Skip to content

chore(deps-dev): bump the npm_and_yarn group across 3 directories with 2 updates#17

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-2a49c246e5
Closed

chore(deps-dev): bump the npm_and_yarn group across 3 directories with 2 updates#17
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-2a49c246e5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 2 updates in the / directory: turbo and vitest.
Bumps the npm_and_yarn group with 1 update in the /packages/cli directory: vitest.
Bumps the npm_and_yarn group with 1 update in the /packages/web directory: vitest.

Updates turbo from 2.9.6 to 2.9.14

Release notes

Sourced from turbo's releases.

Turborepo v2.9.14

[!NOTE] This release contains important security fixes.

High:

Low:

What's Changed

Changelog

New Contributors

Full Changelog: vercel/turborepo@v2.9.12...v2.9.14

Turborepo v2.9.13-canary.1

What's Changed

Changelog

... (truncated)

Commits

Updates vitest from 2.1.9 to 4.1.0

Release notes

Sourced from vitest's releases.

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

   🚀 Features

... (truncated)

Commits
  • 4150b91 chore: release v4.1.0
  • 1de0aa2 fix: correctly identify concurrent test during static analysis (#9846)
  • c3cac1c fix: use isAgent check, not just TTY, for watch mode (#9841)
  • eab68ba chore(deps): update all non-major dependencies (#9824)
  • 031f02a fix: allow catch/finally for async assertion (#9827)
  • 3e9e096 feat(reporters): add agent reporter to reduce ai agent token usage (#9779)
  • 0c2c013 chore: release v4.1.0-beta.6
  • 8181e06 fix: hideSkippedTests should not hide test.todo (fix #9562) (#9781)
  • a8216b0 fix: manual and redirect mock shouldn't load or transform original module...
  • 689a22a fix(browser): types of getCDPSession and cdp() (#9716)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.


Updates vitest from 2.1.9 to 4.1.0

Release notes

Sourced from vitest's releases.

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

   🚀 Features

... (truncated)

Commits
  • 4150b91 chore: release v4.1.0
  • 1de0aa2 fix: correctly identify concurrent test during static analysis (#9846)
  • c3cac1c fix: use isAgent check, not just TTY, for watch mode (#9841)
  • eab68ba chore(deps): update all non-major dependencies (#9824)
  • 031f02a fix: allow catch/finally for async assertion (#9827)
  • 3e9e096 feat(reporters): add agent reporter to reduce ai agent token usage (#9779)
  • 0c2c013 chore: release v4.1.0-beta.6
  • 8181e06 fix: hideSkippedTests should not hide test.todo (fix #9562) (#9781)
  • a8216b0 fix: manual and redirect mock shouldn't load or transform original module...
  • 689a22a fix(browser): types of getCDPSession and cdp() (#9716)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.


Updates vitest from 2.1.9 to 4.1.0

Release notes

Sourced from vitest's releases.

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

   🚀 Features

... (truncated)

Commits
  • 4150b91 chore: release v4.1.0
  • 1de0aa2 fix: correctly identify concurrent test during static analysis (#9846)
  • c3cac1c fix: use isAgent check, not just TTY, for watch mode (#9841)
  • eab68ba chore(deps): update all non-major dependencies (#9824)
  • 031f02a fix: allow catch/finally for async assertion (#9827)
  • 3e9e096 feat(reporters): add agent reporter to reduce ai agent token usage (#9779)
  • 0c2c013 chore: release v4.1.0-beta.6
  • 8181e06 fix: hideSkippedTests should not hide test.todo (fix #9562) (#9781)
  • a8216b0 fix: manual and redirect mock shouldn't load or t...

    Description has been truncated

@dependabot
chore(deps-dev): bump the npm_and_yarn group across 3 directories wit…
d25caad 
…h 2 updates

Bumps the npm_and_yarn group with 2 updates in the / directory: [turbo](https://github.com/vercel/turborepo) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).
Bumps the npm_and_yarn group with 1 update in the /packages/cli directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).
Bumps the npm_and_yarn group with 1 update in the /packages/web directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).


Updates `turbo` from 2.9.6 to 2.9.14
- [Release notes](https://github.com/vercel/turborepo/releases)
- [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md)
- [Commits](vercel/turborepo@v2.9.6...v2.9.14)

Updates `vitest` from 2.1.9 to 4.1.0
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest)

Updates `vitest` from 2.1.9 to 4.1.0
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest)

Updates `vitest` from 2.1.9 to 4.1.0
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest)

---
updated-dependencies:
- dependency-name: turbo
  dependency-version: 2.9.14
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vitest
  dependency-version: 4.1.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vitest
  dependency-version: 4.1.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vitest
  dependency-version: 4.1.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 1, 2026
@dependabot dependabot Bot mentioned this pull request Jun 1, 2026
Closed
@coderabbitai

coderabbitai Bot commented Jun 1, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Summary by CodeRabbit

릴리스 노트

  • Chores
    • vitest 개발 도구를 버전 2.1.9에서 4.1.0으로 업그레이드했습니다. CLI 및 웹 패키지에 적용되었습니다.

Walkthrough

이 PR은 두 패키지(cli, web)의 devDependencies에서 vitest를 ^2.1.9에서 ^4.1.0으로 업그레이드합니다. 각 package.json 파일의 단일 라인이 변경되었습니다.

Changes

Vitest 버전 업그레이드

Layer / File(s) Summary
Vitest 버전 업그레이드
packages/cli/package.json, packages/web/package.json		 두 패키지의 devDependencies에서 vitest를 ^2.1.9에서 ^4.1.0으로 일관되게 업그레이드합니다.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 Vitest는 버전을 올려,
CLI와 웹 함께 나아가,
차이 메우고 기능 더하고,
테스트는 더욱 빠르게! 🚀

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed 제목은 npm_and_yarn 그룹의 의존성 업데이트에 대해 명확하게 설명하고 있으며, 3개 디렉토리와 2개 패키지 업데이트를 구체적으로 언급하고 있습니다.
Description check ✅ Passed 설명은 turbo와 vitest의 버전 업그레이드 세부 사항, 영향받는 디렉토리, 보안 수정 사항 및 릴리스 노트를 포함하고 있으며 변경 사항과 관련이 있습니다.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/npm_and_yarn/npm_and_yarn-2a49c246e5
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch dependabot/npm_and_yarn/npm_and_yarn-2a49c246e5

Warning

Billing warning: we have not been able to collect payment for this subscription for more than 72 hours. Please update the payment method or pay any pending invoices in Billing to avoid service interruption.

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot suggested changes Jun 1, 2026
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/web/package.json`:
- Line 54: 업데이트된 vitest (^4.1.0)로 인한 호환성 검증이 필요합니다: packages/web에서 터미널로 pnpm -C
packages/web test를 실행하여 vitest v4으로 모든 테스트(패턴 설정은 packages/web/vitest.config.ts의
environment/include)를 통과하는지 확인하고, 실패하면 vitest.config.ts(환경/테스트 패턴/타이밍 관련 옵션)와
영향받는 *.test.ts 테스트 코드(모킹/타이밍/API 사용)를 vitest v4 동작에 맞게 수정한 뒤 다시 실행하고 동일한 변경이 CI
설정에도 반영되어 파이프라인에서 통과하는지 확인하세요.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 376bf581-4090-4e6d-b28c-29649d6e2980

📥 Commits

Reviewing files that changed from the base of the PR and between cdf4ce8 and d25caad.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (2)
  • packages/cli/package.json
  • packages/web/package.json

Comment thread packages/web/package.json
"tailwindcss": "^4",
"typescript": "^5",
"vitest": "^2.1.9"
"vitest": "^4.1.0"

@coderabbitai coderabbitai Bot Jun 1, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# 웹 패키지의 vitest 구성 및 테스트 파일 검사

echo "=== vitest 구성 파일 확인 ==="
fd -t f 'vitest.config' packages/web/

echo -e "\n=== packages/web의 테스트 파일 확인 ==="
fd -e ts -e tsx -e js -e jsx . packages/web/src --exec grep -l 'vitest\|describe\|test\|it\|expect' {} \; 2>/dev/null | head -10

echo -e "\n=== vitest API 및 환경 설정 사용 검색 ==="
rg -t ts -t tsx --glob 'packages/web/**' -C2 'from ["\x27]vitest["\x27]|`@vitest/`|environment:'

Repository: Seongho-Bae/argos

Length of output: 676

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== packages/web/package.json (vitest 관련) ==="
cat -n packages/web/package.json | sed -n '40,80p'

echo -e "\n=== packages/web/vitest.config.ts (전체) ==="
wc -l packages/web/vitest.config.ts
cat -n packages/web/vitest.config.ts

echo -e "\n=== vitest 사용하는 파일(테스트/설정) 찾기: describe/test/it/expect ==="
rg -n --glob 'packages/web/**/*.{ts,tsx,js,jsx}' '(\bdescribe\b|\bit\b|\btest\b|\bexpect\b)' packages/web/src packages/web

echo -e "\n=== vitest 환경/브라우저 관련 키워드 찾기 ==="
rg -n --glob 'packages/web/**/*.{ts,tsx,js,jsx}' '(environment\s*:|browser\s*:|setupFiles|globals\s*:|`@vitest/`|from ["'"'"']vitest["'"'"']|test\s*:\s*\{' packages/web

echo -e "\n=== packages/web/package.json test 스크립트 확인 ==="
node -e "const p=require('./packages/web/package.json'); console.log(p.scripts||{})"

Repository: Seongho-Bae/argos

Length of output: 50538

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== packages/web/package.json (next / scripts / vitest 관련) ==="
node - <<'NODE'
const p=require('./packages/web/package.json');
console.log(JSON.stringify({
  next: p.dependencies?.next ?? p.devDependencies?.next ?? null,
  scripts: p.scripts ?? {},
  vitest: p.devDependencies?.vitest ?? null
}, null, 2));
NODE

echo -e "\n=== vitest 환경/브라우저 관련 키워드 (정확 문자열 검색) ==="
rg -n --glob 'packages/web/**/*.{ts,tsx,js,jsx,json}' \
  '(environment:\s*['"'"'"]|jsdom|happy-dom|`@vitest/browser`|browser\s*:\s*|test:\s*\{|setupFiles|globals\s*:\s*)' \
  packages/web || true

echo -e "\n=== vitest config에 지정된 include 확인 ==="
cat packages/web/vitest.config.ts

Repository: Seongho-Bae/argos

Length of output: 1872

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== packages/web에서 .test.tsx 존재 여부 ==="
fd -e tsx --extension 'tsx' --full-path '.*' packages/web/src -a 2>/dev/null | head -n 1 >/dev/null || true
fd -e tsx '.test.tsx' packages/web/src || true

echo -e "\n=== packages/web/src에서 .test.tsx 파일만 리스트(가능한 경우) ==="
fd -e tsx -a '.test.tsx$' packages/web/src --exec printf '%p\n' {} \; 2>/dev/null || true

echo -e "\n=== include 패턴 대비 테스트 확장자 요약(간단) ==="
rg -n --glob 'packages/web/src/**/*.test.tsx' 'describe\(|test\(' packages/web/src || true

Repository: Seongho-Bae/argos

Length of output: 192

🏁 Script executed:

#!/bin/bash
set -euo pipefail
find packages/web/src -type f -name "*.test.tsx" | wc -l
find packages/web/src -type f -name "*.test.tsx" | head -n 20

Repository: Seongho-Bae/argos

Length of output: 63

vitest v2.1.9 → v4.1.0 업그레이드 호환성: 현재 설정/테스트 범위 기준으로 pnpm test 실행 확인 필요

  • packages/web/package.json devDependencies의 vitest^4.1.0로 올랐습니다.
  • packages/web/vitest.config.tsenvironment: 'node', include: ['src/**/*.test.ts']로 고정되어 있고 *.test.tsx는 없습니다. (브라우저/DOM 환경(@vitest/browser, jsdom/happy-dom) 관련 리스크는 상대적으로 낮음)
  • 다만 packages/web/src/app/** 및 다양한 모듈의 *.test.ts가 vitest로 실행되므로, vitest v4에서 테스트 API/런타임 동작이 깨지지 않는지 확인이 필요합니다.
  1. pnpm -C packages/web test로 웹 패키지 vitest 테스트 스위트 전체 실행 및 통과 확인
  2. 실패 시 vitest v4에서 바뀐 동작(테스트 환경/타이밍/모킹 등) 기준으로 vitest.config.ts 및 테스트 코드를 필요한 만큼 보정
  3. CI에서도 동일하게 통과 여부 확인
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/web/package.json` at line 54, 업데이트된 vitest (^4.1.0)로 인한 호환성 검증이
필요합니다: packages/web에서 터미널로 pnpm -C packages/web test를 실행하여 vitest v4으로 모든 테스트(패턴
설정은 packages/web/vitest.config.ts의 environment/include)를 통과하는지 확인하고, 실패하면
vitest.config.ts(환경/테스트 패턴/타이밍 관련 옵션)와 영향받는 *.test.ts 테스트 코드(모킹/타이밍/API 사용)를
vitest v4 동작에 맞게 수정한 뒤 다시 실행하고 동일한 변경이 CI 설정에도 반영되어 파이프라인에서 통과하는지 확인하세요.

@seonghobae

seonghobae commented Jun 2, 2026

Copy link
Copy Markdown

이 fork dependabot PR은 현재 main 대비 stale diff가 크고 build가 실패 중입니다. 새로 발견된 vitest 취약점은 별도 upstream PR vibemafiaclub/argos#30에서 vitest 4.1.8로 업데이트해 처리 중이며, 해당 PR은 build/dependency-review/scan이 모두 통과했습니다. 따라서 이 PR은 중복/오래된 PR로 닫겠습니다.

@seonghobae seonghobae closed this Jun 2, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 2, 2026

Copy link
Copy Markdown
Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm_and_yarn-2a49c246e5 branch June 2, 2026 00:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@coderabbitai coderabbitai[bot] coderabbitai[bot] requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@seonghobae