Update @vitest/coverage-v8 4.0.13 → 4.0.14 (patch) #466

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@depfu rebase
Rebases against your default branch and redoes this update

@depfu recreate
Recreates this PR, overwriting any edits that you've made to it

@depfu merge
Merges this PR once your tests are passing and conflicts are resolved

@depfu cancel merge
Cancels automatic merging of this PR

@depfu close
Closes this PR and deletes the branch

@depfu reopen
Restores the branch and reopens this PR (if it's closed)

@depfu pause
Ignores all future updates for this dependency and closes this PR

@depfu pause [minor|major]
Ignores all future minor/major updates for this dependency and closes this PR

@depfu resume
Future versions of this dependency will create PRs again (leaves this PR as is)

Go to the Depfu Dashboard to see the state of your dependencies and to customize how Depfu works.

coderabbitai · 2025-11-26T15:10:34Z

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

guibranco

Automatically approved by gstraccini[bot]

guibranco · 2025-11-26T15:10:46Z

@depfu merge

deepsource-io · 2025-11-26T15:10:46Z

Here's the code health analysis summary for commits e6f118c..61d7f67. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	✅ Success		View Check ↗
Secrets	✅ Success		View Check ↗

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

github-actions · 2025-11-26T15:10:50Z

Infisical secrets check: ✅ No secrets leaked!

💻 Scan logs

2025-11-26T15:10:48Z INF scanning for exposed secrets...
3:10PM INF 403 commits scanned.
2025-11-26T15:10:49Z INF scan completed in 603ms
2025-11-26T15:10:49Z INF no leaks found

socket-security · 2025-11-26T15:10:52Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality	Maintenance
@vitest/coverage-v8@4.0.13 ⏵ 4.0.14	⁺¹		⁺¹
vitest@4.0.13 ⏵ 4.0.14		⁺¹	⁺¹
@vitest/ui@4.0.13 ⏵ 4.0.14	⁺¹	⁺¹

View full report

socket-security · 2025-11-26T15:10:53Z

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Block		Low adoption: npm `obug` Location: Package overview From: package-lock.json → `npm/@vitest/[email protected]` → `npm/[email protected]` → `npm/[email protected]` ℹ Read more on: This package \| This alert \| What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Embedded URLs or IPs: npm `@vitest/runner` URLs: https://developer.mozilla.org/en-US/docs/Web/API/AbortSignal, https://vitest.dev/guide/test-context#signal, https://vitest.dev/guide/test-context#ontestfailed, https://vitest.dev/guide/test-context#ontestfinished, https://vitest.dev/guide/test-context#skip, https://vitest.dev/guide/test-context#annotate, https://vitest.dev/advanced/runner#your-task-function, https://github.com/unocss/unocss/blob/2e74b31625bbe3b9c8351570749aa2d3f799d919/packages/autocomplete/src/parse.ts#L11, https://github.com/vitest-dev/vitest/pull/7069, vitest.test.id, vitest.test.name, vitest.suite.id, vitest.suite.name Location: Package overview From: package-lock.json → `npm/[email protected]` → `npm/@vitest/[email protected]` ℹ Read more on: This package \| This alert \| What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@vitest/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Embedded URLs or IPs: npm `@vitest/ui` URLs: https://vuejs.org/error-reference/#runtime-, http://www.w3.org/2000/svg, http://www.w3.org/1998/Math/MathML, http://www.w3.org/1999/xlink, http://www.w3.org/1999/xhtml, http://www.w3.org/XML/1998/namespace, http://www.w3.org/2000/xmlns/, ne.id?, location.pathname+location.search:, https://github.com/broofa/mime/blob/main/README.md#custom-mime-instances Location: Package overview From: package-lock.json → `npm/@vitest/[email protected]` ℹ Read more on: This package \| This alert \| What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@vitest/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Environment variable access: npm `obug` Location: Package overview From: package-lock.json → `npm/@vitest/[email protected]` → `npm/[email protected]` → `npm/[email protected]` ℹ Read more on: This package \| This alert \| What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Environment variable access: npm `obug` reads DEBUG Env Vars: DEBUG Location: Package overview From: package-lock.json → `npm/@vitest/[email protected]` → `npm/[email protected]` → `npm/[email protected]` ℹ Read more on: This package \| This alert \| What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Embedded URLs or IPs: npm `vitest` URLs: https://github.com/nodejs/node/blob/7c3dce0/lib/internal/modules/package_json_reader.js, browser.name, https://vitest.dev/config/browser/provider, https://github.com/sinonjs/sinon/issues/1852#issuecomment-419622780, https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-error-message, https://github.com/actions/toolkit/blob/f1d9b4b985e6f0f728b4b766db73498403fd5ca3/packages/core/src/command.ts#L80-L85, https://github.com/vitest-dev/vitest/issues, https://gist.github.com/john-doherty/b9195065884cdbfd2017a4756e6409cc, task.name, https://vitest.dev/guide/coverage.html#including-and-excluding-files-from-coverage-report, https://istanbul.js.org/docs/advanced/alternative-reporters/, https://trace.playwright.dev/, https://vitest.dev/api/browser/commands, https://vitest.dev/config/#onunhandlederror, https://vitest.dev/config/#root, https://vitest.dev/api/#test, https://nodejs.org/docs/latest/api/cli.html, https://github.com/nodejs/node/issues/41103, https://github.com/chaijs/chai/blob/4.x.x/lib/chai/config.js, https://vitest.dev/guide/open-telemetry, builder.io/qwik, https://playwright.dev, https://webdriver.io, builder.io/qwik/optimizer, qwik.dev/core, https://vitest.dev/config/browser/playwright, https://vitest.dev/config/browser/webdriverio, https://github.com/vitejs/vite/pull/20449, https://www.cl.cam.ac.uk/%7Emgk25/ucs/utf8_check.c, https://tools.ietf.org/html/rfc6455#section-9.1, https://html.spec.whatwg.org/multipage/comms.html#the-websocket-interface, https://github.com/websockets/ws/issues/1869., https://github.com/websockets/ws/issues/1940., https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions#escaping, https://github.com/vitest-dev/vitest/pull/7531, vitest.fetched_module.id, https://github.com/vitejs/vite/issues/15438,, https://nodejs.org/api/process.html#signal-events, https://github.com/vitest-dev/vitest/issues/7871, vitest.worker.name, https://github.com/jestjs/jest/blob/25a8785584c9d54a05887001ee7f498d489a5441/packages/jest-worker/src/workers/ChildProcessWorker.ts#L463-L477, https://github.com/tinylibs/tinypool/blob/40b4b3eb926dabfbfd3d0a7e3d1222d4dd1c0d2d/src/runtime/process-worker.ts#L56, https://github.com/vitejs/vite/blob/af2aa09575229462635b7cbb6d248ca853057ba2/packages/vite/src/node/plugins/resolve.ts#L1056-L1080, https://github.com/vitejs/vite/blob/main/packages/vite/src/node/logger.ts?rgh-link-date=2024-10-16T23%3A29%3A19Z, https://github.com/vitejs/vite/pull/15184, https://github.com/vitejs/vite/pull/20502, https://github.com/unjs/mlly/blob/c5bcca0cda175921344fd6de1bc0c499e73e5dac/src/syntax.ts#L51-L98, https://github.com/vitejs/vite/issues/14328, https://vitest.dev/guide/projects, https://vitest.dev/config/#reporters, https://vitest.dev/api/vi#vi-advancetimersbytime, https://vitest.dev/api/vi#vi-fn, https://vitest.dev/api/mock, performance.now, Date.now, https://vitest.dev/api/vi#vi-waitfor, https://vitest.dev/api/vi#vi-mock, 0.0.0.0, process.env.CI, https://vitest.dev/config/#coverage-reporter, https://github.com/istanbuljs/nyc#coverage-thresholds, https://github.com/istanbuljs/nyc#ignoring-methods, https://vitest.dev/guide/coverage#custom-coverage-provider, https://en.wikipedia.org/wiki/Random_seed, https://vitest.dev/config/#sequence-hooks, 127.0.0.1:9229, vitest.runtime.run, vitest.worker.id, https://nodejs.org/api/modules.html#built-in-modules-with-mandatory-node-prefix, vitest.module.id, vitest.mock.id, 127.0.0.0, https://nodejs.org/docs/latest-v20.x/api/esm.html#resolution-algorithm, https://github.com/nodejs/node/pull/49038 Location: Package overview From: package-lock.json → `npm/[email protected]` ℹ Read more on: This package \| This alert \| What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Update @vitest/coverage-v8 to version 4.0.14

61d7f67

depfu bot added the depfu label Nov 26, 2025

github-actions bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Nov 26, 2025

guibranco enabled auto-merge (squash) November 26, 2025 15:10

gstraccini bot added the ☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) label Nov 26, 2025

gstraccini bot assigned guibranco Nov 26, 2025

gstraccini bot approved these changes Nov 26, 2025

View reviewed changes

guibranco approved these changes Nov 26, 2025

View reviewed changes

gstraccini bot added the 🤖 bot Automated processes or integrations label Nov 26, 2025

guibranco merged commit 018320f into main Nov 26, 2025
15 of 16 checks passed

guibranco deleted the depfu/update/npm/@vitest/coverage-v8-4.0.14 branch November 26, 2025 15:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update @vitest/coverage-v8 4.0.13 → 4.0.14 (patch) #466

Update @vitest/coverage-v8 4.0.13 → 4.0.14 (patch) #466

Uh oh!

depfu bot commented Nov 26, 2025

Uh oh!

coderabbitai bot commented Nov 26, 2025

Review skipped

Uh oh!

guibranco left a comment

Uh oh!

guibranco commented Nov 26, 2025

Uh oh!

deepsource-io bot commented Nov 26, 2025 •

edited

Loading

Analysis Summary

Uh oh!

github-actions bot commented Nov 26, 2025

Uh oh!

socket-security bot commented Nov 26, 2025

Uh oh!

socket-security bot commented Nov 26, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Update @vitest/coverage-v8 4.0.13 → 4.0.14 (patch) #466

Update @vitest/coverage-v8 4.0.13 → 4.0.14 (patch) #466

Uh oh!

Conversation

depfu bot commented Nov 26, 2025

What changed?

✳️ @​vitest/coverage-v8 (4.0.13 → 4.0.14) · Repo

✳️ @​vitest/ui (4.0.13 → 4.0.14) · Repo

✳️ vitest (4.0.13 → 4.0.14) · Repo

↗️ @​vitest/expect (indirect, 4.0.13 → 4.0.14) · Repo

↗️ @​vitest/mocker (indirect, 4.0.13 → 4.0.14) · Repo

↗️ @​vitest/pretty-format (indirect, 4.0.13 → 4.0.14) · Repo

↗️ @​vitest/runner (indirect, 4.0.13 → 4.0.14) · Repo

↗️ @​vitest/snapshot (indirect, 4.0.13 → 4.0.14) · Repo

↗️ @​vitest/spy (indirect, 4.0.13 → 4.0.14) · Repo

↗️ @​vitest/utils (indirect, 4.0.13 → 4.0.14) · Repo

🆕 obug (added, 2.1.1)

Uh oh!

coderabbitai bot commented Nov 26, 2025

Review skipped

Uh oh!

guibranco left a comment

Choose a reason for hiding this comment

Uh oh!

guibranco commented Nov 26, 2025

Uh oh!

deepsource-io bot commented Nov 26, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Analysis Summary

Uh oh!

github-actions bot commented Nov 26, 2025

Uh oh!

socket-security bot commented Nov 26, 2025

Uh oh!

socket-security bot commented Nov 26, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

✳️ @vitest/coverage-v8 (4.0.13 → 4.0.14) · Repo

✳️ @vitest/ui (4.0.13 → 4.0.14) · Repo

↗️ @vitest/expect (indirect, 4.0.13 → 4.0.14) · Repo

↗️ @vitest/mocker (indirect, 4.0.13 → 4.0.14) · Repo

↗️ @vitest/pretty-format (indirect, 4.0.13 → 4.0.14) · Repo

↗️ @vitest/runner (indirect, 4.0.13 → 4.0.14) · Repo

↗️ @vitest/snapshot (indirect, 4.0.13 → 4.0.14) · Repo

↗️ @vitest/spy (indirect, 4.0.13 → 4.0.14) · Repo

↗️ @vitest/utils (indirect, 4.0.13 → 4.0.14) · Repo

deepsource-io bot commented Nov 26, 2025 •

edited

Loading