Skip to content

chore(deps-dev): Bump vitest from 4.0.10 to 4.0.12 #185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

chore(deps-dev): Bump vitest from 4.0.10 to 4.0.12 #185

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 21, 2025
edited
Loading

Bumps vitest from 4.0.10 to 4.0.12.

Release notes

Sourced from vitest's releases.

v4.0.12

   🐞 Bug Fixes

    View changes on GitHub

v4.0.11

   🚀 Experimental Features

   🏎 Performance

    View changes on GitHub
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependabot Dependabot automated updates dependencies Pull requests that update dependencies npm npm (JavaScript) dependencies labels Nov 21, 2025
@github-actions
Copy link

github-actions bot commented Nov 21, 2025

💡 Tip: Consider Using Draft PRs

Benefits of opening PRs as drafts initially:

  • 💰 Saves CI runtime and Copilot review credits
  • 🎯 Automatically sets linked issues to "🚧 In Progress" status
  • 🚀 Mark "Ready for review" when done to trigger full CI pipeline

How to convert:

  1. Click "Still in progress? Convert to draft" in the sidebar, OR
  2. Use gh pr ready when ready for review

This is just a friendly reminder - feel free to continue as is! 😊

kevalyq added a commit to SecPal/.github that referenced this pull request Nov 21, 2025
@kevalyq
fix(codecov): allow Dependabot PRs to pass without blocking
5e9851a 
Problem:
- Codecov was configured with require_ci_to_pass: true
- This caused Dependabot PRs to fail codecov checks even though:
  - GitHub Actions workflows use continue-on-error for dependabot
  - Token uploads may fail for security reasons
  - All other CI checks pass successfully

Solution:
- Set require_ci_to_pass: false (GitHub Actions is already a required check)
- Set if_ci_failed: success (don't block PRs if CI has issues)
- Set wait_for_ci: false (don't wait for all CI to complete)

This allows Dependabot PRs to merge when all GitHub Actions pass,
even if codecov upload encounters issues due to missing secrets.

Fixes: SecPal/api#204
Fixes: SecPal/frontend#181
Fixes: SecPal/frontend#182
Fixes: SecPal/frontend#183
Fixes: SecPal/frontend#184
Fixes: SecPal/frontend#185
@kevalyq kevalyq mentioned this pull request Nov 21, 2025
Merged
kevalyq added a commit to SecPal/.github that referenced this pull request Nov 21, 2025
@kevalyq
fix(codecov): allow Dependabot PRs with informational status
2676c70 
Problem:
- Dependabot PRs in api and frontend were blocked by codecov checks
- Root cause: require_ci_to_pass: true + continue-on-error in workflows
- Codecov interpreted skipped uploads as failed CI and blocked PRs

Initial approach (WRONG):
- Set if_ci_failed: success
- This would disable coverage enforcement for ALL PRs
- Violates Critical Rule #10 (Code Coverage Enforcement)

Correct solution:
- Set require_ci_to_pass: false (GitHub Actions is required check)
- Set informational: true for project/patch coverage
- Keep if_ci_failed: error (accurate status reporting)

This allows:
✅ Dependabot PRs auto-merge when GitHub Actions pass
✅ Coverage data remains visible and tracked
✅ No coverage enforcement bypass (informational ≠ disabled)
✅ Manual review can still catch coverage drops

Technical distinction:
- if_ci_failed: success → reports success even with <80% coverage
- informational: true → reports status but doesn't block PRs

Fixes: SecPal/api#204
Fixes: SecPal/frontend#181
Fixes: SecPal/frontend#182
Fixes: SecPal/frontend#183
Fixes: SecPal/frontend#184
Fixes: SecPal/frontend#185
@dependabot dependabot bot force-pushed the dependabot-npm_and_yarn-main-vitest-4.0.12 branch from 2de635f to 8681ed2 Compare November 21, 2025 18:19
@dependabot
chore(deps-dev): Bump vitest from 4.0.10 to 4.0.12
0cfc938 
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 4.0.10 to 4.0.12.
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.12/packages/vitest)

---
updated-dependencies:
- dependency-name: vitest
  dependency-version: 4.0.12
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot-npm_and_yarn-main-vitest-4.0.12 branch from 8681ed2 to 0cfc938 Compare November 21, 2025 18:31
kevalyq added a commit that referenced this pull request Nov 21, 2025
@kevalyq
chore(deps): sync vitest ecosystem to 4.0.13
14538ee 
Synchronizes all vitest-related packages to version 4.0.13 to prevent
peer dependency conflicts that blocked Dependabot PRs #184 and #185.

Changes:
- vitest: ^4.0.3 → ^4.0.13
- @vitest/ui: ^4.0.8 → ^4.0.13
- @vitest/coverage-v8: ^4.0.12 → ^4.0.13

Fixes peer dependency resolution errors in CI that prevented npm ci
from succeeding.

Closes: #184
Closes: #185
@kevalyq kevalyq mentioned this pull request Nov 21, 2025
Merged
@kevalyq kevalyq closed this in 539afe9 Nov 21, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 21, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot-npm_and_yarn-main-vitest-4.0.12 branch November 21, 2025 18:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependabot Dependabot automated updates dependencies Pull requests that update dependencies npm npm (JavaScript) dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant