chore(frontend)(deps-dev): bump the vitest-testing group across 1 directory with 2 updates by dependabot[bot] · Pull Request #90 · RandomCodeSpace/otelcontext

dependabot · 2026-05-18T13:46:39Z

Bumps the vitest-testing group with 2 updates in the /ui directory: jsdom and vitest.

Updates jsdom from 29.1.0 to 29.1.1

Release notes

v29.1.1

Fixed 'border-radius' computed style serialization. (@asamuzaK)

Fixed computed style computation when using 'background-origin' and 'background-clip' CSS properties. (@asamuzaK)

Significantly optimized initial calls to getComputedStyle(), before the cache warms up. (@asamuzaK)

Commits

9b9ea7e 29.1.1
07efb78 Optimize computed style comparison
5f66329 Fix background-origin/background-clip in background shorthand
ad8af77 Fix border shorthand handling
See full diff in compare view

Updates vitest from 4.1.5 to 4.1.7

Release notes

Sourced from vitest's releases.

v4.1.7

   🐞 Bug Fixes

runner: Limit concurrency per task branch in addition to per leaf callbacks (backport) - by @hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

browser: Provide project reference in ToMatchScreenshotResolvePath - by @macarie and @sheremet-va in vitest-dev/vitest#10138 (31882)

Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options - by @hi-ogawa, Codex and @sheremet-va in vitest-dev/vitest#10196 (2847d)

browser: Simplify orchestrator otel carrier - by @hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

Stringify diff objects only once - by @sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

Commits

a09d472 chore: release v4.1.7
a8fd24c chore: release v4.1.6
18af98c fix(browser): simplify orchestrator otel carrier (#10285)
3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
See full diff in compare view

dependabot · 2026-05-18T13:46:40Z

Labels

The following labels could not be found: area:frontend, type:dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

socket-security · 2026-05-18T13:47:39Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/jsdom@29.1.0 ⏵ 29.1.1			⁺¹
	npm/vitest@4.1.5 ⏵ 4.1.7	⁺¹		⁺¹

View full report

…ectory with 2 updates Bumps the vitest-testing group with 2 updates in the /ui directory: [jsdom](https://github.com/jsdom/jsdom) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Updates `jsdom` from 29.1.0 to 29.1.1 - [Release notes](https://github.com/jsdom/jsdom/releases) - [Commits](jsdom/jsdom@v29.1.0...v29.1.1) Updates `vitest` from 4.1.5 to 4.1.7 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.7/packages/vitest) --- updated-dependencies: - dependency-name: jsdom dependency-version: 29.1.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: vitest-testing - dependency-name: vitest dependency-version: 4.1.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: vitest-testing ... Signed-off-by: dependabot[bot] <support@github.com>

sonarqubecloud · 2026-05-25T11:58:37Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

socket-security · 2026-05-25T11:58:47Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `jsdom` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ui/package-lock.json → `npm/jsdom@29.1.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/jsdom@29.1.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `jsdom` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ui/package-lock.json → `npm/jsdom@29.1.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/jsdom@29.1.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

dependabot Bot force-pushed the dependabot/npm_and_yarn/ui/vitest-testing-c0eb679a4a branch from bc8a712 to 09dcea1 Compare May 25, 2026 11:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(frontend)(deps-dev): bump the vitest-testing group across 1 directory with 2 updates#90

chore(frontend)(deps-dev): bump the vitest-testing group across 1 directory with 2 updates#90
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/ui/vitest-testing-c0eb679a4a

dependabot Bot commented on behalf of github May 18, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 18, 2026

Uh oh!

socket-security Bot commented May 18, 2026 •

edited

Loading

Uh oh!

sonarqubecloud Bot commented May 25, 2026

Uh oh!

socket-security Bot commented May 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v29.1.1

v4.1.7

🐞 Bug Fixes

View changes on GitHub

v4.1.6

🐞 Bug Fixes

🏎 Performance

View changes on GitHub

Uh oh!

dependabot Bot commented on behalf of github May 18, 2026

Labels

Uh oh!

socket-security Bot commented May 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

sonarqubecloud Bot commented May 25, 2026

Quality Gate passed

Uh oh!

socket-security Bot commented May 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github May 18, 2026 •

edited

Loading

socket-security Bot commented May 18, 2026 •

edited

Loading