Bump path-to-regexp and mintlify in /docs

[dependabot]

Bumps path-to-regexp to 0.1.13 and updates ancestor dependency mintlify. These dependencies need to be updated together.

Updates path-to-regexp from 0.1.7 to 0.1.13

Release notes

Sourced from path-to-regexp's releases.

0.1.13

Important

• Fix CVE-2026-4867 (GHSA-37ch-88jc-xwx2)

Full Changelog: pillarjs/path-to-regexp@v0.1.12...v.0.1.13

Fix backtracking (again)

Fixed

• Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)

pillarjs/path-to-regexp@v0.1.11...v0.1.12

Error on bad input

Changed

• Add error on bad input values 8f09549

pillarjs/path-to-regexp@v0.1.10...v0.1.11

Backtrack protection

Fixed

• Add backtrack protection to parameters 29b96b4
  • This will break some edge cases but should improve performance

pillarjs/path-to-regexp@v0.1.9...v0.1.10

Support non-lookahead regex output

Added

• Allow a non-lookahead regex (#312) c4272e4

component/path-to-regexp@v0.1.8...v0.1.9

Support named matching groups in RegExp

Added

• Add support for named matching groups (#301) 114f62d

pillarjs/path-to-regexp@v0.1.7...v0.1.8

Changelog

Sourced from path-to-regexp's changelog.

0.1.13 / 2026-03-26

• Fix CVE-2026-4867 (GHSA-37ch-88jc-xwx2)

Commits

• 9fd0c87 0.1.13 (#425)
• 7ccf02c fix: CVE-2026-4867
• 640e694 0.1.12
• f01c26a Merge commit from fork
• 0c71192 0.1.11
• 8f09549 Add error on bad input values
• c827fce 0.1.10
• 29b96b4 Add backtrack protection to parameters
• ac4c234 Update repo url (#314)
• bdb6635 0.1.9
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for path-to-regexp since your current version.

Updates mintlify from 4.2.500 to 4.2.540

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
mindsdb	🟢 Ready	View Preview	Apr 29, 2026, 7:46 AM

💡 Tip: Enable Workflows to automatically generate PRs for you.

[entelligence-ai-pr-reviews]

EntelligenceAI PR Summary

This PR upgrades the mintlify package and its dependency tree in the docs package.

• Bumps mintlify from ^4.2.500 to ^4.2.540 in docs/package.json
• Updates all @mintlify/* sub-packages (cli, common, link-rot, models, prebuild, previewing, validation, scraping) to latest versions
• Major dependency upgrades: express 4.18.2→4.22.0, socket.io 4.7.2→4.8.0, engine.io 6.5.5→6.6.7, axios 1.13.2→1.15.0, lodash 4.17.21→4.18.1, ajv 8.18.0→8.20.0, typescript 5.9.3→6.0.3
• Replaces deprecated simple-eval with expr-eval-fork in @stoplight/spectral-core
• Upgrades proxy-from-env to v2.1.0 (v1.1.0 pinned for proxy-agent)
• Adds @types/ws, removes @types/cookie
• Removes libc field entries from optional native binary packages in the lockfile

---

Confidence Score: 4/5 - Mostly Safe

Safe to merge — this PR performs a routine dependency bump of mintlify from ^4.2.500 to ^4.2.540 and its associated @mintlify/* sub-packages in the docs/ directory, with no changes to application logic or source code. The upgrades to express 4.18.2→4.22.0, socket.io 4.7.2→4.8.0, and engine.io 6.5.5→6.6.7 are patch/minor version bumps that primarily address security fixes and stability improvements in a docs tooling context. Since these changes are isolated to the docs build/preview toolchain and don't affect production runtime code, the risk surface is minimal, though the lodash version noted as 4.18.1 warrants a sanity check since no such published version exists in the official registry (latest stable is 4.17.21).

Key Findings:

• The lodash bump listed as 4.17.21→4.18.1 is suspicious — no 4.18.x release of lodash exists on npm as of the latest known registry state; this could indicate a transitive dependency resolution artifact or a summary error, and the actual resolved version in docs/package-lock.json should be verified.
• All version changes are confined to docs/package.json and its lockfile, meaning no production application code, API surface, or data pipeline is touched by this PR.
• The express 4.18→4.22 and engine.io 6.5→6.6 upgrades are well-understood minor bumps that include CVE patches, making this upgrade a net security positive for the docs preview toolchain.
• No automated review comments were raised and no logic, configuration, or source files outside the docs dependency manifest were modified, keeping the blast radius extremely contained.

Files requiring special attention

• docs/package.json
• docs/package-lock.json