chore(deps-dev): bump vitest from 3.2.4 to 4.1.2

[dependabot]

Bumps vitest from 3.2.4 to 4.1.2.

Release notes

Sourced from vitest's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in vitest-dev/vitest#9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in vitest-dev/vitest#9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in vitest-dev/vitest#9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in vitest-dev/vitest#9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#9851 (6f97b)

    View changes on GitHub

v4.1.1

   🚀 Features

• experimental:
  • Expose matchesTags to test if the current filter matches tags  -  by @​sheremet-va in vitest-dev/vitest#9913 (eec53)
  • Introduce experimental.vcsProvider  -  by @​sheremet-va in vitest-dev/vitest#9928 (56115)

   🐞 Bug Fixes

• Mark TestProject.testFilesList internal properly  -  by @​sapphi-red in vitest-dev/vitest#9867 (54f26)
• Detect fixture that returns without calling use  -  by @​oilater in vitest-dev/vitest#9831 and vitest-dev/vitest#9861 (633ae)
• Drop vite 8.beta support  -  by @​AriPerkkio in vitest-dev/vitest#9862 (b78f5)
• Type regression in vi.mocked() static class methods  -  by @​purepear and @​hi-ogawa in vitest-dev/vitest#9857 (90926)
• Properly re-evaluate actual modules of mocked external  -  by @​hi-ogawa in vitest-dev/vitest#9898 (ae5ec)
• Preserve coverage report when html reporter overlaps  -  by @​hi-ogawa in vitest-dev/vitest#9889 (2d81a)
• Provide vi.advanceTimers to the preview provider  -  by @​sheremet-va in vitest-dev/vitest#9891 (1bc3e)
• Don't leak event listener in playwright provider  -  by @​sheremet-va in vitest-dev/vitest#9910 (d9355)
• Open browser in --standalone mode without running tests  -  by @​sheremet-va in vitest-dev/vitest#9911 (e78ad)
• Guard disposable and optional body  -  by @​sheremet-va in vitest-dev/vitest#9912 (6fdb2)
• Resolve retry.condition RegExp serialization issue  -  by @​nstepien and @​hi-ogawa in vitest-dev/vitest#9942 (7b605)
• collect:
  • Don't treat extra props on test return as tests  -  by @​sheremet-va in vitest-dev/vitest#9871 (141e7)
• coverage:
  • Simplify provider types  -  by @​AriPerkkio in vitest-dev/vitest#9931 (aaf9f)
  • Load built-in provider without module runner  -  by @​AriPerkkio in vitest-dev/vitest#9939 (bf892)
• expect:
  • Soft assertions continue after .resolves/.rejects promise errors  -  by @​mixelburg, Maks Pikov, Claude Opus 4.6 (1M context) and @​hi-ogawa in vitest-dev/vitest#9843 (6d74b)
  • Fix sinon-chai style API  -  by @​hi-ogawa in vitest-dev/vitest#9943 (0f08d)
• pretty-format:
  • Limit output for large object  -  by @​hi-ogawa and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9949 (0d5f9)

    View changes on GitHub

v4.1.0

Vitest 4.1 is out!

... (truncated)

Commits

• fc6f482 chore: release v4.1.2
• 6f97b55 feat: disable colors if agent is detected (#9851)
• b3c992c fix(coverage): correct coverageConfigDefaults values and types (#9940)
• 7c06598 fix: ensure sequential mock/unmock resolution (#9830)
• f54abad chore: add typo-checker skill and fix typos (#9963)
• 7aa9377 fix: don't resolve setupFiles from parent directory (#9960)
• 1f2d318 chore: release v4.1.1
• ebfde79 refactor: rename matchesTagsFilter to matchesTags (#9956)
• 5611500 feat(experimental): introduce experimental.vcsProvider (#9928)
• eec53d9 feat(experimental): expose matchesTagsFilter to test if the current filter ...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vitest since your current version.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository: lokalise/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f4584fdc-64fa-4d96-95af-b2087f41bfc7

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

The vitest development dependency version in package.json has been updated from ^3.2.4 to ^4.1.2. The test script and all other dependency entries remain unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: bumping the vitest development dependency from version 3.2.4 to 4.1.2.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The PR description clearly describes a dependency version bump from vitest 3.2.4 to 4.1.2, matching the changeset perfectly.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/npm_and_yarn/vitest-4.1.2

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Line 44: package.json currently specifies an invalid/nonexistent vitest
version and a Vite version incompatible with Vitest v4; update the dependency
entries so vitest is set to a valid v4 release (e.g., "vitest": "^4.1.1"), bump
vite to a compatible major (e.g., "vite": "^6.0.0" or later), and ensure related
Vite config packages like `@lokalise/package-vite-config` are upgraded to a v4/v5
release that supports Vite v6+; then run install and verify tests/builds to
confirm compatibility.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: lokalise/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 57e4211a-f2d6-4478-9f63-0c891bee4226

📥 Commits

Reviewing files that changed from the base of the PR and between cd468d1 and 05051b8.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== 1) Confirm declared vitest version in package.json =="
rg -nP '"vitest"\s*:\s*"\^?4\.1\.2"' package.json

echo
echo "== 2) Find lockfile(s) and confirm resolved vitest major =="
fd 'package-lock.json|pnpm-lock.yaml|yarn.lock'
rg -nP '(^\s*vitest@|"\s*vitest"\s*:\s*"|/vitest@4\.)' package-lock.json pnpm-lock.yaml yarn.lock 2>/dev/null || true

echo
echo "== 3) Locate Vitest config files =="
fd 'vitest\.config\.(ts|mts|cts|js|mjs|cjs)|vite\.config\.(ts|mts|cts|js|mjs|cjs)'

echo
echo "== 4) Search for potentially impacted Vitest config areas =="
rg -n -C2 'setupFiles|coverage|pool|sequence|threads|deps|mock|unmock|environmentMatchGlobs' \
  $(fd 'vitest\.config\.(ts|mts|cts|js|mjs|cjs)|vite\.config\.(ts|mts|cts|js|mjs|cjs)' || true) 2>/dev/null || true

echo
echo "Review expected: lockfile resolves vitest 4.x and config usage aligns with Vitest v4 docs."

Repository: lokalise/npm-package-template

Length of output: 621

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== 1) Content of vite.config.ts =="
cat -n vite.config.ts

echo
echo "== 2) Inspect package-lock.json around line 1101 to identify nested vitest@3.0.7 source =="
sed -n '1095,1110p' package-lock.json

echo
echo "== 3) Broader context: search for dependencies that might require vitest v3 =="
rg -B5 'vitest.*3\.0\.7' package-lock.json | head -30

echo
echo "== 4) Check if any other files import/use vitest test utilities =="
rg -l 'from.*vitest|import.*vitest' --type ts --type js --type tsx --type jsx 2>/dev/null | head -10

Repository: lokalise/npm-package-template

Length of output: 1723

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== 1) Find `@lokalise/package-vite-config` version in lockfile =="
rg -n '@lokalise/package-vite-config' package-lock.json | head -5

echo
echo "== 2) Show full entry for `@lokalise/package-vite-config` with its peer deps =="
# Extract the section for this package to see its vitest peer dep requirement
sed -n '/"@lokalise\/package-vite-config"/,/^        }/p' package-lock.json | head -30

echo
echo "== 3) Check package.json for `@lokalise/package-vite-config` version constraint =="
rg '@lokalise/package-vite-config' package.json

Repository: lokalise/npm-package-template

Length of output: 1256

---

🌐 Web query:

@lokalise/package-vite-config npm vitest v4 compatibility

💡 Result:

@lokalise/package-vite-config is a shared Vite configuration package from Lokalise, used in their npm-package-template for building NPM packages with both CJS and ESM outputs. It is configured for Vitest testing, as evidenced by tsconfig recommendations including "vitest.config.ts" and the template's use of Vite for testing and building. Vitest v4 requires Vite >=6.0.0 and Node.js >=20.0.0. No sources report specific compatibility issues with @lokalise/package-vite-config and Vitest v4. Lokalise packages like @lokalise/node-api and lokalise-file-exchange use Vitest ^4.0.3 in devDependencies, indicating compatibility within their ecosystem. The package was last noted published around 2025-12-24, post-Vitest v4 release (2025/2026). To use with Vitest v4, ensure Vite >=6 in the config (customizable via vite.config.ts overriding the shared config) and follow Vitest v4 migration for test setup. Standard Vite/Vitest configs share via vite.config.ts test property or separate vitest.config.ts.

Citations:

• 1: https://www.npmjs.com/package/%40lokalise%2Fpackage-vite-config
• 2: https://github.com/lokalise/npm-package-template/blob/main/vite.config.ts
• 3: https://vitest.dev/guide/migration.html
• 4: https://v3.vitest.dev/config/
• 5: https://registry.npmjs.org/%40lokalise%2Ftsconfig
• 6: https://vitest.dev/blog/vitest-4.html
• 7: https://vitest.dev/config/
• 8: https://github.com/lokalise/npm-package-template
• 9: https://github.com/lokalise/shared-ts-libs

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== 1) Check Vite version in this repository's lockfile =="
rg -n '"vite"' package-lock.json | grep -E '^\s*[0-9]+:\s+"vite"' | head -5

echo
echo "== 2) Show root vite dependency =="
sed -n '/"vite": {/,/^        },$/p' package-lock.json | head -20

echo
echo "== 3) Check npm registry for `@lokalise/package-vite-config` versions =="
# Use jq if available, otherwise parse manually
curl -s 'https://registry.npmjs.org/@lokalise/package-vite-config' | python3 -c "import sys, json; data = json.load(sys.stdin); versions = list(data.get('versions', {}).keys()); print('\\n'.join(sorted(versions, key=lambda x: tuple(map(int, x.split('.')))) if all(c.isdigit() or c == '.' for v in versions for c in v) else sorted(versions)[-10:]))" 2>/dev/null || echo "Could not fetch npm registry"

Repository: lokalise/npm-package-template

Length of output: 804

---

🌐 Web query:

vitest 4.1.2 vite peer dependency requirement

💡 Result:

Vitest 4.1.2 does not appear to exist as of 2026-03-26. The latest version is 4.1.1 (published March 23, 2026). For Vitest 4.1.x series (including 4.1.0 and 4.1.1), the Vite peer dependency requirement is ^6.0.0 || ^7.0.0 || ^8.0.0. Vite is listed as both a regular dependency and a peer dependency in the package.json. Projects using Vitest must have a compatible Vite version installed, as Vitest relies on it for its module resolution and transformation capabilities.

Citations:

• 1: https://www.npmjs.com/package/vitest
• 2: https://registry.npmjs.org/vitest
• 3: https://npmx.dev/package/vitest/v/4.1.0
• 4: https://www.npmjs.com/package/vitest?activeTab=dependencies
• 5: @vitest/mocker 4.1.0: vite declared as optional peer dependency but imported unconditionally in dist/node.js vitest-dev/vitest#9915

---

Vitest v4 upgrade blocked by incompatible Vite version; vitest@^4.1.2 does not exist.

Line 44 declares vitest@^4.1.2, but this version does not exist in npm (latest is 4.1.1). More critically, vitest 4.1.x requires vite@^6.0.0 || ^7.0.0 || ^8.0.0, but this repo is locked to vite@^5.4.11. This will cause installation and build failures.

To proceed with the vitest v4 upgrade:

• Update vite to ^6.0.0 (or newer)
• Correct vitest to ^4.1.1 (or appropriate 4.x version)
• Verify @lokalise/package-vite-config is updated to v4.x or v5.x for Vite v6 compatibility

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 44, package.json currently specifies an
invalid/nonexistent vitest version and a Vite version incompatible with Vitest
v4; update the dependency entries so vitest is set to a valid v4 release (e.g.,
"vitest": "^4.1.1"), bump vite to a compatible major (e.g., "vite": "^6.0.0" or
later), and ensure related Vite config packages like
`@lokalise/package-vite-config` are upgraded to a v4/v5 release that supports Vite
v6+; then run install and verify tests/builds to confirm compatibility.

[dependabot]

Superseded by #647.