Skip to content

chore(deps-dev): bump @vitest/coverage-v8 from 4.0.16 to 4.1.0#60

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/vitest/coverage-v8-4.1.0
Open

chore(deps-dev): bump @vitest/coverage-v8 from 4.0.16 to 4.1.0#60
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/vitest/coverage-v8-4.1.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 18, 2026

Bumps @vitest/coverage-v8 from 4.0.16 to 4.1.0.

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

   🚀 Features

... (truncated)

Commits
  • 4150b91 chore: release v4.1.0
  • 0c2c013 chore: release v4.1.0-beta.6
  • 689a22a fix(browser): types of getCDPSession and cdp() (#9716)
  • 94eb73b chore(deps): update eslint packages (#9615)
  • 8c96bb0 refator: update links to npmx (#9783)
  • aaf7758 chore: standardize packages README (#9776)
  • 57cbe39 chore(deps): update ast-v8-to-istanbul to v1 (#9755)
  • 79672d7 chore: release v4.1.0-beta.5
  • 1d9e3b3 chore: release v4.1.0-beta.4
  • 4ff8c6f chore(build): raise build target to the minimum supported, don't bundle utils...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps-dev): bump @vitest/coverage-v8 from 4.0.16 to 4.1.0
3dea1a6 
Bumps [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) from 4.0.16 to 4.1.0.
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/coverage-v8)

---
updated-dependencies:
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the 📦 Dependencies Pull requests that update a dependency file label Mar 18, 2026
@dependabot dependabot bot requested a review from Proskynete as a code owner March 18, 2026 07:08
@dependabot dependabot bot added the 📦 Dependencies Pull requests that update a dependency file label Mar 18, 2026
@dependabot dependabot bot mentioned this pull request Mar 18, 2026
Closed
@github-actions github-actions bot added the 🤩 size/xs Extra small PR (0-10 lines) label Mar 18, 2026
@github-actions
Copy link

github-actions bot commented Mar 18, 2026

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.
  • ⚠️ 1 packages with OpenSSF Scorecard issues.
See the Details below.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@babel/parser 7.29.2 🟢 7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 26/29 approved changesets -- score normalized to 8
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 2badge detected: InProgress
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
npm/@babel/types 7.29.0 🟢 7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 26/29 approved changesets -- score normalized to 8
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 2badge detected: InProgress
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
npm/@napi-rs/wasm-runtime 1.1.1 🟢 5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 1/12 approved changesets -- score normalized to 0
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
License🟢 9license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@oxc-project/runtime 0.115.0 UnknownUnknown
npm/@oxc-project/types 0.115.0 UnknownUnknown
npm/@rolldown/binding-android-arm64 1.0.0-rc.9 UnknownUnknown
npm/@rolldown/binding-darwin-arm64 1.0.0-rc.9 UnknownUnknown
npm/@rolldown/binding-darwin-x64 1.0.0-rc.9 UnknownUnknown
npm/@rolldown/binding-freebsd-x64 1.0.0-rc.9 UnknownUnknown
npm/@rolldown/binding-linux-arm-gnueabihf 1.0.0-rc.9 UnknownUnknown
npm/@rolldown/binding-linux-arm64-gnu 1.0.0-rc.9 UnknownUnknown
npm/@rolldown/binding-linux-arm64-musl 1.0.0-rc.9 UnknownUnknown
npm/@rolldown/binding-linux-ppc64-gnu 1.0.0-rc.9 UnknownUnknown
npm/@rolldown/binding-linux-s390x-gnu 1.0.0-rc.9 UnknownUnknown
npm/@rolldown/binding-linux-x64-gnu 1.0.0-rc.9 UnknownUnknown
npm/@rolldown/binding-linux-x64-musl 1.0.0-rc.9 UnknownUnknown
npm/@rolldown/binding-openharmony-arm64 1.0.0-rc.9 UnknownUnknown
npm/@rolldown/binding-wasm32-wasi 1.0.0-rc.9 UnknownUnknown
npm/@rolldown/binding-win32-arm64-msvc 1.0.0-rc.9 UnknownUnknown
npm/@rolldown/binding-win32-x64-msvc 1.0.0-rc.9 UnknownUnknown
npm/@rolldown/pluginutils 1.0.0-rc.9 UnknownUnknown
npm/@vitest/coverage-v8 4.1.0 UnknownUnknown
npm/@vitest/expect 4.1.0 UnknownUnknown
npm/@vitest/mocker 4.1.0 UnknownUnknown
npm/@vitest/pretty-format 4.1.0 UnknownUnknown
npm/@vitest/runner 4.1.0 UnknownUnknown
npm/@vitest/snapshot 4.1.0 UnknownUnknown
npm/@vitest/spy 4.1.0 UnknownUnknown
npm/@vitest/ui 4.1.0 UnknownUnknown
npm/@vitest/utils 4.1.0 UnknownUnknown
npm/ast-v8-to-istanbul 1.0.0 UnknownUnknown
npm/convert-source-map 2.0.0 🟢 3.9
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 4Found 12/30 approved changesets -- score normalized to 4
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/es-module-lexer 2.0.0 🟢 3
Details
CheckScoreReason
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 3Found 9/30 approved changesets -- score normalized to 3
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 9binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/flatted 3.4.0 🟢 4.3
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/14 approved changesets -- score normalized to 0
Maintained🟢 1024 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 4security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
npm/js-tokens 10.0.0 ⚠️ 2.9
Details
CheckScoreReason
Code-Review⚠️ 0Found 2/23 approved changesets -- score normalized to 0
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/lightningcss 1.32.0 UnknownUnknown
npm/lightningcss-android-arm64 1.32.0 UnknownUnknown
npm/lightningcss-darwin-arm64 1.32.0 UnknownUnknown
npm/lightningcss-darwin-x64 1.32.0 UnknownUnknown
npm/lightningcss-freebsd-x64 1.32.0 UnknownUnknown
npm/lightningcss-linux-arm-gnueabihf 1.32.0 UnknownUnknown
npm/lightningcss-linux-arm64-gnu 1.32.0 UnknownUnknown
npm/lightningcss-linux-arm64-musl 1.32.0 UnknownUnknown
npm/lightningcss-linux-x64-gnu 1.32.0 UnknownUnknown
npm/lightningcss-linux-x64-musl 1.32.0 UnknownUnknown
npm/lightningcss-win32-arm64-msvc 1.32.0 UnknownUnknown
npm/lightningcss-win32-x64-msvc 1.32.0 UnknownUnknown
npm/magicast 0.5.2 UnknownUnknown
npm/postcss 8.5.8 🟢 4.6
Details
CheckScoreReason
Maintained🟢 99 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 9
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 2Found 7/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/rolldown 1.0.0-rc.9 UnknownUnknown
npm/std-env 4.0.0 UnknownUnknown
npm/vite 8.0.0 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 12/29 approved changesets -- score normalized to 4
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 5detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 5binaries present in source code
License🟢 10license file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
SAST🟢 4SAST tool is not run on all commits -- score normalized to 4
npm/vitest 4.1.0 UnknownUnknown

Scanned Files

  • package-lock.json

@github-actions
Copy link

github-actions bot commented Mar 18, 2026

🐳 Docker Image Size Comparison

Branch Size
Base (main) 396MB
PR (dependabot/npm_and_yarn/vitest/coverage-v8-4.1.0) 396MB

💡 Tip: Keep image size small using multi-stage builds and .dockerignore

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Proskynete Proskynete Awaiting requested review from Proskynete Proskynete is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

📦 Dependencies Pull requests that update a dependency file 🤩 size/xs Extra small PR (0-10 lines)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants