Skip to content

chore(deps): update vitest monorepo to v4.1.10#200

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/vitest-monorepo
Open

chore(deps): update vitest monorepo to v4.1.10#200
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/vitest-monorepo

Conversation

@renovate

@renovate renovate Bot commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@vitest/coverage-v8 (source) 4.1.74.1.10 age confidence
vitest (source) 4.1.74.1.10 age confidence

Release Notes

vitest-dev/vitest (@​vitest/coverage-v8)

v4.1.10

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v4.1.9

Compare Source

🐞 Bug Fixes
  • Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in #​10546 (a5180)
  • browser:
    • Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in #​10555 (7fb29)
    • Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in #​10497 and #​10556 (fbc62)
  • mocker:
    • Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in #​10548 (2c955)
  • pool:
    • Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in #​10543 and #​10564 (934b0)
View changes on GitHub

v4.1.8

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@socket-security

socket-security Bot commented Jun 2, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedvitest@​4.1.10981007999100
Added@​vitest/​coverage-v8@​4.1.10991007999100

View full report

@renovate renovate Bot force-pushed the renovate/vitest-monorepo branch from a290209 to 4b5ca32 Compare June 2, 2026 18:18
@renovate renovate Bot force-pushed the renovate/vitest-monorepo branch 2 times, most recently from 858f0a9 to c1f4f81 Compare June 16, 2026 11:00
@renovate renovate Bot changed the title chore(deps): update vitest monorepo to v4.1.8 chore(deps): update vitest monorepo to v4.1.9 Jun 16, 2026
@renovate renovate Bot force-pushed the renovate/vitest-monorepo branch from c1f4f81 to f4963cf Compare July 7, 2026 08:14
@renovate renovate Bot changed the title chore(deps): update vitest monorepo to v4.1.9 chore(deps): update vitest monorepo to v4.1.10 Jul 7, 2026
@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/vitest@4.1.10npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants