Skip to content

chore(deps): bump vite, @vitest/coverage-istanbul, @vitest/coverage-v8 and vitest#41

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-93ab30b6cd
Open

chore(deps): bump vite, @vitest/coverage-istanbul, @vitest/coverage-v8 and vitest#41
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-93ab30b6cd

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 10, 2026
edited by cubic-dev-ai Bot
Loading

Removes vite. It's no longer used after updating ancestor dependencies vite, @vitest/coverage-istanbul, @vitest/coverage-v8 and vitest. These dependencies need to be updated together.

Removes vite

Updates @vitest/coverage-istanbul from 2.1.9 to 4.1.4

Release notes

Sourced from @​vitest/coverage-istanbul's releases.

v4.1.4

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​vitest/coverage-istanbul since your current version.


Updates @vitest/coverage-v8 from 2.1.9 to 4.1.4

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.4

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​vitest/coverage-v8 since your current version.


Updates vitest from 2.1.9 to 4.1.4

Release notes

Sourced from vitest's releases.

v4.1.4

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

... (truncated)

Commits
  • ac04bac chore: release v4.1.4
  • 82c858d chore: Remove no-op function in plugin config logic (#8501)
  • d4fbb5c feat(experimental): support aria snapshot (#9668)
  • b77de96 feat(reporter): add filterMeta option to json reporter (#10078)
  • a120e3a feat(experimental): expose assertion as a public field (#10095)
  • 5375780 feat(coverage): default to text reporter skipFull if agent detected (#10018)
  • a1b5f0f fix: make expect(..., message) consistent as error message prefix (#10068)
  • 203f07a fix: use "black" foreground for labeled terminal message to ensure contrast (...
  • 2dc0d62 chore: release v4.1.3
  • 7827363 feat: add experimental.preParse flag (#10070)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vitest since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by cubic

Upgrade the test stack to Vitest 4.1.4 and drop unused vite. This keeps coverage reporters in sync and reduces transitive dependencies.

  • Dependencies
    • Updated vitest to ^4.1.4
    • Updated @vitest/coverage-v8 to ^4.1.4
    • Updated @vitest/coverage-istanbul to ^4.1.4
    • Removed unused vite (no longer required by our setup)

Written for commit f848190. Summary will update on new commits.

@dependabot
chore(deps): bump vite, @vitest/coverage-istanbul, @vitest/coverage-v…
f848190 
…8 and vitest

Removes [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). It's no longer used after updating ancestor dependencies [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [@vitest/coverage-istanbul](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-istanbul), [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). These dependencies need to be updated together.


Removes `vite`

Updates `@vitest/coverage-istanbul` from 2.1.9 to 4.1.4
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.4/packages/coverage-istanbul)

Updates `@vitest/coverage-v8` from 2.1.9 to 4.1.4
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.4/packages/coverage-v8)

Updates `vitest` from 2.1.9 to 4.1.4
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.4/packages/vitest)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 
  dependency-type: indirect
- dependency-name: "@vitest/coverage-istanbul"
  dependency-version: 4.1.4
  dependency-type: direct:development
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.4
  dependency-type: direct:development
- dependency-name: vitest
  dependency-version: 4.1.4
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 10, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 10, 2026 03:51
@dependabot dependabot Bot requested review from Copilot and removed request for Copilot April 10, 2026 03:51
cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 2 files

Prompt for AI agents (unresolved issues) 

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="package.json">

<violation number="1" location="package.json:69">
P1: Upgrading to `vitest@^4.1.4` introduces a transitive Vite version that requires Node `^20.19.0`, but the repo pins Node `20.18.1` via Volta. Align Node or pin a compatible Vite major to avoid install/test environment breakage.</violation>
</file>

Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.

Comment thread package.json
"typescript": "^5.7.2",
"unplugin-swc": "^1.5.1",
"vitest": "^2.1.8",
"vitest": "^4.1.4",
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot Apr 10, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1: Upgrading to vitest@^4.1.4 introduces a transitive Vite version that requires Node ^20.19.0, but the repo pins Node 20.18.1 via Volta. Align Node or pin a compatible Vite major to avoid install/test environment breakage.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At package.json, line 69:

<comment>Upgrading to `vitest@^4.1.4` introduces a transitive Vite version that requires Node `^20.19.0`, but the repo pins Node `20.18.1` via Volta. Align Node or pin a compatible Vite major to avoid install/test environment breakage.</comment>

<file context>
@@ -66,7 +66,7 @@
         "typescript": "^5.7.2",
         "unplugin-swc": "^1.5.1",
-        "vitest": "^2.1.8",
+        "vitest": "^4.1.4",
         "vitest-mock-extended": "^2.0.2"
     }
</file context>
Fix with Cubic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants