Skip to content

chore(frontend)(deps-dev): bump the vitest-testing group across 1 directory with 2 updates#109

Merged
aksOps merged 1 commit into
mainfrom
dependabot/npm_and_yarn/ui/vitest-testing-eec477fc9e
Jun 18, 2026
Merged

chore(frontend)(deps-dev): bump the vitest-testing group across 1 directory with 2 updates#109
aksOps merged 1 commit into
mainfrom
dependabot/npm_and_yarn/ui/vitest-testing-eec477fc9e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the vitest-testing group with 2 updates in the /ui directory: jsdom and vitest.

Updates jsdom from 29.1.0 to 29.1.1

Release notes

Sourced from jsdom's releases.

v29.1.1

  • Fixed 'border-radius' computed style serialization. (@​asamuzaK)
  • Fixed computed style computation when using 'background-origin' and 'background-clip' CSS properties. (@​asamuzaK)
  • Significantly optimized initial calls to getComputedStyle(), before the cache warms up. (@​asamuzaK)
Commits

Updates vitest from 4.1.8 to 4.1.9

Release notes

Sourced from vitest's releases.

v4.1.9

🐞 Bug Fixes

View changes on GitHub
Commits
  • a7a61e7 chore: release v4.1.9 (#10598)
  • 934b0f5 fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...
  • 7fb2965 fix(browser): wait for orchestrator readiness before resolving browser sessio...
  • a518019 fix: fix importOriginal with optimizer and query import [backport to v4] (#...
  • See full diff in compare view

@dependabot @github

dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: area:frontend, type:dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@socket-security

socket-security Bot commented Jun 15, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatednpm/​vitest@​4.1.8 ⏵ 4.1.998 +110079 +199100
Updatednpm/​@​vitest/​coverage-v8@​4.1.8 ⏵ 4.1.9991007998 -1100
Updatednpm/​jsdom@​29.1.0 ⏵ 29.1.181100100 +193100

View full report

@socket-security

socket-security Bot commented Jun 15, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm jsdom is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ui/package-lock.jsonnpm/jsdom@29.1.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/jsdom@29.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm jsdom is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ui/package-lock.jsonnpm/jsdom@29.1.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/jsdom@29.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ui/vitest-testing-eec477fc9e branch 2 times, most recently from 98a0a4f to b446b7e Compare June 18, 2026 03:36
@aksOps

aksOps commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ui/vitest-testing-eec477fc9e branch from b446b7e to 6bf59e4 Compare June 18, 2026 08:03
@aksOps

aksOps commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

…ectory with 2 updates

Bumps the vitest-testing group with 2 updates in the /ui directory: [jsdom](https://github.com/jsdom/jsdom) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).


Updates `jsdom` from 29.1.0 to 29.1.1
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Commits](jsdom/jsdom@v29.1.0...v29.1.1)

Updates `vitest` from 4.1.8 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/vitest)

---
updated-dependencies:
- dependency-name: jsdom
  dependency-version: 29.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: vitest-testing
- dependency-name: vitest
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: vitest-testing
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ui/vitest-testing-eec477fc9e branch from 6bf59e4 to d2b7d86 Compare June 18, 2026 08:22
@sonarqubecloud

Copy link
Copy Markdown

@aksOps aksOps merged commit 07fb0e3 into main Jun 18, 2026
12 checks passed
@aksOps aksOps deleted the dependabot/npm_and_yarn/ui/vitest-testing-eec477fc9e branch June 18, 2026 08:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant