chore(deps): bump the npm_and_yarn group across 2 directories with 13 updates by dependabot[bot] · Pull Request #583 · sethdford/shipwright

dependabot · 2026-06-02T00:03:59Z

Bumps the npm_and_yarn group with 3 updates in the / directory: happy-dom, vitest and undici.
Bumps the npm_and_yarn group with 5 updates in the /website directory:

Package	From	To
picomatch	`4.0.3`	`4.0.4`
picomatch	`2.3.1`	`2.3.2`
postcss	`8.5.6`	`8.5.15`
rollup	`4.57.1`	`4.61.0`
vite	`6.4.1`	`6.4.3`
astro	`5.17.1`	`6.4.2`

Updates happy-dom from 20.6.1 to 20.9.0

Release notes

Sourced from happy-dom's releases.

v20.9.0

🎨 Features

Adds support for event listener properties on Window (e.g. Window.onkeydown) - By @capricorn86 in task #2131

v20.8.9

👷‍♂️ Patch fixes

Fixes issue where cookies from the current origin was being forwarded to the target origin in fetch requests - By @capricorn86 in task #2117

A security advisory (GHSA-w4gp-fjgq-3q4g) was reported for this security vulnerability. Big thanks to @r74tech for reporting this!

v20.8.8

👷‍♂️ Patch fixes

Fixes issue where export names can be interpolated as executable code in ESM - By @capricorn86 in task #2113

A security advisory (GHSA-6q6h-j7hj-3r64) has been reported that shows a security vulnerability where it may be possible to escape the VM context and get access to process level functionality in unsafe environments using CommonJS. Big thanks to @tndud042713 for reporting this!

v20.8.7

👷‍♂️ Patch fixes

Replace implementing Node.js Console with common IConsole interface to support latest version of Bun - By @YevheniiKotyrlo in task #1845

v20.8.6

👷‍♂️ Patch fixes

Request.formData() should honor "Content-Type" header - By @brianhelba in task #2106

v20.8.5

👷‍♂️ Patch fixes

Fixes error thrown when modifying DOM structure in connectedCallback() - By @capricorn86 in task #2110

v20.8.4

👷‍♂️ Patch fixes

Replace ConsoleConstructor import with indexed access type - By @YevheniiKotyrlo in task #1845

v20.8.3

👷‍♂️ Patch fixes

Throw error if event is not of type Event in EventTarget.dispatchEvent() - By @capricorn86 in task #2054

v20.8.2

👷‍♂️ Patch fixes

Resets Event.cancelBubble and Event.defaultPrevented when calling Event.initEvent() - By @capricorn86 in task #2090

v20.8.1

👷‍♂️ Patch fixes

Make "inert" attribute block focus interactions - By @coffeeandwork in task #1422

v20.8.0

🎨 Features

Adds support for setPointerCapture, hasPointerCapture, and releasePointerCapture to Element - By @coffeeandwork in task #1733

v20.7.2

👷‍♂️ Patch fixes

Properly decode CSS escape sequences in attribute selector values - By @silverwind

... (truncated)

Commits

4090ade fix: #0 Fix github release workflow (#2140)
c7c2bb5 fix: #0 Fix github release workflow (#2139)
d541143 fix: #0 Fix github release workflow (#2138)
a78d89e feat: #2131 Adds support for event listener properties on Window (#2132)
68324c2 fix: #2117 Fixes issue related to cookies from the current origin being for...
5437fdf fix: #2113 Fixes issue where export names can be interpolated as executable...
7e97acb fix: #1845 Replace implementing Node js Console with common IConsole interf...
3373929 fix: #2106 Request.formData() should honor Content-Type header (#2107)
55c17ba fix: #2110 Fixes error thrown when modifying DOM structure in connectedCall...
82a0888 fix: #1845 Replace ConsoleConstructor import with indexed access type (#2095)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for happy-dom since your current version.

Updates vitest from 4.0.18 to 4.1.0

Release notes

Sourced from vitest's releases.

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

🚀 Features

Return a disposable from doMock() - by @kirkwaiblinger in vitest-dev/vitest#9332 (e3e65)

Added chai style assertions - by @ronnakamoto and @sheremet-va in vitest-dev/vitest#8842 (841df)

Update to sinon/fake-timers v15 and add setTickMode to timer controls - by @atscott and @sheremet-va in vitest-dev/vitest#8726 (4b480)

Expose matcher types - by @sheremet-va in vitest-dev/vitest#9448 (3e4b9)

Add toTestSpecification to reported tasks - by @sheremet-va in vitest-dev/vitest#9464 (1a470)

Show a warning if vi.mock or vi.hoisted are declared outside of top level of the module - by @sheremet-va in vitest-dev/vitest#9387 (5db54)

Track and display expectedly failed tests (.fails) in UI and CLI - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#9476 (77d75)

Support tags - by @sheremet-va in vitest-dev/vitest#9478 (de7c8)

Implement aroundEach and aroundAll hooks - by @sheremet-va in vitest-dev/vitest#9450 (2a8cb)

Stabilize experimental features - by @sheremet-va in vitest-dev/vitest#9529 (b5fd2)

Accept new or all in --update flag - by @sheremet-va in vitest-dev/vitest#9543 (a5acf)

Support meta in test options - by @sheremet-va in vitest-dev/vitest#9535 (7d622)

Support type inference with a new test.extend syntax - by @sheremet-va in vitest-dev/vitest#9550 (e5385)

Support vite 8 beta, fix type issues in the config with different vite versions - by @sheremet-va in vitest-dev/vitest#9587 (99028)

Add assertion helper to hide internal stack traces - by @hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9594 (eeb0a)

Store failure screenshots using artifacts API - by @macarie in vitest-dev/vitest#9588 (24603)

Allow vitest list to statically collect tests instead of running files to collect them - by @sheremet-va in vitest-dev/vitest#9630 (7a8e7)

Add --detect-async-leaks - by @AriPerkkio in vitest-dev/vitest#9528 (c594d)

Implement mockThrow and mockThrowOnce - by @thor-juhasz and @sheremet-va in vitest-dev/vitest#9512 (61917)

Support update: "none" and add docs about snapshots behavior on CI - by @hi-ogawa in vitest-dev/vitest#9700 (05f18)

Support playwright launchOptions with connectOptions - by @hi-ogawa in vitest-dev/vitest#9702 (f0ff1)

Add page/locator.mark API to enhance playwright trace - by @hi-ogawa in vitest-dev/vitest#9652 (d0ee5)

api:

Support tests starting or ending with test in experimental_parseSpecification - by @jgillick and Jeremy Gillick in vitest-dev/vitest#9235 (2f367)

Add filters to createSpecification - by @sheremet-va in vitest-dev/vitest#9336 (c8e6c)

Expose runTestFiles as alternative to runTestSpecifications - by @sheremet-va in vitest-dev/vitest#9443 (43d76)

Add allowWrite and allowExec options to api - by @sheremet-va in vitest-dev/vitest#9350 (20e00)

Allow passing down test cases to toTestSpecification - by @sheremet-va in vitest-dev/vitest#9627 (6f17d)

browser:

Add userEvent.wheel API - by @macarie in vitest-dev/vitest#9188 (66080)

Add filterNode option to prettyDOM for filtering browser assertion error output - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#9475 (d3220)

Support playwright persistent context - by @hi-ogawa, Claude Opus 4.6 and @sheremet-va in vitest-dev/vitest#9229 (f865d)

Added detailsPanelPosition option and button - by @shairez in vitest-dev/vitest#9525 (c8a31)

Use BlazeDiff instead of pixelmatch - by @macarie in vitest-dev/vitest#9514 (30936)

Add findElement and enable strict mode in webdriverio and preview - by @sheremet-va in vitest-dev/vitest#9677 (c3f37)

cli:

Add @bomb.sh/tab completions - by @AmirSa12 and @sheremet-va in vitest-dev/vitest#8639 (200f3)

coverage:

Support ignore start/stop ignore hints - by @AriPerkkio in vitest-dev/vitest#9204 (e59c9)

Add coverage.changed option to report only changed files - by @kykim00 and @AriPerkkio in vitest-dev/vitest#9521 (1d939)

experimental:

Add onModuleRunner hook to worker.init - by @sheremet-va in vitest-dev/vitest#9286 (e977f)

Option to disable the module runner - by @sheremet-va and @AriPerkkio in vitest-dev/vitest#9210 (9be61)

... (truncated)

Commits

4150b91 chore: release v4.1.0
1de0aa2 fix: correctly identify concurrent test during static analysis (#9846)
c3cac1c fix: use isAgent check, not just TTY, for watch mode (#9841)
eab68ba chore(deps): update all non-major dependencies (#9824)
031f02a fix: allow catch/finally for async assertion (#9827)
3e9e096 feat(reporters): add agent reporter to reduce ai agent token usage (#9779)
0c2c013 chore: release v4.1.0-beta.6
8181e06 fix: hideSkippedTests should not hide test.todo (fix #9562) (#9781)
a8216b0 fix: manual and redirect mock shouldn't load or transform original module...
689a22a fix(browser): types of getCDPSession and cdp() (#9716)
Additional commits viewable in compare view

Updates picomatch from 4.0.3 to 4.0.4

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

Commits

e5474fc Publish 4.0.4
4516eb5 Merge commit from fork
5eceecd Merge commit from fork
0db7dd7 Run benchmark again against latest minimatch version (#161)
9500377 docs: clarify what brace expansion syntax is and isn't supported (#134)
2661f23 fix typo in globstars.js test name (#138)
1798b07 docs: fix makeRe example (#143)
9d76bc5 chore: undocument removed options (#146)
e4d718b Remove unused time-require (#160)
38dffeb chore(deps): pin dependencies (#158)
Additional commits viewable in compare view

Updates postcss from 8.5.6 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

Fixed declaration parsing performance (by @homanp).

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

Changelog

Sourced from postcss's changelog.

8.5.15

Fixed declaration parsing performance (by @homanp).

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

Commits

eae46db Release 8.5.15 version
79508ff Update CI actions
b128e21 Speed up declaration parsing by avoiding creating new array on each token
9825dca Fix code format
55789c8 Update dependencies
84fbbe9 Install older pnpm action for old Node.js
9f860bd Revert pnpm action for old Node.js
0877198 Update CI actions
b2d1a33 Fix linter warnings
0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
Additional commits viewable in compare view

Updates undici from 7.22.0 to 7.27.0

Release notes

Sourced from undici's releases.

v7.27.0

What's Changed

[7.x] fix: support Node 26 and legacy global dispatcher by @mcollina in nodejs/undici#5319

Full Changelog: nodejs/undici@v7.26.0...v7.27.0

v7.26.0

What's Changed

fix: backport safe main fixes to v7.x by @mcollina in nodejs/undici#5136

fix: validate EOF for chunked h1 responses by @mcollina in nodejs/undici#5307

Full Changelog: nodejs/undici@v7.25.0...v7.26.0

v7.25.0

What's Changed

Full Changelog: nodejs/undici@v7.24.8...v7.25.0

v7.24.8

What's Changed

fix: backport 401 stream-backed body fix to v7.x by @mcollina in nodejs/undici#5006

Full Changelog: nodejs/undici@v7.24.7...v7.24.8

v7.24.7

What's Changed

docs: update broken links in file "Dispatcher.md" by @samuel871211 in nodejs/undici#4924

doc: remove unused parameter redirectionLimitReached by @samuel871211 in nodejs/undici#4933

test: skip flaky macOS Node 20 cookie fetch cases by @mcollina in nodejs/undici#4932

fix(types): align Response with DOM fetch types by @theamodhshetty in nodejs/undici#4867

fix(types): Fix clone method type declaration to be an instance method rather than instance property by @mistval in nodejs/undici#4925

test: skip IPv6 tests when IPv6 is not available by @mcollina in nodejs/undici#4939

fix: correctly handle multi-value rawHeaders in fetch by @mcollina in nodejs/undici#4938

ignore AGENTS.md by @mcollina in nodejs/undici#4942

New Contributors

@samuel871211 made their first contribution in nodejs/undici#4924

@mistval made their first contribution in nodejs/undici#4925

Full Changelog: nodejs/undici@v7.24.6...v7.24.7

v7.24.6

What's Changed

fix(test): client wasm compatible with clang 22 by @rozzilla in nodejs/undici#4909

fix(mock): improve error message when intercepts are exhausted by @travisbreaks in nodejs/undici#4912

fix(websocket): support open diagnostics over h2 by @mcollina in nodejs/undici#4921

... (truncated)

Commits

d7aeee3 Bumped v7.27.0 (#5340)
2054b13 [7.x] fix: support Node 26 and legacy global dispatcher (#5319)
acf8008 Bumped v7.26.0 (#5322)
2b3cd22 fix: validate EOF for chunked h1 responses (#5273) (#5307)
301f347 test: avoid Promise.withResolvers in tls session reuse test
0f6c792 fix: preserve allowH2 when wrapping custom connect
8e57049 fix(cache): enforce sqlite maxCount after insert (#5112)
a9e3e0b fix: stop buffering data after SOCKS5 connect (#5118)
239df4c fix: reuse parser WeakRef for timeout callbacks (#5125)
9b777f2 fix: enforce maxCachedSessions in TLS session cache (#5102)
Additional commits viewable in compare view

Updates vite from 7.3.1 to 8.0.16

Release notes

Sourced from vite's releases.

v6.4.3

Please refer to CHANGELOG.md for details.

v6.4.2

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.4.3 (2026-06-01)

fix: backport #22572, reject windows alternate paths (#22576) (96b0c10), closes #22572 #22576

fix(deps): backport #22571, reject UNC paths for launch-editor-middleware (#22575) (8fed5cf), closes #22571 #22575

6.4.2 (2026-04-06)

fix: apply server.fs check to env transport (#22159) (#22163) (fe28e47), closes #22159 #22163

fix: avoid path traversal with optimize deps sourcemap handler (#22161) (ca4da5d), closes #22161

Commits

6c2c881 release: v6.4.3
96b0c10 fix: backport #22572, reject windows alternate paths (#22576)
8fed5cf fix(deps): backport #22571, reject UNC paths for launch-editor-middleware (#2...
6b3fad0 release: v6.4.2
ca4da5d fix: avoid path traversal with optimize deps sourcemap handler (#22161)
fe28e47 fix: apply server.fs check to env transport (#22159) (#22163)
5487f4f release: v6.4.1
1114b5d fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969)
f12697c release: v6.4.0
ca6455e feat: allow passing down resolved config to vite's createServer (#20932)
Additional commits viewable in compare view

Updates picomatch from 4.0.3 to 4.0.4

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

Commits

e5474fc Publish 4.0.4
4516eb5 Merge commit from fork
5eceecd Merge commit from fork
0db7dd7 Run benchmark again against latest minimatch version (#161)
9500377 docs: clarify what brace expansion syntax is and isn't supported (#134)
2661f23 fix typo in globstars.js test name (#138)
1798b07 docs: fix makeRe example (#143)
9d76bc5 chore: undocument removed options (#146)
e4d718b Remove unused time-require (#160)
38dffeb chore(deps): pin dependencies (#158)
Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

Commits

e5474fc Publish 4.0.4
4516eb5 Merge commit from fork
5eceecd Merge commit from fork
0db7dd7 Run benchmark again against latest minimatch version (#161)
9500377 docs: clarify what brace expansion syntax is and isn't supported (#134)
2661f23 fix typo in globstars.js test name (#138)
1798b07 docs: fix makeRe example (#143)
9d76bc5 chore: undocument removed options (#146)
e4d718b Remove unused time-require (#160)
38dffeb chore(deps): pin dependencies (#158)
Additional commits viewable in compare view

Updates postcss from 8.5.6 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

Fixed declaration parsing performance (by @homanp).

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

Changelog

Sourced from postcss's changelog.

8.5.15

Fixed declaration parsing performance (by @homanp).

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

Commits

eae46db Release 8.5.15 version
79508ff Update CI actions
b128e21 Speed up declaration parsing by avoiding creating new array on each token
9825dca Fix code format
55789c8 Update dependencies
84fbbe9 Install older pnpm action for old Node.js
9f860bd Revert pnpm action for old Node.js
0877198 Update CI actions
b2d1a33 Fix linter warnings
0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
Additional commits viewable in compare view

Updates rollup from 4.57.1 to 4.61.0

Release notes

Sourced from rollup's releases.

v4.61.0

4.61.0

2026-06-01

Features

Sort entry modules to make chunk hashes deterministic (#6391)

Pull Requests

#6376: Eliminate AWS credential exposure on fork PRs in REPL artefact workflow (@lukastaegert)

#6378: fix(deps): update minor/patch updates (@renovate[bot])

#6379: chore(deps): update dependency lint-staged to v17 (@renovate[bot], @lukastaegert)

#6380: chore(deps): update dependency lru-cache to v11 (@renovate[bot], @lukastaegert)

#6381: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6382: chore(deps): update dependency @types/node to ^20.19.41 (@renovate[bot])

#6386: fix(deps): update minor/patch updates (@renovate[bot])

#6387: chore(deps): update aws-actions/configure-aws-credentials action to v6 (@renovate[bot])

#6388: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6389: chore(deps): lock file maintenance (@renovate[bot])

#6391: Sort entry modules to make chunk hash names deterministic (@TrickyPi)

#6394: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6395: chore(deps): update react monorepo to v19 (@renovate[bot], @lukastaegert)

#6396: fix(deps): update rust crate swc_compiler_base to v57 (@renovate[bot], @lukastaegert)

#6397: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6400: docs: fix broken links (@jiyujie2006)

v4.60.4

4.60.4

2026-05-14

Bug Fixes

Improve stability of chunk hashes (#6362)

Pull Requests

#6362: fix: stabilize chunk assignment across parallel file reads (@sonukapoor, @Sonu Kapoor, @TrickyPi, @lukastaegert)

#6370: fix(deps): update minor/patch updates (@renovate[bot])

#6371: chore(deps): update dependency lru-cache to v11 (@renovate[bot], Cursor Bugbot for commit 198a2f5. Bugbot is set up for automated code reviews on this repo. Configure here.

… updates Bumps the npm_and_yarn group with 3 updates in the / directory: [happy-dom](https://github.com/capricorn86/happy-dom), [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) and [undici](https://github.com/nodejs/undici). Bumps the npm_and_yarn group with 5 updates in the /website directory: | Package | From | To | | --- | --- | --- | | [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` | | [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` | | [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` | | [rollup](https://github.com/rollup/rollup) | `4.57.1` | `4.61.0` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.4.1` | `6.4.3` | | [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `5.17.1` | `6.4.2` | Updates `happy-dom` from 20.6.1 to 20.9.0 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v20.6.1...v20.9.0) Updates `vitest` from 4.0.18 to 4.1.0 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest) Updates `picomatch` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@4.0.3...4.0.4) Updates `postcss` from 8.5.6 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.6...8.5.15) Updates `undici` from 7.22.0 to 7.27.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.22.0...v7.27.0) Updates `vite` from 7.3.1 to 8.0.16 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.4.3/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.4.3/packages/vite) Updates `picomatch` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@4.0.3...4.0.4) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@4.0.3...4.0.4) Updates `postcss` from 8.5.6 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.6...8.5.15) Updates `rollup` from 4.57.1 to 4.61.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.57.1...v4.61.0) Updates `vite` from 6.4.1 to 6.4.3 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.4.3/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.4.3/packages/vite) Updates `astro` from 5.17.1 to 6.4.2 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/astro@6.4.2/packages/astro) Updates `defu` from 6.1.4 to 6.1.7 - [Release notes](https://github.com/unjs/defu/releases) - [Changelog](https://github.com/unjs/defu/blob/main/CHANGELOG.md) - [Commits](unjs/defu@v6.1.4...v6.1.7) Updates `devalue` from 5.6.2 to 5.8.1 - [Release notes](https://github.com/sveltejs/devalue/releases) - [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md) - [Commits](sveltejs/devalue@v5.6.2...v5.8.1) Updates `h3` from 1.15.5 to 1.15.11 - [Release notes](https://github.com/h3js/h3/releases) - [Changelog](https://github.com/h3js/h3/blob/v1.15.11/CHANGELOG.md) - [Commits](h3js/h3@v1.15.5...v1.15.11) Updates `smol-toml` from 1.6.0 to 1.6.1 - [Release notes](https://github.com/squirrelchat/smol-toml/releases) - [Commits](squirrelchat/smol-toml@v1.6.0...v1.6.1) Updates `svgo` from 4.0.0 to 4.0.1 - [Release notes](https://github.com/svg/svgo/releases) - [Commits](svg/svgo@v4.0.0...v4.0.1) --- updated-dependencies: - dependency-name: happy-dom dependency-version: 20.9.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 7.27.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 8.0.16 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.61.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: astro dependency-version: 6.4.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: defu dependency-version: 6.1.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: devalue dependency-version: 5.8.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: h3 dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: smol-toml dependency-version: 1.6.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: svgo dependency-version: 4.0.1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

cursor

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 198a2f5. Configure here.}

cursor · 2026-06-02T00:06:31Z

      },
      "devDependencies": {
        "@testing-library/dom": "^10.4.1",
-        "@vitest/coverage-v8": "^4.0.18",


Removed @vitest/coverage-v8 breaks CI coverage pipeline

High Severity

The @vitest/coverage-v8 package was removed from devDependencies in this update, but the project still depends on it. The dashboard/vitest.config.ts configures coverage.provider: "v8" with thresholds, and the CI workflow in .github/workflows/test.yml runs npx vitest run --config dashboard/vitest.config.ts --coverage. Without @vitest/coverage-v8 installed, the dashboard-coverage CI job will fail because vitest cannot resolve the v8 coverage provider.

^{Reviewed by Cursor Bugbot for commit 198a2f5. Configure here.}

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 2, 2026

cursor Bot reviewed Jun 2, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 2 directories with 13 updates#583

chore(deps): bump the npm_and_yarn group across 2 directories with 13 updates#583
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-4358c5fdcc

dependabot Bot commented on behalf of github Jun 2, 2026 •

edited by cursor Bot

Loading

Uh oh!

cursor Bot left a comment

Uh oh!

cursor Bot Jun 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 2, 2026 • edited by cursor Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v20.9.0

🎨 Features

v20.8.9

👷‍♂️ Patch fixes

v20.8.8

👷‍♂️ Patch fixes

v20.8.7

👷‍♂️ Patch fixes

v20.8.6

👷‍♂️ Patch fixes

v20.8.5

👷‍♂️ Patch fixes

v20.8.4

👷‍♂️ Patch fixes

v20.8.3

👷‍♂️ Patch fixes

v20.8.2

👷‍♂️ Patch fixes

v20.8.1

👷‍♂️ Patch fixes

v20.8.0

🎨 Features

v20.7.2

👷‍♂️ Patch fixes

v4.1.0

🚀 Features

4.0.4

What's Changed

8.5.15

8.5.14

8.5.13

8.5.12

8.5.11

8.5.10

8.5.9

8.5.8

8.5.7

8.5.15

8.5.14

8.5.13

8.5.12

8.5.11

8.5.10

8.5.9

8.5.8

8.5.7

v7.27.0

What's Changed

v7.26.0

What's Changed

v7.25.0

What's Changed

v7.24.8

What's Changed

v7.24.7

What's Changed

New Contributors

v7.24.6

What's Changed

v6.4.3

v6.4.2

6.4.3 (2026-06-01)

6.4.2 (2026-04-06)

4.0.4

What's Changed

4.0.4

What's Changed

8.5.15

8.5.14

8.5.13

8.5.12

8.5.11

8.5.10

8.5.9

8.5.8

8.5.7

8.5.15

dependabot Bot commented on behalf of github Jun 2, 2026 •

edited by cursor Bot

Loading

Removed `@vitest/coverage-v8` breaks CI coverage pipeline