Bump the npm group with 13 updates #2082

dependabot · 2025-11-24T01:25:20Z

Bumps the npm group with 13 updates:

Package	From	To
@vitest/coverage-v8	`4.0.10`	`4.0.12`
eslint-plugin-jest	`29.1.0`	`29.2.0`
vite	`7.2.2`	`7.2.4`
vitest	`4.0.10`	`4.0.12`
@vitest/expect	`4.0.10`	`4.0.12`
@vitest/mocker	`4.0.10`	`4.0.12`
@vitest/pretty-format	`4.0.10`	`4.0.12`
@vitest/runner	`4.0.10`	`4.0.12`
@vitest/snapshot	`4.0.10`	`4.0.12`
@vitest/spy	`4.0.10`	`4.0.12`
@vitest/utils	`4.0.10`	`4.0.12`
baseline-browser-mapping	`2.8.29`	`2.8.30`
electron-to-chromium	`1.5.256`	`1.5.259`

Updates @vitest/coverage-v8 from 4.0.10 to 4.0.12

Release notes

Sourced from @vitest/coverage-v8's releases.

Commits

5aa84d5 chore: release v4.0.12
c3befb0 chore: release v4.0.11
See full diff in compare view

Updates eslint-plugin-jest from 29.1.0 to 29.2.0

Release notes

Sourced from eslint-plugin-jest's releases.

Changelog

Sourced from eslint-plugin-jest's changelog.

Commits

730c3ee chore(release): 29.2.0 [skip ci]
a8625f1 feat: create new valid-mock-module-path rule (#1845)
59927d9 ci: don't update uses-with in actions (#1856)
589917a chore(deps): update actions/checkout action to v5.0.1 (#1854)
19dc911 chore(deps): lock file maintenance (#1853)
See full diff in compare view

Updates vite from 7.2.2 to 7.2.4

Release notes

Sourced from vite's releases.

Changelog

Sourced from vite's changelog.

Commits

24a611f release: v7.2.4
2d66b7b fix: revert "perf(deps): replace debug with obug (#21107)"
a668014 release: v7.2.3
acfe939 perf(deps): replace debug with obug (#21107)
4f8171e fix(deps): update all non-major dependencies (#21128)
5029720 chore(deps): update rolldown-related dependencies (#21127)
5909efd fix: allow multiple bindCLIShortcuts calls with shortcut merging (#21103)
39a0a15 chore(deps): update rolldown-related dependencies (#21095)
6a34ac3 fix(deps): update all non-major dependencies (#21096)
02ceaec chore(deps): update dependency @rollup/plugin-commonjs to v29 (#21099)
See full diff in compare view

Updates vitest from 4.0.10 to 4.0.12

Release notes

Sourced from vitest's releases.

Commits

5aa84d5 chore: release v4.0.12
e944a37 fix: don't import from @opentelemetry/api in public types (#9066)
9a8bc78 fix: inherit fsModuleCachePath by default (#9063)
c3befb0 chore: release v4.0.11
1b14737 perf(experimental): add file system cache (#9026)
4f58c77 chore: Fix typo in BrowserServerFactory options parameter (#9049)
67a39f5 chore: fix indentation for browser instances config (#9052)
4bdcb11 docs: fix browser provider redirect (#9051)
7729236 feat(api): add extensible test artifact API (#8987)
afd1f3e feat(expect): provide task in MatchState (#9022)
Additional commits viewable in compare view

Updates @vitest/expect from 4.0.10 to 4.0.12

Release notes

Sourced from @vitest/expect's releases.

Commits

5aa84d5 chore: release v4.0.12
c3befb0 chore: release v4.0.11
afd1f3e feat(expect): provide task in MatchState (#9022)
See full diff in compare view

Updates @vitest/mocker from 4.0.10 to 4.0.12

Release notes

Sourced from @vitest/mocker's releases.

Commits

5aa84d5 chore: release v4.0.12
c3befb0 chore: release v4.0.11
See full diff in compare view

Updates @vitest/pretty-format from 4.0.10 to 4.0.12

Release notes

Sourced from @vitest/pretty-format's releases.

Commits

5aa84d5 chore: release v4.0.12
c3befb0 chore: release v4.0.11
See full diff in compare view

Updates @vitest/runner from 4.0.10 to 4.0.12

Release notes

Sourced from @vitest/runner's releases.

Commits

5aa84d5 chore: release v4.0.12
c3befb0 chore: release v4.0.11
49329f1 build: fix import (#9061)
7729236 feat(api): add extensible test artifact API (#8987)
d6d3359 feat(experimental): support OpenTelemetry traces (#8994)
See full diff in compare view

Updates @vitest/snapshot from 4.0.10 to 4.0.12

Release notes

Sourced from @vitest/snapshot's releases.

Commits

5aa84d5 chore: release v4.0.12
c3befb0 chore: release v4.0.11
See full diff in compare view

Updates @vitest/spy from 4.0.10 to 4.0.12

Release notes

Sourced from @vitest/spy's releases.

Commits

5aa84d5 chore: release v4.0.12
c3befb0 chore: release v4.0.11
See full diff in compare view

Updates @vitest/utils from 4.0.10 to 4.0.12

Release notes

Sourced from @vitest/utils's releases.

Commits

5aa84d5 chore: release v4.0.12
c3befb0 chore: release v4.0.11
See full diff in compare view

Updates baseline-browser-mapping from 2.8.29 to 2.8.30

Commits

591282f Patch to 2.8.30 because browser or feature data changed
e4705eb Browser or feature data changed
7dfeedc Updating static site
See full diff in compare view

Updates electron-to-chromium from 1.5.256 to 1.5.259

Commits

e1a3230 1.5.259
9e3b3cc generate new version
b5eafc4 1.5.258
de1043e generate new version
e2a119d 1.5.257
f72db6f generate new version
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the npm group with 13 updates: | Package | From | To | | --- | --- | --- | | [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.0.10` | `4.0.12` | | [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) | `29.1.0` | `29.2.0` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.2.2` | `7.2.4` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.0.10` | `4.0.12` | | [@vitest/expect](https://github.com/vitest-dev/vitest/tree/HEAD/packages/expect) | `4.0.10` | `4.0.12` | | [@vitest/mocker](https://github.com/vitest-dev/vitest/tree/HEAD/packages/mocker) | `4.0.10` | `4.0.12` | | [@vitest/pretty-format](https://github.com/vitest-dev/vitest/tree/HEAD/packages/pretty-format) | `4.0.10` | `4.0.12` | | [@vitest/runner](https://github.com/vitest-dev/vitest/tree/HEAD/packages/runner) | `4.0.10` | `4.0.12` | | [@vitest/snapshot](https://github.com/vitest-dev/vitest/tree/HEAD/packages/snapshot) | `4.0.10` | `4.0.12` | | [@vitest/spy](https://github.com/vitest-dev/vitest/tree/HEAD/packages/spy) | `4.0.10` | `4.0.12` | | [@vitest/utils](https://github.com/vitest-dev/vitest/tree/HEAD/packages/utils) | `4.0.10` | `4.0.12` | | [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.8.29` | `2.8.30` | | [electron-to-chromium](https://github.com/kilian/electron-to-chromium) | `1.5.256` | `1.5.259` | Updates `@vitest/coverage-v8` from 4.0.10 to 4.0.12 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.12/packages/coverage-v8) Updates `eslint-plugin-jest` from 29.1.0 to 29.2.0 - [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases) - [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md) - [Commits](jest-community/eslint-plugin-jest@v29.1.0...v29.2.0) Updates `vite` from 7.2.2 to 7.2.4 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.2.4/packages/vite) Updates `vitest` from 4.0.10 to 4.0.12 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.12/packages/vitest) Updates `@vitest/expect` from 4.0.10 to 4.0.12 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.12/packages/expect) Updates `@vitest/mocker` from 4.0.10 to 4.0.12 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.12/packages/mocker) Updates `@vitest/pretty-format` from 4.0.10 to 4.0.12 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.12/packages/pretty-format) Updates `@vitest/runner` from 4.0.10 to 4.0.12 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.12/packages/runner) Updates `@vitest/snapshot` from 4.0.10 to 4.0.12 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.12/packages/snapshot) Updates `@vitest/spy` from 4.0.10 to 4.0.12 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.12/packages/spy) Updates `@vitest/utils` from 4.0.10 to 4.0.12 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.12/packages/utils) Updates `baseline-browser-mapping` from 2.8.29 to 2.8.30 - [Release notes](https://github.com/web-platform-dx/baseline-browser-mapping/releases) - [Commits](web-platform-dx/baseline-browser-mapping@v2.8.29...v2.8.30) Updates `electron-to-chromium` from 1.5.256 to 1.5.259 - [Changelog](https://github.com/Kilian/electron-to-chromium/blob/master/CHANGELOG.md) - [Commits](Kilian/electron-to-chromium@v1.5.256...v1.5.259) --- updated-dependencies: - dependency-name: "@vitest/coverage-v8" dependency-version: 4.0.12 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: eslint-plugin-jest dependency-version: 29.2.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: vite dependency-version: 7.2.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: vitest dependency-version: 4.0.12 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@vitest/expect" dependency-version: 4.0.12 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@vitest/mocker" dependency-version: 4.0.12 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@vitest/pretty-format" dependency-version: 4.0.12 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@vitest/runner" dependency-version: 4.0.12 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@vitest/snapshot" dependency-version: 4.0.12 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@vitest/spy" dependency-version: 4.0.12 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@vitest/utils" dependency-version: 4.0.12 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: baseline-browser-mapping dependency-version: 2.8.30 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: electron-to-chromium dependency-version: 1.5.259 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2025-11-24T01:25:31Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@vitest/coverage-v8

4.0.12

Unknown

npm/@vitest/expect

4.0.12

Unknown

npm/@vitest/mocker

4.0.12

Unknown

npm/@vitest/pretty-format

4.0.12

Unknown

npm/@vitest/runner

4.0.12

Unknown

npm/@vitest/snapshot

4.0.12

Unknown

npm/@vitest/spy

4.0.12

Unknown

npm/@vitest/utils

4.0.12

Unknown

npm/baseline-browser-mapping

2.8.30

Unknown

npm/electron-to-chromium

1.5.259

Unknown

npm/eslint-plugin-jest

29.2.0

🟢 5.3

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 1	Found 3/17 approved changesets -- score normalized to 1
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities	🟢 8	2 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/vite

7.2.4

🟢 6.9

Details

Check	Score	Reason
Code-Review	🟢 6	Found 16/24 approved changesets -- score normalized to 6
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 6	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
Vulnerabilities	🟢 8	2 existing vulnerabilities detected
SAST	🟢 3	SAST tool is not run on all commits -- score normalized to 3

npm/vitest

4.0.12

Unknown

Scanned Files

pnpm-lock.yaml

dependabot bot assigned poad Nov 24, 2025

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 24, 2025

github-actions bot approved these changes Nov 24, 2025

View reviewed changes

github-actions bot enabled auto-merge (squash) November 24, 2025 01:25

github-actions bot merged commit d0677dd into main Nov 24, 2025
5 checks passed

github-actions bot deleted the dependabot/npm_and_yarn/npm-8e96c81641 branch November 24, 2025 01:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm group with 13 updates #2082

Bump the npm group with 13 updates #2082

Uh oh!

dependabot bot commented on behalf of github Nov 24, 2025

Uh oh!

github-actions bot commented Nov 24, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Bump the npm group with 13 updates #2082

Bump the npm group with 13 updates #2082

Uh oh!

Conversation

dependabot bot commented on behalf of github Nov 24, 2025

v4.0.12

🐞 Bug Fixes

v4.0.11

🚀 Experimental Features

🏎 Performance

v29.2.0

29.2.0 (2025-11-20)

Features

29.2.0 (2025-11-20)

Features

v7.2.4

v7.2.3

7.2.4 (2025-11-20)

Bug Fixes

7.2.3 (2025-11-20)

Bug Fixes

Performance Improvements

Miscellaneous Chores

v4.0.12

🐞 Bug Fixes

v4.0.11

🚀 Experimental Features

🏎 Performance

v4.0.12

🐞 Bug Fixes

v4.0.11

🚀 Experimental Features

🏎 Performance

v4.0.12

🐞 Bug Fixes

v4.0.11

🚀 Experimental Features

🏎 Performance

v4.0.12

🐞 Bug Fixes

v4.0.11

🚀 Experimental Features

🏎 Performance

v4.0.12

🐞 Bug Fixes

v4.0.11

🚀 Experimental Features

🏎 Performance

v4.0.12

🐞 Bug Fixes

v4.0.11

🚀 Experimental Features

🏎 Performance

v4.0.12

🐞 Bug Fixes

v4.0.11

🚀 Experimental Features

🏎 Performance

v4.0.12

🐞 Bug Fixes

v4.0.11

🚀 Experimental Features

🏎 Performance

Uh oh!

github-actions bot commented Nov 24, 2025

Dependency Review

OpenSSF Scorecard

Scanned Files

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants