[Snyk] Upgrade @vitest/coverage-v8 from 2.0.2 to 3.2.4

[snyk-io]

Snyk has created this PR to upgrade @vitest/coverage-v8 from 2.0.2 to 3.2.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 51 versions ahead of your current version.

• The recommended version was released 2 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	57	Proof of Concept
	Incorrect Authorization SNYK-JS-VITE-9653016	57	Proof of Concept
	Improper Input Validation SNYK-JS-NANOID-8492085	57	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	57	Proof of Concept
	Information Exposure SNYK-JS-VITE-8023174	57	Proof of Concept
	Origin Validation Error SNYK-JS-VITE-8648411	57	Proof of Concept
	Incorrect Authorization SNYK-JS-VITE-9512410	57	Mature
	Access Control Bypass SNYK-JS-VITE-9576207	57	Proof of Concept
	Information Exposure SNYK-JS-VITE-9685035	57	Proof of Concept
	Directory Traversal SNYK-JS-VITE-9919777	57	Proof of Concept
	Missing Origin Validation in WebSockets SNYK-JS-VITEST-8688130	57	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	57	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-VITE-8022916	57	Proof of Concept

Release notes

Package name: @vitest/coverage-v8

• 3.2.4 - 2025-06-17
  

     🐞 Bug Fixes

  • Use correct path for optimisation of strip-literal  -  by @ mrginglymus in #8139 (44940)
  • Print uint and buffer as a simple string  -  by @ sheremet-va in #8141 (b86bf)
  • browser:
    • Show a helpful error when spying on an export  -  by @ sheremet-va in #8178 (56007)
  • cli:
    • vitest run --watch should be watch-mode  -  by @ AriPerkkio in #8128 (657e8)
    • Use absolute path environment on Windows  -  by @ colinaaa in #8105 (85dc0)
    • Throw error when --shard x/<count> exceeds count of test files  -  by @ AriPerkkio in #8112 (8a18c)
  • coverage:
    • Ignore SCSS in browser mode  -  by @ sheremet-va in #8161 (0c3be)
  • deps:
    • Update all non-major dependencies  -  in #8123 (93f32)
  • expect:
    • Handle async errors in expect.soft  -  by @ lzl0304 in #8145 (68699)
  • pool:
    • Auto-adjust minWorkers when only maxWorkers specified  -  by @ AriPerkkio in #8110 (14dc0)
  • reporter:
    • task.meta should be available in custom reporter's errors  -  by @ AriPerkkio in #8115 (27df6)
  • runner:
    • Preserve handler wrapping on extend  -  by @ pengooseDev in #8153 (a9281)
  • ui:
    • Ensure ui config option works correctly  -  by @ lzl0304 in #8147 (42eeb)

      View changes on GitHub

• 3.2.3 - 2025-06-09
  

     🚀 Features

  • browser: Use base url instead of vitest  -  by @ sheremet-va in #8126 (1d8eb)
  • ui: Show test annotations and metadata in the test report tab  -  by @ sheremet-va in #8093 (c69be)

     🐞 Bug Fixes

  • Rerun tests when project's setup file is changed  -  by @ sheremet-va in #8097 (0f335)
  • Revert expect.any return type  -  by @ sheremet-va in #8129 (47514)
  • Run only the name plugin last, not all config plugins  -  by @ sheremet-va in #8130 (83862)
  • pool:
    • Throw if user's tests use process.send()  -  by @ AriPerkkio in #8125 (dfe81)
  • runner:
    • Fast sequential task updates missing  -  by @ AriPerkkio in #8121 (7bd11)
    • Comments between fixture destructures  -  by @ AriPerkkio in #8127 (dc469)
  • vite-node:
    • Unable to handle errors where sourcemap mapping empty  -  by @ blake-newman and @ hi-ogawa in #8071 (8aa25)

      View changes on GitHub

• 3.2.2 - 2025-06-05
  

     🚀 Features

  • Support rolldown-vite  -  by @ sheremet-va and @ hi-ogawa in #7509 (c8d62)

     🐞 Bug Fixes

  • browser:
    • Calculate prepare time from createTesters call on the main thread  -  by @ sheremet-va in #8101 (142c7)
    • Optimize build output and always prebundle vitest  -  by @ sheremet-va (00a39)
    • Make custom locators available in vitest-browser-* packages  -  by @ sheremet-va in #8103 (247ef)
  • expect:
    • Ensure we can always self toEqual  -  by @ dubzzz in #8094 (02ec8)
  • reporter:
    • Allow dot reporter to work in non interactive terminals  -  by @ bstephen1 and @ AriPerkkio in #7994 (6db9f)

      View changes on GitHub

• 3.2.1 - 2025-06-03
  

     🐞 Bug Fixes

  • Use sha1 instead of md5 for hashing  -  by @ sheremet-va (e4c73)
  • expect:
    • Fix chai import in dts  -  by @ hi-ogawa in #8077 (a7593)
    • Export DeeplyAllowMatchers  -  by @ sheremet-va in #8078 (30ab4)

      View changes on GitHub

• 3.2.0 - 2025-06-02
  

     🚀 Features

  • Provide ctx.signal  -  by @ sheremet-va in #7878 (e761f)
  • Support custom colors for test.name  -  by @ AriPerkkio in #7809 (4af5d)
  • Add vi.mockObject to automock any object  -  by @ hi-ogawa and @ sheremet-va in #7761 (465bd)
  • Introduce watchTriggerPatterns option  -  by @ sheremet-va in #7778 (a0675)
  • Deprecate workspace in favor of projects  -  by @ sheremet-va and @ AriPerkkio in #7923 (41beb)
  • Explicit Resource Management support in mocked functions  -  by @ EskiMojo14 in #7927 (b67d3)
  • Add sequence.groupOrder option  -  by @ sheremet-va in #7852 (d1a1d)
  • Initial support for Temporal equality  -  by @ dirkluijk in #8007 (52bd7)
  • Support Vite 7  -  by @ sheremet-va in #8003 (1716b)
  • Track module execution totalTime and selfTime  -  by @ abrenneke in #8027 (95961)
  • Annotation API  -  by @ sheremet-va in #7953 (b03f2)
  • browser:
    • Implement connect option for playwright browser provider  -  by @ egfx-notifications and @ sheremet-va in #7915 (029c0)
    • Add screenshot.save option  -  by @ sheremet-va in #7777 (d9f51)
    • Custom locators API  -  by @ sheremet-va in #7993 (e6fbd)
  • coverage:
    • V8 experimental AST-aware remapping  -  by @ AriPerkkio in #7736 (78a3d)
  • reporter:
    • Add onWritePath option to github-actions  -  by @ nwalters512 and @ AriPerkkio in #8015 (abd3b)
  • vitest:
    • Allow per-file and per-worker fixtures  -  by @ sheremet-va and @ AriPerkkio in #7704 (9cbfc)

     🐞 Bug Fixes

  • Replace micromatch with picomatch  -  by @ sapphi-red in #7951 (df076)
  • Try to catch unhandled error outside of a test  -  by @ sheremet-va in #7968 (46421)
  • Generate a separate config for "vitest init browser" instead of a workspace file  -  by @ sheremet-va in #7934 (e84e2)
  • Switch ExpectStatic any types to AsymmetricMatcher<unknown>, with DeeplyAllowMatchers<T>  -  by @ JoshuaKGoldberg in #7016 (8ec44)
  • Remove unused exports  -  by @ sheremet-va in #7618 (33d05)
  • Throw an error if typechecker failed to spawn  -  by @ sheremet-va in #7990 (0e960)
  • Ignore non-string stack properties  -  by @ sheremet-va in #7995 (330f9)
  • Apply browser CLI options only if the project has the browser set in the config already  -  by @ sheremet-va in #7984 (70358)
  • Ensure errors keep their message and stack after toJSON serialisation  -  by @ sheremet-va in #8053 (3bdf0)
  • browser:
    • Resolve FS commands relative to the project root  -  by @ sheremet-va in #7896 (69ac9)
    • Run tests serially if provider doesn't provide a mocker  -  by @ sheremet-va in #8032 (227a9)
    • Resolve upload files relative to the project root  -  by @ sheremet-va in #8042 (b9a31)
    • Await mocker invalidation to avoid race condition with "mock wasn't registered"  -  by @ sheremet-va in #8021 (b34ff)
    • Share vite cache with the project cache  -  by @ sheremet-va in #8049 (0cbad)
    • Add this type to locators.extend  -  by @ sheremet-va in #8069 (70fb0)
  • cache:
    • Preserve test results from previous runs  -  by @ macko911 in #8043 (d6ef0)
  • cli:
    • Add built-in reporters list to --help output  -  by @ pengooseDev in #7955 (ef6ef)
    • Parse --silent values properly  -  by @ AriPerkkio in #8055 (8fad7)
  • coverage:
    • Istanbul provider to not use Vite preserved query params  -  by @ AriPerkkio in #7939 (a05d4)
    • Browser + v8 in source tests missing  -  by @ AriPerkkio in #7946 (51cd8)
    • In-source test cases excluded  -  by @ AriPerkkio in #7985 (407c0)
  • dev:
    • Fix relay of custom equality testers  -  by @ StefanLiebscher in #6140 (6dc1d)
  • expect:
    • Unbundle @ types/chai  -  by @ hi-ogawa in #7937 (525f5)
    • Support type-safe declaration of custom matchers  -  by @ kettanaito and @ sheremet-va in #7656 (e996b)
  • reporters:
    • Check the test result again when tests are rerunning  -  by @ sheremet-va in

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
package.json	40% smaller

[snyk-io]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)