Bump the npm_and_yarn group across 3 directories with 6 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the /extension directory: ws, @nevware21/ts-utils, fast-uri and qs.
Bumps the npm_and_yarn group with 2 updates in the /playground/AspireWithJavaScript/AspireJavaScript.Angular directory: ws and hono.
Bumps the npm_and_yarn group with 1 update in the /tests/Aspire.Hosting.CodeGeneration.TypeScript.JsTests directory: vitest.

Updates ws from 8.20.0 to 8.20.1

Release notes

Sourced from ws's releases.

8.20.1

Bug fixes

• Fixed an uninitialized memory disclosure issue in websocket.close() (c0327ec1).

Providing a TypedArray (e.g. Float32Array) as the reason argument for websocket.close(), rather than the supported string or Buffer types, caused uninitialized memory to be disclosed to the remote peer.

import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer(
{ port: 0, skipUTF8Validation: true },
function () {
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port}, {
skipUTF8Validation: true
});
ws.on('close', function (code, reason) {
  deepStrictEqual(reason, Buffer.alloc(80));
});

}
);
wss.on('connection', function (ws) {
ws.close(1000, new Float32Array(20));
});

The issue was privately reported by Nikita Skovoroda.

Commits

• 5d9b316 [dist] 8.20.1
• c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
• ce2a3d6 [ci] Test on node 26
• 58e45b8 [ci] Do not test on node 25
• 5f26c24 [ci] Run the lint step on node 24
• See full diff in compare view

Updates @nevware21/ts-utils from 0.13.0 to 0.15.0

Release notes

Sourced from @​nevware21/ts-utils's releases.

0.15.0

Changelog

Features

• #570 Add microtask scheduling helpers with native queueMicrotask, Promise, and timer-backed fallbacks
  • New functions: scheduleMicrotask, hasQueueMicrotask, getQueueMicrotask, setMicroTaskFallbackOptions
  • New public types: ScheduleMicrotaskFn, MicroTaskOptions
  • Extends microtask support by providing cancellable microtasks via ITimerHandler, plus fallback ordering to run microtasks before queued timers when using the timer-backed implementation
  • Provides runtime parity across all supported environments by using native queueMicrotask when present, Promise-backed scheduling when available, and a timer-backed microtask queue otherwise
• #573 Add nextTick scheduling support and new helper exports
  • New timer/runtime functions: scheduleNextTick, getProcessNextTick, hasProcessNextTick, setNextTickFallbackOptions
  • Uses native process.nextTick in Node runtimes when available, while providing equivalent nextTick behavior in browser and worker runtimes via Promise and timer-backed fallbacks
  • Adds shared queue logic and callback-argument support across microtask and nextTick scheduling
  • Adds arrConcat as a dedicated array helper and fnBindArgs as a dedicated function helper
  • Improves function binding typing with exported BoundFunction and updated signatures for fnBind / fnBindArgs
• #574 feat(iterator,array): add iterator collection helpers, split helper modules, and align collection membership semantics
  • Added new iterator helpers: iterMap, iterFilter, iterTake, iterReduce, iterSome, iterEvery, iterToArray, iterUnion, iterIntersection, iterDifference
  • Added arrToMap helper in the array module and moved callback/type declarations into iterator/types
  • Refactored iterator helper implementation/tests into per-function files and updated root exports
  • Added NaN regression coverage and switched iterator set-operation membership checks to arrIncludes semantics for parity with array helpers
• #576 Refactor timer microtask/nextTick shared types and environment helpers, with expanded fallback coverage
  • Moved MicrotaskFn and ScheduleMicrotaskFn to helpers/types and updated timer internals to consume shared type definitions
  • Moved getQueueMicrotask and hasQueueMicrotask to helpers/environment, updated root exports, and aligned scheduleNextTick fallback resolution to prefer queueMicrotask when available
  • Added internal microtaskQueue scheduler helper wiring and expanded tests for queue fallback behavior, Promise ordering, and no-Promise edge cases

Bug Fixes

• #568 Rolldown INVALID_ANNOTATION warnings caused by non-canonical PURE annotation spacing in generated output
  • #569 Add generated-chunk PURE annotation normalization so spaced forms are rewritten to canonical (/*#__PURE__*/ / (/*@__PURE__*/ in rollup output
  • #575 Add packaged artifact validation for PURE annotation spacing and update normalization tolerance, with per-file logging while scanning lib/bundle and lib/dist

New Contributors

• @​hrithik-infinite made their first contribution in nevware21/ts-utils#569

Full Changelog: nevware21/ts-utils@0.14.0...0.15.0

0.14.0

Changelog

Features

• #525 feat(array): add new array helpers and array-like detection
  • New helpers: isArrayLike, arrUnique, arrCompact, arrFlatten, arrGroupBy, arrChunk and export previously missed isArrayLike
• #527 feat(string): add strReplace and strReplaceAll helpers with refactored internal replacements
• #528 feat(string): add strCapitalizeWords helper
• #529 / #530 feat(string): add strTruncate, strCount, strAt, and strMatchAll helpers with shared literal regex helper
• #533 feat(array): add arrFlatMap with ES5 polyfill support
• #535 docs(types): add typing utilities for v0.14.0 and expand TSDoc examples
• #536 feat: add isAsyncIterable and isIntegerInRange type/value inspection helpers

... (truncated)

Changelog

Sourced from @​nevware21/ts-utils's changelog.

v0.15.0 May 29th, 2026

Changelog

Features

• #570 Add microtask scheduling helpers with native queueMicrotask, Promise, and timer-backed fallbacks
  • New functions: scheduleMicrotask, hasQueueMicrotask, getQueueMicrotask, setMicroTaskFallbackOptions
  • New public types: ScheduleMicrotaskFn, MicroTaskOptions
  • Extends microtask support by providing cancellable microtasks via ITimerHandler, plus fallback ordering to run microtasks before queued timers when using the timer-backed implementation
  • Provides runtime parity across all supported environments by using native queueMicrotask when present, Promise-backed scheduling when available, and a timer-backed microtask queue otherwise
• #573 Add nextTick scheduling support and new helper exports
  • New timer/runtime functions: scheduleNextTick, getProcessNextTick, hasProcessNextTick, setNextTickFallbackOptions
  • Uses native process.nextTick in Node runtimes when available, while providing equivalent nextTick behavior in browser and worker runtimes via Promise and timer-backed fallbacks
  • Adds shared queue logic and callback-argument support across microtask and nextTick scheduling
  • Adds arrConcat as a dedicated array helper and fnBindArgs as a dedicated function helper
  • Improves function binding typing with exported BoundFunction and updated signatures for fnBind / fnBindArgs
• #574 feat(iterator,array): add iterator collection helpers, split helper modules, and align collection membership semantics
  • Added new iterator helpers: iterMap, iterFilter, iterTake, iterReduce, iterSome, iterEvery, iterToArray, iterUnion, iterIntersection, iterDifference
  • Added arrToMap helper in the array module and moved callback/type declarations into iterator/types
  • Refactored iterator helper implementation/tests into per-function files and updated root exports
  • Added NaN regression coverage and switched iterator set-operation membership checks to arrIncludes semantics for parity with array helpers
• #576 Refactor timer microtask/nextTick shared types and environment helpers, with expanded fallback coverage
  • Moved MicrotaskFn and ScheduleMicrotaskFn to helpers/types and updated timer internals to consume shared type definitions
  • Moved getQueueMicrotask and hasQueueMicrotask to helpers/environment, updated root exports, and aligned scheduleNextTick fallback resolution to prefer queueMicrotask when available
  • Added internal microtaskQueue scheduler helper wiring and expanded tests for queue fallback behavior, Promise ordering, and no-Promise edge cases

Bug Fixes

• #568 Rolldown INVALID_ANNOTATION warnings caused by non-canonical PURE annotation spacing in generated output
  • #569 Add generated-chunk PURE annotation normalization so spaced forms are rewritten to canonical (/*#__PURE__*/ / (/*@__PURE__*/ in rollup output
  • #575 Add packaged artifact validation for PURE annotation spacing and update normalization tolerance, with per-file logging while scanning lib/bundle and lib/dist

Full Changelog

v0.14.0 May 18th, 2026

Changelog

Features

• #525 feat(array): add new array helpers and array-like detection
  • New helpers: isArrayLike, arrUnique, arrCompact, arrFlatten, arrGroupBy, arrChunk and export previously missed isArrayLike
• #527 feat(string): add strReplace and strReplaceAll helpers with refactored internal replacements
• #528 feat(string): add strCapitalizeWords helper
• #529 / #530 feat(string): add strTruncate, strCount, strAt, and strMatchAll helpers with shared literal regex helper
• #533 feat(array): add arrFlatMap with ES5 polyfill support
• #535 docs(types): add typing utilities for v0.14.0 and expand TSDoc examples
• #536 feat: add isAsyncIterable and isIntegerInRange type/value inspection helpers
• #543 feat(string): add strStartsWithAny, strEndsWithAny, strWrap, strUnwrap, and strNormalizeNewlines helpers

... (truncated)

Commits

• 66b5fba [Release] Increase version to 0.15.0 (#577)
• 358d5d1 refactor(timer): centralize microtask types and queueMicrotask access; expand...
• 382853e feat(iterator): add iterator collection helpers with docs and tests (#574)
• 87cb303 test(build): validate packaged bundle PURE annotations and improve no… (#575)
• 124d67f feat: add nextTick support, add arrConcat and fnBindArgs helpers (#573)
• 34178c1 Fix #PURE annotations being ignored by Rolldown/Vite 8 (#568) (#569)
• 5b5854b feat(timer): add cancellable microtask scheduling with cross-runtime fallback...
• 45cb369 [Release] Increase version to 0.14.0 (#567)
• 5e887f4 Add new object utility helpers and harden defaults against prototype pollutio...
• 0a486d3 Bug: Falsy thisArg (0, '', false) overridden in arrForEach/iterForOf/objForEa...
• Additional commits viewable in compare view

Updates fast-uri from 3.1.0 to 3.1.2

Release notes

Sourced from fast-uri's releases.

v3.1.2

⚠️ Security Release

• Fix for GHSA-v39h-62p7-jpjc

What's Changed

• Handle malformed fragment decoding as a parse error by @​mcollina in fastify/fast-uri#171

Full Changelog: fastify/fast-uri@v3.1.1...v3.1.2

v3.1.1

⚠️ Security Release

• Fix for GHSA-q3j6-qgpj-74h6

What's Changed

• build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @​dependabot[bot] in fastify/fast-uri#148
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in fastify/fast-uri#149
• chore(.npmrc): ignore scripts by @​Fdawgs in fastify/fast-uri#150
• build(deps-dev): remove @​fastify/pre-commit by @​Fdawgs in fastify/fast-uri#151
• build(deps): bump actions/setup-node from 4 to 5 by @​dependabot[bot] in fastify/fast-uri#152
• ci(ci): add concurrency config by @​Fdawgs in fastify/fast-uri#153
• build(deps): bump actions/setup-node from 5 to 6 by @​dependabot[bot] in fastify/fast-uri#154
• build(deps): bump actions/checkout from 5 to 6 by @​dependabot[bot] in fastify/fast-uri#156
• chore(license): standardise license notice by @​Fdawgs in fastify/fast-uri#159
• style: remove trailing whitespace by @​Fdawgs in fastify/fast-uri#161
• ci: remove unused github files by @​Tony133 in fastify/fast-uri#162
• chore: update readme by @​Tony133 in fastify/fast-uri#164
• build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by @​dependabot[bot] in fastify/fast-uri#165
• build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by @​dependabot[bot] in fastify/fast-uri#166
• build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by @​dependabot[bot] in fastify/fast-uri#167
• ci: add lock-threads workflow by @​Fdawgs in fastify/fast-uri#169

New Contributors

• @​Tony133 made their first contribution in fastify/fast-uri#162

Full Changelog: fastify/fast-uri@v3.1.0...v3.1.1

Commits

• 919dd8e Bumped v3.1.2
• c65ba57 fixup: linting
• 6c86c17 Merge commit from fork
• a95158a Handle malformed fragment decoding without throwing (#171)
• cea547c Bumped v3.1.1
• 876ce79 Merge commit from fork
• dcdf690 ci: add lock-threads workflow (#169)
• c860e65 build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (#167)
• 9b4c6dc build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#166)
• 85d09a9 build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...
• Additional commits viewable in compare view

Updates qs from 6.15.0 to 6.15.2

Changelog

Sourced from qs's changelog.

6.15.2

• [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder
• [Fix] stringify: use configured delimiter after charsetSentinel (#555)
• [Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)
• [Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)
• [Fix] parse: handle nested bracket groups and add regression tests (#530)
• [readme] fix grammar (#550)
• [Dev Deps] update @ljharb/eslint-config
• [Tests] add regression tests for keys containing percent-encoded bracket text

6.15.1

• [Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters
• [Deps] update @ljharb/eslint-config
• [Dev Deps] update @ljharb/eslint-config, iconv-lite
• [Tests] increase coverage

Commits

• 9aca407 v6.15.2
• 5e33d33 [Dev Deps] update @ljharb/eslint-config
• 21f80b3 [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + `e...
• a0a81ea [Fix] stringify: use configured delimiter after charsetSentinel
• e3062f7 [Fix] stringify: apply formatter to encoded key under strictNullHandling
• 0c180a4 [Fix] stringify: skip null/undefined filter-array entries instead of crashi...
• 3a8b94a [Tests] add regression tests for keys containing percent-encoded bracket text
• 96755ab [readme] fix grammar
• a419ce5 [Fix] parse: handle nested bracket groups and add regression tests
• 3f5e1c5 v6.15.1
• Additional commits viewable in compare view

Updates ws from 8.20.0 to 8.20.1

Release notes

Sourced from ws's releases.

8.20.1

Bug fixes

• Fixed an uninitialized memory disclosure issue in websocket.close() (c0327ec1).

Providing a TypedArray (e.g. Float32Array) as the reason argument for websocket.close(), rather than the supported string or Buffer types, caused uninitialized memory to be disclosed to the remote peer.

import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer(
{ port: 0, skipUTF8Validation: true },
function () {
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port}, {
skipUTF8Validation: true
});
ws.on('close', function (code, reason) {
  deepStrictEqual(reason, Buffer.alloc(80));
});

}
);
wss.on('connection', function (ws) {
ws.close(1000, new Float32Array(20));
});

The issue was privately reported by Nikita Skovoroda.

Commits

• 5d9b316 [dist] 8.20.1
• c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
• ce2a3d6 [ci] Test on node 26
• 58e45b8 [ci] Do not test on node 25
• 5f26c24 [ci] Run the lint step on node 24
• See full diff in compare view

Updates hono from 4.12.18 to 4.12.23

Release notes

Sourced from hono's releases.

v4.12.23

What's Changed

• fix(serve-static): normalize all backslashes in file paths, not just the first in honojs/hono#4962
• feat(context): export the Context class publicly by @​BlankParticle in honojs/hono#4543
• docs(contribution): add AI Usage Policy by @​yusukebe in honojs/hono#4970
• feat(compress): add contentTypeFilter option and COMPRESSIBLE_CONTENT_TYPE_REGEX re-export by @​na-trium-144 in honojs/hono#4961
• fix(utils/ipaddr): do not compress a single 0 group to :: by @​yusukebe in honojs/hono#4971

Full Changelog: honojs/hono@v4.12.22...v4.12.23

v4.12.22

What's Changed

• chore: update vitest to v4 and cleanups by @​BlankParticle in honojs/hono#4952
• fix(mime): specify charset parameter per MIME type instead of mechanical detection by @​renatograsso10 in honojs/hono#4912
• fix(compress): respect Accept-Encoding when encoding option is set by @​LeSingh1 in honojs/hono#4951
• fix(deno): echo negotiated WebSocket subprotocol in upgrade response by @​ATOM00blue in honojs/hono#4955
• feat: add msgpack as a compressible content type by @​na-trium-144 in honojs/hono#4957

New Contributors

• @​renatograsso10 made their first contribution in honojs/hono#4912
• @​LeSingh1 made their first contribution in honojs/hono#4951
• @​ATOM00blue made their first contribution in honojs/hono#4955
• @​na-trium-144 made their first contribution in honojs/hono#4957

Full Changelog: honojs/hono@v4.12.21...v4.12.22

v4.12.21

Security fixes

This release includes fixes for the following security issues:

app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

Affects: app.mount(). Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3

IP Restriction bypasses static deny rules for non-canonical IPv6

Affects: hono/ip-restriction. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5

Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

Affects: hono/cookie. Fixes missing validation of sameSite and priority options against injection characters (;, \r, \n), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x

JWT middleware accepts any Authorization scheme, not only Bearer

Affects: hono/jwt, hono/jwk. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474

---

Users who use app.mount(), hono/ip-restriction, hono/cookie, or hono/jwt/hono/jwk are encouraged to upgrade to this version.

... (truncated)

Commits

• 83bfb3b 4.12.23
• bcd290a fix(utils/ipaddr): do not compress a single 0 group to :: (#4971)
• c968177 feat(compress): add contentTypeFilter option and `COMPRESSIBLE_CONTENT_TYPE_R...
• 0265a54 docs(contribution): add AI Usage Policy (#4970)
• c84c5d2 feat(context): export the Context class publicly (#4543)
• 82dad62 fix(serve-static): normalize all backslashes in file paths, not just the firs...
• 2f01b77 4.12.22
• 6bc0dff feat: add msgpack as a compressible content type (#4957)
• 7e0555d fix(deno): echo negotiated WebSocket subprotocol in upgrade response (#4955)
• f0ed246 fix(compress): respect Accept-Encoding when encoding option is set (#4951)
• Additional commits viewable in compare view

Updates vitest from 3.2.4 to 4.1.0

Release notes

Sourced from vitest's releases.

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

   🚀 Features

• Return a disposable from doMock()  -  by @​kirkwaiblinger in vitest-dev/vitest#9332 (e3e65)
• Added chai style assertions  -  by @​ronnakamoto and @​sheremet-va in vitest-dev/vitest#8842 (841df)
• Update to sinon/fake-timers v15 and add setTickMode to timer controls  -  by @​atscott and @​sheremet-va in vitest-dev/vitest#8726 (4b480)
• Expose matcher types  -  by @​sheremet-va in vitest-dev/vitest#9448 (3e4b9)
• Add toTestSpecification to reported tasks  -  by @​sheremet-va in vitest-dev/vitest#9464 (1a470)
• Show a warning if vi.mock or vi.hoisted are declared outside of top level of the module  -  by @​sheremet-va in vitest-dev/vitest#9387 (5db54)
• Track and display expectedly failed tests (.fails) in UI and CLI  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#9476 (77d75)
• Support tags  -  by @​sheremet-va in vitest-dev/vitest#9478 (de7c8)
• Implement aroundEach and aroundAll hooks  -  by @​sheremet-va in vitest-dev/vitest#9450 (2a8cb)
• Stabilize experimental features  -  by @​sheremet-va in vitest-dev/vitest#9529 (b5fd2)
• Accept new or all in --update flag  -  by @​sheremet-va in vitest-dev/vitest#9543 (a5acf)
• Support meta in test options  -  by @​sheremet-va in vitest-dev/vitest#9535 (7d622)
• Support type inference with a new test.extend syntax  -  by @​sheremet-va in vitest-dev/vitest#9550 (e5385)
• Support vite 8 beta, fix type issues in the config with different vite versions  -  by @​sheremet-va in vitest-dev/vitest#9587 (99028)
• Add assertion helper to hide internal stack traces  -  by @​hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9594 (eeb0a)
• Store failure screenshots using artifacts API  -  by @​macarie in vitest-dev/vitest#9588 (24603)
• Allow vitest list to statically collect tests instead of running files to collect them  -  by @​sheremet-va in vitest-dev/vitest#9630 (7a8e7)
• Add --detect-async-leaks  -  by @​AriPerkkio in vitest-dev/vitest#9528 (c594d)
• Implement mockThrow and mockThrowOnce  -  by @​thor-juhasz and @​sheremet-va in vitest-dev/vitest#9512 (61917)
• Support update: "none" and add docs about snapshots behavior on CI  -  by @​hi-ogawa in vitest-dev/vitest#9700 (05f18)
• Support playwright launchOptions with connectOptions  -  by @​hi-ogawa in vitest-dev/vitest#9702 (f0ff1)
• Add page/locator.mark API to enhance playwright trace  -  by @​hi-ogawa in vitest-dev/vitest#9652 (d0ee5)
• api:
  • Support tests starting or ending with test in experimental_parseSpecification  -  by @​jgillick and Jeremy Gillick in vitest-dev/vitest#9235 (2f367)
  • Add filters to createSpecification  -  by @​sheremet-va in vitest-dev/vitest#9336 (c8e6c)
  • Expose runTestFiles as alternative to runTestSpecifications  -  by @​sheremet-va in vitest-dev/vitest#9443 (43d76)
  • Add allowWrite and allowExec options to api  -  by @​sheremet-va in vitest-dev/vitest#9350 (20e00)
  • Allow passing down test cases to toTestSpecification  -  by @​sheremet-va in vitest-dev/vitest#9627 (6f17d)
• browser:
  • Add userEvent.wheel API  -  by @​macarie in vitest-dev/vitest#9188 (66080)
  • Add filterNode option to prettyDOM for filtering browser assertion error output  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#9475 (d3220)
  • Support playwright persistent context  -  by @​hi-ogawa, Claude Opus 4.6 and @​sheremet-va in vitest-dev/vitest#9229 (f865d)
  • Added detailsPanelPosition option and button  -  by @​shairez in vitest-dev/vitest#9525 (c8a31)
  • Use BlazeDiff instead of pixelmatch  -  by @​macarie in vitest-dev/vitest#9514 (30936)
  • Add findElement and enable strict mode in webdriverio and preview  -  by @​sheremet-va in vitest-dev/vitest#9677 (c3f37)
• cli:
  • Add @​bomb.sh/tab completions  -  by @​AmirSa12 and @​sheremet-va in vitest-dev/vitest#8639 (200f3)
• coverage:
  • Support ignore start/stop ignore hints  -  by @​AriPerkkio in vitest-dev/vitest#9204 (e59c9)
  • Add coverage.changed option to report only changed files  -  by @​kykim00 and @​AriPerkkio in vitest-dev/vitest#9521 (1d939)
• experimental:
  • Add onModuleRunner hook to worker.init  -  by @​sheremet-va in vitest-dev/vitest#9286 (e977f)
  • Option to disable the module runner  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#9210 (9be61)

... (truncated)

Commits

• 4150b91 chore: release v4.1.0
• 1de0aa2 fix: correctly identify concurrent test during static analysis (#9846)
• c3cac1c fix: use isAgent check, not just TTY, for watch mode (#9841)
• eab68ba chore(deps): update all non-major dependencies (#9824)
• 031f02a fix: allow catch/finally for async assertion (#9827)
• 3e9e096 feat(reporters): add agent reporter to reduce ai agent token usage (#9779)
• 0c2c013 chore: release v4.1.0-beta.6
• 8181e06 fix: hideSkippedTests should not hide test.todo (fix #9562) (#9781)
• a8216b0 fix: manual and redirect mock shouldn't load or transform original module...
• 689a22a fix(browser): types of getCDPSession and cdp() (#9716)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[github-actions]

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 17915

Or

• Run remotely in PowerShell:

iex "& { $(irm https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 17915"

[github-actions]

❓ CLI E2E Tests unknown — 113 passed, 0 failed, 2 unknown (commit a3c75c0)

View all recordings

-	Test	Detail
✅	AddPackageInteractiveWhileAppHostRunningDetached	Recording · Job · CLI logs
✅	AddPackageWhileAppHostRunningDetached	Recording · Job · CLI logs
✅	AgentCommands_AllHelpOutputs_AreCorrect	Recording · Job · CLI logs
✅	AgentInitCommand_DefaultSelection_InstallsDefaultSkills	Recording · Job · CLI logs
✅	AgentInitCommand_MigratesDeprecatedConfig	Recording · Job · CLI logs
✅	AgentInit_NonInteractive_BundleOnlySkillsNotInCatalog	Recording · Job · CLI logs
✅	AgentMcpListStructuredLogsReturnsLogsFromStarterApp	Recording · Job · CLI logs
✅	AgentMcpListStructuredLogsReturnsLogsFromStarterApp_DevLocalhost	Recording · Job · CLI logs
✅	AgentMcpListStructuredLogsReturnsLogsFromStarterApp_Isolated	Recording · Job · CLI logs
✅	AllPublishMethodsBuildDockerImages	Recording · Job · CLI logs
✅	AspireAddAndStartWorkAgainstLegacyAppHostTs	Recording · Job · CLI logs
✅	AspireAddPackageVersionToDirectoryPackagesProps	Recording · Job · CLI logs
✅	AspireInitSingleFileAppHostRunsViaDotnetRunAppHost	Recording · Job · CLI logs
✅	AspireInit_ExistingAppHostDir_RecreatesNuGetConfigKeepsFiles	Recording · Job · CLI logs
❔	AspireInit_SolutionFile_BuildsAgainstChannelHive	Recording · Job · CLI logs
✅	AspireStartUpdatesStaleTypeScriptAppHostPath	Recording · Job · CLI logs
✅	AspireUpdateRemovesAppHostPackageVersionFromDirectoryPackagesProps	Recording · Job · CLI logs
✅	AspireUpdateRemovesOrphanAppHostPackageVersionWhenSdkAlreadyCurrent	Recording · Job · CLI logs
✅	Banner_DisplayedOnFirstRun	Recording · Job · CLI logs
✅	Banner_DisplayedWithExplicitFlag	Recording · Job · CLI logs
✅	Banner_NotDisplayedWithNoLogoFlag	Recording · Job · CLI logs
✅	CertificatesClean_RemovesCertificates	Recording · Job · CLI logs
✅	CertificatesTrust_WithNoCert_CreatesAndTrustsCertificate	Recording · Job · CLI logs
✅	CertificatesTrust_WithUntrustedCert_TrustsCertificate	Recording · Job · CLI logs
✅	ConfigSetGet_CreatesNestedJsonFormat	Recording · Job · CLI logs
✅	CreateAndRunAspireStarterProject	Recording · Job · CLI logs
✅	CreateAndRunAspireStarterProjectWithBundle	Recording · Job · CLI logs
✅	CreateAndRunEmptyAppHostProject	Recording · Job · CLI logs
✅	CreateAndRunJavaEmptyAppHostProject	Recording · Job · CLI logs
✅	CreateAndRunJsReactProject	Recording · Job · CLI logs
✅	CreateAndRunPolyglotAppHostWithDevLocalhostUrls	Recording · Job · CLI logs
✅	CreateAndRunPythonReactProject	Recording · Job · CLI logs
✅	CreateAndRunTypeScriptEmptyAppHostProject	Recording · Job · CLI logs
✅	CreateAndRunTypeScriptStarterProject	Recording · Job · CLI logs
✅	CreateJavaAppHostWithViteApp	Recording · Job · CLI logs
✅	CreateTypeScriptAppHostWithViteApp_UsesConfiguredToolchain	Recording · Job · CLI logs
✅	DashboardRunWithAgentMcpListTracesReturnsNoTraces	Recording · Job · CLI logs
✅	DashboardRunWithAgentMcpListTracesReturnsNoTraces_DevLocalhost	Recording · Job · CLI logs
✅	DashboardRunWithOtelTracesReturnsNoTraces	Recording · Job · CLI logs
✅	DashboardRunWithOtelTracesReturnsNoTraces_DevLocalhost	Recording · Job · CLI logs
✅	DeployK8sBasicApiService	Recording · Job · CLI logs
✅	DeployK8sWithExternalHelmChart	Recording · Job · CLI logs
✅	DeployK8sWithGarnet	Recording · Job · CLI logs
✅	DeployK8sWithMongoDB	Recording · Job · CLI logs
✅	DeployK8sWithMySql	Recording · Job · CLI logs
✅	DeployK8sWithPostgres	Recording · Job · CLI logs
✅	DeployK8sWithRabbitMQ	Recording · Job · CLI logs
✅	DeployK8sWithRedis	Recording · Job · CLI logs
✅	DeployK8sWithSqlServer	Recording · Job · CLI logs
✅	DeployK8sWithValkey	Recording · Job · CLI logs
✅	DeployTypeScriptAppToKubernetes	Recording · Job · CLI logs
✅	DescribeCommandResolvesReplicaNames	Recording · Job · CLI logs
✅	DescribeCommandShowsRunningResources	Recording · Job · CLI logs
✅	DetachFormatJsonProducesValidJson	Recording · Job · CLI logs
✅	DetachFormatJsonProducesValidJsonWhenRestartingExistingInstance	Recording · Job · CLI logs
✅	DoPublishAndDeployListStepsWork	Recording · Job · CLI logs
✅	DocsCommand_RendersInteractiveMarkdownFromLocalSource	Recording · Job · CLI logs
✅	DoctorCommand_DetectsDeprecatedAgentConfig	Recording · Job · CLI logs
✅	DoctorCommand_TypeScriptAppHostReportsMissingConfiguredToolchain	Recording · Job · CLI logs
✅	DoctorCommand_WithSslCertDir_ShowsTrusted	Recording · Job · CLI logs
✅	DoctorCommand_WithoutSslCertDir_ShowsPartiallyTrusted	Recording · Job · CLI logs
✅	DotNetRunFileBasedAppHostUsesAspireCliBundle	Recording · Job · CLI logs
✅	DotNetRunProjectAppHostUsesAspireCliBundle	Recording · Job · CLI logs
✅	GatewayWithoutExternalEndpoint_FailsPublishWithGuidance	Recording · Job · CLI logs
✅	GeneratedAspireDevScript_StartsWatchMode_WithConfiguredToolchain	Recording · Job · CLI logs
✅	GlobalMigration_HandlesCommentsAndTrailingCommas	Recording · Job · CLI logs
✅	GlobalMigration_HandlesMalformedLegacyJson	Recording · Job · CLI logs
✅	GlobalMigration_PreservesAllValueTypes	Recording · Job · CLI logs
✅	GlobalMigration_SkipsWhenNewConfigExists	Recording · Job · CLI logs
✅	GlobalSettings_MigratedFromLegacyFormat	Recording · Job · CLI logs
✅	IngressWithoutExternalEndpoint_FailsPublishWithGuidance	Recording · Job · CLI logs
✅	InitTypeScriptAppHost_AugmentsExistingViteRepoInWorkspaceSubdirectory	Recording · Job · CLI logs
✅	InteractiveCSharpInitCreatesExpectedFiles	Recording · Job · CLI logs
✅	InvalidAppHostPathWithComments_IsHealedOnRun	Recording · Job · CLI logs
✅	JavaScriptHostingApisRunFromTypeScriptAppHost	Recording · Job · CLI logs
✅	LatestCliCanStartStableChannelAppHost	Recording · Job · CLI logs
✅	LatestCliCanStartStableChannelTypeScriptAppHost	Recording · Job · CLI logs
✅	LegacySettingsMigration_AdjustsRelativeAppHostPath	Recording · Job · CLI logs
✅	LogsCommandShowsResourceLogs	Recording · Job · CLI logs
✅	OtelLogsReturnsStructuredLogsFromStarterApp	Recording · Job · CLI logs
✅	OtelLogsReturnsStructuredLogsFromStarterAppIsolated	Recording · Job · CLI logs
✅	PersistentContainersPreserveDataAcrossAppHostRuns	Recording · Job · CLI logs
✅	PsCommandListsRunningAppHost	Recording · Job · CLI logs
✅	PsFormatJsonOutputsOnlyJsonToStdout	Recording · Job · CLI logs
✅	PublishJavaScriptPatternsGeneratesExpectedDockerComposeArtifacts	Recording · Job · CLI logs
✅	PublishWithConfigureEnvFileUpdatesEnvOutput	Recording · Job · CLI logs
✅	PublishWithDockerComposeServiceCallbackSucceeds	Recording · Job · CLI logs
✅	PublishWithoutOutputPathUsesAppHostDirectoryDefault	Recording · Job · CLI logs
✅	ResourceCommand_FailedExec_ShowsLogPathAndLogHasEntries	Recording · Job · CLI logs
✅	ResourceCommand_SetAndDeleteParameterUpdatesDescribeOutput	Recording · Job · CLI logs
✅	RestoreGeneratesSdkFiles	Recording · Job · CLI logs
✅	RestoreGeneratesSdkFiles_WithConfiguredToolchain	Recording · Job · CLI logs
✅	RestoreRefreshesGeneratedSdkAfterAddingIntegration	Recording · Job · CLI logs
✅	RestoreSupportsConfigOnlyHelperPackageAndCrossPackageTypes	Recording · Job · CLI logs
✅	RunFromParentDirectory_UsesExistingConfigNearAppHost	Recording · Job · CLI logs
✅	RunReportsSyntaxErrorsForDotNetAppHost	Recording · Job · CLI logs
✅	RunReportsSyntaxErrorsForTypeScriptAppHost	Recording · Job · CLI logs
✅	SecretCrudOnDotNetAppHost	Recording · Job · CLI logs
✅	SecretCrudOnTypeScriptAppHost	Recording · Job · CLI logs
✅	StagingChannel_ConfigureAndVerifySettings_ThenSwitchChannels	Recording · Job · CLI logs
✅	StartAndWaitForTypeScriptSqlServerAppHostWithNativeAssets	Recording · Job · CLI logs
✅	StartReportsSyntaxErrorsForDotNetAppHost	Recording · Job · CLI logs
✅	StartReportsSyntaxErrorsForTypeScriptAppHost	Recording · Job · CLI logs
✅	StopAllAppHostsFromAppHostDirectory	Recording · Job · CLI logs
✅	StopJavaPolyglotAppHostUsingApphostDirectory	Recording · Job · CLI logs
✅	StopNonInteractiveSingleAppHost	Recording · Job · CLI logs
✅	StopTypeScriptPolyglotAppHostUsingApphostDirectory	Recording · Job · CLI logs
✅	StopWithNoRunningAppHostExitsSuccessfully	Recording · Job · CLI logs
✅	TypeScriptAppHostRunDoesNotDeadlockWhenLazyOptionsInvokeAsyncCallback	Recording · Job · CLI logs
✅	TypeScriptAppHostWithVite_AllowsDifferentGuestPkgManager	Recording · Job · CLI logs
✅	UnAwaitedChainsCompileWithAutoResolvePromises	Recording · Job · CLI logs
❔	UpdateToStable_CSharpEmptyAppHost_KeepsConfigChannel	Recording · Job · CLI logs
✅	UpdateToStable_CSharpSingleFileInit_KeepsConfigChannel	Recording · Job · CLI logs
✅	UpdateToStable_TypeScriptSingleFileInit_KeepsConfigChannel	Recording · Job · CLI logs
✅	UpdateToStable_TypeScript_PreviewsStablePkgsAndKeepsChannel	Recording · Job · CLI logs

---

_{📹 Recordings uploaded automatically from CI run #26978611570}

[adamint]

High-confidence findings from review:

1. extension/yarn.lock now resolves @nevware21/ts-utils@0.15.0 from the internal dotnet-public-npm feed, but the package currently returns 401 Unauthorized in both the Windows extension unit-test job and the Linux extension bootstrap job. This PR cannot restore the extension dependencies until that package/version is mirrored and accessible from the approved feed, or the lockfile is regenerated to a version that is available there.

2. The TypeScript SDK job is failing at npm ci with Invalid Version, which points at malformed native optional-dependency entries in the updated lockfile. Please regenerate tests/Aspire.Hosting.CodeGeneration.TypeScript.JsTests/package-lock.json so every package entry has a valid version.