chore(deps-dev): bump vitest from 4.0.18 to 4.1.0#866
Conversation
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 4.0.18 to 4.1.0. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest) --- updated-dependencies: - dependency-name: vitest dependency-version: 4.1.0 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix prepared a fix for the issue found in the latest run.
- ✅ Fixed:
@vitest/coverage-v8not bumped alongsidevitest- Bumped
@vitest/coverage-v8to 4.1.0 and refreshed the lockfile so its exact Vitest peer dependency matchesvitest4.1.0.
- Bumped
Or push these changes by commenting:
@cursor push 087a5a96bc
Preview (087a5a96bc)
diff --git a/package.json b/package.json
--- a/package.json
+++ b/package.json
@@ -93,7 +93,7 @@
"@types/react": "^19.2.0",
"@types/semver": "7.5.8",
"@types/yargs": "16.0.9",
- "@vitest/coverage-v8": "4.0.18",
+ "@vitest/coverage-v8": "4.1.0",
"eslint": "9.39.4",
"eslint-config-prettier": "9.1.2",
"fast-check": "4.6.0",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -148,8 +148,8 @@
specifier: 16.0.9
version: 16.0.9
'@vitest/coverage-v8':
- specifier: 4.0.18
- version: 4.0.18(vitest@4.1.0(@opentelemetry/api@1.9.1)(@types/node@20.19.37)(msw@2.10.4(@types/node@20.19.37)(typescript@5.7.3))(vite@7.3.2(@types/node@20.19.37)(tsx@4.20.3)(yaml@2.8.3)))
+ specifier: 4.1.0
+ version: 4.1.0(vitest@4.1.0(@opentelemetry/api@1.9.1)(@types/node@20.19.37)(msw@2.10.4(@types/node@20.19.37)(typescript@5.7.3))(vite@7.3.2(@types/node@20.19.37)(tsx@4.20.3)(yaml@2.8.3)))
eslint:
specifier: 9.39.4
version: 9.39.4
@@ -1674,11 +1674,11 @@
resolution: {integrity: sha512-UycprH3T6n3jH0k44NHMa7pnFHGu/N05MjojYr+Mc6I7obkoLIJujSWwin1pCvdy/eOxrI/l3uDLQsmcrOb4ug==}
engines: {node: '>= 20'}
- '@vitest/coverage-v8@4.0.18':
- resolution: {integrity: sha512-7i+N2i0+ME+2JFZhfuz7Tg/FqKtilHjGyGvoHYQ6iLV0zahbsJ9sljC9OcFcPDbhYKCet+sG8SsVqlyGvPflZg==}
+ '@vitest/coverage-v8@4.1.0':
+ resolution: {integrity: sha512-nDWulKeik2bL2Va/Wl4x7DLuTKAXa906iRFooIRPR+huHkcvp9QDkPQ2RJdmjOFrqOqvNfoSQLF68deE3xC3CQ==}
peerDependencies:
- '@vitest/browser': 4.0.18
- vitest: 4.0.18
+ '@vitest/browser': 4.1.0
+ vitest: 4.1.0
peerDependenciesMeta:
'@vitest/browser':
optional: true
@@ -1697,9 +1697,6 @@
vite:
optional: true
- '@vitest/pretty-format@4.0.18':
- resolution: {integrity: sha512-P24GK3GulZWC5tz87ux0m8OADrQIUVDPIjjj65vBXYG17ZeU3qD7r+MNZ1RNv4l8CGU2vtTRqixrOi9fYk/yKw==}
-
'@vitest/pretty-format@4.1.0':
resolution: {integrity: sha512-3RZLZlh88Ib0J7NQTRATfc/3ZPOnSUn2uDBUoGNn5T36+bALixmzphN26OUD3LRXWkJu4H0s5vvUeqBiw+kS0A==}
@@ -1712,9 +1709,6 @@
'@vitest/spy@4.1.0':
resolution: {integrity: sha512-pz77k+PgNpyMDv2FV6qmk5ZVau6c3R8HC8v342T2xlFxQKTrSeYw9waIJG8KgV9fFwAtTu4ceRzMivPTH6wSxw==}
- '@vitest/utils@4.0.18':
- resolution: {integrity: sha512-msMRKLMVLWygpK3u2Hybgi4MNjcYJvwTb0Ru09+fOyCXIgT5raYP041DRRdiJiI3k/2U6SEbAETB3YtBrUkCFA==}
-
'@vitest/utils@4.1.0':
resolution: {integrity: sha512-XfPXT6a8TZY3dcGY8EdwsBulFCIw+BeeX0RZn2x/BtiY/75YGh8FeWGG8QISN/WhaqSrE2OrlDgtF8q5uhOTmw==}
@@ -1826,8 +1820,8 @@
resolution: {integrity: sha512-Izi8RQcffqCeNVgFigKli1ssklIbpHnCYc6AknXGYoB6grJqyeby7jv12JUQgmTAnIDnbck1uxksT4dzN3PWBA==}
engines: {node: '>=12'}
- ast-v8-to-istanbul@0.3.12:
- resolution: {integrity: sha512-BRRC8VRZY2R4Z4lFIL35MwNXmwVqBityvOIwETtsCSwvjl0IdgFsy9NhdaA6j74nUdtJJlIypeRhpDam19Wq3g==}
+ ast-v8-to-istanbul@1.0.3:
+ resolution: {integrity: sha512-jCMQ6ZylLPudp0CDfBmQBZUsrh1/8psbmu9ibeVWKuHWD0YrH9YABwlKu5kVEFoT0GCQQW9Z/SxfuEbbkGQCRg==}
asynckit@0.4.0:
resolution: {integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==}
@@ -3294,9 +3288,6 @@
resolution: {integrity: sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==}
engines: {node: '>= 0.8'}
- std-env@3.10.0:
- resolution: {integrity: sha512-5GS12FdOZNliM5mAOxFRg7Ir0pWz8MdpYm6AY6VPkGpbA7ZzmbzNcBJQ0GPvvyWgcY7QAhCgf9Uy89I03faLkg==}
-
std-env@4.1.0:
resolution: {integrity: sha512-Rq7ybcX2RuC55r9oaPVEW7/xu3tj8u4GeBYHBWCychFtzMIr86A7e3PPEBPT37sHStKX3+TiX/Fr/ACmJLVlLQ==}
@@ -5153,17 +5144,17 @@
'@vercel/oidc@3.2.0': {}
- '@vitest/coverage-v8@4.0.18(vitest@4.1.0(@opentelemetry/api@1.9.1)(@types/node@20.19.37)(msw@2.10.4(@types/node@20.19.37)(typescript@5.7.3))(vite@7.3.2(@types/node@20.19.37)(tsx@4.20.3)(yaml@2.8.3)))':
+ '@vitest/coverage-v8@4.1.0(vitest@4.1.0(@opentelemetry/api@1.9.1)(@types/node@20.19.37)(msw@2.10.4(@types/node@20.19.37)(typescript@5.7.3))(vite@7.3.2(@types/node@20.19.37)(tsx@4.20.3)(yaml@2.8.3)))':
dependencies:
'@bcoe/v8-coverage': 1.0.2
- '@vitest/utils': 4.0.18
- ast-v8-to-istanbul: 0.3.12
+ '@vitest/utils': 4.1.0
+ ast-v8-to-istanbul: 1.0.3
istanbul-lib-coverage: 3.2.2
istanbul-lib-report: 3.0.1
istanbul-reports: 3.2.0
magicast: 0.5.2
obug: 2.1.1
- std-env: 3.10.0
+ std-env: 4.1.0
tinyrainbow: 3.1.0
vitest: 4.1.0(@opentelemetry/api@1.9.1)(@types/node@20.19.37)(msw@2.10.4(@types/node@20.19.37)(typescript@5.7.3))(vite@7.3.2(@types/node@20.19.37)(tsx@4.20.3)(yaml@2.8.3))
@@ -5185,10 +5176,6 @@
msw: 2.10.4(@types/node@20.19.37)(typescript@5.7.3)
vite: 7.3.2(@types/node@20.19.37)(tsx@4.20.3)(yaml@2.8.3)
- '@vitest/pretty-format@4.0.18':
- dependencies:
- tinyrainbow: 3.1.0
-
'@vitest/pretty-format@4.1.0':
dependencies:
tinyrainbow: 3.1.0
@@ -5207,11 +5194,6 @@
'@vitest/spy@4.1.0': {}
- '@vitest/utils@4.0.18':
- dependencies:
- '@vitest/pretty-format': 4.0.18
- tinyrainbow: 3.1.0
-
'@vitest/utils@4.1.0':
dependencies:
'@vitest/pretty-format': 4.1.0
@@ -5312,7 +5294,7 @@
assertion-error@2.0.1: {}
- ast-v8-to-istanbul@0.3.12:
+ ast-v8-to-istanbul@1.0.3:
dependencies:
'@jridgewell/trace-mapping': 0.3.31
estree-walker: 3.0.3
@@ -6790,8 +6772,6 @@
statuses@2.0.2: {}
- std-env@3.10.0: {}
-
std-env@4.1.0: {}
strict-event-emitter@0.5.1: {}You can send follow-ups to the cloud agent here.
Reviewed by Cursor Bugbot for commit 5c2a9a9. Configure here.
| "typescript": "5.7.3", | ||
| "typescript-eslint": "8.57.1", | ||
| "vitest": "4.0.18" | ||
| "vitest": "4.1.0" |
There was a problem hiding this comment.
@vitest/coverage-v8 not bumped alongside vitest
Medium Severity
@vitest/coverage-v8 remains at 4.0.18 while vitest was bumped to 4.1.0. The lockfile shows @vitest/coverage-v8@4.0.18 declares an exact peer dependency on vitest: 4.0.18, creating a peer dependency mismatch. This can cause runtime incompatibilities or install warnings, and coverage collection may behave unexpectedly with the mismatched version pair.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 5c2a9a9. Configure here.



Bumps vitest from 4.0.18 to 4.1.0.
Release notes
Sourced from vitest's releases.
... (truncated)
Commits
4150b91chore: release v4.1.01de0aa2fix: correctly identify concurrent test during static analysis (#9846)c3cac1cfix: use isAgent check, not just TTY, for watch mode (#9841)eab68bachore(deps): update all non-major dependencies (#9824)031f02afix: allow catch/finally for async assertion (#9827)3e9e096feat(reporters): addagentreporter to reduce ai agent token usage (#9779)0c2c013chore: release v4.1.0-beta.68181e06fix:hideSkippedTestsshould not hidetest.todo(fix #9562) (#9781)a8216b0fix: manual and redirect mock shouldn'tloadortransformoriginal module...689a22afix(browser): types ofgetCDPSessionandcdp()(#9716)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Note
Low Risk
Dev-only dependency bump with no runtime code changes; minor risk is Vitest 4.1 behavior or CI test flakiness until the suite is re-run.
Overview
Bumps the devDependency
vitestfrom 4.0.18 to 4.1.0 inpackage.jsonand refreshespnpm-lock.yamlso the test runner and its transitive stack align with the new release.The lockfile update pulls in Vitest 4.1.x packages (
@vitest/*), adds an explicit vite peer resolution path for Vitest, and bumps related tooling (e.g. rollup 4.61.0, postcss, es-module-lexer, std-env).@vitest/coverage-v8remains pinned at 4.0.18 but now depends on vitest@4.1.0.No application or test source files change—only dependency versions used by
pnpm testand other Vitest scripts.Reviewed by Cursor Bugbot for commit 5c2a9a9. Bugbot is set up for automated code reviews on this repo. Configure here.