deps: bump the dependencies group with 2 updates

[dependabot]

Bumps the dependencies group with 2 updates: lefthook and vitest.

Updates lefthook from 2.0.13 to 2.0.15

Release notes

Sourced from lefthook's releases.

v2.0.15

Changelog

• f8dc321dd3ed3b7bdcad622a4011a268a63451e3 feat: skip scripts if args given with empty file template (#1277)

v2.0.14

Changelog

• 037fcdca819684123dc1c62df1d14f4402b1e245 deps: December 2025 (#1209)
• e80f8927482b638bcd068136d3624d5adc83f0b2 deps: switch from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#1261)
• 87350d63c401c47b9260d0023c7640e3885e0202 feat: add jsonc support (#1274)
• 882159f29f83b1f4f175ed5116ac48c631639deb fix: don't install custom hooks to hooks dir (#1246)
• 2bcab48ec33b2bf57e1a981734a73be4ea0a10ed fix: skip if any files template is empty (#1275)

Changelog

Sourced from lefthook's changelog.

2.0.15 (2026-01-13)

• docs: clarify remote settings (#1260) by @​mrexox
• feat: skip scripts if args given with empty file template (#1277) by @​mrexox

2.0.14 (2026-01-12)

• fix: skip if any files template is empty (#1275) by @​mrexox
• feat: add jsonc support (#1274) by @​mrexox
• deps: switch from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#1261) by @​scop
• fix: don't install custom hooks to hooks dir (#1246) by @​scop
• deps: December 2025 (#1209) by @​mrexox

Commits

• e272e4f 2.0.15: skip scripts when file template is empty in args
• ccacdf7 docs: clarify remote settings (#1260)
• f8dc321 feat: skip scripts if args given with empty file template (#1277)
• 32a3e5d 2.0.14: skip command on empty files template
• 2bcab48 fix: skip if any files template is empty (#1275)
• 87350d6 feat: add jsonc support (#1274)
• e80f892 deps: switch from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#1261)
• 882159f fix: don't install custom hooks to hooks dir (#1246)
• 037fcdc deps: December 2025 (#1209)
• See full diff in compare view

Updates vitest from 4.0.16 to 4.0.17

Release notes

Sourced from vitest's releases.

v4.0.17

   🚀 Experimental Features

• Support openTelemetry for browser mode  -  by @​hi-ogawa in vitest-dev/vitest#9180 (1ec3a)
• Support TRACEPARENT and TRACESTATE environment variables for OpenTelemetry context propagation  -  by @​Copilot, hi-ogawa and @​hi-ogawa in vitest-dev/vitest#9295 (876cb)

   🐞 Bug Fixes

• Improve asymmetric matcher diff readability by unwrapping container matchers  -  by @​Copilot, sheremet-va, hi-ogawa and @​hi-ogawa in vitest-dev/vitest#9330 (b2ec7)
• Improve runner error when importing outside of test context  -  by @​sheremet-va in vitest-dev/vitest#9335 (2dd3d)
• Replace crypto.randomUUID to allow insecure environments (fix #9…  -  by @​plusgut in vitest-dev/vitest#9339 and vitest-dev/vitest#9 (e6a3f)
• Handle null options in addEventHandler #9371  -  by @​ThibautMarechal in vitest-dev/vitest#9372 and vitest-dev/vitest#9371 (40841)
• Typo in browser.provider error  -  by @​deammer in vitest-dev/vitest#9394 (4b67f)
• browser:
  • Fix process.env and import.meta.env defines in inline project  -  by @​hi-ogawa in vitest-dev/vitest#9239 (b70c9)
  • Fix upload File instance  -  by @​hi-ogawa in vitest-dev/vitest#9294 (b6778)
  • Fix invalid project token for artifacts assets  -  by @​hi-ogawa in vitest-dev/vitest#9321 (caa7d)
  • Log ErrorEvent.message when unhandled ErrorEvent.error is null  -  by @​hi-ogawa in vitest-dev/vitest#9322 (5d84e)
  • Support fileParallelism on an instance  -  by @​sheremet-va in vitest-dev/vitest#9328 (15006)
• coverage:
  • Remove unnecessary istanbul-lib-source-maps usage  -  by @​AriPerkkio in vitest-dev/vitest#9344 (b0940)
  • Apply patch from istanbuljs/istanbuljs#837  -  by @​AriPerkkio and sapphi-red in vitest-dev/vitest#9413 and vitest-dev/vitest#837 (e05ce)
• fsModuleCache:
  • Don't store importers in cache  -  by @​sheremet-va in vitest-dev/vitest#9422 (75136)
  • Add importers alongside importedModules  -  by @​sheremet-va in vitest-dev/vitest#9423 (59f92)
• mocker:
  • Fix mock transform with class  -  by @​hi-ogawa in vitest-dev/vitest#9421 (d390e)
• pool:
  • Validate environment options when reusing the worker  -  by @​sheremet-va in vitest-dev/vitest#9349 (a8a88)
  • Handle worker start failures gracefully  -  by @​AriPerkkio in vitest-dev/vitest#9337 (200da)
• reporter:
  • Report test module if it failed to run  -  by @​sheremet-va in vitest-dev/vitest#9272 (c7888)
• runner:
  • Respect nested test.only within describe.only  -  by @​Ujjwaljain16 in vitest-dev/vitest#9021 and vitest-dev/vitest#9213 (55d5d)
• typecheck:
  • Improve error message when tsc outputs help text  -  by @​Ujjwaljain16 in vitest-dev/vitest#9214 (7b10a)
• ui:
  • Detect gzip by magic numbers instead of Content-Type header in html reporter  -  by @​Copilot, hi-ogawa and @​hi-ogawa in vitest-dev/vitest#9278 (dd033)
• webdriverio:
  • Fall back to WebDriver Classic #9244  -  by @​JustasMonkev in vitest-dev/vitest#9373 and vitest-dev/vitest#9244 (c23dd)

    View changes on GitHub

Commits

• dd54e94 chore: release v4.0.17
• 59f92d4 fix(fsModuleCache): add importers alongside importedModules (#9423)
• 751364e fix(fsModuleCache): don't store importers in cache (#9422)
• 4b67fc2 fix: typo in browser.provider error (#9394)
• 40841ff fix: handle null options in addEventHandler #9371 (#9372)
• 200dadb fix(pool): handle worker start failures gracefully (#9337)
• 1500654 fix(browser): support fileParallelism on an instance (#9328)
• a8a8836 fix(pool): validate environment options when reusing the worker (#9349)
• 7b10ab4 fix(typecheck): improve error message when tsc outputs help text (#9214)
• 876cb84 feat: support TRACEPARENT and TRACESTATE environment variables for OpenTeleme...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[changeset-bot]

⚠️ No Changeset found

Latest commit: 7be6189

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.