feat(deps): Bump vitest from 3.2.4 to 4.1.0#21274
Conversation
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 3.2.4 to 4.1.0. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest) --- updated-dependencies: - dependency-name: vitest dependency-version: 4.1.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
dependabot
Bot
requested review from
JPeer264 and
andreiborza
and removed request for
a team
dependabot
Bot
added
dependencies
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 3 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit a461fa0. Configure here.
| "ts-node": "10.9.2", | ||
| "typescript": "~5.8.0", | ||
| "vitest": "^3.2.4", | ||
| "vitest": "^4.1.0", |
There was a problem hiding this comment.
Coverage package version mismatch
High Severity
This commit upgrades vitest to ^4.1.0 but leaves @vitest/coverage-v8 on ^3.2.4. Coverage v8 4.x is the matching release for Vitest 4; the shared vite/vite.config enables coverage, so coverage runs can fail or behave incorrectly after install.
Reviewed by Cursor Bugbot for commit a461fa0. Configure here.
| "rollup": "^4.60.3", | ||
| "vite": "^5.0.0", | ||
| "vitest": "^3.2.4", | ||
| "vitest": "^4.1.0", |
There was a problem hiding this comment.
Vitest four with Vite five
High Severity
@sentry-internal/bundler-tests now depends on vitest ^4.1.0 while still pinning vite to ^5.0.0. Vitest 4 requires Vite 6 or newer and no longer supports Vite 5, so vitest run in this package is likely to fail at startup.
Reviewed by Cursor Bugbot for commit a461fa0. Configure here.
| "@sentry-internal/test-utils": "10.55.0", | ||
| "bun-types": "^1.2.9", | ||
| "vitest": "^3.2.4" | ||
| "vitest": "^4.1.0" |
There was a problem hiding this comment.
Removed poolOptions still configured
Medium Severity
Bumping vitest to ^4.1.0 in these packages while their Vitest configs still set test.poolOptions (removed in Vitest 4) can cause deprecation errors or wrong pool behavior; options like singleThread must move to top-level test settings per the v4 migration guide.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit a461fa0. Configure here.
Bumps vitest from 3.2.4 to 4.1.0.
Release notes
Sourced from vitest's releases.
... (truncated)
Commits
4150b91chore: release v4.1.01de0aa2fix: correctly identify concurrent test during static analysis (#9846)c3cac1cfix: use isAgent check, not just TTY, for watch mode (#9841)eab68bachore(deps): update all non-major dependencies (#9824)031f02afix: allow catch/finally for async assertion (#9827)3e9e096feat(reporters): addagentreporter to reduce ai agent token usage (#9779)0c2c013chore: release v4.1.0-beta.68181e06fix:hideSkippedTestsshould not hidetest.todo(fix #9562) (#9781)a8216b0fix: manual and redirect mock shouldn'tloadortransformoriginal module...689a22afix(browser): types ofgetCDPSessionandcdp()(#9716)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.