build(deps-dev): Bump vitest from 4.0.9 to 4.0.14

[dependabot]

Bumps vitest from 4.0.9 to 4.0.14.

Release notes

Sourced from vitest's releases.

v4.0.14

   🚀 Experimental Features

• browser: Expose utils.configurePrettyDOM  -  by @​sheremet-va in vitest-dev/vitest#9103 (2cc34)
• runner: Add full names to tasks  -  by @​macarie in vitest-dev/vitest#9087 (821aa)
• ui: Add tabbed failure view for toMatchScreenshot with comparison slider  -  by @​macarie in vitest-dev/vitest#8813 (c37c2)

   🐞 Bug Fixes

• Externalize before caching  -  by @​sheremet-va in vitest-dev/vitest#9077 (e1b2e)
• Collect the duration of external imports  -  by @​sheremet-va in vitest-dev/vitest#9097 (3326c)
• Rename collect to import, remove prepare  -  by @​sheremet-va in vitest-dev/vitest#9091 (1256b)
• browser:
  • Unsubscribe onCancel on rpc destroy  -  by @​AriPerkkio in vitest-dev/vitest#9088 (f5b72)
  • Revert the viewport scaling in non-ui mode #9018  -  by @​sheremet-va in vitest-dev/vitest#9072 and vitest-dev/vitest#9018 (64502)
• coverage:
  • Invalidate circular modules correctly on rerun with coverage  -  by @​aicest in vitest-dev/vitest#9096 (6f22c)
• expect:
  • Allow function as standard schema  -  by @​hi-ogawa in vitest-dev/vitest#9099 (ed8a2)
• jsdom:
  • Reuse abort signals if possible  -  by @​sheremet-va in vitest-dev/vitest#9090 (2c468)
• pool:
  • Init VITEST_POOL_ID + VITEST_WORKER_ID before environment setup  -  by @​AriPerkkio in vitest-dev/vitest#9085 (37918)
• web-worker:
  • postMessage to send ports to workers  -  by @​whitphx and @​AriPerkkio in vitest-dev/vitest#9078 (9d176)

   🏎 Performance

• Replace debug with obug  -  by @​sxzz and @​AriPerkkio in vitest-dev/vitest#9057 (acc51)

    View changes on GitHub

v4.0.13

   🐞 Bug Fixes

• types:
  • Don't use type from Vite 7.1  -  by @​sheremet-va in vitest-dev/vitest#9071 (6356b)
  • Don't import node.js dependent types in vitest/browser  -  by @​sheremet-va in vitest-dev/vitest#9068 (332af)

   🏎 Performance

• Avoid fetchModule roundtrip if the module is cached  -  by @​sheremet-va in vitest-dev/vitest#9075 (b27e0)
• experimental: If fsCacheModule is enabled, read from the memory when possible  -  by @​sheremet-va in vitest-dev/vitest#9076 (6b9a1)

    View changes on GitHub

v4.0.12

   🐞 Bug Fixes

• Inherit fsModuleCachePath by default  -  by @​sheremet-va in vitest-dev/vitest#9063 (9a8bc)

... (truncated)

Commits

• 9ca74cf chore: release v4.0.14
• 821aa20 feat(runner): Add full names to tasks (#9087)
• 1256b5c fix: rename collect to import, remove prepare (#9091)
• 3326cc9 fix: collect the duration of external imports (#9097)
• 379185b fix(pool): init VITEST_POOL_ID + VITEST_WORKER_ID before environment setu...
• 2c468ee fix(jsdom): reuse abort signals if possible (#9090)
• e1b2e08 fix: externalize before caching (#9077)
• acc5152 perf: replace debug with obug (#9057)
• 73b54ce chore: release v4.0.13
• b27e002 perf: avoid fetchModule roundtrip if the module is cached (#9075)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Summary by cubic

Updated Vitest to 4.0.15 to bring bug fixes and performance improvements for our test suite. No app code changes required.

• Dependencies
  • Bumped vitest from 4.0.9 to 4.0.15.
  • Upstream improvements: faster logging (debug → obug), runner shows full task names, coverage rerun fix, jsdom abort signal reuse, and improved screenshot failure UI.
  • Note: transitive tinyexec now requires Node 18+.

^{Written for commit 7d93047. Summary will update automatically on new commits.}

[cloudflare-workers-and-pages]

Deploying blinklabs-vpn with    Cloudflare Pages

Latest commit:	7d93047
Status:	🚫  Build failed.

View logs

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 2 files

[fossabot]

[fossabot]

Needs Review

I recommend reviewing this upgrade before merging because Vitest now requires Node.js 20+ while the project lacks explicit version enforcement in package.json. The codebase does not use any of the deprecated APIs that were removed in the major version upgrade (poolMatchGlobs, environmentMatchGlobs, or third test parameter), and all test imports use relative paths avoiding the absolute import breaking change. The project uses native fetch rather than Axios, avoiding known MSW compatibility issues. However, without enforced Node.js version requirements, CI/CD pipelines or developer environments running Node.js 18 will fail. Consider adding an engines field to package.json specifying Node.js 20+ to prevent runtime compatibility issues.

What we checked

• vitest upgraded from 4.0.9 to 4.0.14, which requires Node.js 20+, but package.json lacks engines field to enforce this requirement ^[1]
• Vitest configuration uses only standard options (globals, environment, setupFiles, coverage) - no deprecated APIs like poolMatchGlobs or environmentMatchGlobs detected ^[2]
• Test imports use relative paths (../../test/utils), avoiding the absolute import breaking change that affects src/tests directories ^[3]
• Tests use native fetch API via global.fetch mock, avoiding known Axios+MSW compatibility issues in Vitest 4 ^[4]
• Vitest 4.0 breaking changes documentation confirms removal of deprecated config options and Node.js 20+ requirement, but codebase doesn't use any deprecated features ^[5]

Dependency Usage

Vitest serves as the complete testing infrastructure for this Cardano VPN frontend application, providing automated test coverage across critical business functions including API client operations, wallet connectivity features, and data-fetching hooks. The framework is integrated into the build toolchain through Vite configuration and package scripts, with additional developer productivity tools like UI-based test runners and code coverage reporting, ensuring quality assurance for the blockchain wallet integration and API communication layers that power the VPN service.

• Vitest configuration uses only standard options (globals, environment, setupFiles, coverage) - no deprecated APIs like poolMatchGlobs or environmentMatchGlobs detected
  

  vpn-frontend/vite.config.ts

  Line 40 in 14eeed3

  test: {

• Test imports use relative paths (../../test/utils), avoiding the absolute import breaking change that affects src/tests directories
  

  vpn-frontend/src/components/__tests__/WalletConnection.test.tsx

  Line 4 in 14eeed3

  renderWithProviders,

View 1 more usage

• Tests use native fetch API via global.fetch mock, avoiding known Axios+MSW compatibility issues in Vitest 4
  

  vpn-frontend/src/api/__tests__/client.test.ts

  Line 17 in 14eeed3

  global.fetch = vi.fn().mockResolvedValueOnce({

Less Important Usages (6)

These usages were analyzed but no breaking changes were detected:

vitest

• vpn-frontend/vite.config.ts

  Line 2 in 14eeed3

  import { defineConfig } from "vitest/config";

• vpn-frontend/src/test/setup.ts

  Line 2 in 14eeed3

  import { afterEach, vi } from "vitest";

• vpn-frontend/src/test/utils.tsx

  Line 5 in 14eeed3

  import { vi } from "vitest";

• vpn-frontend/src/api/__tests__/client.test.ts

  Line 1 in 14eeed3

  import { describe, it, expect, beforeEach, vi } from "vitest";

• vpn-frontend/src/components/__tests__/WalletConnection.test.tsx

  Line 1 in 14eeed3

  import { describe, it, expect, beforeEach, vi } from "vitest";

• ...and 1 more

Changes

Vitest has been upgraded with three breaking changes: replacing the 'debug' package with 'obug' (affecting Debugger imports), changing peer dependency from '@​types/debug' to '@​opentelemetry/api', and replacing VitestModuleRunner type with PublicModuleRunner interface. Key new capabilities include OpenTelemetry tracing support throughout test execution, experimental file system caching for improved performance between reruns, and an extensible test artifact API with a tabbed UI failure view for screenshot comparisons.

• Replaced 'debug' package with 'obug' for internal debugging - this changes the Debugger import type from 'debug' to 'obug' (v4.0.14, package source)
• Changed peer dependency from '@​types/debug' to '@​opentelemetry/api' (^1.9.0) for OpenTelemetry instrumentation support (v4.0.14, package source)
• Replaced VitestModuleRunner type with PublicModuleRunner interface in loadDiffConfig() and loadSnapshotSerializers() function signatures (v4.0.14, package source)

View 115 more changes

• remove onCancel when worker is terminated (#9033) (6d7f0a9) (v4.0.14, changelog)
• refactor(forks): simplify IPC channel serialization (#8999) (7c9edff) (v4.0.14, changelog)
• fix(ui): use execution time from ws reporter (onFinished) (#8975) (f56dc0c) (v4.0.14, changelog)
• chore: print a better error when browser orchestrator fails to run a test (#8984) (44dca5f) (v4.0.14, changelog)
• chore(deps): update dependency @​types/node to v24 (#9038) (f509d2a) (v4.0.14, changelog)
• fix(core): prevent starting new run when cancelling (#8991) (eb98dd8) (v4.0.14, changelog)
• chore(deps): update all non-major dependencies (#9037) (80f2bb6) (v4.0.14, changelog)
• fix(pool): prevent writing to closed worker (#9023) (042c60c) (v4.0.14, changelog)
• docs(migration): add excludes section (#9041) (7063d4d) (v4.0.14, changelog)
• fix(bun): parsing of stack trace for bun runtime (#9032) (f3ec6fc) (v4.0.14, changelog)
• fix(browser): don't scale the iframe if UI is disabled (#9018) (5406e8e) (v4.0.14, changelog)
• fix(browser): handle dependency stack traces with external source maps. Resolves: #9003 (#9016) (57ae547) (v4.0.14, changelog)
• chore: enable trust policy (#9010) (4f2776e) (v4.0.14, changelog)
• fix(reporters): report correct test run duration at the end (#8969) (bc3a692) (v4.0.14, changelog)
• chore: add semver@​6.3.1 to trustPolicyExclude (c2b5aa4) (v4.0.14, changelog)
• chore: release v4.0.10 (259a3d1) (v4.0.14, changelog)
• feat(experimental): support OpenTelemetry traces (#8994) (d6d3359) (v4.0.14, changelog)
• docs: fix IntersectionObserver example (#9045) (e7ad907) (v4.0.14, changelog)
• feat(expect): provide task in MatchState (#9022) (afd1f3e) (v4.0.14, changelog)
• feat(api): add extensible test artifact API (#8987) (7729236) (v4.0.14, changelog)
• docs: add version and advanced to the task (32e9d68) (v4.0.14, changelog)
• docs: fix browser provider redirect (#9051) (4bdcb11) (v4.0.14, changelog)
• chore: fix indentation for browser instances config (#9052) (67a39f5) (v4.0.14, changelog)
• chore: Fix typo in BrowserServerFactory options parameter (#9049) (4f58c77) (v4.0.14, changelog)
• build: fix import (#9061) (49329f1) (v4.0.14, changelog)
• test(browser): fix crash on windows (#9060) (8508296) (v4.0.14, changelog)
• perf(experimental): add file system cache (#9026) (1b14737) (v4.0.14, changelog)
• chore: release v4.0.11 (c3befb0) (v4.0.14, changelog)
• inherit fsModuleCachePath by default (#9063) (9a8bc78) (v4.0.14, changelog)
• don't import from @​opentelemetry/api in public types (#9066) (e944a37) (v4.0.14, changelog)
• chore: release v4.0.12 (5aa84d5) (v4.0.14, changelog)
• fix(types): don't use type from Vite 7.1 (#9071) (6356b1d) (v4.0.14, changelog)
• fix(types): don't import node.js dependent types in vitest/browser (#9068) (332afa0) (v4.0.14, changelog)
• perf(experimental): if fsCacheModule is enabled, read from the memory when possible (#9076) (6b9a1b5) (v4.0.14, changelog)
• perf: avoid fetchModule roundtrip if the module is cached (#9075) (b27e002) (v4.0.14, changelog)
• chore: release v4.0.13 (73b54ce) (v4.0.14, changelog)
• fix(web-worker): postMessage to send ports to workers (#9078) (9d1763d) (v4.0.14, changelog)
• perf: replace debug with obug (#9057) (acc5152) (v4.0.14, changelog)
• fix(browser): unsubscribe onCancel on rpc destroy (#9088) (f5b7237) (v4.0.14, changelog)
• chore(deps): update actions/checkout action to v6 (#9083) (04ee9ef) (v4.0.14, changelog)
• chore: move check allow out of forEach (#9086) (229b5b3) (v4.0.14, changelog)
• externalize before caching (#9077) (e1b2e08) (v4.0.14, changelog)
• fix(jsdom): reuse abort signals if possible (#9090) (2c468ee) (v4.0.14, changelog)
• fix(pool): init VITEST_POOL_ID + VITEST_WORKER_ID before environment setup (#9085) (379185b) (v4.0.14, changelog)
• fix(expect): allow function as standard schema (#9099) (ed8a2eb) (v4.0.14, changelog)
• collect the duration of external imports (#9097) (3326cc9) (v4.0.14, changelog)
• fix(coverage): invalidate circular modules correctly on rerun with coverage (#9096) (6f22c67) (v4.0.14, changelog)
• rename collect to import, remove prepare (#9091) (1256b5c) (v4.0.14, changelog)
• feat(ui): add tabbed failure view for toMatchScreenshot with comparison slider (#8813) (c37c2eb) (v4.0.14, changelog)
• fix(browser): revert the viewport scaling in non-ui mode #9018 (#9072) (64502a2) (v4.0.14, changelog)
• chore: ignore wdio by renovate (cfbcd10) (v4.0.14, changelog)
• chore(deps): update all non-major dependencies (#9082) (22e381e) (v4.0.14, changelog)
• feat(browser): expose utils.configurePrettyDOM (#9103) (2cc34e0) (v4.0.14, changelog)
• feat(runner): Add full names to tasks (#9087) (821aa20) (v4.0.14, changelog)
• chore: simplified array.from map (#9102) (443ecc7) (v4.0.14, changelog)
• chore: release v4.0.14 (9ca74cf) (v4.0.14, changelog)
• browser: Expose utils.configurePrettyDOM  -  by @​sheremet-va in https://redirect.github.com/vitest-dev/vitest/issues/9103 (2cc34) (v4.0.14, release notes)
• runner: Add full names to tasks  -  by @​macarie in https://redirect.github.com/vitest-dev/vitest/issues/9087 (821aa) (v4.0.14, release notes)
• ui: Add tabbed failure view for toMatchScreenshot with comparison slider  -  by @​macarie in https://redirect.github.com/vitest-dev/vitest/issues/8813 (c37c2) (v4.0.14, release notes)
• Externalize before caching  -  by @​sheremet-va in https://redirect.github.com/vitest-dev/vitest/issues/9077 (e1b2e) (v4.0.14, release notes)
• Collect the duration of external imports  -  by @​sheremet-va in https://redirect.github.com/vitest-dev/vitest/issues/9097 (3326c) (v4.0.14, release notes)
• Rename collect to import, remove prepare  -  by @​sheremet-va in https://redirect.github.com/vitest-dev/vitest/issues/9091 (1256b) (v4.0.14, release notes)
• browser: (v4.0.14, release notes)
• Unsubscribe onCancel on rpc destroy  -  by @​AriPerkkio in https://redirect.github.com/vitest-dev/vitest/issues/9088 (f5b72) (v4.0.14, release notes)
• Revert the viewport scaling in non-ui mode #9018  -  by @​sheremet-va in https://redirect.github.com/vitest-dev/vitest/issues/9072 and https://redirect.github.com/vitest-dev/vitest/issues/9018 (64502) (v4.0.14, release notes)
• coverage: (v4.0.14, release notes)
• Invalidate circular modules correctly on rerun with coverage  -  by @​aicest in https://redirect.github.com/vitest-dev/vitest/issues/9096 (6f22c) (v4.0.14, release notes)
• expect: (v4.0.14, release notes)
• Allow function as standard schema  -  by @​hi-ogawa in https://redirect.github.com/vitest-dev/vitest/issues/9099 (ed8a2) (v4.0.14, release notes)
• jsdom: (v4.0.14, release notes)
• Reuse abort signals if possible  -  by @​sheremet-va in https://redirect.github.com/vitest-dev/vitest/issues/9090 (2c468) (v4.0.14, release notes)
• pool: (v4.0.14, release notes)
• Init VITEST_POOL_ID + VITEST_WORKER_ID before environment setup  -  by @​AriPerkkio in https://redirect.github.com/vitest-dev/vitest/issues/9085 (37918) (v4.0.14, release notes)
• web-worker: (v4.0.14, release notes)
• postMessage to send ports to workers  -  by @​whitphx and @​AriPerkkio in https://redirect.github.com/vitest-dev/vitest/issues/9078 (9d176) (v4.0.14, release notes)
• Replace debug with obug  -  by @​sxzz and @​AriPerkkio in https://redirect.github.com/vitest-dev/vitest/issues/9057 (acc51) (v4.0.14, release notes)
• types: (v4.0.13, release notes)
• Don't use type from Vite 7.1  -  by @​sheremet-va in https://redirect.github.com/vitest-dev/vitest/issues/9071 (6356b) (v4.0.13, release notes)
• Don't import node.js dependent types in vitest/browser  -  by @​sheremet-va in https://redirect.github.com/vitest-dev/vitest/issues/9068 (332af) (v4.0.13, release notes)
• Avoid fetchModule roundtrip if the module is cached  -  by @​sheremet-va in https://redirect.github.com/vitest-dev/vitest/issues/9075 (b27e0) (v4.0.13, release notes)
• experimental: If fsCacheModule is enabled, read from the memory when possible  -  by @​sheremet-va in https://redirect.github.com/vitest-dev/vitest/issues/9076 (6b9a1) (v4.0.13, release notes)
• Inherit fsModuleCachePath by default  -  by @​sheremet-va in https://redirect.github.com/vitest-dev/vitest/issues/9063 (9a8bc) (v4.0.12, release notes)
• Don't import from @​opentelemetry/api in public types  -  by @​sheremet-va in https://redirect.github.com/vitest-dev/vitest/issues/9066 (e944a) (v4.0.12, release notes)
• api: Add extensible test artifact API  -  by @​macarie in https://redirect.github.com/vitest-dev/vitest/issues/8987 (77292) (v4.0.11, release notes)
• See more at https://vitest.dev/api/advanced/artifacts (v4.0.11, release notes)
• expect: Provide task in MatchState  -  by @​macarie in https://redirect.github.com/vitest-dev/vitest/issues/9022 (afd1f) (v4.0.11, release notes)
• experimental: Support OpenTelemetry traces  -  by @​sheremet-va in https://redirect.github.com/vitest-dev/vitest/issues/8994 (d6d33) (v4.0.11, release notes)
• See more at https://vitest.dev/guide/open-telemetry (v4.0.11, release notes)
• experimental: Add file system cache  -  by @​sheremet-va in https://redirect.github.com/vitest-dev/vitest/issues/9026 (1b147) (v4.0.11, release notes)
• See more at https://vitest.dev/config/experimental#experimental-fsmodulecache (v4.0.11, release notes)
• Remove onCancel when worker is terminated  -  by @​sheremet-va in https://redirect.github.com/vitest-dev/vitest/issues/9033 (6d7f0) (v4.0.10, release notes)
• Don't scale the iframe if UI is disabled  -  by @​sheremet-va in https://redirect.github.com/vitest-dev/vitest/issues/9018 (5406e) (v4.0.10, release notes)
• Handle dependency stack traces with external source maps. Resolves: #9003  -  by @​iclectic in https://redirect.github.com/vitest-dev/vitest/issues/9016 and https://redirect.github.com/vitest-dev/vitest/issues/9003 (57ae5) (v4.0.10, release notes)
• bun: (v4.0.10, release notes)
• Parsing of stack trace for bun runtime  -  by @​nazarhussain in https://redirect.github.com/vitest-dev/vitest/issues/9032 (f3ec6) (v4.0.10, release notes)
• core: (v4.0.10, release notes)
• Prevent starting new run when cancelling  -  by @​AriPerkkio in https://redirect.github.com/vitest-dev/vitest/issues/8991 (eb98d) (v4.0.10, release notes)

View 18 more changes in the full analysis

References (5)

[1]: vitest upgraded from 4.0.9 to 4.0.14, which requires Node.js 20+, but package.json lacks engines field to enforce this requirement

vpn-frontend/package.json

Line 52 in 14eeed3

"vitest": "^4.0.14"

[2]: Vitest configuration uses only standard options (globals, environment, setupFiles, coverage) - no deprecated APIs like poolMatchGlobs or environmentMatchGlobs detected

vpn-frontend/vite.config.ts

Line 40 in 14eeed3

test: {

[3]: Test imports use relative paths (../../test/utils), avoiding the absolute import breaking change that affects src/tests directories

vpn-frontend/src/components/__tests__/WalletConnection.test.tsx

Line 4 in 14eeed3

renderWithProviders,

[4]: Tests use native fetch API via global.fetch mock, avoiding known Axios+MSW compatibility issues in Vitest 4

vpn-frontend/src/api/__tests__/client.test.ts

Line 17 in 14eeed3

global.fetch = vi.fn().mockResolvedValueOnce({

[5]: Vitest 4.0 breaking changes documentation confirms removal of deprecated config options and Node.js 20+ requirement, but codebase doesn't use any deprecated features (source link)

---

fossabot analyzed this PR using static analysis and dependency research. View this analysis on the web