Skip to content

Bump vitest from 3.2.4 to 4.1.2#383

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/vitest-4.1.2
Open

Bump vitest from 3.2.4 to 4.1.2#383
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/vitest-4.1.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 30, 2026

Bumps vitest from 3.2.4 to 4.1.2.

Release notes

Sourced from vitest's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

    View changes on GitHub

v4.1.1

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.0

Vitest 4.1 is out!

... (truncated)

Commits
  • fc6f482 chore: release v4.1.2
  • 6f97b55 feat: disable colors if agent is detected (#9851)
  • b3c992c fix(coverage): correct coverageConfigDefaults values and types (#9940)
  • 7c06598 fix: ensure sequential mock/unmock resolution (#9830)
  • f54abad chore: add typo-checker skill and fix typos (#9963)
  • 7aa9377 fix: don't resolve setupFiles from parent directory (#9960)
  • 1f2d318 chore: release v4.1.1
  • ebfde79 refactor: rename matchesTagsFilter to matchesTags (#9956)
  • 5611500 feat(experimental): introduce experimental.vcsProvider (#9928)
  • eec53d9 feat(experimental): expose matchesTagsFilter to test if the current filter ...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vitest since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump vitest from 3.2.4 to 4.1.2
2ea5e48 
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 3.2.4 to 4.1.2.
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/vitest)

---
updated-dependencies:
- dependency-name: vitest
  dependency-version: 4.1.2
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added major skip-release Do not publish new release labels Mar 30, 2026
@dependabot dependabot bot requested review from a team, CarlosGamero, drdaemos and kibertoad as code owners March 30, 2026 12:30
@dependabot dependabot bot added major skip-release Do not publish new release labels Mar 30, 2026
@dependabot dependabot bot mentioned this pull request Mar 30, 2026
Closed
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Mar 30, 2026
edited
Loading

📝 Walkthrough

Summary by CodeRabbit

  • Chores
    • Updated development dependencies to maintain testing infrastructure.

Walkthrough

A single development dependency version is updated in package.json. The vitest package is bumped from ^3.2.4 to ^4.1.2. No other dependencies, scripts, or package metadata are modified.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~1 minute

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description is comprehensive with detailed release notes and commits, but it does not follow the required template structure with the 'Changes' section and 'Checklist' items (labels, documentation, tests). Restructure the description to match the template: include a 'Changes' section summarizing the key updates, then add the required checklist with label selection and confirmations about documentation and tests.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and specifically describes the primary change: bumping vitest from version 3.2.4 to 4.1.2.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/npm_and_yarn/vitest-4.1.2

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
package.json (1)

74-74: ⚠️ Potential issue | 🟠 Major

Align Vitest core and coverage plugin majors.

vitest is bumped to ^4.1.2, but @vitest/coverage-v8 remains at ^3.2.4. The coverage plugin v3.2.4 requires exactly vitest@3.2.4, making it incompatible with vitest v4. This breaks vitest --coverage in CI/runtime. Bump @vitest/coverage-v8 to ^4.1.2 in the same PR.

Suggested diff 
-        "@vitest/coverage-v8": "^3.2.4",
+        "@vitest/coverage-v8": "^4.1.2",
...
         "vitest": "^4.1.2",
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 74, Update the `@vitest/coverage-v8` dependency to match
the major version of vitest; change "@vitest/coverage-v8" from "^3.2.4" to
"^4.1.2" in package.json so the coverage plugin and vitest share the same major
(v4) and then regenerate the lockfile (npm/yarn/pnpm install) to ensure CI uses
the aligned versions.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@package.json`:
- Line 74: Update the `@vitest/coverage-v8` dependency to match the major version
of vitest; change "@vitest/coverage-v8" from "^3.2.4" to "^4.1.2" in
package.json so the coverage plugin and vitest share the same major (v4) and
then regenerate the lockfile (npm/yarn/pnpm install) to ensure CI uses the
aligned versions.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: lokalise/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d8c129cf-f26f-4ac2-915f-9306004e357e

📥 Commits

Reviewing files that changed from the base of the PR and between fd67520 and 2ea5e48.

📒 Files selected for processing (1)
  • package.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@kibertoad kibertoad Awaiting requested review from kibertoad kibertoad is a code owner

@CarlosGamero CarlosGamero Awaiting requested review from CarlosGamero CarlosGamero is a code owner

@drdaemos drdaemos Awaiting requested review from drdaemos drdaemos is a code owner

Assignees

No one assigned

Labels

major skip-release Do not publish new release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants