Chore(deps): Bump the frontend-minor-patch group across 1 directory with 34 updates by dependabot[bot] · Pull Request #1499 · csg-org/CompactConnect

dependabot · 2026-04-27T01:25:32Z

Bumps the frontend-minor-patch group with 33 updates in the /webroot directory:

Package	From	To
@statsig/js-client	`3.25.3`	`3.32.6`
@statsig/session-replay	`3.25.3`	`3.32.6`
@statsig/web-analytics	`3.25.3`	`3.32.6`
@vue/compat	`3.4.21`	`3.5.32`
axios	`1.15.0`	`1.15.1`
caniuse-lite	`1.0.30001709`	`1.0.30001788`
core-js	`3.36.1`	`3.49.0`
country-codes-flags-phone-codes	`1.0.4`	`1.1.1`
joi-password	`4.2.0`	`4.3.0`
libphonenumber-js	`1.11.1`	`1.12.41`
object.fromentries	`2.0.4`	`2.0.8`
vue	`3.4.21`	`3.5.32`
vue3-lazyload	`0.3.8`	`0.4.2`
@babel/preset-env	`7.13.15`	`7.29.2`
@types/qrcode	`1.5.5`	`1.5.6`
@vue/cli-plugin-babel	`5.0.8`	`5.0.9`
@vue/cli-plugin-e2e-cypress	`5.0.8`	`5.0.9`
@vue/cli-plugin-eslint	`5.0.8`	`5.0.9`
@vue/cli-plugin-pwa	`5.0.8`	`5.0.9`
@vue/cli-plugin-router	`5.0.8`	`5.0.9`
@vue/cli-plugin-typescript	`5.0.8`	`5.0.9`
@vue/cli-plugin-unit-mocha	`5.0.8`	`5.0.9`
@vue/cli-plugin-vuex	`5.0.8`	`5.0.9`
@vue/cli-service	`5.0.8`	`5.0.9`
@vue/test-utils	`2.4.5`	`2.4.6`
axe-core	`4.9.1`	`4.11.3`
chai-match-pattern	`1.2.0`	`1.3.0`
cypress-axe	`1.6.0`	`1.7.0`
cypress-localstorage-commands	`2.2.7`	`2.3.0`
eslint-plugin-import	`2.29.1`	`2.32.0`
moment-timezone	`0.5.45`	`0.6.1`
sharp	`0.33.3`	`0.34.5`
style-resources-loader	`1.4.1`	`1.5.0`

Updates @statsig/js-client from 3.25.3 to 3.32.6

Release notes

Sourced from @statsig/js-client's releases.

3.32.6 - failure diagnostics

New Features

Improvements

failure diagnostics for focused log event fail bucketing

increased retry attempts and max pending batches

new sdk exception url override option

Fixes

Included In This Release

89404417445031e01b87b0e7b44a739f28ee4b5d araf-statsig

fix: sdk exception url override option (#861)

13e0dcb378e627b930d5816b3630f6983006b0e8 araf-statsig

fix: bump retry attempts and max batches (#858)

312bf6b3f54d7c7a7b10636e3bbf8fd476a1791d araf-statsig

fix: bucket network failures (#857)

Full Changelog: statsig-io/js-client-monorepo@3.32.5...3.32.6

3.32.5 - refined retry strategy

New Features

Improvements

refined retry strategy for specific type of network failures during log event

Capture error messages for most prevalent failures

Fixes

Included In This Release

88510382b57568ea82b23cc151b547ea0ab64d5c araf-statsig

fix: reconcile tests (#852)

84ec1381f766b08831bbefcd22f4456c786c677e araf-statsig

fix: capture error message (#850)

ca8a4b07d1c5a432927b17099d46feb28d6f1612 araf-statsig

fix: retry no response code batches (#849)

Full Changelog: statsig-io/js-client-monorepo@3.32.4...3.32.5

3.32.4 - failure path logging

New Features

... (truncated)

Commits

73d335e [release] 3.32.6 - failure diagnostics (#862)
db3885e [release] 3.32.5 - refined retry strategy (#853)
18cec47 [release] 3.32.4 - failure path logging (#845)
0d60f47 [release] 3.32.3 - Flush web vital events more often (#837)
8379f54 [release] 3.32.2 - Adding debug metadata for Event Logger (#828)
5ef702a [release] 3.32.1 - Session replay gcir (#820)
d3c719d [release] 3.32.0 - EventLogger Redesign (#805)
cc7715d [release] 3.31.2 - Session related performance improvement (#778)
9d17e97 [release] 3.31.1 - generic serverless client, performance upgrades, and bug f...
7f82b75 Handle disableStableID in bootstrap comparison (#770)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by araf-statsig, a new releaser for @statsig/js-client since your current version.

Updates @statsig/session-replay from 3.25.3 to 3.32.6

Release notes

Sourced from @statsig/session-replay's releases.

3.32.6 - failure diagnostics

New Features

Improvements

failure diagnostics for focused log event fail bucketing

increased retry attempts and max pending batches

new sdk exception url override option

Fixes

Included In This Release

89404417445031e01b87b0e7b44a739f28ee4b5d araf-statsig

fix: sdk exception url override option (#861)

13e0dcb378e627b930d5816b3630f6983006b0e8 araf-statsig

fix: bump retry attempts and max batches (#858)

312bf6b3f54d7c7a7b10636e3bbf8fd476a1791d araf-statsig

fix: bucket network failures (#857)

Full Changelog: statsig-io/js-client-monorepo@3.32.5...3.32.6

3.32.5 - refined retry strategy

New Features

Improvements

refined retry strategy for specific type of network failures during log event

Capture error messages for most prevalent failures

Fixes

Included In This Release

88510382b57568ea82b23cc151b547ea0ab64d5c araf-statsig

fix: reconcile tests (#852)

84ec1381f766b08831bbefcd22f4456c786c677e araf-statsig

fix: capture error message (#850)

ca8a4b07d1c5a432927b17099d46feb28d6f1612 araf-statsig

fix: retry no response code batches (#849)

Full Changelog: statsig-io/js-client-monorepo@3.32.4...3.32.5

3.32.4 - failure path logging

New Features

... (truncated)

Commits

73d335e [release] 3.32.6 - failure diagnostics (#862)
db3885e [release] 3.32.5 - refined retry strategy (#853)
18cec47 [release] 3.32.4 - failure path logging (#845)
0d60f47 [release] 3.32.3 - Flush web vital events more often (#837)
8379f54 [release] 3.32.2 - Adding debug metadata for Event Logger (#828)
5ef702a [release] 3.32.1 - Session replay gcir (#820)
d3c719d [release] 3.32.0 - EventLogger Redesign (#805)
cc7715d [release] 3.31.2 - Session related performance improvement (#778)
8722411 chore: improve perf on session id (#776)
9d17e97 [release] 3.31.1 - generic serverless client, performance upgrades, and bug f...
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by araf-statsig, a new releaser for @statsig/session-replay since your current version.

Updates @statsig/web-analytics from 3.25.3 to 3.32.6

Release notes

Sourced from @statsig/web-analytics's releases.

3.32.6 - failure diagnostics

New Features

Improvements

failure diagnostics for focused log event fail bucketing

increased retry attempts and max pending batches

new sdk exception url override option

Fixes

Included In This Release

89404417445031e01b87b0e7b44a739f28ee4b5d araf-statsig

fix: sdk exception url override option (#861)

13e0dcb378e627b930d5816b3630f6983006b0e8 araf-statsig

fix: bump retry attempts and max batches (#858)

312bf6b3f54d7c7a7b10636e3bbf8fd476a1791d araf-statsig

fix: bucket network failures (#857)

Full Changelog: statsig-io/js-client-monorepo@3.32.5...3.32.6

3.32.5 - refined retry strategy

New Features

Improvements

refined retry strategy for specific type of network failures during log event

Capture error messages for most prevalent failures

Fixes

Included In This Release

88510382b57568ea82b23cc151b547ea0ab64d5c araf-statsig

fix: reconcile tests (#852)

84ec1381f766b08831bbefcd22f4456c786c677e araf-statsig

fix: capture error message (#850)

ca8a4b07d1c5a432927b17099d46feb28d6f1612 araf-statsig

fix: retry no response code batches (#849)

Full Changelog: statsig-io/js-client-monorepo@3.32.4...3.32.5

3.32.4 - failure path logging

New Features

... (truncated)

Commits

73d335e [release] 3.32.6 - failure diagnostics (#862)
db3885e [release] 3.32.5 - refined retry strategy (#853)
18cec47 [release] 3.32.4 - failure path logging (#845)
0d60f47 [release] 3.32.3 - Flush web vital events more often (#837)
8d7e2ac fix: flush web vitals more often (#834)
8379f54 [release] 3.32.2 - Adding debug metadata for Event Logger (#828)
5ef702a [release] 3.32.1 - Session replay gcir (#820)
d3c719d [release] 3.32.0 - EventLogger Redesign (#805)
cc7715d [release] 3.31.2 - Session related performance improvement (#778)
8722411 chore: improve perf on session id (#776)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by araf-statsig, a new releaser for @statsig/web-analytics since your current version.

Updates @vue/compat from 3.4.21 to 3.5.32

Release notes

Sourced from @vue/compat's releases.

v3.5.32

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.31

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.30

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.29

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.28

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.27

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.26

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.25

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.24

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.23

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.22

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.21

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.20

For stable releases, please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from @vue/compat's changelog.

3.5.32 (2026-04-03)

Bug Fixes

runtime-core: prevent currentInstance leak into sibling render during async setup re-entry (#14668) (f166353), closes #14667

teleport: handle updates before deferred mount (#14642) (32b44f1), closes #14640

types: allow customRef to have different getter/setter types (#14639) (e20ddb0)

types: use private branding for shallowReactive (#14641) (302c47a), closes #14638 #14493

Reverts

Revert "fix(server-renderer): cleanup component effect scopes after SSR render" (#14674) (219d83b), closes #14674 #14669

3.5.31 (2026-03-25)

Bug Fixes

compiler-sfc: allow Node.js subpath imports patterns in asset urls (#13045) (95c3356), closes #9919

compiler-sfc: support template literal as defineModel name (#14622) (bd7eef0), closes #14621

reactivity: normalize toRef property keys before dep lookup + improve types (#14625) (1bb28d0), closes #12427 #12431

runtime-core: invalidate detached v-for memo vnodes after unmount (#14624) (560def4), closes #12708 #12710

runtime-core: preserve nullish event handlers in mergeProps (#14550) (5725222)

runtime-core: prevent merging model listener when value is null or undefined (#14629) (b39e032)

runtime-dom: defer teleport mount/update until suspense resolves (#8619) (88ed045), closes #8603

runtime-dom: handle activeElement check in Shadow DOM for v-model (#14196) (959ded2)

server-renderer: cleanup component effect scopes after SSR render (#14548) (862f11e)

suspense: avoid unmount activeBranch twice if wrapped in transition (#9392) (908c6ad), closes #7966

suspense: update suspense vnode's el during branch self-update (#12922) (a2c1700), closes #12920

transition: skip enter guard while hmr updating (#14611) (be0a2f1), closes #14608

types: prevent shallowReactive marker from leaking into value unions (#14493) (3b561db), closes #14490

3.5.30 (2026-03-09)

Bug Fixes

compat: add entities to @vue/compat deps to fix CJS edge cases (#12514) (e725a67), closes #10609

custom-element: ensure child component styles are injected in correct order before parent styles (#13374) (1398bf8), closes #13029

custom-element: properly locate parent when slotted in shadow dom (#12480) (f06c81a), closes #12479

custom-element: should properly patch as props for vue custom elements (#12409) (740983e), closes #12408

reactivity: avoid duplicate raw/proxy entries in Set.add (#14545) (d943612)

reactivity: fix reduce on reactive arrays to preserve reactivity (#12737) (16ef165), closes #12735

reactivity: handle Set with initial reactive values edge case (#12393) (5dc27ca), closes #8647

... (truncated)

Commits

9a2eb53 release: v3.5.32
32b44f1 fix(teleport): handle updates before deferred mount (#14642)
f166353 fix(runtime-core): prevent currentInstance leak into sibling render during as...
302c47a fix(types): use private branding for shallowReactive (#14641)
e20ddb0 fix(types): allow customRef to have different getter/setter types (#14639)
219d83b Revert "fix(server-renderer): cleanup component effect scopes after SSR rende...
fa23116 chore: fix typos in changelogs (#14653)
81615d3 release: v3.5.31
3b561db fix(types): prevent shallowReactive marker from leaking into value unions (#1...
1b2aca4 chore: ignore entities updates in renovate (#14630)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @vue/compat since your current version.

Updates axios from 1.15.0 to 1.15.1

Release notes

Sourced from axios's releases.

v1.15.1

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)

CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)

Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)

withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)

maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)

Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)

Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)

Location Request Header Type: Adds Location to CommonRequestHeadersList for accurate typing of redirect-aware requests. (#7528)

🐛 Bug Fixes

FormData Handling: Removes Content-Type when no boundary is present on FormData fetch requests, supports multi-select fields, cancels request.body instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (#7314, #10676, #10702, #10726)

HTTP Adapter: Handles socket-only request errors without leaking keep-alive listeners. (#10576)

Progress Events: Clamps loaded to total for computable upload/download progress events. (#7458)

Types: Aligns runWhen type with the runtime behaviour in InterceptorManager and makes response header keys case-insensitive. (#7529, #10677)

buildFullPath: Uses strict equality in the base/relative URL check. (#7252)

AxiosURLSearchParams Regex: Improves the regex used for param serialisation to avoid edge-case mismatches. (#10736)

Resilient Value Parsing: Parses out header/config values instead of throwing on malformed input. (#10687)

Docs Artefact Cleanup: Removes the docs content that was incorrectly committed. (#10727)

🔧 Maintenance & Chores

Threat Model & Security Docs: Ongoing refinement of THREATMODEL.md, including Hopper security update, TLS and tag-replay wording, mitigation descriptions, decompression-bomb guidance, and further cleanup. (#10672, #10715, #10718, #10722, #10763, #10765)

Test Coverage & Migration: Expanded shouldBypassProxy coverage for wildcard/IPv6/edge cases, documented and tested AxiosError.status, and migrated progressEventReducer tests to Vitest. (#10723, #10725, #10741)

Type Refactor: Uses TypeScript utility types to deduplicate literal unions. (#7520)

Repo & CI: Adds CODEOWNERS, switches v1.x releases to an ephemeral release branch, and removes orphaned Bower support. (#10739, #10738, #10746)

Changelog Backfill: Added missing version entries to the changelog. (#10704)

Dependencies: Bumped follow-redirects (1.15.11 → 1.16.0) in root and docs, axios (1.14.0 → 1.15.0) in docs, and a group of 5 development dependencies. (#10717, #10716, #10684, #10709)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@curiouscoder-cmd (#7252)

@tryonelove (#7520)

@darwin808 (#7314)

@zoontek (#10702)

@AKIB473 (#10725)

Full Changelog

Changelog

Sourced from axios's changelog.

v1.15.1 - April 19, 2026

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)

CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)

Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)

withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)

maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)

Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)

Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)

Location Request Header Type: Adds Location to CommonRequestHeadersList for accurate typing of redirect-aware requests. (#7528)

🐛 Bug Fixes

FormData Handling: Removes Content-Type when no boundary is present on FormData fetch requests, supports multi-select fields, cancels request.body instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (#7314, #10676, #10702, #10726)

HTTP Adapter: Handles socket-only request errors without leaking keep-alive listeners. (#10576)

Progress Events: Clamps loaded to total for computable upload/download progress events. (#7458)

Types: Aligns runWhen type with the runtime behaviour in InterceptorManager and makes response header keys case-insensitive. (#7529, #10677)

buildFullPath: Uses strict equality in the base/relative URL check. (#7252)

AxiosURLSearchParams Regex: Improves the regex used for param serialisation to avoid edge-case mismatches. (#10736)

Resilient Value Parsing: Parses out header/config values instead of throwing on malformed input. (#10687)

Docs Artefact Cleanup: Removes the docs content that was incorrectly committed. (#10727)

🔧 Maintenance & Chores

Threat Model & Security Docs: Ongoing refinement of THREATMODEL.md, including Hopper security update, TLS and tag-replay wording, mitigation descriptions, decompression-bomb guidance, and further cleanup. (#10672, #10715, #10718, #10722, #10763, #10765)

Test Coverage & Migration: Expanded shouldBypassProxy coverage for wildcard/IPv6/edge cases, documented and tested AxiosError.status, and migrated progressEventReducer tests to Vitest. (#10723, #10725, #10741)

... (truncated)

Commits

ac42446 chore(release): prepare release 1.15.1 (#10767)
908f220 docs: update threatmodel (#10765)
f93f815 docs: added docs around potential decompressions bomb (#10763)
1728aa1 fix: short-circuits on any truthy non-boolean in withXSRFToken (#10762)
42eb721 fix: replace in with has own prop util (#10761)
7587327 fix: strip crlf correctly (#10758)
f0b9867 chore: added additional testing for this issue (#10760)
e033f24 fix: incomplete fix for cve (#10755)
e8904af fix: stream response bypassed max content length (#10754)
1c7f6d7 fix: enforce max body length when max redirects is 0 (#10753)
Additional commits viewable in compare view

Updates caniuse-lite from 1.0.30001709 to 1.0.30001788

Commits

a90bee6 Update caniuse-db 1.0.30001788
5771bd6 Update caniuse-db 1.0.30001787
e2dbdd9 Update caniuse-db 1.0.30001786
40a1d4e Update caniuse-db 1.0.30001785
14baeb0 Update caniuse-db 1.0.30001784
f455430 Update caniuse-db 1.0.30001782
311d8db Update caniuse-db 1.0.30001781
da39da8 Update caniuse-db 1.0.30001780
984281a Update caniuse-db 1.0.30001779
1386a01 Update caniuse-db 1.0.30001778
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for caniuse-lite since your current version.

Updates core-js from 3.36.1 to 3.49.0

Changelog

Sourced from core-js's changelog.

3.49.0 - 2026.03.16

Changes v3.48.0...v3.49.0 (373 commits)

Iterator.range updated following the actual spec version

Throw a RangeError on NaN start / end / step

Allow null as optionOrStep

Improved accuracy of Math.{ asinh, atanh } polyfills with big and small values

Improved accuracy of Number.prototype.toExponential polyfills with big and small values

Improved performance of atob, btoa, Uint8Array.fromHex, Uint8Array.prototype.setFromHex, and Uint8Array.prototype.toHex, #1503, #1464, #1510, thanks @johnzhou721

Minor performance optimization polyfills of methods from Map upsert proposal

Polyfills of methods from Map upsert proposal from the pure version made generic to make it work with polyfilled and native collections

Wrap Symbol.for in Symbol.prototype.description polyfill for correct handling of empty string descriptions

Fixed a modern Safari bug in Array.prototype.includes with sparse arrays and fromIndex

Fixed one more case (Iterator.prototype.take) of a V8 ~ Chromium < 126 bug

Forced replacement of Iterator.{ concat, zip, zipKeyed } in the pure version for ensuring proper wrapped Iterator instances as the result

Fixed proxying .return() on exhausted iterator from some methods of iterator helpers polyfill to the underlying iterator

Fixed double .return() calling in case of throwing error in this method in the internal iterate helper that affected some polyfills

Fixed closing iterator on IteratorValue errors in the internal iterate helper that affected some polyfills

Fixed iterator closing in Array.from polyfill on failure to create array property

Fixed order of arguments validation in Array.fromAsync polyfill

Fixed a lack of counter validation on MAX_SAFE_INTEGER in Array.fromAsync polyfill

Fixed order of arguments validation in Array.prototype.flat polyfill

Fixed handling strings as iterables in Iterator.{ zip, zipKeyed } polyfills

Fixed some cases of iterators closing in Iterator.{ zip, zipKeyed } polyfills

Fixed validation of iterators .next() results an objects in Iterator.{ zip, zipKeyed } polyfills

Fixed a lack of early error in Iterator.concat polyfill on primitive as an iterator

Fixed buffer mutation exposure in Iterator.prototype.windows polyfill

Fixed iterator closing in Set.prototype.{ isDisjointFrom, isSupersetOf } polyfill

Fixed (updated following the final spec) one more case Set.prototype.difference polyfill with updating this

Fixed DataView.prototype.setFloat16 polyfill in (0, 1) range

Fixed order of arguments validation in String.prototype.{ padStart, padEnd } polyfills

Fixed order of arguments validation in String.prototype.{ startsWith, endsWith } polyfills

Fixed some cases of Infinity handling in String.prototype.substr polyfill

Fixed String.prototype.repeat polyfill with a counter exceeding 2 ** 32

Fixed some cases of chars case in escape polyfill

Fixed named backreferences in RegExp NCG polyfill

Fixed some cases of RegExp NCG polyfill in combination with other types of groups

Fixed some cases of RegExp NCG polyfill in combination with dotAll

Fixed String.prototype.replace with sticky polyfill, #810, #1514

Fixed RegExp sticky polyfill with alternation

Fixed handling of some line terminators in case of multiline + sticky mode in RegExp polyfill

Fixed .input slicing on result object with RegExp sticky mode pol...
Description has been truncated

…ith 34 updates Bumps the frontend-minor-patch group with 33 updates in the /webroot directory: | Package | From | To | | --- | --- | --- | | [@statsig/js-client](https://github.com/statsig-io/js-client-monorepo/tree/HEAD/packages/js-client) | `3.25.3` | `3.32.6` | | [@statsig/session-replay](https://github.com/statsig-io/js-client-monorepo/tree/HEAD/packages/session-replay) | `3.25.3` | `3.32.6` | | [@statsig/web-analytics](https://github.com/statsig-io/js-client-monorepo/tree/HEAD/packages/web-analytics) | `3.25.3` | `3.32.6` | | [@vue/compat](https://github.com/vuejs/core) | `3.4.21` | `3.5.32` | | [axios](https://github.com/axios/axios) | `1.15.0` | `1.15.1` | | [caniuse-lite](https://github.com/browserslist/caniuse-lite) | `1.0.30001709` | `1.0.30001788` | | [core-js](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js) | `3.36.1` | `3.49.0` | | [country-codes-flags-phone-codes](https://github.com/mehmetcanfarsak/country-codes-flags-phone-codes) | `1.0.4` | `1.1.1` | | [joi-password](https://github.com/Heaty566/joi-password) | `4.2.0` | `4.3.0` | | [libphonenumber-js](https://gitlab.com/catamphetamine/libphonenumber-js) | `1.11.1` | `1.12.41` | | [object.fromentries](https://github.com/es-shims/Object.fromEntries) | `2.0.4` | `2.0.8` | | [vue](https://github.com/vuejs/core) | `3.4.21` | `3.5.32` | | [vue3-lazyload](https://github.com/murongg/vue3-lazyload) | `0.3.8` | `0.4.2` | | [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.13.15` | `7.29.2` | | [@types/qrcode](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/qrcode) | `1.5.5` | `1.5.6` | | [@vue/cli-plugin-babel](https://github.com/vuejs/vue-cli/tree/HEAD/packages/@vue/cli-plugin-babel) | `5.0.8` | `5.0.9` | | [@vue/cli-plugin-e2e-cypress](https://github.com/vuejs/vue-cli/tree/HEAD/packages/@vue/cli-plugin-e2e-cypress) | `5.0.8` | `5.0.9` | | [@vue/cli-plugin-eslint](https://github.com/vuejs/vue-cli/tree/HEAD/packages/@vue/cli-plugin-eslint) | `5.0.8` | `5.0.9` | | [@vue/cli-plugin-pwa](https://github.com/vuejs/vue-cli/tree/HEAD/packages/@vue/cli-plugin-pwa) | `5.0.8` | `5.0.9` | | [@vue/cli-plugin-router](https://github.com/vuejs/vue-cli/tree/HEAD/packages/@vue/cli-plugin-router) | `5.0.8` | `5.0.9` | | [@vue/cli-plugin-typescript](https://github.com/vuejs/vue-cli/tree/HEAD/packages/@vue/cli-plugin-typescript) | `5.0.8` | `5.0.9` | | [@vue/cli-plugin-unit-mocha](https://github.com/vuejs/vue-cli/tree/HEAD/packages/@vue/cli-plugin-unit-mocha) | `5.0.8` | `5.0.9` | | [@vue/cli-plugin-vuex](https://github.com/vuejs/vue-cli/tree/HEAD/packages/@vue/cli-plugin-vuex) | `5.0.8` | `5.0.9` | | [@vue/cli-service](https://github.com/vuejs/vue-cli/tree/HEAD/packages/@vue/cli-service) | `5.0.8` | `5.0.9` | | [@vue/test-utils](https://github.com/vuejs/test-utils) | `2.4.5` | `2.4.6` | | [axe-core](https://github.com/dequelabs/axe-core) | `4.9.1` | `4.11.3` | | [chai-match-pattern](https://github.com/mjhm/chai-match-pattern) | `1.2.0` | `1.3.0` | | [cypress-axe](https://github.com/component-driven/cypress-axe) | `1.6.0` | `1.7.0` | | [cypress-localstorage-commands](https://github.com/javierbrea/cypress-localstorage-commands) | `2.2.7` | `2.3.0` | | [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) | `2.29.1` | `2.32.0` | | [moment-timezone](https://github.com/moment/moment-timezone) | `0.5.45` | `0.6.1` | | [sharp](https://github.com/lovell/sharp) | `0.33.3` | `0.34.5` | | [style-resources-loader](https://github.com/yenshih/style-resources-loader) | `1.4.1` | `1.5.0` | Updates `@statsig/js-client` from 3.25.3 to 3.32.6 - [Release notes](https://github.com/statsig-io/js-client-monorepo/releases) - [Commits](https://github.com/statsig-io/js-client-monorepo/commits/3.32.6/packages/js-client) Updates `@statsig/session-replay` from 3.25.3 to 3.32.6 - [Release notes](https://github.com/statsig-io/js-client-monorepo/releases) - [Commits](https://github.com/statsig-io/js-client-monorepo/commits/3.32.6/packages/session-replay) Updates `@statsig/web-analytics` from 3.25.3 to 3.32.6 - [Release notes](https://github.com/statsig-io/js-client-monorepo/releases) - [Commits](https://github.com/statsig-io/js-client-monorepo/commits/3.32.6/packages/web-analytics) Updates `@vue/compat` from 3.4.21 to 3.5.32 - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](vuejs/core@v3.4.21...v3.5.32) Updates `axios` from 1.15.0 to 1.15.1 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.15.0...v1.15.1) Updates `caniuse-lite` from 1.0.30001709 to 1.0.30001788 - [Commits](browserslist/caniuse-lite@1.0.30001709...1.0.30001788) Updates `core-js` from 3.36.1 to 3.49.0 - [Release notes](https://github.com/zloirock/core-js/releases) - [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/zloirock/core-js/commits/v3.49.0/packages/core-js) Updates `country-codes-flags-phone-codes` from 1.0.4 to 1.1.1 - [Release notes](https://github.com/mehmetcanfarsak/country-codes-flags-phone-codes/releases) - [Commits](mehmetcanfarsak/country-codes-flags-phone-codes@1.0.4...1.1.1) Updates `joi-password` from 4.2.0 to 4.3.0 - [Release notes](https://github.com/Heaty566/joi-password/releases) - [Commits](https://github.com/Heaty566/joi-password/commits) Updates `libphonenumber-js` from 1.11.1 to 1.12.41 - [Changelog](https://gitlab.com/catamphetamine/libphonenumber-js/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/catamphetamine/libphonenumber-js/compare/v1.11.1...v1.12.41) Updates `object.fromentries` from 2.0.4 to 2.0.8 - [Changelog](https://github.com/es-shims/Object.fromEntries/blob/main/CHANGELOG.md) - [Commits](es-shims/Object.fromEntries@v2.0.4...v2.0.8) Updates `vue` from 3.4.21 to 3.5.32 - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](vuejs/core@v3.4.21...v3.5.32) Updates `vue3-lazyload` from 0.3.8 to 0.4.2 - [Release notes](https://github.com/murongg/vue3-lazyload/releases) - [Commits](murongg/vue3-lazyload@v0.3.8...v0.4.2) Updates `@babel/preset-env` from 7.13.15 to 7.29.2 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.2/packages/babel-preset-env) Updates `@types/qrcode` from 1.5.5 to 1.5.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/qrcode) Updates `@vue/cli-plugin-babel` from 5.0.8 to 5.0.9 - [Release notes](https://github.com/vuejs/vue-cli/releases) - [Changelog](https://github.com/vuejs/vue-cli/blob/dev/CHANGELOG.md) - [Commits](https://github.com/vuejs/vue-cli/commits/v5.0.9/packages/@vue/cli-plugin-babel) Updates `@vue/cli-plugin-e2e-cypress` from 5.0.8 to 5.0.9 - [Release notes](https://github.com/vuejs/vue-cli/releases) - [Changelog](https://github.com/vuejs/vue-cli/blob/dev/CHANGELOG.md) - [Commits](https://github.com/vuejs/vue-cli/commits/v5.0.9/packages/@vue/cli-plugin-e2e-cypress) Updates `@vue/cli-plugin-eslint` from 5.0.8 to 5.0.9 - [Release notes](https://github.com/vuejs/vue-cli/releases) - [Changelog](https://github.com/vuejs/vue-cli/blob/dev/CHANGELOG.md) - [Commits](https://github.com/vuejs/vue-cli/commits/v5.0.9/packages/@vue/cli-plugin-eslint) Updates `@vue/cli-plugin-pwa` from 5.0.8 to 5.0.9 - [Release notes](https://github.com/vuejs/vue-cli/releases) - [Changelog](https://github.com/vuejs/vue-cli/blob/dev/CHANGELOG.md) - [Commits](https://github.com/vuejs/vue-cli/commits/v5.0.9/packages/@vue/cli-plugin-pwa) Updates `@vue/cli-plugin-router` from 5.0.8 to 5.0.9 - [Release notes](https://github.com/vuejs/vue-cli/releases) - [Changelog](https://github.com/vuejs/vue-cli/blob/dev/CHANGELOG.md) - [Commits](https://github.com/vuejs/vue-cli/commits/v5.0.9/packages/@vue/cli-plugin-router) Updates `@vue/cli-plugin-typescript` from 5.0.8 to 5.0.9 - [Release notes](https://github.com/vuejs/vue-cli/releases) - [Changelog](https://github.com/vuejs/vue-cli/blob/dev/CHANGELOG.md) - [Commits](https://github.com/vuejs/vue-cli/commits/v5.0.9/packages/@vue/cli-plugin-typescript) Updates `@vue/cli-plugin-unit-mocha` from 5.0.8 to 5.0.9 - [Release notes](https://github.com/vuejs/vue-cli/releases) - [Changelog](https://github.com/vuejs/vue-cli/blob/dev/CHANGELOG.md) - [Commits](https://github.com/vuejs/vue-cli/commits/v5.0.9/packages/@vue/cli-plugin-unit-mocha) Updates `@vue/cli-plugin-vuex` from 5.0.8 to 5.0.9 - [Release notes](https://github.com/vuejs/vue-cli/releases) - [Changelog](https://github.com/vuejs/vue-cli/blob/dev/CHANGELOG.md) - [Commits](https://github.com/vuejs/vue-cli/commits/v5.0.9/packages/@vue/cli-plugin-vuex) Updates `@vue/cli-service` from 5.0.8 to 5.0.9 - [Release notes](https://github.com/vuejs/vue-cli/releases) - [Changelog](https://github.com/vuejs/vue-cli/blob/dev/CHANGELOG.md) - [Commits](https://github.com/vuejs/vue-cli/commits/v5.0.9/packages/@vue/cli-service) Updates `@vue/compiler-sfc` from 3.4.21 to 3.5.32 - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](https://github.com/vuejs/core/commits/v3.5.32/packages/compiler-sfc) Updates `@vue/test-utils` from 2.4.5 to 2.4.6 - [Release notes](https://github.com/vuejs/test-utils/releases) - [Commits](vuejs/test-utils@v2.4.5...v2.4.6) Updates `axe-core` from 4.9.1 to 4.11.3 - [Release notes](https://github.com/dequelabs/axe-core/releases) - [Changelog](https://github.com/dequelabs/axe-core/blob/develop/CHANGELOG.md) - [Commits](dequelabs/axe-core@v4.9.1...v4.11.3) Updates `chai-match-pattern` from 1.2.0 to 1.3.0 - [Commits](https://github.com/mjhm/chai-match-pattern/commits) Updates `cypress-axe` from 1.6.0 to 1.7.0 - [Release notes](https://github.com/component-driven/cypress-axe/releases) - [Commits](component-driven/cypress-axe@v1.6.0...v1.7.0) Updates `cypress-localstorage-commands` from 2.2.7 to 2.3.0 - [Release notes](https://github.com/javierbrea/cypress-localstorage-commands/releases) - [Changelog](https://github.com/javierbrea/cypress-localstorage-commands/blob/master/CHANGELOG.md) - [Commits](javierbrea/cypress-localstorage-commands@v2.2.7...v2.3.0) Updates `eslint-plugin-import` from 2.29.1 to 2.32.0 - [Release notes](https://github.com/import-js/eslint-plugin-import/releases) - [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md) - [Commits](import-js/eslint-plugin-import@v2.29.1...v2.32.0) Updates `moment-timezone` from 0.5.45 to 0.6.1 - [Release notes](https://github.com/moment/moment-timezone/releases) - [Changelog](https://github.com/moment/moment-timezone/blob/develop/changelog.md) - [Commits](moment/moment-timezone@0.5.45...0.6.1) Updates `sharp` from 0.33.3 to 0.34.5 - [Release notes](https://github.com/lovell/sharp/releases) - [Commits](lovell/sharp@v0.33.3...v0.34.5) Updates `style-resources-loader` from 1.4.1 to 1.5.0 - [Changelog](https://github.com/yenshih/style-resources-loader/blob/master/CHANGELOG.md) - [Commits](https://github.com/yenshih/style-resources-loader/commits/v1.5.0) --- updated-dependencies: - dependency-name: "@statsig/js-client" dependency-version: 3.32.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@statsig/session-replay" dependency-version: 3.32.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@statsig/web-analytics" dependency-version: 3.32.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@vue/compat" dependency-version: 3.5.32 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: axios dependency-version: 1.15.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: caniuse-lite dependency-version: 1.0.30001788 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: core-js dependency-version: 3.49.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: country-codes-flags-phone-codes dependency-version: 1.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: joi-password dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: libphonenumber-js dependency-version: 1.12.41 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: object.fromentries dependency-version: 2.0.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: vue dependency-version: 3.5.32 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: vue3-lazyload dependency-version: 0.4.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@babel/preset-env" dependency-version: 7.29.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@types/qrcode" dependency-version: 1.5.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: "@vue/cli-plugin-babel" dependency-version: 5.0.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: "@vue/cli-plugin-e2e-cypress" dependency-version: 5.0.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: "@vue/cli-plugin-eslint" dependency-version: 5.0.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: "@vue/cli-plugin-pwa" dependency-version: 5.0.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: "@vue/cli-plugin-router" dependency-version: 5.0.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: "@vue/cli-plugin-typescript" dependency-version: 5.0.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: "@vue/cli-plugin-unit-mocha" dependency-version: 5.0.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: "@vue/cli-plugin-vuex" dependency-version: 5.0.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: "@vue/cli-service" dependency-version: 5.0.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: "@vue/compiler-sfc" dependency-version: 3.5.32 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@vue/test-utils" dependency-version: 2.4.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: axe-core dependency-version: 4.11.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: chai-match-pattern dependency-version: 1.3.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: cypress-axe dependency-version: 1.7.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: cypress-localstorage-commands dependency-version: 2.3.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: eslint-plugin-import dependency-version: 2.32.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: moment-timezone dependency-version: 0.6.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: sharp dependency-version: 0.34.5 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: style-resources-loader dependency-version: 1.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: frontend-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file frontend labels Apr 27, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Chore(deps): Bump the frontend-minor-patch group across 1 directory with 34 updates#1499

Chore(deps): Bump the frontend-minor-patch group across 1 directory with 34 updates#1499
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/webroot/frontend-minor-patch-871ec9a6cc

dependabot Bot commented on behalf of github Apr 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 27, 2026

3.32.6 - failure diagnostics

New Features

Improvements

Fixes

3.32.5 - refined retry strategy

New Features

Improvements

Fixes

3.32.4 - failure path logging

New Features

3.32.6 - failure diagnostics

New Features

Improvements

Fixes

3.32.5 - refined retry strategy

New Features

Improvements

Fixes

3.32.4 - failure path logging

New Features

3.32.6 - failure diagnostics

New Features

Improvements

Fixes

3.32.5 - refined retry strategy

New Features

Improvements

Fixes

3.32.4 - failure path logging

New Features

v3.5.32

v3.5.31

v3.5.30

v3.5.29

v3.5.28

v3.5.27

v3.5.26

v3.5.25

v3.5.24

v3.5.23

v3.5.22

v3.5.21

v3.5.20

3.5.32 (2026-04-03)

Bug Fixes

Reverts

3.5.31 (2026-03-25)

Bug Fixes

3.5.30 (2026-03-09)

Bug Fixes

v1.15.1

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

v1.15.1 - April 19, 2026

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

3.49.0 - 2026.03.16

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants