chore(deps-dev): bump vitest and @vitest/coverage-istanbul

[dependabot]

Bumps vitest and @vitest/coverage-istanbul. These dependencies needed to be updated together.
Updates vitest from 1.3.1 to 2.1.1

Release notes

Sourced from vitest's releases.

v2.1.1

   🐞 Bug Fixes

• browser:
  • Make example test callbacks async  -  by @​aqandrew in vitest-dev/vitest#6484 (16aa7)
  • Optimize vitest-browser-vue correctly  -  by @​sheremet-va in vitest-dev/vitest#6490 (5cbb0)
• workspace:
  • Resolve glob pattern once to avoid name collision  -  by @​sheremet-va in vitest-dev/vitest#6489 (36b5a)

    View changes on GitHub

v2.1.0

This release makes another big change to the Browser Mode by introducing locators API:

test('renders blog posts', async () => {
  const screen = page.render(<Blog />)
await expect.element(screen.getByRole('heading', { name: 'Blog' })).toBeInTheDocument()
const [firstPost] = screen.getByRole('listitem').all()
await firstPost.getByRole('button', { name: 'Delete' }).click()
expect(screen.getByRole('listitem').all()).toHaveLength(3)
})

You can use either vitest-browser-vue, vitest-browser-svelte or vitest-browser-react to render components and make assertions using locators. Locators are also available on the page object from @vitest/browser/context.

Potential Breaking Change

• workspace:
  • Correctly resolve workspace globs and file paths  -  by @​sheremet-va in vitest-dev/vitest#6316 (afdcb)
  • This changes how the custom glob pattern in the workspace config is treated. Any file matching the glob is considered a Vitest config file. Any folder matching the glob pattern is treated as a workspace project and is subject to the regular config resolution (single vitest.config.ts or vite.config.ts inside the folder)
  • For example, projects/* will match anything inside the projects folder. If it's a folder, we try to find the config inside that folder (if there is none, it is still treated as a project with the default config). If it's a file, it will be treated as a Vitest config. projects/**/* previously would assume that you only wanted to have folders as projects, but now it will match every single file insideprojects.
  • This change doesn't affect non-glob usage.

   🚀 Features

• api:
  • Make spec into a class instead of a tuple  -  by @​sheremet-va in vitest-dev/vitest#6355 (874a1)
• browser:
  • Move page.config to server.config, add more docs  -  by @​sheremet-va in vitest-dev/vitest#6252 (af2b8)
  • Make iframe scalable, improve documentation  -  by @​sheremet-va in vitest-dev/vitest#6257 (74ca1)
  • Introduce built-in locators  -  by @​sheremet-va in vitest-dev/vitest#6084 (3347f)
  • Support v8 coverage  -  by @​AriPerkkio in vitest-dev/vitest#6273 (34199)
  • Support userEvent.upload in playwright provider  -  by @​sheremet-va in vitest-dev/vitest#6442 (cf148)
  • Support --inspect  -  by @​AriPerkkio in vitest-dev/vitest#6433 (0499a)
  • Support --inspect-brk  -  by @​AriPerkkio in vitest-dev/vitest#6434 (7ab0f)

... (truncated)

Commits

• 699055e chore: release v2.1.1
• 36b5ace fix(workspace): resolve glob pattern once to avoid name collision (#6489)
• 16aa76c fix(browser): make example test callbacks async (#6484)
• 9f1fd18 chore: release v2.1.0
• 94a186e fix(ui): render project name consistently (#6329)
• ac698b1 fix: expect.getState().testPath always returns correct path (#6472)
• b2be23e chore: release v2.1.0-beta.7
• 0b44722 fix: ignore importer when resolving Vitest (#6469)
• 97773e2 chore: fix edge case in license files bundling (#6460)
• 7ab0f4a feat(browser): support --inspect-brk (#6434)
• Additional commits viewable in compare view

Updates @vitest/coverage-istanbul from 1.3.1 to 2.1.1

Release notes

Sourced from @​vitest/coverage-istanbul's releases.

v2.1.1

   🐞 Bug Fixes

• browser:
  • Make example test callbacks async  -  by @​aqandrew in vitest-dev/vitest#6484 (16aa7)
  • Optimize vitest-browser-vue correctly  -  by @​sheremet-va in vitest-dev/vitest#6490 (5cbb0)
• workspace:
  • Resolve glob pattern once to avoid name collision  -  by @​sheremet-va in vitest-dev/vitest#6489 (36b5a)

    View changes on GitHub

v2.1.0

This release makes another big change to the Browser Mode by introducing locators API:

test('renders blog posts', async () => {
  const screen = page.render(<Blog />)
await expect.element(screen.getByRole('heading', { name: 'Blog' })).toBeInTheDocument()
const [firstPost] = screen.getByRole('listitem').all()
await firstPost.getByRole('button', { name: 'Delete' }).click()
expect(screen.getByRole('listitem').all()).toHaveLength(3)
})

You can use either vitest-browser-vue, vitest-browser-svelte or vitest-browser-react to render components and make assertions using locators. Locators are also available on the page object from @vitest/browser/context.

Potential Breaking Change

• workspace:
  • Correctly resolve workspace globs and file paths  -  by @​sheremet-va in vitest-dev/vitest#6316 (afdcb)
  • This changes how the custom glob pattern in the workspace config is treated. Any file matching the glob is considered a Vitest config file. Any folder matching the glob pattern is treated as a workspace project and is subject to the regular config resolution (single vitest.config.ts or vite.config.ts inside the folder)
  • For example, projects/* will match anything inside the projects folder. If it's a folder, we try to find the config inside that folder (if there is none, it is still treated as a project with the default config). If it's a file, it will be treated as a Vitest config. projects/**/* previously would assume that you only wanted to have folders as projects, but now it will match every single file insideprojects.
  • This change doesn't affect non-glob usage.

   🚀 Features

• api:
  • Make spec into a class instead of a tuple  -  by @​sheremet-va in vitest-dev/vitest#6355 (874a1)
• browser:
  • Move page.config to server.config, add more docs  -  by @​sheremet-va in vitest-dev/vitest#6252 (af2b8)
  • Make iframe scalable, improve documentation  -  by @​sheremet-va in vitest-dev/vitest#6257 (74ca1)
  • Introduce built-in locators  -  by @​sheremet-va in vitest-dev/vitest#6084 (3347f)
  • Support v8 coverage  -  by @​AriPerkkio in vitest-dev/vitest#6273 (34199)
  • Support userEvent.upload in playwright provider  -  by @​sheremet-va in vitest-dev/vitest#6442 (cf148)
  • Support --inspect  -  by @​AriPerkkio in vitest-dev/vitest#6433 (0499a)
  • Support --inspect-brk  -  by @​AriPerkkio in vitest-dev/vitest#6434 (7ab0f)

... (truncated)

Commits

• 699055e chore: release v2.1.1
• 9f1fd18 chore: release v2.1.0
• b2be23e chore: release v2.1.0-beta.7
• 8ac7011 chore: release v2.1.0-beta.6
• da52d23 fix(coverage): use project specific vitenode for uncovered files (#6044)
• 5932a7f feat(coverage): add --exclude-after-remap (#6309)
• 34199bd feat(browser): support v8 coverage (#6273)
• 72056b5 chore: release v2.1.0-beta.5
• e662c7b fix(coverage): warn if vitest and @vitest/* versions don't match (#6317)
• 67b086b chore: release v2.1.0-beta.4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@babel/helper-string-parser	7.24.8	🟢 6.5	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 20 existing vulnerabilities detected
npm/@babel/helper-validator-identifier	7.24.7	🟢 6.5	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 20 existing vulnerabilities detected
npm/@babel/parser	7.25.6	🟢 6.5	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 20 existing vulnerabilities detected
npm/@babel/types	7.25.6	🟢 6.5	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 20 existing vulnerabilities detected
npm/@jridgewell/sourcemap-codec	1.5.0	🟢 3.4	Details Check Score Reason Code-Review ⚠️ 0 Found 1/15 approved changesets -- score normalized to 0 Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@vitest/coverage-istanbul	2.1.1	Unknown	Unknown
npm/@vitest/expect	2.1.1	Unknown	Unknown
npm/@vitest/mocker	2.1.1	Unknown	Unknown
npm/@vitest/pretty-format	2.1.1	Unknown	Unknown
npm/@vitest/runner	2.1.1	Unknown	Unknown
npm/@vitest/snapshot	2.1.1	Unknown	Unknown
npm/@vitest/spy	2.1.1	Unknown	Unknown
npm/@vitest/utils	2.1.1	Unknown	Unknown
npm/assertion-error	2.0.1	🟢 4.7	Details Check Score Reason Code-Review 🟢 6 Found 17/25 approved changesets -- score normalized to 6 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/chai	5.1.1	🟢 4.6	Details Check Score Reason Code-Review 🟢 6 Found 17/25 approved changesets -- score normalized to 6 Maintained 🟢 3 3 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Security-Policy ⚠️ 0 security policy file not detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Packaging ⚠️ -1 packaging workflow not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 7 3 existing vulnerabilities detected
npm/check-error	2.1.1	🟢 3.7	Details Check Score Reason Code-Review 🟢 8 Found 15/18 approved changesets -- score normalized to 8 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 39 existing vulnerabilities detected
npm/deep-eql	5.0.2	🟢 3.3	Details Check Score Reason Code-Review 🟢 5 Found 14/26 approved changesets -- score normalized to 5 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 20 existing vulnerabilities detected
npm/glob	10.4.5	🟢 4.4	Details Check Score Reason Code-Review ⚠️ 0 Found 2/30 approved changesets -- score normalized to 0 Maintained 🟢 10 9 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/istanbul-lib-instrument	6.0.3	🟢 5.2	Details Check Score Reason Code-Review 🟢 5 Found 10/19 approved changesets -- score normalized to 5 Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License ⚠️ 0 license file not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/istanbul-lib-source-maps	5.0.6	🟢 5.2	Details Check Score Reason Code-Review 🟢 5 Found 10/19 approved changesets -- score normalized to 5 Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License ⚠️ 0 license file not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/jackspeak	3.4.3	🟢 4.3	Details Check Score Reason Code-Review ⚠️ 0 Found 1/22 approved changesets -- score normalized to 0 Maintained 🟢 10 19 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/loupe	3.1.1	🟢 3.7	Details Check Score Reason Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 53 existing vulnerabilities detected
npm/lru-cache	10.4.3	🟢 4.8	Details Check Score Reason Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Maintained 🟢 10 12 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/magic-string	0.30.11	🟢 3.7	Details Check Score Reason Maintained 🟢 3 3 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 3 Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 7 3 existing vulnerabilities detected
npm/magicast	0.3.5	Unknown	Unknown
npm/path-scurry	1.11.1	🟢 3.5	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 no SAST tool detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/pathval	2.0.0	🟢 3.2	Details Check Score Reason Code-Review 🟢 8 Found 8/9 approved changesets -- score normalized to 8 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Pinned-Dependencies ⚠️ -1 no dependencies found Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 57 existing vulnerabilities detected
npm/test-exclude	7.0.1	🟢 4.6	Details Check Score Reason Code-Review ⚠️ 0 Found 1/28 approved changesets -- score normalized to 0 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/tinybench	2.9.0	Unknown	Unknown
npm/tinypool	1.0.1	Unknown	Unknown
npm/tinyrainbow	1.2.0	Unknown	Unknown
npm/tinyspy	3.0.2	Unknown	Unknown
npm/vite-node	2.1.1	Unknown	Unknown
npm/vitest	2.1.1	Unknown	Unknown
npm/why-is-node-running	2.3.0	🟢 5.6	Details Check Score Reason Code-Review ⚠️ 1 Found 5/28 approved changesets -- score normalized to 1 Maintained 🟢 10 19 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@vitest/coverage-istanbul	^2.1.1	Unknown	Unknown
npm/vitest	^2.1.1	Unknown	Unknown

Scanned Manifest Files

package-lock.json

• @babel/[email protected]
• @babel/[email protected]
• @babel/[email protected]
• @babel/[email protected]
• @jridgewell/[email protected]
• @vitest/[email protected]
• @vitest/[email protected]
• @vitest/[email protected]
• @vitest/[email protected]
• @vitest/[email protected]
• @vitest/[email protected]
• @vitest/[email protected]
• @vitest/[email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• @babel/[email protected]
• @babel/[email protected]
• @babel/[email protected]
• @babel/[email protected]
• @jest/[email protected]
• @jridgewell/[email protected]
• @sinclair/[email protected]
• @vitest/[email protected]
• @vitest/[email protected]
• @vitest/[email protected]
• @vitest/[email protected]
• @vitest/[email protected]
• @vitest/[email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

package.json

• @vitest/coverage-istanbul@^2.1.1
• vitest@^2.1.1
• @vitest/coverage-istanbul@^1.3.1
• vitest@^1.3.1

[github-actions]

🐳 Docker Metrics 🐳

• Size of the Docker Image in the base (main): 138MB
• Size of the Docker Image in this branch (dependabot/npm_and_yarn/multi-20f17f35fa): 138MB

[AlbertHernandez]

@dependabot ignore this major version

[dependabot]

OK, I won't notify you about version 2.x.x again, unless you re-open this PR.