chore: bump the development-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the development-dependencies group with 4 updates in the / directory: @vitest/coverage-istanbul, ovsx, tsdown and vite.

Updates @vitest/coverage-istanbul from 4.1.1 to 4.1.2

Release notes

Sourced from @​vitest/coverage-istanbul's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in vitest-dev/vitest#9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in vitest-dev/vitest#9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in vitest-dev/vitest#9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in vitest-dev/vitest#9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#9851 (6f97b)

    View changes on GitHub

Commits

• fc6f482 chore: release v4.1.2
• See full diff in compare view

Updates ovsx from 0.10.9 to 0.10.10

Release notes

Sourced from ovsx's releases.

CLI v0.10.10

Dependencies

• Bump ajv from 6.12.6 to 6.14.0 (#1632)
• Bump ajv from 8.17.1 to 8.18.0
• Bump tar from 7.5.7 to 7.5.11 (#1681)
• Bump minimatch to 3.1.5, 9.0.9 and 10.2.4
• Bump underscore from 1.13.6 to 1.13.8 (#1656)
• Bump flatted from 3.3.1 to 3.4.2 (#1703)

Changelog

Sourced from ovsx's changelog.

[v0.10.10] (Mar. 2026)

Dependencies

• Bump ajv from 6.12.6 to 6.14.0 (#1632)
• Bump ajv from 8.17.1 to 8.18.0
• Bump tar from 7.5.7 to 7.5.11 (#1681)
• Bump minimatch to 3.1.5, 9.0.9 and 10.2.4
• Bump underscore from 1.13.6 to 1.13.8 (#1656)
• Bump flatted from 3.3.1 to 3.4.2 (#1703)

Commits

• a367a40 chore: fix repo links after transfer
• b6e70ef chore: prepare release for cli 0.10.10
• 01ad56b chore: prepare release for cli 0.10.10
• f9cc4c1 build(deps): bump flatted from 3.3.1 to 3.4.2 in /cli (#1703)
• 313cef0 build(deps): bump tar from 7.5.10 to 7.5.11 in /cli (#1681)
• a971a9c chore: update changelog wrt tar update in cli
• e605e7f build(deps): bump tar from 7.5.9 to 7.5.10 in /cli (#1666)
• a600c08 build(deps): bump underscore from 1.13.6 to 1.13.8 in /cli (#1656)
• 294f2dd chore(deps): bump minimatch in cli
• 671ef30 chore(deps): bump used afv from 8.17.1 to 8.18.0
• Additional commits viewable in compare view

Updates tsdown from 0.21.4 to 0.21.6

Release notes

Sourced from tsdown's releases.

v0.21.6

   🚀 Features

• Upgrade rolldown to v1.0.0-rc.12  -  by @​sxzz (51292)
• config:
  • Pass root config to workspace config functions  -  by @​sxzz (76169)
  • Use mergeConfig for workspace config merging and support variadic overrides  -  by @​sxzz (148aa)
• dts:
  • Add cjsReexport option to eliminate dual module type hazard  -  by @​mandarini and @​sxzz in rolldown/tsdown#856 (875c1)
• exports:
  • Add bin option to auto-generate package.json bin field  -  by @​sxzz in rolldown/tsdown#869 (7ebd6)

   🐞 Bug Fixes

• css:
  • Compile preprocessor langs in virtual CSS modules  -  by @​sxzz in rolldown/tsdown#865 (7b2e0)
  • Strip .module from CSS output filenames  -  by @​sxzz in rolldown/tsdown#866 (03ade)
  • Default splitting to true in unbundle mode for CSS inject  -  by @​sxzz in rolldown/tsdown#867 (a4da6)
  • Split CSS plugin into pre/post phases for scoped CSS support  -  by @​sxzz in rolldown/tsdown#870 (ff0c4)
• entry:
  • Correctly output relative paths in logger output  -  by @​sxzz (00050)

    View changes on GitHub

v0.21.5

   🚀 Features

• Update rolldown to 1.0.0-rc.10  -  by @​wChenonly in rolldown/tsdown#845 (41411)
• Support typescript v6  -  by @​ocavue in rolldown/tsdown#858 (bffc4)

   🐞 Bug Fixes

• css:
  • Run final minification on merged CSS output  -  by @​sxzz in rolldown/tsdown#853 (475df)
  • Don't override internal importer  -  by @​Laupetin in rolldown/tsdown#860 (af40e)
  • Use aliased exports for CSS module keys  -  by @​wChenonly and @​sxzz in rolldown/tsdown#840 (bb6de)
• deps:
  • External optionalDependencies by default  -  by @​sxzz (cd24d)
  • Resolve subpath extensions for packages without exports field  -  by @​sxzz in rolldown/tsdown#863 (c5150)
  • Correctly resolve root @types packages for dts deep imports  -  by @​brc-dd and @​sxzz in rolldown/tsdown#852 (0b276)

    View changes on GitHub

Commits

• 375a51c chore: release v0.21.6
• e1403c0 chore: upgrade deps
• 0005096 fix(entry): correctly output relative paths in logger output
• c546e4e refactor(cli): add color to CLI banner
• 875c1b3 feat(dts): add cjsReexport option to eliminate dual module type hazard (#856)
• 512926d feat: upgrade rolldown to v1.0.0-rc.12
• ff0c45a fix(css): split CSS plugin into pre/post phases for scoped CSS support (#870)
• 7ebd62d feat(exports): add bin option to auto-generate package.json bin field (#869)
• 148aaaa feat(config): use mergeConfig for workspace config merging and support variad...
• 7616960 feat(config): pass root config to workspace config functions
• Additional commits viewable in compare view

Updates vite from 8.0.2 to 8.0.3

Release notes

Sourced from vite's releases.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.3 (2026-03-26)

Features

• update rolldown to 1.0.0-rc.12 (#22024) (84164ef)

Bug Fixes

• html: cache unfiltered CSS list to prevent missing styles across entries (#22017) (5464190)
• module-runner: handle non-ascii characters in base64 sourcemaps (#21985) (77c95bf)
• module-runner: skip re-import if the runner is closed (#22020) (ee2c2cd)
• optimizer: scan is not resolving sub path import if used in a glob import (#22018) (ddfe20d)
• ssr: ssrTransform incorrectly rewrites meta identifier inside import.meta when a binding named meta exists (#22019) (cff5f0c)

Miscellaneous Chores

• deps: bump picomatch from 4.0.3 to 4.0.4 (#22027) (7e56003)

Tests

• html: add tests for getCssFilesForChunk (#22016) (43fbbf9)

Commits

• 6a34ac3 fix(deps): update all non-major dependencies (#21096)
• 02ceaec chore(deps): update dependency @​rollup/plugin-commonjs to v29 (#21099)
• 572aaca release: v7.2.2
• 728c8ee fix: revert "refactor: use fs.cpSync (#21019)" (#21081)
• a532e68 release: v7.2.1
• 82d2d6c fix(worker): some worker asset was missing (#21074)
• f83264f refactor(build): rename indexOfMatchInSlice to findPreloadMarker (#21054)
• 8293de0 release: v7.2.0
• 2833c55 fix(types): add undefined to optional properties for exactOptionalProperties ...
• e3a6a83 chore(deps): update rolldown-related dependencies (#21047)
• Additional commits viewable in compare view

Updates vitest from 4.1.1 to 4.1.2

Release notes

Sourced from vitest's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in vitest-dev/vitest#9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in vitest-dev/vitest#9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in vitest-dev/vitest#9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in vitest-dev/vitest#9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#9851 (6f97b)

    View changes on GitHub

Commits

• fc6f482 chore: release v4.1.2
• 6f97b55 feat: disable colors if agent is detected (#9851)
• b3c992c fix(coverage): correct coverageConfigDefaults values and types (#9940)
• 7c06598 fix: ensure sequential mock/unmock resolution (#9830)
• f54abad chore: add typo-checker skill and fix typos (#9963)
• 7aa9377 fix: don't resolve setupFiles from parent directory (#9960)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions