Skip to content

Commit 11975a3

Browse files
authored
chore(deps): bump vitest to 4.1.6 [security] (#1633)
## Summary - Bump `vitest`, `@vitest/browser`, `@vitest/browser-playwright`, and all `@vitest/*` peer/dev deps in `packages/test` from `4.1.5` to `4.1.6` to address [GHSA-2h32-95rg-cppp](GHSA-2h32-95rg-cppp). - Updates catalog entries in `pnpm-workspace.yaml` (`vitest`, `@vitest/browser*`) and the `vitest-dev` override. - Refreshes `pnpm-lock.yaml` accordingly. ## Test plan - [ ] CI passes <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk dependency-only update; main impact is potential test runner/coverage behavior changes due to the Vitest patch upgrade. > > **Overview** > Updates the test toolchain by bumping `vitest` and the `@vitest/*` ecosystem (browser providers, runner/expect/snapshot/spy/utils, UI, and coverage peers) from `4.1.5` to `4.1.6` in `packages/test`. > > Aligns workspace catalog/overrides (`pnpm-workspace.yaml`, `vitest-dev`) and regenerates `pnpm-lock.yaml` to lock the new versions, primarily to address the referenced security advisory. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 428629a. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
1 parent 63f7c1b commit 11975a3

3 files changed

Lines changed: 148 additions & 132 deletions

File tree

packages/test/package.json

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -293,17 +293,17 @@
293293
"@blazediff/core": "1.9.1",
294294
"@oxc-node/cli": "catalog:",
295295
"@oxc-node/core": "catalog:",
296-
"@vitest/browser": "4.1.5",
297-
"@vitest/browser-playwright": "4.1.5",
298-
"@vitest/browser-preview": "4.1.5",
299-
"@vitest/browser-webdriverio": "4.1.5",
300-
"@vitest/expect": "4.1.5",
301-
"@vitest/mocker": "4.1.5",
302-
"@vitest/pretty-format": "4.1.5",
303-
"@vitest/runner": "4.1.5",
304-
"@vitest/snapshot": "4.1.5",
305-
"@vitest/spy": "4.1.5",
306-
"@vitest/utils": "4.1.5",
296+
"@vitest/browser": "4.1.6",
297+
"@vitest/browser-playwright": "4.1.6",
298+
"@vitest/browser-preview": "4.1.6",
299+
"@vitest/browser-webdriverio": "4.1.6",
300+
"@vitest/expect": "4.1.6",
301+
"@vitest/mocker": "4.1.6",
302+
"@vitest/pretty-format": "4.1.6",
303+
"@vitest/runner": "4.1.6",
304+
"@vitest/snapshot": "4.1.6",
305+
"@vitest/spy": "4.1.6",
306+
"@vitest/utils": "4.1.6",
307307
"chai": "^6.2.1",
308308
"convert-source-map": "^2.0.0",
309309
"estree-walker": "^3.0.3",
@@ -316,16 +316,16 @@
316316
"rolldown": "workspace:*",
317317
"rolldown-plugin-dts": "catalog:",
318318
"tinyrainbow": "^3.1.0",
319-
"vitest-dev": "^4.1.5",
319+
"vitest-dev": "^4.1.6",
320320
"why-is-node-running": "^2.3.0"
321321
},
322322
"peerDependencies": {
323323
"@edge-runtime/vm": "*",
324324
"@opentelemetry/api": "^1.9.0",
325325
"@types/node": "^20.0.0 || ^22.0.0 || >=24.0.0",
326-
"@vitest/coverage-istanbul": "4.1.5",
327-
"@vitest/coverage-v8": "4.1.5",
328-
"@vitest/ui": "4.1.5",
326+
"@vitest/coverage-istanbul": "4.1.6",
327+
"@vitest/coverage-v8": "4.1.6",
328+
"@vitest/ui": "4.1.6",
329329
"happy-dom": "*",
330330
"jsdom": "*",
331331
"vite": "^6.0.0 || ^7.0.0 || ^8.0.0"
@@ -363,6 +363,6 @@
363363
"node": "^20.0.0 || ^22.0.0 || >=24.0.0"
364364
},
365365
"bundledVersions": {
366-
"vitest": "4.1.5"
366+
"vitest": "4.1.6"
367367
}
368368
}

0 commit comments

Comments
 (0)