chore(deps): update vitest and its coverage provider to v4.1.0 by renovate[bot] · Pull Request #3256 · RobinTail/express-zod-api

renovate · 2026-03-12T14:44:14Z

This PR contains the following updates:

Package	Change	Age	Confidence
@vitest/coverage-v8 (source)	`4.0.18` → `4.1.0`
vitest (source)	`4.0.18` → `4.1.0`

Release Notes

vitest-dev/vitest (@vitest/coverage-v8)

`v4.1.0`

Compare Source

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

🚀 Features

Return a disposable from doMock() - by @kirkwaiblinger in #9332 (e3e65)
Added chai style assertions - by @ronnakamoto and @sheremet-va in #8842 (841df)
Update to sinon/fake-timers v15 and add setTickMode to timer controls - by @atscott and @sheremet-va in #8726 (4b480)
Expose matcher types - by @sheremet-va in #9448 (3e4b9)
Add toTestSpecification to reported tasks - by @sheremet-va in #9464 (1a470)
Show a warning if vi.mock or vi.hoisted are declared outside of top level of the module - by @sheremet-va in #9387 (5db54)
Track and display expectedly failed tests (.fails) in UI and CLI - by @Copilot, sheremet-va and @sheremet-va in #9476 (77d75)
Support tags - by @sheremet-va in #9478 (de7c8)
Implement aroundEach and aroundAll hooks - by @sheremet-va in #9450 (2a8cb)
Stabilize experimental features - by @sheremet-va in #9529 (b5fd2)
Accept new or all in --update flag - by @sheremet-va in #9543 (a5acf)
Support meta in test options - by @sheremet-va in #9535 (7d622)
Support type inference with a new test.extend syntax - by @sheremet-va in #9550 (e5385)
Support vite 8 beta, fix type issues in the config with different vite versions - by @sheremet-va in #9587 (99028)
Add assertion helper to hide internal stack traces - by @hi-ogawa and Claude Opus 4.6 in #9594 (eeb0a)
Store failure screenshots using artifacts API - by @macarie in #9588 (24603)
Allow vitest list to statically collect tests instead of running files to collect them - by @sheremet-va in #9630 (7a8e7)
Add --detect-async-leaks - by @AriPerkkio in #9528 (c594d)
Implement mockThrow and mockThrowOnce - by @thor-juhasz and @sheremet-va in #9512 (61917)
Support update: "none" and add docs about snapshots behavior on CI - by @hi-ogawa in #9700 (05f18)
Support playwright launchOptions with connectOptions - by @hi-ogawa in #9702 (f0ff1)
Add page/locator.mark API to enhance playwright trace - by @hi-ogawa in #9652 (d0ee5)
api:
- Support tests starting or ending with test in experimental_parseSpecification - by @jgillick and Jeremy Gillick in #9235 (2f367)
- Add filters to createSpecification - by @sheremet-va in #9336 (c8e6c)
- Expose runTestFiles as alternative to runTestSpecifications - by @sheremet-va in #9443 (43d76)
- Add allowWrite and allowExec options to api - by @sheremet-va in #9350 (20e00)
- Allow passing down test cases to toTestSpecification - by @sheremet-va in #9627 (6f17d)
browser:
- Add userEvent.wheel API - by @macarie in #9188 (66080)
- Add filterNode option to prettyDOM for filtering browser assertion error output - by @Copilot, sheremet-va and @sheremet-va in #9475 (d3220)
- Support playwright persistent context - by @hi-ogawa, Claude Opus 4.6 and @sheremet-va in #9229 (f865d)
- Added detailsPanelPosition option and button - by @shairez in #9525 (c8a31)
- Use BlazeDiff instead of pixelmatch - by @macarie in #9514 (30936)
- Add findElement and enable strict mode in webdriverio and preview - by @sheremet-va in #9677 (c3f37)
cli:
- Add @bomb.sh/tab completions - by @AmirSa12 and @sheremet-va in #8639 (200f3)
coverage:
- Support ignore start/stop ignore hints - by @AriPerkkio in #9204 (e59c9)
- Add coverage.changed option to report only changed files - by @kykim00 and @AriPerkkio in #9521 (1d939)
experimental:
- Add onModuleRunner hook to worker.init - by @sheremet-va in #9286 (e977f)
- Option to disable the module runner - by @sheremet-va and @AriPerkkio in #9210 (9be61)
- Add importDurations: { limit, print } options - by @hi-ogawa, Claude Opus 4.6 and @sheremet-va in #9401 (7e10f)
- Add print and fail thresholds for importDurations - by @hi-ogawa and Claude Opus 4.6 in #9533 (3f7a5)
fixtures:
- Pass down file context to beforeAll/afterAll - by @sheremet-va in #9572 (c8339)
reporters:
- Add agent reporter to reduce ai agent token usage - by @cpojer in #9779 (3e9e0)
runner:
- Enhance retry options - by @MazenSamehR, Matan Shavit, @AriPerkkio and @sheremet-va in #9370 (9e4cf)
ui:
- Allow run individual test/suites - by @userquin in #9465 (73b10)
- Add project filter/sort support - by @userquin in #8689 (0c7ea)
- Add duration sorting to explorer - by @julianhahn and @cursoragent in #9603 (209b1)
- Implement filter for slow tests - by @DerYeger and @userquin in #9705 (8880c)
vitest:
- Add run summary in GitHub Actions Reporter - by @macarie and jhnance in #9579 (96bfc)

🐞 Bug Fixes

Deprecate several vitest/* entry points - by @sheremet-va in #9347 (fd459)
Use meta.url in createRequire - by @sheremet-va in #9441 (e3422)
Preact browser mode init example of render function not async - by @WuMingDao in #9375 (2bea5)
Deprecate unused types in matcher context - by @sheremet-va in #9449 (20f87)
Handle external/noExternal during configEnvironment hook - by @hi-ogawa and Claude Opus 4.6 in #9508 (59ea2)
Replace default ssr environment runner with Vitest server module runner - by @hi-ogawa and Claude Opus 4.6 in #9506 (cd5db)
Propagate experimental CLI options to child projects - by @hi-ogawa and Claude Opus 4.6 in #9531 (b624f)
Show a warning when browser.isolate is used - by @sheremet-va in #9410 (3d48e)
Fix vi.mock({ spy: true }) node v8 coverage - by @hi-ogawa, hi-ogawa and Claude Opus 4.6 in #9541 (687b6)
Don't show internal ssr handler in errors - by @sheremet-va in #9547 (76c43)
Close vitest if it failed to start - by @sheremet-va in #9573 (728ba)
Fix ssr environment runner in project - by @hi-ogawa in #9584 (09006)
Trim trailing white spaces in code block - by @hi-ogawa in #9591 (f78be)
Support inline snapshot inside test.for/each - by @hi-ogawa in #9590 (615fd)
Apply source maps for external module stack trace - by @hi-ogawa in #9152 (79e20)
Remove the .name from statically collected test - by @sheremet-va in #9596 (b66ff)
Don't suppress warnings on pnp - by @sheremet-va in #9602 (89cbd)
Support snapshot with expect.soft - by @iumehara, @hi-ogawa and Claude Opus 4.6 in #9231 (3eb2c)
Log seed when only sequence.shuffle.tests is enabled - by @kaigritun, Kai Gritun and @sheremet-va in #9576 (8182b)
Externalize expect/src/utils from vitest - by @hi-ogawa in #9616 (48739)
Ignore test.override during static collection - by @sheremet-va in #9620 (09174)
Increase stacktrace limit for --detect-async-leaks - by @AriPerkkio in #9638 (9fd4c)
Hanging-reporter link in cli - by @flx-sta in #9649 (7c103)
Fix teardown timeout of aroundEach/All when inner aroundEach/All throws - by @hi-ogawa in #9657 (4ec6c)
Fix ui mode / html reporter and coverage integration - by @hi-ogawa and Claude Opus 4.6 in #9626 (86fad)
Don't continue when aroundEach/All setup timed out - by @hi-ogawa in #9670 (bb013)
Align VitestRunnerConfig optional fields with SerializedConfig - by @hi-ogawa in #9661 (79520)
Handle Symbol values in format utility - by @nami8824 in #9658 (0583f)
Deprecate toBe* spy assertions in favor of toHaveBeen* (and toThrowError) - by @sheremet-va in #9665 (4d390)
Don't propagate nested aroundEach/All errors but aggregate them on runner - by @hi-ogawa in #9673 (b6365)
Show a better error if there is a pending dynamic import - by @sheremet-va in #9676 (7ef5c)
Preserve stack trace of resolves/rejects chained assertion error - by @hi-ogawa in #9679 (c6151)
Handle module-sync condition in vmThreads/vmForks require - by @lesleh in #9650 and #9651 (bb203)
Hooks should respect maxConcurrency - by @hi-ogawa in #9653 (16d13)
Recursively autospy module object - by @hi-ogawa in #9687 (695a8)
Remove trailing spaces from diff error log - by @hi-ogawa and @sheremet-va in #9680 (395d1)
Respect project resolve.conditions for externals - by @hi-ogawa in #9717 (1d498)
Use object for WeakMap instead of a symbol to support webcontainers - by @sheremet-va in #9731 (c5225)
Fix re-mocking virtual module - by @hi-ogawa in #9748 (3cbbb)
Cancelling should stop current test immediately - by @AriPerkkio in #9729 (0cb2f)
Make mockObject change backwards compatible - by @sheremet-va in #9744 (84c69)
Fix URL.name on jsdom - by @hi-ogawa in #9767 (031f3)
Save and restore module graph in blob reporter - by @hi-ogawa in #9740 (84355)
Don't silence reporter errors from test runtime events handler in normal run and --merge-reports - by @hi-ogawa in #9727 (4072d)
Fix vi.importActual() for virtual modules - by @hi-ogawa and Claude Opus 4.6 in #9772 (1e89e)
Throw FixtureAccessError if suite hook accesses undefined fixture - by @sheremet-va in #9786 (fc2ce)
Allow hyphens in project config file name pattern - by @Koutaro-Hanabusa and @hi-ogawa in #9760 (33e96)
Manual and redirect mock shouldn't load or transform original module - by @hi-ogawa and Claude Opus 4.6 in #9774 (a8216)
hideSkippedTests should not hide test.todo - by @oilater in #9562 and #9781 (8181e)
Allow catch/finally for async assertion - by @hi-ogawa in #9827 (031f0)
Resolve fixture overrides from test's suite in beforeEach hooks - by @hi-ogawa and Claude Opus 4.6 in #9826 (99e52)
Use isAgent check, not just TTY, for watch mode - by @sheremet-va in #9841 (c3cac)
Use performance.now to measure test timeout duration - by @hi-ogawa and Claude Opus 4.6 in #9795 (f48a6)
Correctly identify concurrent test during static analysis - by @sheremet-va in #9846 (1de0a)
browser:
- Avoid updating screenshots when toMatchScreenshot passes - by @macarie in #9289 (46aab)
- Hide injected data-testid attributes - by @sheremet-va in #9503 (c8d2c)
- Throw an error if iframe was reloaded - by @sheremet-va in #9516 (73a81)
- Encode projectName in browser client URL - by @dkkim0122 in #9523 (5b164)
- Don't take failure screenshot if tests have artifacts created by toMatchScreenshot - by @macarie in #9552 (83ca0)
- Remove --remote-debugging-address from chrome args - by @hi-ogawa and @AriPerkkio in #9712 (f09bb)
- Make sure userEvent actions support ensureAwaited - by @sheremet-va in #9732 (97685)
- Types of getCDPSession and cdp() - by @AriPerkkio in #9716 (689a2)
- Skip esbuild.legalComments when using rolldown-vite - by @Copilot, hi-ogawa and @hi-ogawa in #9803 (3505f)
chai:
- Don't allow deepEqual in the config because it's not serializable - by @sheremet-va in #9666 (9ee99)
coverage:
- Infer transform mode for uncovered files - by @AriPerkkio in #9435 (f3967)
- thresholds.autoUpdate to preserve ending whitespace - by @AriPerkkio in #9436 (7e534)
deps:
- Update all non-major dependencies - by @hi-ogawa in #9192 (90c30)
- Update all non-major dependencies - in #9485 (c0118)
- Update all non-major dependencies - in #9567 (13c9e)
docs:
- Fix old /config/#option hash links causing hydration errors - by @hi-ogawa, Claude Opus 4.6 and @sheremet-va in #9610 (a603c)
expect:
- toMatchObject(Map/Set) should expect Map/Set on left hand side - by @hi-ogawa and Claude Opus 4.6 in #9532 (381da)
- Fix objectContaining with proxy - by @hi-ogawa and Claude Opus 4.6 in #9554 (7ce34)
- Support arbitrary value equality for toThrow and make Error detection robust - by @hi-ogawa and Claude Opus 4.6 in #9570 (de215)
mock:
- Inject helpers after hashbang if present - by @sheremet-va in #9545 (65432)
mocker:
- Update vite's peer dependency range - by @sheremet-va in #9808 (36f9a)
reporter:
- dot reporter leaves pending tests - by @AriPerkkio in #9684 (4d793)
runner:
- Mark repeated tests as finished on last run - by @AriPerkkio in #9707 (cc735)
spy:
- Support deep partial in vi.mocked - by @j2h30728 in #8152 and #9493 (71cb5)
- Fallback to object accessor if descriptor's value is undefined - by @sheremet-va in #9511 (6f181)
- Throw correct errors when shorthand methods are used on a class - by @sheremet-va in #9513 (5d0fd)
types:
- bench.reporters no longer gives type errors when passing file name string paths - by @Bertie690 in #9695 (093c8)
ui:
- Process artifact attachments when generating HTML reporter - by @macarie in #9472 (96eb9)
- Don't fail if --ui and --root are specified together - by @sheremet-va in #9536 (d9305)

🏎 Performance

pretty-format: Combine DOMElement plugins - by @sheremet-va in #9581 (da85a)

View changes on GitHub

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

socket-security · 2026-03-12T14:44:46Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	vitest@4.0.18 ⏵ 4.1.0	⁺²		⁺¹	^-1
	@vitest/coverage-v8@4.0.18 ⏵ 4.1.0			⁺¹¹	⁺¹

View full report

socket-security · 2026-03-12T14:44:47Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `vite` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → `npm/[email protected]` → `npm/[email protected]` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

coveralls-official · 2026-03-12T18:26:38Z

coverage: 100.0%. remained the same
when pulling d19634b on renovate/vitest-and-its-coverage-provider
into a61fbe0 on master.

RobinTail

required for #3054

Includes: - #3051 - #3053 - ~~overriding vite to its v8~~ - vitest addressed it in #3256  ## Summary by CodeRabbit * **Chores** * Switched project tooling from tsx to unrun across scripts and dev dependencies; updated workspace configuration and dependency overrides. No runtime behavior changes for end users. * **Tests** * Updated test runtimes to use the new runner and adjusted a minor test expectation formatting string; no behavioral impact on test outcomes.

chore(deps): update vitest and its coverage provider to v4.1.0

517d6bf

fix snapshot.

0ad7ff8

RobinTail approved these changes Mar 12, 2026

View reviewed changes

RobinTail added dependencies Pull requests that update a dependency file patched Some dependency is patched labels Mar 12, 2026

fix(deps): overriding lightningcss dependency of vite.

d19634b

RobinTail force-pushed the renovate/vitest-and-its-coverage-provider branch from 8281865 to d19634b Compare March 12, 2026 18:28

RobinTail merged commit f9d8681 into master Mar 12, 2026
13 checks passed

RobinTail deleted the renovate/vitest-and-its-coverage-provider branch March 12, 2026 18:31

RobinTail mentioned this pull request Mar 12, 2026

Replacing tsx with unrun #3054

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): update vitest and its coverage provider to v4.1.0#3256

chore(deps): update vitest and its coverage provider to v4.1.0#3256
RobinTail merged 3 commits intomasterfrom
renovate/vitest-and-its-coverage-provider

renovate Bot commented Mar 12, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented Mar 12, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented Mar 12, 2026 •

edited

Loading

Uh oh!

coveralls-official Bot commented Mar 12, 2026 •

edited

Loading

Uh oh!

RobinTail left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

renovate Bot commented Mar 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v4.1.0

🚀 Features

🐞 Bug Fixes

🏎 Performance

View changes on GitHub

Configuration

Uh oh!

socket-security Bot commented Mar 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security Bot commented Mar 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

coveralls-official Bot commented Mar 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

RobinTail left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

renovate Bot commented Mar 12, 2026 •

edited

Loading

`v4.1.0`

socket-security Bot commented Mar 12, 2026 •

edited

Loading

socket-security Bot commented Mar 12, 2026 •

edited

Loading

coveralls-official Bot commented Mar 12, 2026 •

edited

Loading