Skip to content

chore(deps-dev): bump vitest from 3.2.4 to 4.1.0#4164

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/vitest-4.1.0
Open

chore(deps-dev): bump vitest from 3.2.4 to 4.1.0#4164
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/vitest-4.1.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026
edited by cursor Bot
Loading

Bumps vitest from 3.2.4 to 4.1.0.

Release notes

Sourced from vitest's releases.

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

   🚀 Features

... (truncated)

Commits
  • 4150b91 chore: release v4.1.0
  • 1de0aa2 fix: correctly identify concurrent test during static analysis (#9846)
  • c3cac1c fix: use isAgent check, not just TTY, for watch mode (#9841)
  • eab68ba chore(deps): update all non-major dependencies (#9824)
  • 031f02a fix: allow catch/finally for async assertion (#9827)
  • 3e9e096 feat(reporters): add agent reporter to reduce ai agent token usage (#9779)
  • 0c2c013 chore: release v4.1.0-beta.6
  • 8181e06 fix: hideSkippedTests should not hide test.todo (fix #9562) (#9781)
  • a8216b0 fix: manual and redirect mock shouldn't load or transform original module...
  • 689a22a fix(browser): types of getCDPSession and cdp() (#9716)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.


Note

Medium Risk
Major-version test runner upgrade can break existing vitest configs, mocks, or assertions; Vitest 4 also tightens Node engine requirements compared to 3.x.

Overview
Bumps vitest from 3.2.4 to 4.1.0 in @crowd/packages-worker and @crowd/data-access-layer, with the matching pnpm-lock.yaml refresh.

Vitest 4 pulls in a new test stack (e.g. chai 6, updated @vitest/* packages, obug, es-module-lexer 2.x) and drops several 3.x-only pieces such as vite-node, tinypool, and the old chai helper chain. The lockfile also bumps transitive rollup / postcss versions tied to the existing vite 5.4 resolution. No application or test source files change—only dev dependency versions and lockfile entries.

Note for CI/local: Vitest 4’s declared Node range is ^20 || ^22 || >=24; environments still on Node 18 may need an upgrade before pnpm test in those workspaces passes reliably.

Reviewed by Cursor Bugbot for commit 5afea76. Bugbot is set up for automated code reviews on this repo. Configure here.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 3, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 3, 2026

⚠️ Jira Issue Key Missing

Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability.

Example:

  • feat: add user authentication (CM-123)
  • feat: add user authentication (IN-123)

Projects:

  • CM: Community Data Platform
  • IN: Insights

Please add a Jira issue key to your PR title.

@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Jun 3, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

cursor[bot]
cursor Bot reviewed Jun 3, 2026
View reviewed changes
Comment thread services/libs/data-access-layer/package.json
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vitest-4.1.0 branch 2 times, most recently from 6be954c to 286ce7b Compare June 5, 2026 12:30
cursor[bot]
cursor Bot reviewed Jun 5, 2026
View reviewed changes
Comment thread pnpm-lock.yaml
specifier: ^3.2.4
version: 3.2.4(@types/debug@4.1.12)(@types/node@20.12.7)(terser@5.43.1)
specifier: ^4.1.0
version: 4.1.0(@types/node@20.12.7)(vite@5.4.21(@types/node@20.12.7)(terser@5.43.1))
Copy link
Copy Markdown

@cursor cursor Bot Jun 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Vitest four needs Vite six

Medium Severity

The bump to vitest ^4.1.0 leaves the lockfile resolving vitest@4.1.0 against vite@5.4.21, while Vitest 4 declares a required vite peer of ^6.0.0 and up. Official Vitest 4 migration treats Vite 5 as unsupported, so pnpm test may fail or behave unpredictably until Vite is upgraded alongside Vitest.

Additional Locations (2)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 286ce7b. Configure here.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vitest-4.1.0 branch from 286ce7b to e7c2801 Compare June 5, 2026 13:21
cursor[bot]
cursor Bot reviewed Jun 5, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 3 total unresolved issues (including 2 from previous reviews).

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit e7c2801. Configure here.

Comment thread pnpm-lock.yaml
needle@https://codeload.github.com/clearbit/needle/tar.gz/84d28b5f2c3916db1e7eb84aeaa9d976cc40054b:
resolution: {tarball: https://codeload.github.com/clearbit/needle/tar.gz/84d28b5f2c3916db1e7eb84aeaa9d976cc40054b}
needle@git+https://git@github.com:clearbit/needle.git#84d28b5f2c3916db1e7eb84aeaa9d976cc40054b:
resolution: {commit: 84d28b5f2c3916db1e7eb84aeaa9d976cc40054b, repo: git@github.com:clearbit/needle.git, type: git}
Copy link
Copy Markdown

@cursor cursor Bot Jun 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Git needle breaks Docker install

High Severity

The lockfile refresh changes clearbit’s needle dependency from an HTTPS tarball to a git-hosted resolution. Backend images run pnpm i --frozen-lockfile on Node Alpine without the git package, so installs that must clone this dependency can fail where the previous tarball lockfile did not need git.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit e7c2801. Configure here.

@dependabot
chore(deps-dev): bump vitest from 3.2.4 to 4.1.0
5afea76 
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 3.2.4 to 4.1.0.
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest)

---
updated-dependencies:
- dependency-name: vitest
  dependency-version: 4.1.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vitest-4.1.0 branch from e7c2801 to 5afea76 Compare June 8, 2026 08:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CLAassistant