Skip to content

build(deps-dev): bump the test group across 1 directory with 2 updates#8

Merged
t3r merged 1 commit into
mainfrom
dependabot/npm_and_yarn/test-8ca427ad29
Mar 27, 2026
Merged

build(deps-dev): bump the test group across 1 directory with 2 updates#8
t3r merged 1 commit into
mainfrom
dependabot/npm_and_yarn/test-8ca427ad29

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 27, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the test group with 2 updates in the / directory: vitest and happy-dom.

Updates vitest from 4.1.1 to 4.1.2

Release notes

Sourced from vitest's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates happy-dom from 20.8.7 to 20.8.9

Release notes

Sourced from happy-dom's releases.

v20.8.9

👷‍♂️ Patch fixes

  • Fixes issue where cookies from the current origin was being forwarded to the target origin in fetch requests - By @​capricorn86 in task #2117

v20.8.8

👷‍♂️ Patch fixes

  • Fixes issue where export names can be interpolated as executable code in ESM - By @​capricorn86 in task #2113
    • A security advisory (GHSA-6q6h-j7hj-3r64) has been reported that shows a security vulnerability where it may be possible to escape the VM context and get access to process level functionality in unsafe environments using CommonJS. Big thanks to @​tndud042713 for reporting this!
Commits
  • 68324c2 fix: #2117 Fixes issue related to cookies from the current origin being for...
  • 5437fdf fix: #2113 Fixes issue where export names can be interpolated as executable...
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 27, 2026
@dependabot dependabot Bot changed the title build(deps-dev): bump the test group with 2 updates build(deps-dev): bump the test group across 1 directory with 2 updates Mar 27, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/test-8ca427ad29 branch from d98556c to d02aea5 Compare March 27, 2026 18:41
@dependabot
build(deps-dev): bump the test group with 2 updates
f736be3 
Bumps the test group with 2 updates: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) and [happy-dom](https://github.com/capricorn86/happy-dom).


Updates `vitest` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/vitest)

Updates `happy-dom` from 20.8.7 to 20.8.9
- [Release notes](https://github.com/capricorn86/happy-dom/releases)
- [Commits](capricorn86/happy-dom@v20.8.7...v20.8.9)

---
updated-dependencies:
- dependency-name: vitest
  dependency-version: 4.1.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: test
- dependency-name: happy-dom
  dependency-version: 20.8.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: test
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/test-8ca427ad29 branch from d02aea5 to f736be3 Compare March 27, 2026 18:45
@t3r t3r merged commit 2801829 into main Mar 27, 2026
1 check passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/test-8ca427ad29 branch March 27, 2026 18:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@t3r