Skip to content

Chore(deps): Bump the frontend-minor-patch group across 1 directory with 9 updates#1691

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/webroot/frontend-minor-patch-41bfa7d722
Open

Chore(deps): Bump the frontend-minor-patch group across 1 directory with 9 updates#1691
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/webroot/frontend-minor-patch-41bfa7d722

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the frontend-minor-patch group with 8 updates in the /webroot directory:

Package From To
@vue/compat 3.5.35 3.5.38
axios 1.17.0 1.18.0
caniuse-lite 1.0.30001797 1.0.30001799
libphonenumber-js 1.13.6 1.13.7
uuid 14.0.0 14.0.1
vue 3.5.35 3.5.38
axe-core 4.12.0 4.12.1
sharp 0.34.5 0.35.2

Updates @vue/compat from 3.5.35 to 3.5.38

Release notes

Sourced from @​vue/compat's releases.

v3.5.38

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.37

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from @​vue/compat's changelog.

3.5.38 (2026-06-11)

3.5.37 (2026-06-11)

3.5.36 (2026-06-11)

Bug Fixes

  • compiler-core: avoid crash on CDATA at the document root (#14916) (0ea17e2)
  • compiler-core: prefix dynamic keys on v-memo elements (#14922) (68e978e), closes #14920
  • compiler-sfc: handle vue-ignore on leading intersection/union type (#14950) (0dcd225), closes #12254
  • compiler-sfc: respect var hoisting in props destructure (48ad452)
  • reactivity: preserve watch callback return value when wrapped for once: true (#14902) (450a8a8)
  • runtime-core: add dev warning for silent catch in compat mode and fix test description typo (#14891) (db3e117)
  • runtime-core: force model update when reverted before sync (#14897) (7f76378), closes #13524
  • runtime-core: skip async component callbacks after unmount (#14911) (5300ead)
  • transition: avoid move transition for hidden v-show group children (#14895) (c11f6ee), closes #14894
  • watch: trigger immediate callback for empty sources (#14914) (1f2ca7e), closes #14898
Commits

Updates axios from 1.17.0 to 1.18.0

Release notes

Sourced from axios's releases.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Changelog

Sourced from axios's changelog.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Commits
  • 2d06f96 chore(release): prepare release 1.18.0 (#11003)
  • 32fc489 fix: malformed http urls (#11000)
  • b40ce49 chore(deps-dev): bump the development_dependencies group with 10 updates (#10...
  • fe964f9 docs: mark proxy config as Node.js only (#10995)
  • 5f229d2 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 in the github-actions ...
  • fae9d4e docs: clarify package update PR policy (#10992)
  • 28ab2ce chore(deps-dev): bump the development_dependencies group with 2 updates (#10989)
  • a8e4f13 fix(core): keep default validateStatus when request passes undefined (#10899)
  • 614f455 docs: publish v1.17.0 release notes (#10988)
  • 6bb12c1 fix: custom auth headers not stripped on cross-origin redirects (#10892)
  • Additional commits viewable in compare view

Updates caniuse-lite from 1.0.30001797 to 1.0.30001799

Commits

Updates libphonenumber-js from 1.13.6 to 1.13.7

Changelog

Sourced from libphonenumber-js's changelog.

1.13.7 / 18.6.2026

  • Updated metadata to version 9.0.33:
    • Updated phone metadata for region code(s): BF, KE, MC, MW, NO, SG, SI, UG, VN
    • Updated geocoding data for country calling code(s): 47 (en)
    • Updated carrier data for country calling code(s): 36 (en), 40 (en), 65 (en), 84 (en), 232 (en), 235 (en), 250 (en), 256 (en), 265 (en), 386 (en), 503 (en), 1868 (en)
Commits

Updates uuid from 14.0.0 to 14.0.1

Release notes

Sourced from uuid's releases.

v14.0.1

14.0.1 (2026-06-20)

Bug Fixes

  • add types condition to node export for moduleResolution bundler (#961) (27ffae5)
Changelog

Sourced from uuid's changelog.

14.0.1 (2026-06-20)

Bug Fixes

  • add types condition to node export for moduleResolution bundler (#961) (27ffae5)
Commits
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates vue from 3.5.35 to 3.5.38

Release notes

Sourced from vue's releases.

v3.5.38

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.37

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.38 (2026-06-11)

3.5.37 (2026-06-11)

3.5.36 (2026-06-11)

Bug Fixes

  • compiler-core: avoid crash on CDATA at the document root (#14916) (0ea17e2)
  • compiler-core: prefix dynamic keys on v-memo elements (#14922) (68e978e), closes #14920
  • compiler-sfc: handle vue-ignore on leading intersection/union type (#14950) (0dcd225), closes #12254
  • compiler-sfc: respect var hoisting in props destructure (48ad452)
  • reactivity: preserve watch callback return value when wrapped for once: true (#14902) (450a8a8)
  • runtime-core: add dev warning for silent catch in compat mode and fix test description typo (#14891) (db3e117)
  • runtime-core: force model update when reverted before sync (#14897) (7f76378), closes #13524
  • runtime-core: skip async component callbacks after unmount (#14911) (5300ead)
  • transition: avoid move transition for hidden v-show group children (#14895) (c11f6ee), closes #14894
  • watch: trigger immediate callback for empty sources (#14914) (1f2ca7e), closes #14898
Commits

Updates @vue/compiler-sfc from 3.5.35 to 3.5.38

Release notes

Sourced from @​vue/compiler-sfc's releases.

v3.5.38

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.37

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from @​vue/compiler-sfc's changelog.

3.5.38 (2026-06-11)

3.5.37 (2026-06-11)

3.5.36 (2026-06-11)

Bug Fixes

  • compiler-core: avoid crash on CDATA at the document root (#14916) (0ea17e2)
  • compiler-core: prefix dynamic keys on v-memo elements (#14922) (68e978e), closes #14920
  • compiler-sfc: handle vue-ignore on leading intersection/union type (#14950) (0dcd225), closes #12254
  • compiler-sfc: respect var hoisting in props destructure (48ad452)
  • reactivity: preserve watch callback return value when wrapped for once: true (#14902) (450a8a8)
  • runtime-core: add dev warning for silent catch in compat mode and fix test description typo (#14891) (db3e117)
  • runtime-core: force model update when reverted before sync (#14897) (7f76378), closes #13524
  • runtime-core: skip async component callbacks after unmount (#14911) (5300ead)
  • transition: avoid move transition for hidden v-show group children (#14895) (c11f6ee), closes #14894
  • watch: trigger immediate callback for empty sources (#14914) (1f2ca7e), closes #14898
Commits

Updates axe-core from 4.12.0 to 4.12.1

Release notes

Sourced from axe-core's releases.

Release 4.12.1

Bug FixesThis release does not impact axe results.

  • axe.d.ts: make enabled property of RuleMetadata optional (#5129) (7eb3d2d)
Changelog

Sourced from axe-core's changelog.

4.12.1 (2026-06-09)

Bug Fixes

  • axe.d.ts: make enabled property of RuleMetadata optional (#5129) (7eb3d2d)
Commits

Updates sharp from 0.34.5 to 0.35.2

Release notes

Sourced from sharp's releases.

v0.35.2

v0.35.2-rc.2

  • TypeScript: Add mediaType to metadata response. #4492

  • Improve WebAssembly fallback detection. #4513

  • Improve code bundler support with stub binaries. #4543

  • Verify GIF effort option is an integer. #4544 @​metsw24-max

  • Verify recomb matrix entries are numbers. #4545 @​metsw24-max

  • TypeScript: Replace namespace with named exports for ESM. #4546

... (truncated)

Commits
  • c9622a3 Release v0.35.2
  • cd4568f Upgrade to sharp-libvips v1.3.1
  • 78390cf Tests: Add font file to prevent font discovery flakiness (#4550)
  • 61210b4 Verify convolve kernel values are numbers (#4549)
  • 1cb27dc Prerelease v0.35.2-rc.2
  • c7606c3 Upgrade to sharp-libvips v1.3.1-rc.0
  • 29d1e9e Prerelease v0.35.2-rc.1
  • bbba0a1 Improve code bundler support with stub binaries
  • ab52866 Bound dilate and erode width to avoid mask-size overflow (#4548)
  • 0f594dd Prerelease v0.35.2-rc.0
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…ith 9 updates

Bumps the frontend-minor-patch group with 8 updates in the /webroot directory:

| Package | From | To |
| --- | --- | --- |
| [@vue/compat](https://github.com/vuejs/core) | `3.5.35` | `3.5.38` |
| [axios](https://github.com/axios/axios) | `1.17.0` | `1.18.0` |
| [caniuse-lite](https://github.com/browserslist/caniuse-lite) | `1.0.30001797` | `1.0.30001799` |
| [libphonenumber-js](https://gitlab.com/catamphetamine/libphonenumber-js) | `1.13.6` | `1.13.7` |
| [uuid](https://github.com/uuidjs/uuid) | `14.0.0` | `14.0.1` |
| [vue](https://github.com/vuejs/core) | `3.5.35` | `3.5.38` |
| [axe-core](https://github.com/dequelabs/axe-core) | `4.12.0` | `4.12.1` |
| [sharp](https://github.com/lovell/sharp) | `0.34.5` | `0.35.2` |



Updates `@vue/compat` from 3.5.35 to 3.5.38
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](vuejs/core@v3.5.35...v3.5.38)

Updates `axios` from 1.17.0 to 1.18.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.17.0...v1.18.0)

Updates `caniuse-lite` from 1.0.30001797 to 1.0.30001799
- [Commits](browserslist/caniuse-lite@1.0.30001797...1.0.30001799)

Updates `libphonenumber-js` from 1.13.6 to 1.13.7
- [Changelog](https://gitlab.com/catamphetamine/libphonenumber-js/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/catamphetamine/libphonenumber-js/commits/master)

Updates `uuid` from 14.0.0 to 14.0.1
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v14.0.0...v14.0.1)

Updates `vue` from 3.5.35 to 3.5.38
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](vuejs/core@v3.5.35...v3.5.38)

Updates `@vue/compiler-sfc` from 3.5.35 to 3.5.38
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vuejs/core/commits/v3.5.38/packages/compiler-sfc)

Updates `axe-core` from 4.12.0 to 4.12.1
- [Release notes](https://github.com/dequelabs/axe-core/releases)
- [Changelog](https://github.com/dequelabs/axe-core/blob/develop/CHANGELOG.md)
- [Commits](dequelabs/axe-core@v4.12.0...v4.12.1)

Updates `sharp` from 0.34.5 to 0.35.2
- [Release notes](https://github.com/lovell/sharp/releases)
- [Commits](lovell/sharp@v0.34.5...v0.35.2)

---
updated-dependencies:
- dependency-name: "@vue/compat"
  dependency-version: 3.5.38
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-minor-patch
- dependency-name: axios
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: frontend-minor-patch
- dependency-name: caniuse-lite
  dependency-version: 1.0.30001799
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-minor-patch
- dependency-name: libphonenumber-js
  dependency-version: 1.13.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-minor-patch
- dependency-name: uuid
  dependency-version: 14.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-minor-patch
- dependency-name: vue
  dependency-version: 3.5.38
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-minor-patch
- dependency-name: "@vue/compiler-sfc"
  dependency-version: 3.5.38
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: frontend-minor-patch
- dependency-name: axe-core
  dependency-version: 4.12.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: frontend-minor-patch
- dependency-name: sharp
  dependency-version: 0.35.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: frontend-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file frontend labels Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file frontend

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants