1)

Updates `sharp` from 0.34.5 to 0.35.2
- [Release notes](https://github.com/lovell/sharp/releases)
- [Commits](lovell/sharp@v0.34.5...v0.35.2)

---
updated-dependencies:
- dependency-name: "@statsig/js-client"
  dependency-version: 3.33.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-minor-patch
- dependency-name: "@statsig/session-replay"
  dependency-version: 3.33.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-minor-patch
- dependency-name: "@statsig/web-analytics"
  dependency-version: 3.33.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-minor-patch
- dependency-name: "@vue/compat"
  dependency-version: 3.5.39
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-minor-patch
- dependency-name: axios
  dependency-version: 1.18.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: frontend-minor-patch
- dependency-name: caniuse-lite
  dependency-version: 1.0.30001799
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-minor-patch
- dependency-name: libphonenumber-js
  dependency-version: 1.13.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-minor-patch
- dependency-name: uuid
  dependency-version: 14.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-minor-patch
- dependency-name: vue
  dependency-version: 3.5.39
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-minor-patch
- dependency-name: "@vue/compiler-sfc"
  dependency-version: 3.5.39
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: frontend-minor-patch
- dependency-name: axe-core
  dependency-version: 4.12.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: frontend-minor-patch
- dependency-name: sharp
  dependency-version: 0.35.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: frontend-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file frontend labels Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file frontend

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants