Skip to content

chore(deps-dev): bump vitest from 3.1.4 to 4.1.0 in /hlyr#35

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/hlyr/vitest-4.1.0
Open

chore(deps-dev): bump vitest from 3.1.4 to 4.1.0 in /hlyr#35
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/hlyr/vitest-4.1.0

chore(deps-dev): bump vitest from 3.1.4 to 4.1.0 in /hlyr

9694aee
Select commit
Loading
Failed to load commit list.
Kusari Inspector / Kusari Inspector succeeded Jun 1, 2026 in 1m 8s

Security Analysis Passed

No security issues found

Details

Kusari Inspector

Kusari Analysis Results:

Proceed with these changes

✅ No Flagged Issues Detected
All values appear to be within acceptable risk parameters.

Both dependency and code analyses independently recommend proceeding with no critical concerns. The PR upgrades vitest from 3.1.4 to 4.1.0, along with associated ecosystem packages (vite, postcss, picomatch), and actively remediates multiple CVEs present in the old versions (CVE-2026-47429 in vitest, CVE-2026-39365, CVE-2025-62522, CVE-2025-58751, CVE-2025-58752, CVE-2026-39363 in vite, CVE-2026-41305 in postcss, CVE-2026-33672, CVE-2026-33671 in picomatch). None of these vulnerabilities are present in the newly installed versions. All licenses are permissive or weak copyleft (MIT, Apache-2.0, 0BSD, MPL-2.0 for dev-only binaries). The code analysis found zero secrets, zero code issues, and zero workflow issues. The combined risk profile is net-positive: this PR reduces the vulnerability surface. One non-blocking follow-up is recommended: consider updating vitest to 4.1.8 (latest patch) in package.json to stay current, as the installed 4.1.0 is slightly behind.

Note

View full detailed analysis result for more information on the output and the checks that were run.


@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: 9694aee, performed at: 2026-06-01T21:24:28Z