[Snyk] Upgrade vitest from 2.0.2 to 2.1.8

[snyk-io]

Snyk has created this PR to upgrade vitest from 2.0.2 to 2.1.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 19 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	169	Proof of Concept
	Improper Input Validation SNYK-JS-NANOID-8492085	169	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	169	Proof of Concept
	Information Exposure SNYK-JS-VITE-8023174	169	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-VITE-8022916	169	Proof of Concept

Release notes

Package name: vitest

• 2.1.8 - 2024-12-02
  

     🐞 Bug Fixes

  • Support Node 21  -  by @ sheremet-va (92f7a)

      View changes on GitHub

• 2.1.7 - 2024-12-02
  

     🐞 Bug Fixes

  • Revert support for Vite 6  -  by @ sheremet-va (fbe5c)
    • This introduced some breaking changes (#6992). We will enable support for it later. In the meantime, you can still use pnpm.overrides or yarn resolutions to override the vite version in the vitest package - the APIs are compatible.

      View changes on GitHub

• 2.1.6 - 2024-11-26
  

  🚀 Features

  • Support Vite 6

      View changes on GitHub

• 2.1.5 - 2024-11-13
  

     🐞 Bug Fixes

  • dangerouslyIgnoreUnhandledErrors without base reporter  -  by @ AriPerkkio in #6808 (0bf0a)
  • Capture unhandledRejection even when base reporter is not used  -  by @ AriPerkkio in #6812 (8878b)
  • Don't change the working directory when loading workspace projects  -  by @ sheremet-va in #6811 (f0aea)
  • Remove sequence.concurrent from the RuntimeConfig type  -  by @ sheremet-va in #6880 (6af73)
  • Stop the runner before restarting, restart on workspace config change  -  by @ sheremet-va in #6859 (b01df)
  • Don't rerun on Esc or Ctrl-C during watch filter  -  by @ hi-ogawa in #6895 (98f76)
  • Print ssrTransform error  -  by @ hi-ogawa in #6885 (4c96c)
  • Throw an error and a warning if .poll, .element, .rejects/.resolves, and locator.* weren't awaited  -  by @ sheremet-va in #6877 (93b67)
  • browser:
    • Don't process the default css styles  -  by @ sheremet-va in #6861 (0d67f)
    • Support non US key input  -  by @ hi-ogawa in #6873 (5969d)
    • Stop the browser rpc when the pool is closed  -  by @ sheremet-va in #6858 (9a0c9)
    • Init browsers eagerly when tests are running  -  by @ sheremet-va in #6876 (417bd)
  • coverage:
    • Report uncovered files when re-run by enter or 'a'  -  by @ AriPerkkio in #6848 (487c8)
  • ui:
    • Remove crossorigin attributes for same origin assets  -  by @ hi-ogawa in #6883 (6e793)
  • vite-node:
    • Improve esm check to decide external  -  by @ hi-ogawa in #6816 (7e1fa)
    • Top-level throw in module is not reported properly  -  by @ vanaigr and @ hi-ogawa in #6840 (cf0cb)
  • vitest:
    • Use fetch() implementation from happy-dom  -  by @ capricorn86 in #6879 (3c56f)

     🏎 Performance

  • Limit workspace project concurrency to available cores  -  by @ sheremet-va in #6869 (f4c04)

      View changes on GitHub

• 2.1.4 - 2024-10-28
  

     🚀 Features

  This patch release includes a non-breaking feature for the experimental Browser Mode that doesn't follow SemVer. If you want to avoid picking up releases like this, make sure to pin the Vitest version in your package.json. See npm's documentation about semver for more information.

  • browser: Allow custom HTML path, respect plugins transformIndexHtml  -  by @ sheremet-va in #6725 (16902)

     🐞 Bug Fixes

  • windows:
    • Don't normalize drive case letter in root  -  by @ sheremet-va in #6792 (b28cd)
  • browser:
    • Fix default browser port  -  by @ hi-ogawa in #6700 (9c518)
    • Optimize expect-type  -  by @ sheremet-va in #6713 (07918)
    • Don't polyfill process.env  -  by @ sheremet-va in #6718 (da6d2)
    • Increment browser port automatically if there are several projects with browser.enabled  -  by @ sheremet-va in #6717 (a9397)
    • Cleanup keyboard state  -  by @ hi-ogawa in #6731 (19278)
    • Don't add v= queries to setup files imports  -  by @ sheremet-va in #6759 (b8258)
    • User event cleanup on retry  -  by @ hi-ogawa in #6764 (bdd15)
    • Ignore non mocked msw requests  -  by @ sheremet-va in #6770 (9d9ba)
    • Initiate MSW in the same frame as tests  -  by @ sheremet-va in #6772 (2444f)
  • deps:
    • Update dependency sirv to v3  -  in #6701 (fde5d)
  • expect:
    • Correct behavior of toThrowError with empty string parameter  -  by @ shulaoda in #6710 (a6129)
  • mocker:
    • Remove spy from peer dependencies  -  by @ sheremet-va in #6777 (3a8b5)
  • vitest:
    • Clarify slowTestThreshold, print slow tests in non-TTY mode  -  by @ sheremet-va in #6715 (2e6aa)
    • Print warnings form Vite plugins  -  by @ sheremet-va in #6724 (121b1)
    • Don't fail if the working directory starts with a lowercase drive letter  -  by @ sheremet-va in #6779 (df6d7)
    • Silence import analysis warning  -  by @ hi-ogawa in #6785 (39041)
  • vitest,runner:
    • Simplify test.extend type exports  -  by @ hi-ogawa in #6707 (e5c38)

     🏎 Performance

  • Use hash to replace createHash  -  by @ btea in #6703 (5d07b)

      View changes on GitHub

• 2.1.3 - 2024-10-14
  

     🐞 Bug Fixes

  • Fix error diff of toBeNaN, toBeUndefined, toBeNull, toBeTruthy, toBeFalsy  -  by @ hi-ogawa in #6697 (e0027)
  • browser:
    • Provide aria role intellisense  -  by @ sheremet-va in #6629 (f36ea)
    • Not.toBeInTheDocument works with locators API  -  by @ sheremet-va in #6634 (8bef5)
    • Use /mockServiceWorker.js instead of /__vitest_msw__  -  by @ sheremet-va in #6687 (4b2ce)
    • Don't override the esbuild option in the browser mode  -  by @ sheremet-va in #6692 (d131f)
  • expect:
    • Preserve prototype in toMatchObject diff  -  by @ hi-ogawa in #6620 (d289e)
  • mocker:
    • Specify correct spy dependency  -  by @ sheremet-va (7e958)
  • runner:
    • Ensure sequential suite overrides sequence.concurrent  -  by @ dsyddall and @ hi-ogawa in #6653 (5e6de)
  • vitest:
    • Deprecate UserConfig in favor of ViteUserConfig  -  by @ sheremet-va in #6626 (496bd)
    • Don't hang with maxConcurrency 0  -  by @ sheremet-va in #6627 (946d8)
    • Deprecate old task types and node-reliant types  -  by @ sheremet-va in #6632 (00045)
    • Fix <empty line> logs when interleaving console.log/error  -  by @ hi-ogawa in #6644 (9ece3)
    • Show rollup error details as test error  -  by @ hi-ogawa in #6686 (47dde)
    • Always inline setup files  -  by @ sheremet-va in #6689 (19d64)
    • Use fast-glob instead of tinyglobby in Vitest  -  by @ sheremet-va in #6688 (70baa)
  • web-worker:
    • Share mocker with main executor  -  by @ hi-ogawa in #6623 (fe7b8)

     🏎 Performance

  • Reuse full name in reported tasks, update generator types  -  by @ sheremet-va in #6666 (7a0de)

      View changes on GitHub

• 2.1.2 - 2024-10-02
  

     🐞 Bug Fixes

  • Move Vitest.setServer to post configureServer hook to enable import analysis for workspace config loading  -  by @ hi-ogawa in #6584 (e7f35)
  • benchmark:
    • Clear BenchmarkResult.samples array to reduce memory usage  -  by @ hi-ogawa and @ AriPerkkio in #6541 (a6407)
  • browser:
    • Fix dynamic import inside worker  -  by @ hi-ogawa in #6569 (ea2d4)
    • Fix browser mock factory event race condition  -  by @ hi-ogawa in #6530 (f131f)
    • Serve ui assets as static  -  by @ hi-ogawa in #6564 (adcda)
    • Update solidjs testing library lib  -  by @ CamilleTeruel in #6548 (91442)
    • Use data: protocol on preview provider file upload  -  by @ userquin in #6501 (e9821)
    • Fix base for client script  -  by @ hi-ogawa in #6510 (f9528)
    • Throw an error if "@ vitest/browser/context" is imported outside of the browser mode  -  by @ sheremet-va in #6570 (383f1)
  • coverage:
    • Remove empty coverage folder on test failure too  -  by @ AriPerkkio in #6547 (1371c)
    • Include *.astro by default  -  by @ AriPerkkio in #6565 (f8ff7)
    • cleanOnRerun: false to invalidate previous results  -  by @ AriPerkkio in #6592 (88bde)
  • expect:
    • Fix toBeDefined with expect.poll  -  by @ hi-ogawa in #6562 (f7da6)
  • forks:
    • Fix --cpu-prof and --heap-prof not working by default  -  by @ AriPerkkio in #6555 (2e4d894)
  • runner:
    • Mark tests as skipped when beforeAll failed  -  by @ hi-ogawa in #6524 (fb797)
    • Support fixture parsing of lowered async syntax  -  by @ hi-ogawa in #6531 (b553c)
    • Fix fixture parsing of lowered async syntax for non arrow functions  -  by @ hi-ogawa in #6575 (3de00)
    • Guard test hook callback  -  by @ sheremet-va in #6604 (14971)
    • Run onTestFinished and onTestFailed during retry and repeats  -  by @ hi-ogawa in #6609 (c5e29)
  • ui:
    • List tests on ui when --standalone  -  by

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
package.json	0% smaller