chore(deps-dev): bump vitest from 3.2.4 to 3.2.6#4183
Conversation
dependabot
Bot
added
dependencies
|
|
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit ae3cfc4. Configure here.
| needle@https://codeload.github.com/clearbit/needle/tar.gz/84d28b5f2c3916db1e7eb84aeaa9d976cc40054b: | ||
| resolution: {tarball: https://codeload.github.com/clearbit/needle/tar.gz/84d28b5f2c3916db1e7eb84aeaa9d976cc40054b} | ||
| needle@git+https://git@github.com:clearbit/needle.git#84d28b5f2c3916db1e7eb84aeaa9d976cc40054b: | ||
| resolution: {commit: 84d28b5f2c3916db1e7eb84aeaa9d976cc40054b, repo: git@github.com:clearbit/needle.git, type: git} |
There was a problem hiding this comment.
Needle lockfile uses SSH git
High Severity
The clearbit dependency’s needle resolution was changed from an HTTPS tarball to a git@github.com SSH git URL. Root pnpm i --frozen-lockfile in CI (e.g. backend lint) may fail without SSH keys or when port 22 is blocked, even though the commit and package stayed the same.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit ae3cfc4. Configure here.
| engines: {node: ^18.0.0 || >=20.0.0} | ||
| vite@7.3.5: | ||
| resolution: {integrity: sha512-KuOaNhcnGFN2zIPGA7wRmzF+lJA1sea7rHq17aiJ++9lzY1WWG6Jpwqwe1KNbRVPIqHmr8GLYx7jbrQcN/7/ww==} | ||
| engines: {node: ^20.19.0 || >=22.12.0} |
There was a problem hiding this comment.
Vite seven needs newer Node
Medium Severity
Bumping vitest re-resolved vite from 5.4.x to 7.3.5, which declares node: ^20.19.0 || >=22.12.0. The repo root still allows node >=20.0.0, so pnpm test / vitest run can fail on Node 20.0–20.18 with an engine error despite satisfying root engines.
Reviewed by Cursor Bugbot for commit ae3cfc4. Configure here.
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/vitest-3.2.6
branch
5 times, most recently
from
8f45346 to
bc6c5ef
Compare
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 3.2.4 to 3.2.6. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v3.2.6/packages/vitest) --- updated-dependencies: - dependency-name: vitest dependency-version: 3.2.6 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/vitest-3.2.6
branch
from
bc6c5ef to
3167ef0
Compare
1 participant
Bumps vitest from 3.2.4 to 3.2.6.
Release notes
Sourced from vitest's releases.
Commits
b6d56f8chore: release v3.2.616f120dfix: pin last supported vite-node version2cbad0achore: release v3.2.5385a1aefix(browser): disable clientcdpAPI whenallowWrite/allowExec: false[ba...af88b1ffeat(api): addallowWriteandallowExecoptions toapi[backport to v3]...Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.
Note
Low Risk
Dev-only test runner bump with lockfile churn; no production runtime code changes, though CI test behavior could shift slightly with vite 7 in the vitest stack.
Overview
Bumps vitest from
3.2.4to3.2.6in@crowd/packages_workerand@crowd/data-access-layerdevDependencies, with a refreshedpnpm-lock.yaml.The lockfile also shifts vitest’s toolchain (notably vite
5.4.21→7.3.5, esbuild0.21.5→0.27.7, and related@vitest/*/ rollup packages). needle for clearbit is re-resolved from a GitHub tarball URL to a git dependency reference at the same commit.Reviewed by Cursor Bugbot for commit 3167ef0. Bugbot is set up for automated code reviews on this repo. Configure here.