chore(deps): update dependency vitest to v4

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
vitest (source)	^2.1.4 -> ^4.0.0

---

Release Notes

vitest-dev/vitest (vitest)

v4.0.14

Compare Source

   🚀 Experimental Features

• browser: Expose utils.configurePrettyDOM  -  by @​sheremet-va in #​9103 (2cc34)
• runner: Add full names to tasks  -  by @​macarie in #​9087 (821aa)
• ui: Add tabbed failure view for toMatchScreenshot with comparison slider  -  by @​macarie in #​8813 (c37c2)

   🐞 Bug Fixes

• Externalize before caching  -  by @​sheremet-va in #​9077 (e1b2e)
• Collect the duration of external imports  -  by @​sheremet-va in #​9097 (3326c)
• Rename collect to import, remove prepare  -  by @​sheremet-va in #​9091 (1256b)
• browser:
  • Unsubscribe onCancel on rpc destroy  -  by @​AriPerkkio in #​9088 (f5b72)
  • Revert the viewport scaling in non-ui mode #​9018  -  by @​sheremet-va in #​9072 and #​9018 (64502)
• coverage:
  • Invalidate circular modules correctly on rerun with coverage  -  by @​aicest in #​9096 (6f22c)
• expect:
  • Allow function as standard schema  -  by @​hi-ogawa in #​9099 (ed8a2)
• jsdom:
  • Reuse abort signals if possible  -  by @​sheremet-va in #​9090 (2c468)
• pool:
  • Init VITEST_POOL_ID + VITEST_WORKER_ID before environment setup  -  by @​AriPerkkio in #​9085 (37918)
• web-worker:
  • postMessage to send ports to workers  -  by @​whitphx and @​AriPerkkio in #​9078 (9d176)

   🏎 Performance

• Replace debug with obug  -  by @​sxzz and @​AriPerkkio in #​9057 (acc51)

    View changes on GitHub

v4.0.13

Compare Source

   🐞 Bug Fixes

• types:
  • Don't use type from Vite 7.1  -  by @​sheremet-va in #​9071 (6356b)
  • Don't import node.js dependent types in vitest/browser  -  by @​sheremet-va in #​9068 (332af)

   🏎 Performance

• Avoid fetchModule roundtrip if the module is cached  -  by @​sheremet-va in #​9075 (b27e0)
• experimental: If fsCacheModule is enabled, read from the memory when possible  -  by @​sheremet-va in #​9076 (6b9a1)

    View changes on GitHub

v4.0.12

Compare Source

   🐞 Bug Fixes

• Inherit fsModuleCachePath by default  -  by @​sheremet-va in #​9063 (9a8bc)
• Don't import from @opentelemetry/api in public types  -  by @​sheremet-va in #​9066 (e944a)

    View changes on GitHub

v4.0.11

Compare Source

   🚀 Experimental Features

• api: Add extensible test artifact API  -  by @​macarie in #​8987 (77292)
  • See more at https://vitest.dev/api/advanced/artifacts
• expect: Provide task in MatchState  -  by @​macarie in #​9022 (afd1f)
• experimental: Support OpenTelemetry traces  -  by @​sheremet-va in #​8994 (d6d33)
  • See more at https://vitest.dev/guide/open-telemetry

   🏎 Performance

• experimental: Add file system cache  -  by @​sheremet-va in #​9026 (1b147)
  • See more at https://vitest.dev/config/experimental#experimental-fsmodulecache

    View changes on GitHub

v4.0.10

Compare Source

   🐞 Bug Fixes

• Remove onCancel when worker is terminated  -  by @​sheremet-va in #​9033 (6d7f0)
• browser:
  • Don't scale the iframe if UI is disabled  -  by @​sheremet-va in #​9018 (5406e)
  • Handle dependency stack traces with external source maps. Resolves: #​9003  -  by @​iclectic in #​9016 and #​9003 (57ae5)
• bun:
  • Parsing of stack trace for bun runtime  -  by @​nazarhussain in #​9032 (f3ec6)
• core:
  • Prevent starting new run when cancelling  -  by @​AriPerkkio in #​8991 (eb98d)
• pool:
  • Prevent writing to closed worker  -  by @​AriPerkkio and @​sheremet-va in #​9023 (042c6)
• reporters:
  • Report correct test run duration at the end  -  by @​sheremet-va in #​8969 (bc3a6)
• ui:
  • Use execution time from ws reporter (onFinished)  -  by @​userquin in #​8975 (f56dc)

    View changes on GitHub

v4.0.9

Compare Source

   🚀 Experimental Features

• expect: Add Set support to toBeOneOf  -  by @​tim-we and @​sheremet-va in #​8906 (a415d)

   🐞 Bug Fixes

• browser: Add favicon icons to the browser mode ui  -  by @​userquin in #​8972 (353ee)
• forks: Increase worker start timeout  -  by @​AriPerkkio in #​9027 (5e750)
• jsdom: Cloned request is an instance of Request  -  by @​sheremet-va in #​8985 (506a9)
• ui: Collect file/suite/test duration correctly  -  by @​userquin in #​8976 (8016d)

    View changes on GitHub

v4.0.8

Compare Source

   🐞 Bug Fixes

• Workaround noExternal merging bug on Vite 6  -  by @​hi-ogawa in #​8950 (bcb13)
• Missed context.d.ts file  -  by @​termorey in #​8965 (9044d)
• Incorrect error message for non-awaited expect.element()  -  by @​StyleShit in #​8954 (9638d)
• browser: Cleanup frame-ancestors from CSP header at coverage middleware  -  by @​userquin in #​8941 (1f730)
• deps: Update all non-major dependencies  -  by @​sheremet-va in #​8636 (da8b9)
• forks: Do not fail with Windows Defender enabled  -  by @​sheremet-va in #​8967 (c79f4)
• runner: Properly encode Uint8Array body in annotations  -  by @​Livan-pro in #​8951 (997ca)
• spy: Copy static properties if spy is initialised with vi.fn(), fix types for vi.spyOn(obj, class)  -  by @​sheremet-va in #​8956 (75e7f)
• webdriverio: When no argument is passed to the .click interaction command, the webdriver command should also have no argument  -  by @​julienw in #​8937 (069e6)

    View changes on GitHub

v4.0.7

Compare Source

   🐞 Bug Fixes

• Bind process in case global is overwritten  -  by @​AriPerkkio in #​8916 (6240d)
• Create environment once per worker with isolate: false  -  by @​sheremet-va in #​8915 (c9078)
• Add Locator as a possible element type in toContainElement() matcher  -  by @​vitalybaev in #​8910 and #​8927 (35a27)
• browser: Inherit isolate option, deprecate browser.isolate/browser.fileParallelism  -  by @​sheremet-va in #​8890 (9d2b4)
• cli: Parse --execArgv as array  -  by @​AriPerkkio in #​8924 (751c3)
• jsdom: Support URL.createObjectURL, FormData.set(prop, blob)  -  by @​sheremet-va in #​8935 (a1b73)
• pool: Avoid --require argument when running in deno  -  by @​pi0 in #​8897 (d41fa)
• typecheck: Handle re-runs outside tsc  -  by @​AriPerkkio in #​8920 (fdb2e)

   🏎 Performance

• pool:
  • Sort test files by project by default  -  by @​AriPerkkio in #​8914 (680a6)
• reporters:
  • Optimize getting the tests stats  -  by @​Connormiha in #​8908 (06d62)
  • Remove unnecessary Array.from call  -  by @​Connormiha in #​8907 (b6014)

    View changes on GitHub

v4.0.6

Compare Source

   🐞 Bug Fixes

• Don't merge errors with different diffs for reporting  -  by @​hi-ogawa in #​8871 (3e19f)
• Do not throw when importing a type from an external package  -  by @​sheremet-va in #​8875 (7e6c3)
• Improve spying types  -  by @​sheremet-va in #​8878 (ca041)
• Reuse the same environment when isolate and fileParallelism are false  -  by @​sheremet-va in #​8889 (31706)
• browser:
  • Support module tracking  -  by @​sheremet-va in #​8877 (9e24a)
  • Ensure setup files are re-evaluated on each test run  -  by @​yjaaidi in #​8883 and #​8884 (f50ea)
• coverage:
  • Prevent filtering out virtual files before remapping to sources  -  by @​AriPerkkio in #​8860 (e3b77)
• happy-dom:
  • Properly teardown additional keys  -  by @​sheremet-va in #​8888 (10a06)
• jsdom:
  • Pass down Node.js FormData to Request  -  by @​sheremet-va in #​8880 (197ca)

    View changes on GitHub

v4.0.5

Compare Source

   🐞 Bug Fixes

• Respect ssr.noExternal when externalizing dependencies  -  by @​sheremet-va in #​8862 (a4f86)
• Allow module in --config  -  by @​sheremet-va in #​8864 (b9521)
• browser: Allow Locator type in selectOptions element parameter  -  by @​rzzf and @​sheremet-va in #​8848 (7ee28)
• module-runner: Don't return node builtins for getBuiltins unconditionally  -  by @​sapphi-red in #​8863 (0e858)
• pool: Rename groupId to groupOrder in error message  -  by @​Yohannfra in #​8856 (b9aab)

   🏎 Performance

• Pass testfiles at once when --no-isolate --maxWorkers=1  -  by @​AriPerkkio in #​8835 (584aa)
• expect: Optimize checking the input type  -  by @​Connormiha in #​8840 (06968)

    View changes on GitHub

v4.0.4

Compare Source

   🐞 Bug Fixes

• browser:
  • Correct typo  -  by @​benmccann in #​8796 (ede1f)
  • Publish a missing context file for webdriverio  -  by @​sheremet-va in #​8824 (7c7b6)
• mocker:
  • Support mocking builtins without node: prefix  -  by @​sheremet-va in #​8829 (06208)
• pool:
  • Runner's error listener causing MaxListenersExceededWarning  -  by @​AriPerkkio in #​8820 (d1bff)
  • Capture workers stdio to logger  -  by @​AriPerkkio in #​8809 (fb95f)
• spy:
  • Allow classes in vi.mocked utility  -  by @​sheremet-va in #​8839 (f8756)
• worker:
  • Rpc listener leak when isolate: false  -  by @​AriPerkkio in #​8821 (573dc)

   🏎 Performance

• utils: Optimized reducer to avoid creating new objects  -  by @​Connormiha in #​8818 (d19ce)

    View changes on GitHub

v4.0.3

Compare Source

   🐞 Bug Fixes

• Preserve reporter options from config when CLI reporters override them  -  by @​Copilot and sheremet-va in #​8794 (15552)
• browser: More stable in-source testing validation  -  by @​sheremet-va in #​8793 (62297)
• happy-dom: Support fetch globals  -  by @​sheremet-va in #​8791 (0fb74)
• init: Use correct jsx/tsx extension  -  by @​sheremet-va in #​8792 (abc04)

    View changes on GitHub

v4.0.2

Compare Source

   🐞 Bug Fixes

• browser:
  • Don't print the deprecation notice in node_modules  -  by @​sheremet-va in #​8779 (588f7)
• pool:
  • Assign envs before running tests to keep in sync with process.env  -  by @​sheremet-va in #​8769 (26ce8)
• spy:
  • Properly inherit implementation's length  -  by @​sheremet-va in #​8778 (d4c2b)
  • Reset spies if both restoreMocks and mockReset is set in the config  -  by @​sheremet-va in #​8781 (2eedb)

    View changes on GitHub

v4.0.1

Compare Source

   🐞 Bug Fixes

• Move the getBuiltins check  -  by @​sheremet-va in #​8765 (81000)
• pool: Don't teardown the communication channel too soon if something is running after the test  -  by @​sheremet-va in #​8767 (3fae7)

    View changes on GitHub

v4.0.0

Compare Source

   🚨 Breaking Changes

• Remove 'basic' reporter  -  by @​AriPerkkio in #​7884 (82fcf)
• Simplify default exclude pattern  -  by @​sheremet-va in #​6287 (14c50)
• Remove deprecated getSourceMap  -  by @​sheremet-va in #​8194 (ff934)
• Replace deprecated ErrorWithDiff with TestError  -  by @​sheremet-va in #​8195 (da59e)
• Remove UserConfig type in favor of ViteUserConfig  -  by @​sheremet-va in #​8196 (22f7f)
• Remove deprecated coverage options in favor of vitest/node exports  -  by @​sheremet-va in #​8197 (dc848)
• Remove deprecated internal helpers and environment exports  -  by @​sheremet-va in #​8198 (4703c)
• Remove deprecated typecheck and runner types  -  by @​sheremet-va in #​8199 (89a1c)
• Remove Node types from the main entry point, use vitest/node instead  -  by @​sheremet-va in #​8200 (1e60c)
• Remove support for Vite 5  -  by @​sheremet-va in #​8202 (cb8b0)
• Remove deprecated types  -  by @​sheremet-va in #​8203 (66bee)
• Remove deprecated environmentMatchGlobs and poolMatchGlobs  -  by @​sheremet-va in #​8205 (be11d)
• Remove deprecated workspace option in favor of projects  -  by @​sheremet-va in #​8218 (76fb7)
• Ignore --standalone when CLI filename filter is used  -  by @​AriPerkkio in #​8262 (013bf)
• Use module-runner instead of vite-node  -  by @​sheremet-va and @​AriPerkkio in #​8208 (9be01)
• Rewrite spying implementation to make module mocking more intuitive  -  by @​sheremet-va in #​8363 (9e412)
• Remove deprecated APIs  -  by @​sheremet-va in #​8428 (a1cb9)
• Remove minWorkers and set it automatically to 0 in non watch mode  -  by @​sheremet-va in #​8454 (2c2d1)
• Verbose reporter prints tests in a list, introduce tree reporter  -  by @​sheremet-va and @​AriPerkkio in #​8500 (25fd3)
• Include shadow root contents in pretty-format output  -  by @​wkillerud in #​8545 (9e722)
• Remove deprecated order from test() API  -  by @​sheremet-va in #​8594 (4d419)
• Rewrite pools without tinypool  -  by @​AriPerkkio and @​sheremet-va in #​8705 (4822d)
• browser: Require a provider factory instead of a string  -  by @​sheremet-va in #​8445 (606cb)
• expect: Pass current equality testers to asymmetric matcher  -  by @​hi-ogawa in #​6825 (965ce)
• projects: Allow only files that have "vitest.config" or "vite.config" in the name  -  by @​sheremet-va in #​8542 (304bc)
• reporter: Remove deprecated APIs  -  by @​AriPerkkio and @​sheremet-va in #​8223 (149f8)
• runner: Set mode to todo if no function is passed down to test or describe  -  by @​sheremet-va in #​8346 (1a81c)
• snapshot: Fail test with obsolete snapshot on CI  -  by @​hi-ogawa in #​7963 (4d84f)
• spy: Support spying on classes  -  by @​sheremet-va in #​6160 (abc0d)

   🚀 Features

• Provide entity to onConsoleLog  -  by @​sheremet-va in #​8159 (437d4)
• Add onUnhandledError callback  -  by @​sheremet-va in #​8162 (924cb)
• Add spy option to vi.mockObject  -  by @​rChaoz in #​8285 (81d76)
• Don't use vite-node in coverage packages  -  by @​sheremet-va (ffdb4)
• Clickable dashboard numbers  -  by @​shairez in #​7406 (2344c)
• Display test "path" when filtering  -  by @​userquin in #​8547 (2e491)
• Introduce separate packages for browser mode providers  -  by @​sheremet-va in #​8629 (0dc93)
• Add hooks with type-safe extra context to TestAPI  -  by @​ysfaran in #​8623 (6b21c)
• Support expect.assert for type narrowing  -  by @​sheremet-va in #​8695 (fe589)
• Add displayAnnotations option to github-options  -  by @​sheremet-va in #​8706 (4a66d)
• Add schema validation matchers  -  by @​zirkelc in #​8527 (c0b25)
• Add a way to dump transformed content  -  by @​sheremet-va in #​8711 (931c0)
• api:
  • Expose experimental_parseSpecifications  -  by @​sheremet-va in #​8408 (fdeb2)
  • Expose Vitest watcher  -  by @​sheremet-va in #​8413 (aaa6e)
  • Add enableCoverage and disableCoverage methods  -  by @​sheremet-va and @​AriPerkkio in #​8412 (61eb7)
  • Add getGlobalTestNamePattern method  -  by @​sheremet-va in #​8438 (bdb70)
  • Add relativeModuleId to TestModule  -  by @​sheremet-va in #​8505 (3be09)
  • Add getSeed method  -  by @​sheremet-va in #​8592 (438c4)
• browser:
  • Support toBeInViewport utility method to assert element is in viewport or not  -  by @​Shinyaigeek in #​8234 (ceed5)
  • Add qwik to the vitest init cli command  -  by @​thejackshelton in #​8330 (1638b)
  • Introduce toMatchScreenshot for Visual Regression Testing  -  by @​macarie in #​8041 (d45f9)
  • Add trackUnhandledErrors option  -  by @​sheremet-va in #​8386 (c0ec0)
  • Support iframe locator with playwright provider  -  by @​sheremet-va in #​8016 (57b2c)
  • Add length property to locators, toHaveLength now accepts locators  -  by @​sheremet-va in #​8512 (2308c)
  • Support playwright tracing  -  by @​sheremet-va in #​8584 (1aac5)
  • Expose options on BrowserProviderOption  -  by @​sheremet-va in #​8609 (0d0e5)
  • Support --inspect option in webdriverio  -  by @​sheremet-va in #​8613 (38adc)
  • Support custom screenshot comparison algorithms  -  by @​macarie in #​8687 (e63b1)
• coverage:
  • autoUpdate to support percentage formatting  -  by @​Battjmo and @​AriPerkkio in #​8456 (99e01)
• expect:
  • Support toBeNullable expect function to check provided value is nullish  -  by @​Shinyaigeek and @​sheremet-va in #​8294 (eeec5)
• mocker:
  • Add automocker entry  -  by @​sheremet-va in #​8301 (e9c92)

   🐞 Bug Fixes

• Allow overriding globals in types  -  by @​sheremet-va in #​8215 (2248b)
• Remove unused dependencies  -  by @​AriPerkkio in #​8184 (feadc)
• Distribute test files to shards more evenly  -  by @​Shinyaigeek and @​AriPerkkio in #​8288 (7b489)
• Use suite's timeout when test.extend  -  by @​AriPerkkio in #​8278 (43977)
• Support snapshot with no object key sorting  -  by @​hi-ogawa and @​sheremet-va in #​8136 (e85e3)
• Annotation location always points to the test file  -  by @​sheremet-va in #​8315 (88071)
• Add --changed flag support to vitest list command  -  by @​haakonjackfloat in #​8270 and #​8272 (e71a5)
• Prevent rpc timeout on slow thread blocking synchronous methods  -  by @​AriPerkkio and @​sheremet-va in #​8297 (bea87)
• Forbid setting environment to browser  -  by @​sheremet-va in #​8334 (0417a)
• Invalidate modules in all module graphs when the file is changed  -  by @​sheremet-va in #​8352 (94ab3)
• Screenshot masks with Playwright provider  -  by @​macarie in #​8357 (459ef)
• Configure oxc instead of esbuild on rolldown-vite  -  by @​hi-ogawa in #​8378 (e922e)
• Make sure test errors always have stacks property in Node.js context  -  by @​sheremet-va in #​8392 (b825e)
• Support import.meta.resolve on Vite 7  -  by @​hi-ogawa in #​8493 (549d3)
• Show the assertion error first when expect.poll assertion fails  -  by @​sheremet-va in #​8483 (fb450)
• Override fake timers when useFakeTimers is called multiple times  -  by @​sheremet-va in #​8504 (ed7e3)
• Custom expect messages for expect.extend matchers  -  by @​lzl0304 in #​8520 (96945)
• Process sourcemaps for stack traces from globalSetup files  -  by @​sheremet-va in #​8534 (8978a)
• Resolve performance issue when throwing errors with stackTraceLimit = 0  -  by @​Copilot, sheremet-va and @​AriPerkkio in #​8531 (6d5b5)
• Avoid recursively applying $ and % formatting to test.for/each title  -  by @​hi-ogawa in #​8557 (ea6d7)
• Replace wildcard exports "./*" with specific files in vitest package  -  by @​hi-ogawa in #​8560 (ce746)
• Don't publish unused d.ts files  -  by @​sheremet-va in #​8562 (42dfd)
• Remove loupe dependencies from optimizeDeps.include for browser mode  -  by @​jake-danton in #​8570 (cdcf7)
• Update engines field to drop Node 18 support  -

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	vitest@​4.0.14

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm vite is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report