Skip to content

chore(deps-dev): bump vitest from 1.6.1 to 4.1.10#487

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/vitest-4.1.9
Open

chore(deps-dev): bump vitest from 1.6.1 to 4.1.10#487
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/vitest-4.1.9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 28, 2026

Copy link
Copy Markdown
Contributor

Bumps vitest from 1.6.1 to 4.1.10.

Release notes

Sourced from vitest's releases.

v4.1.10

   🐞 Bug Fixes

    View changes on GitHub

v4.1.9

🐞 Bug Fixes

View changes on GitHub

v4.1.8

   🐞 Bug Fixes

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub

... (truncated)

Commits
  • db616d2 chore: release v4.1.10 (#10718)
  • bae52b5 fix(vm): fix external module resolve error with deps optimizer query for enco...
  • a7a61e7 chore: release v4.1.9 (#10598)
  • 934b0f5 fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...
  • 7fb2965 fix(browser): wait for orchestrator readiness before resolving browser sessio...
  • a518019 fix: fix importOriginal with optimizer and query import [backport to v4] (#...
  • e61f2dd chore: release v4.1.8
  • e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
  • a09d472 chore: release v4.1.7
  • a8fd24c chore: release v4.1.6
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 28, 2026
@kw-security

kw-security commented Jun 28, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vitest-4.1.9 branch 2 times, most recently from 539112d to c415eca Compare June 29, 2026 17:50
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 1.6.1 to 4.1.10.
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.10/packages/vitest)

---
updated-dependencies:
- dependency-name: vitest
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps-dev): bump vitest from 1.6.1 to 4.1.9 chore(deps-dev): bump vitest from 1.6.1 to 4.1.10 Jul 7, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vitest-4.1.9 branch from c415eca to 5e503cd Compare July 7, 2026 13:39
@dependabot dependabot Bot requested a review from a team as a code owner July 7, 2026 13:39

@dj4oC dj4oC left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bumps vitest — a major jump from ^1.5.0^4.1.10 in five packages (web-app-ai-doc-summary, web-app-ai-folder-brief-sidebar, web-app-ai-image-alt-text-sidebar, web-app-ai-sensitive-data-scanner, web-app-file-comments), and a patch bump 4.1.74.1.10 elsewhere.

Findings

Stability (blocking, verified by actually running the tests). I checked out this PR branch, ran pnpm install --frozen-lockfile (succeeds, lockfile is consistent), then pnpm --filter <pkg> test:unit for each of the five packages that jumped vitest ^1.5.0^4.1.10. All five fail identically before running a single test:

Error [ERR_PACKAGE_PATH_NOT_EXPORTED]: Package subpath './module-runner' is not defined by "exports" in .../vite/package.json

These five packages still pin "vite": "^5.2.0" (resolves to vite@5.4.21), which predates the ./module-runner export subpath that vitest@4 requires at startup — so test:unit cannot even boot. By contrast, packages that were already on vitest@4.x and only took the 4.1.74.1.10 patch bump (e.g. web-app-ai-quick-draft-creator, pinned to vite: ^7.2.2) run fine (verified: 11/11 tests pass). This is a real, reproducible break in CI for those five packages, not a theoretical concern.

Security / Performance. No issues — pure dev-dependency version bump, nothing shipped to the production bundle.

Test coverage. N/A (dependency bump); the breakage above is exactly what pnpm test:unit in CI should catch.

Deployment topology check

N/A — dev tooling only, no runtime/deployment impact.

Verdict

Changes requested — either pin vite to a version that exports ./module-runner (vite ≥ 6, matching what the other already-v4 packages use) in the same five package.jsons, or hold vitest back to a version compatible with vite@5.2 for those packages, before merging.

🤖 Automated review by Claude Code (security · stability · performance · coverage)


Generated by Claude Code

@dj4oC dj4oC left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Investigated the red check:types job (failing since 2026-07-07, not yet reviewed by this bot).

Findings

  • Stability (blocking, pre-existing latent bug unmasked by this bump, not introduced by it): vitest 1.6.1→4.1.10 pulls in an updated type-checking chain that now surfaces a pre-existing gap in packages/web-app-ai-folder-brief-sidebar/tests/unit/useFolderBrief.spec.ts:68 and :178 — the mock Resource objects are missing the required spaceId field:
    error TS2741: Property 'spaceId' is missing in type '{...}' but required in type 'Resource'.
    
    This is exactly the Resource.spaceId required rule from this repo's CLAUDE.md — the test fixtures never satisfied it and only failed to type-check once the dependency graph re-resolved. Fix: add spaceId: '<test-space-id>' to both mock Resource/Resource[] literals in that spec file.
  • No other packages affected; this is an isolated, mechanical one-line-per-mock fix, not a vitest 4.x API break.

Test coverage

n/a — dependency bump; the fix is to an existing test's fixture data, not new coverage.

Verdict

Changes requested (blocked on CI) — add spaceId to the two mock Resource fixtures in useFolderBrief.spec.ts before merge.

🤖 Automated review by Claude Code (security · stability · performance · coverage)


Generated by Claude Code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants