Skip to content

chore(deps-dev): bump vitest from 3.2.4 to 4.0.2 #248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

chore(deps-dev): bump vitest from 3.2.4 to 4.0.2 #248

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 24, 2025

Bumps vitest from 3.2.4 to 4.0.2.

Release notes

Sourced from vitest's releases.

v4.0.2

   🐞 Bug Fixes

    View changes on GitHub

v4.0.1

   🐞 Bug Fixes

    View changes on GitHub

v4.0.0

Vitest 4.0 is out!

To stay updated, read our blog post and check the migration guide.

   🚨 Breaking Changes

... (truncated)

Commits
  • 07bc56a chore: release v4.0.2
  • 2eedbce fix(spy): reset spies if both restoreMocks and mockReset is set in the co...
  • 26ce88d fix(pool): assign envs before running tests to keep in sync with process.env ...
  • 4a28faa chore: release v4.0.1
  • 3fae73e fix(pool): don't teardown the communication channel too soon if something is ...
  • 8100063 fix: move the getBuiltins check (#8765)
  • da7ce17 chore: release v4.0.0
  • 8e15bc8 perf: create only one fetcher per project (#8762)
  • 9f0eccc fix: base option doesn't crash vitest (#8760)
  • d3ef4f2 perf(pool): resolve all environments first (#8759)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vitest since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps-dev): bump vitest from 3.2.4 to 4.0.2
86a5339 
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 3.2.4 to 4.0.2.
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.2/packages/vitest)

---
updated-dependencies:
- dependency-name: vitest
  dependency-version: 4.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 24, 2025
@dependabot dependabot bot requested a review from a team as a code owner October 24, 2025 12:13
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 24, 2025
@dependabot dependabot bot mentioned this pull request Oct 24, 2025
Closed
@coderabbitai
Copy link

coderabbitai bot commented Oct 24, 2025

📝 Walkthrough

Summary by CodeRabbit

  • Chores
    • Updated development dependencies to latest versions for improved stability and compatibility.

Note: This release contains no user-facing changes.

Walkthrough

A development dependency version update in package.json upgrades vitest from ^3.2.4 to ^4.0.2. No other dependencies, configuration settings, or public APIs are modified.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

This is a straightforward dependency version update affecting only one field in the manifest file. The change is mechanical and non-breaking to the codebase structure or public exports, requiring minimal verification beyond confirming the version bump is intentional and compatible with the project's test infrastructure.

Pre-merge checks

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Title Check ✅ Passed The PR title "chore(deps-dev): bump vitest from 3.2.4 to 4.0.2" directly and clearly summarizes the main change in the pull request, which is updating the vitest dev dependency from version 3.2.4 to 4.0.2 as confirmed by the raw_summary. The title uses the conventional commit format and is specific and concise, avoiding vague terminology. It accurately reflects what the changeset accomplishes.
Description Check ✅ Passed The PR description, which is auto-generated by Dependabot, is directly related to the changeset. It clearly states the dependency bump from vitest 3.2.4 to 4.0.2 and provides comprehensive release notes including details about breaking changes, bug fixes, and maintenance information from the upstream vitest releases. The description is informative and relevant, containing detailed information about what changed in the upgraded version.

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Oct 24, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between dba9bd4 and 86a5339.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (1)
  • package.json (1 hunks)

package.json
"typescript": "^5.9.3",
"vite": "^6.3.5",
"vitest": "^3.2.4"
"vitest": "^4.0.2"
Copy link

@coderabbitai coderabbitai bot Oct 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify test suite compatibility with vitest v4.0.2.

This is a major version bump with breaking changes (reporter changes, spy rewrite, pool rewrite). Although Vite 6.x is compatible, the breaking changes may require adjustments to your test setup or code.

Please verify that the test suite passes with vitest 4.0.2 by running:

If tests fail, check the vitest migration guide for v4 breaking changes, particularly around:

  • Custom reporters (if used)
  • Spy/mock APIs
  • Pool configuration

🏁 Script executed:

#!/bin/bash
# Run the test suite to confirm compatibility with vitest 4.0.2
npm test

Length of output: 124

🏁 Script executed:

#!/bin/bash
# Find test files in the codebase
echo "=== Searching for test files ==="
fd -e '\.test\.(ts|js|tsx|jsx)$' -o -e '\.spec\.(ts|js|tsx|jsx)$' -o -name '__tests__' -type d

Length of output: 149

🏁 Script executed:

#!/bin/bash
# Find vitest and vite config files
echo "=== Searching for vitest/vite config files ==="
fd -e 'vitest.config.*' -o -e 'vite.config.*'

Length of output: 163

🏁 Script executed:

#!/bin/bash
# Search for spy, mock, vi.* usage patterns in test files
echo "=== Searching for spy/mock patterns ==="
rg -n '\b(spy|mock|vi\.)' --type=ts --type=js -C2 | head -100

Length of output: 39

🏁 Script executed:

#!/bin/bash
# Check for custom reporter configuration
echo "=== Searching for reporter configuration ==="
rg -n -i 'reporter' package.json vitest.config.* vite.config.* 2>/dev/null || true

Length of output: 44

🏁 Script executed:

#!/bin/bash
# Display package.json devDependencies to understand testing setup
echo "=== Relevant dependencies from package.json ==="
rg -A 20 '"devDependencies"' package.json

Length of output: 436

🏁 Script executed:

#!/bin/bash
# Broader search for test files without fd extension issues
echo "=== Searching for test files with rg ==="
rg -l '\.(test|spec)\.(ts|js|tsx|jsx)$' --type-list | head -20

Length of output: 430

🏁 Script executed:

#!/bin/bash
# Check for any test-related files in src directory
echo "=== Looking in src directory ==="
find src -type f \( -name '*.test.*' -o -name '*.spec.*' \) 2>/dev/null | head -20

Length of output: 66

🏁 Script executed:

#!/bin/bash
# Look for test directories
echo "=== Searching for test directories ==="
find . -maxdepth 3 -type d \( -name '__tests__' -o -name 'tests' -o -name 'test' \) 2>/dev/null

Length of output: 38

🏁 Script executed:

#!/bin/bash
# Check package-lock or yarn.lock for @lokalise/package-vite-config details
echo "=== Checking shared config dependency details ==="
rg -A 5 '@lokalise/package-vite-config' --type=json | head -30

Length of output: 1303

🏁 Script executed:

#!/bin/bash
# Check if there's a src directory and its structure
echo "=== Source directory structure ==="
ls -la src/ 2>/dev/null || echo "No src directory found"

Length of output: 362

🏁 Script executed:

#!/bin/bash
# Display the test file to check for vitest API usage
echo "=== Test file content ==="
cat src/frontegg-oauth-client.test.ts

Length of output: 10615

🏁 Script executed:

#!/bin/bash
# Check the actual vitest version in @lokalise/package-vite-config dependencies
echo "=== Checking shared config's vitest dependency ==="
rg -A 20 '"@lokalise/package-vite-config": {' package-lock.json | grep -A 20 'node_modules/@lokalise/package-vite-config'

Length of output: 182

🏁 Script executed:

#!/bin/bash
# Search for specific vitest 4.0.0 breaking changes in test file
echo "=== Searching for potential breaking changes: spies, deprecated patterns ==="
rg '\b(vi\.spyOn|spyOn|vi\.mock|mock\(|vi\.resetAllMocks|resetAllMocks|vi\.clearAllMocks)\b' src/frontegg-oauth-client.test.ts -n

Length of output: 76

🏁 Script executed:

#!/bin/bash
# Look up vitest 4.0.2 release notes for actual breaking changes
echo "=== Searching for breaking change patterns in test file ==="
cat src/frontegg-oauth-client.test.ts | grep -i "deprecated\|breaking\|changed" || echo "No deprecated patterns found"

Length of output: 88

🏁 Script executed:

#!/bin/bash
# Check what @lokalise/package-vite-config exports
echo "=== Checking if package-lock has details on shared config content ==="
rg -A 50 'node_modules/@lokalise/package-vite-config' package-lock.json | head -60

Length of output: 2438

🌐 Web query:

@lokalise/package-vite-config vitest 4 support

💡 Result:

I couldn't find any explicit mention that @lokalise/package-vite-config adds or targets Vitest 4 support in its public package info (latest published version 4.0.0). The package README on npm doesn't call out Vitest 4 compatibility. [1]

Note: Vitest 4 changed the way config types are referenced (migrating from "vitest" to "vitest/config"), so projects or shared configs must update accordingly — see Vitest's config docs. [2]

If you want, I can:

  • open the package source in the shared-ts-libs repo and check its vite/test config files for Vitest-specific code, or
  • open an issue/PR template text you can use to ask the maintainers.

Sources:
[1] @lokalise/package-vite-config package info (npm).
[2] Vitest — Configuring Vitest (Vitest docs).

🏁 Script executed:

#!/bin/bash
# Search npm for all versions of @lokalise/package-vite-config
echo "=== Checking npm for available versions ==="
npm view @lokalise/package-vite-config versions --json 2>/dev/null | tail -50

Length of output: 145

🏁 Script executed:

#!/bin/bash
# Check latest version of @lokalise/package-vite-config
echo "=== Latest version info ==="
npm view @lokalise/package-vite-config@latest 2>/dev/null | grep -A 5 "version\|peerDependencies"

Length of output: 265

Vitest 4.0.2 conflicts with shared config peerDependency.

The shared config dependency @lokalise/[email protected] explicitly requires vitest ^3.0.7 (which excludes v4.x). Updating to vitest 4.0.2 violates this peerDependency constraint and will cause:

  • Unmet peerDependency warnings
  • Potential test failures or unexpected behavior

Resolution: Either upgrade to a newer version of @lokalise/package-vite-config that supports vitest 4.x, or revert vitest to v3.x. Currently, the latest version available is 4.0.0 with no v5+ release supporting vitest 4. Contact the maintainers of @lokalise/package-vite-config to confirm vitest 4 support before merging.

🤖 Prompt for AI Agents 
In package.json around line 38, vitest is set to "4.0.2" which conflicts with
the peerDependency required by @lokalise/[email protected] (which
expects vitest ^3.0.7); fix by either (A) reverting vitest to a 3.x range that
satisfies the peer dep (e.g., "^3.0.7") and run npm/yarn install to update
lockfile, or (B) upgrade @lokalise/package-vite-config to a version that
explicitly supports vitest 4.x (confirm with maintainers) and then update
package.json and reinstall; choose one path and ensure
package-lock.json/yarn.lock is updated and CI tests pass before merging.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 27, 2025

Superseded by #251.

@dependabot dependabot bot closed this Oct 27, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/vitest-4.0.2 branch October 27, 2025 12:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant