Skip to content

chore: upgrade vitest from v3 to v4 #14045

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
fengmk2 wants to merge 1 commit into
base: canary
Choose a base branch
from
Draft

chore: upgrade vitest from v3 to v4 #14045

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion blocksuite/affine/all/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -300,6 +300,6 @@
"devDependencies": {
"@vanilla-extract/vite-plugin": "^5.0.0",
"msw": "^2.8.4",
"vitest": "3.1.3"
"vitest": "4.0.15"
}
}
2 changes: 1 addition & 1 deletion blocksuite/affine/blocks/bookmark/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
"zod": "^3.23.8"
},
"devDependencies": {
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"exports": {
".": "./src/index.ts",
Expand Down
2 changes: 1 addition & 1 deletion blocksuite/affine/blocks/embed-doc/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
"zod": "^3.23.8"
},
"devDependencies": {
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"exports": {
".": "./src/index.ts",
Expand Down
2 changes: 1 addition & 1 deletion blocksuite/affine/blocks/embed/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
"zod": "^3.23.8"
},
"devDependencies": {
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"exports": {
".": "./src/index.ts",
Expand Down
2 changes: 1 addition & 1 deletion blocksuite/affine/blocks/list/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
"zod": "^3.23.8"
},
"devDependencies": {
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"exports": {
".": "./src/index.ts",
Expand Down
2 changes: 1 addition & 1 deletion blocksuite/affine/blocks/surface/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
"zod": "^3.23.8"
},
"devDependencies": {
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"exports": {
".": "./src/index.ts",
Expand Down
2 changes: 1 addition & 1 deletion blocksuite/affine/data-view/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
"lit": "^3.2.0",
"lodash-es": "^4.17.21",
"rxjs": "^7.8.1",
"vitest": "^3.2.3",
"vitest": "^4.0.15",
"yjs": "^13.6.21",
"zod": "^3.23.8"
},
Expand Down
2 changes: 1 addition & 1 deletion blocksuite/affine/ext-loader/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
"zod": "^3.23.8"
},
"devDependencies": {
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"exports": {
".": "./src/index.ts"
Expand Down
2 changes: 1 addition & 1 deletion blocksuite/affine/inlines/comment/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
"zod": "^3.23.8"
},
"devDependencies": {
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"exports": {
".": "./src/index.ts",
Expand Down
2 changes: 1 addition & 1 deletion blocksuite/affine/inlines/footnote/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
"zod": "^3.23.8"
},
"devDependencies": {
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"exports": {
".": "./src/index.ts",
Expand Down
2 changes: 1 addition & 1 deletion blocksuite/affine/shared/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@
"!dist/__tests__"
],
"devDependencies": {
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"version": "0.25.5"
}
2 changes: 1 addition & 1 deletion blocksuite/framework/global/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@
"zod": "^3.23.8"
},
"devDependencies": {
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"version": "0.25.5"
}
2 changes: 1 addition & 1 deletion blocksuite/framework/std/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
"zod": "^3.23.8"
},
"devDependencies": {
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"exports": {
".": "./src/index.ts",
Expand Down
2 changes: 1 addition & 1 deletion blocksuite/framework/store/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
"devDependencies": {
"@types/lodash.clonedeep": "^4.5.9",
"@types/lodash.merge": "^4.6.9",
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"exports": {
".": "./src/index.ts",
Expand Down
2 changes: 1 addition & 1 deletion blocksuite/framework/sync/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
"y-protocols": "^1.0.6"
},
"devDependencies": {
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"peerDependencies": {
"yjs": "*"
Expand Down
2 changes: 1 addition & 1 deletion blocksuite/integration-test/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@
"vite": "^7.0.0",
"vite-plugin-istanbul": "^7.0.0",
"vite-plugin-wasm": "^3.4.1",
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"version": "0.25.5"
}
8 changes: 4 additions & 4 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,9 +64,9 @@
"@types/node": "^22.0.0",
"@typescript-eslint/parser": "^8.18.0",
"@vanilla-extract/vite-plugin": "^5.0.0",
"@vitest/browser": "3.1.3",
"@vitest/coverage-istanbul": "3.1.3",
"@vitest/ui": "3.1.3",
"@vitest/browser": "4.0.15",
"@vitest/coverage-istanbul": "4.0.15",
"@vitest/ui": "4.0.15",
Comment on lines +67 to +69
Copy link
Contributor

@coderabbitai coderabbitai bot Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

Vitest 4.0.15 release version npm registry

💡 Result:

I couldn't find [email protected] on the npm registry. The latest 4.x release I can find is 4.0.14 (per Snyk's package info). [1][2]

Sources:

  • Snyk package info showing latest 4.0.14. [1]
  • Vitest blog announcing Vitest 4.0. [2]

🌐 Web query:

Vitest latest version 2025

💡 Result:

The latest stable Vitest release is 4.0.6 (released Oct 31, 2025). [1][2]

Sources:
[1] Vitest blog — "Vitest 4.0 is out!" (Oct 22, 2025).
[2] Package release info listing vitest 4.0.6 (published Oct 31, 2025).

🌐 Web query:

Vitest 4.0.15 security vulnerabilities advisories

💡 Result:

Short answer: There are no security advisories that specifically report a vulnerability in vitest v4.0.15. Two public advisories (CVE-2025-24964 and CVE-2025-24963) were disclosed in Feb 2025 that affected older major versions and were patched in the 1.x/2.x/3.x line — those issues do not list 4.x as vulnerable.

Details and sources:

  • CVE-2025-24964 — critical remote code execution via the Vitest API (Cross-site WebSocket hijacking). Patched in 1.6.1, 2.1.9 and 3.0.5. [GitHub advisory / NVD]. [1][2]
  • CVE-2025-24963 — browser-mode file-disclosure via __screenshot-error (path-traversal). Patched in 2.1.9 and 3.0.4. [GitHub advisory / GitLab advisory]. [3][4]

If you want, I can:

  • check the vitest changelog/commit history for v4.0.15 to confirm fixes referencing these advisories, or
  • scan your project's dependency tree to see if any vulnerable subpackages are present.

Sources:
[1] GitHub advisory GHSA-9crc-q9x8-hgqq (CVE-2025-24964).
[2] NVD entry CVE-2025-24964.
[3] GitHub advisory GHSA-8gvc-j273-4wm5 (CVE-2025-24963).
[4] GitLab advisory / CVE-2025-24963 summary.

Update Vitest packages to a valid version—4.0.15 does not exist.

Vitest 4.0.15 is not a valid release. The latest 4.0.x version is 4.0.14 (per Snyk), and the latest stable Vitest release overall is 4.0.6. Update the three packages (@vitest/browser, @vitest/coverage-istanbul, @vitest/ui) at lines 67-69 and 93 to an existing version, preferably 4.0.6 or higher (up to 4.0.14).

No security advisories affect Vitest 4.x versions; two historical CVEs (CVE-2025-24964 and CVE-2025-24963) were patched in the 1.x/2.x/3.x lines only.

🤖 Prompt for AI Agents 
In package.json around lines 67-69 (and also update the related entry at line
93), the three Vitest packages "@vitest/browser", "@vitest/coverage-istanbul",
and "@vitest/ui" are pinned to a non-existent version 4.0.15; change their
versions to a valid release in the 4.0.x range (e.g., "4.0.14" or "4.0.6") by
replacing "4.0.15" with the chosen valid version in all occurrences, then run
npm/yarn install to verify resolution and update lockfile.

"cross-env": "^7.0.3",
"electron": "^36.0.0",
"eslint": "^9.16.0",
Expand All @@ -90,7 +90,7 @@
"typescript-eslint": "^8.18.0",
"unplugin-swc": "^1.5.1",
"vite": "^7.0.0",
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"packageManager": "[email protected]",
"resolutions": {
Expand Down
2 changes: 1 addition & 1 deletion packages/common/debug/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
},
"devDependencies": {
"@types/debug": "^4.1.12",
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"version": "0.25.5"
}
2 changes: 1 addition & 1 deletion packages/common/env/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"private": true,
"type": "module",
"devDependencies": {
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"exports": {
"./automation": "./src/automation.ts",
Expand Down
2 changes: 1 addition & 1 deletion packages/common/error/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,6 @@
"graphql": "^16.9.0"
},
"devDependencies": {
"vitest": "3.1.3"
"vitest": "4.0.15"
}
}
2 changes: 1 addition & 1 deletion packages/common/graphql/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
"@graphql-codegen/typescript-operations": "^4.4.0",
"@types/lodash-es": "^4.17.12",
"prettier": "^3.4.2",
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"scripts": {
"build": "gql-gen --errors-only"
Expand Down
2 changes: 1 addition & 1 deletion packages/common/infra/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
"@types/react": "^19.0.1",
"fake-indexeddb": "^6.0.0",
"rxjs": "^7.8.1",
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"peerDependencies": {
"electron": "*",
Expand Down
2 changes: 1 addition & 1 deletion packages/common/nbstore/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
"fake-indexeddb": "^6.0.0",
"idb": "^8.0.0",
"socket.io-client": "^4.8.1",
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"peerDependencies": {
"@affine/error": "workspace:*",
Expand Down
2 changes: 1 addition & 1 deletion packages/common/reader/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
},
"devDependencies": {
"@blocksuite/affine": "workspace:*",
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"peerDependencies": {
"@blocksuite/affine": "workspace:*"
Expand Down
2 changes: 1 addition & 1 deletion packages/frontend/apps/electron/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@
"tree-kill": "^1.2.2",
"ts-node": "^10.9.2",
"uuid": "^11.0.3",
"vitest": "3.1.3",
"vitest": "4.0.15",
"zod": "^3.24.1"
},
"dependencies": {
Expand Down
7 changes: 2 additions & 5 deletions packages/frontend/apps/electron/vitest.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,8 @@ export default defineConfig({
setupFiles: [resolve(rootDir, './scripts/setup/global.ts')],
include: ['./test/**/*.spec.ts'],
testTimeout: 5000,
poolOptions: {
forks: {
singleFork: true,
},
},
maxWorkers: 1,
isolate: false,
coverage: {
provider: 'istanbul', // or 'c8'
reporter: ['lcov'],
Expand Down
2 changes: 1 addition & 1 deletion packages/frontend/component/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@
"typescript": "^5.7.2",
"unplugin-swc": "^1.5.1",
"vite": "^7.0.0",
"vitest": "3.1.3"
"vitest": "4.0.15"
},
"version": "0.25.5"
}
2 changes: 1 addition & 1 deletion packages/frontend/core/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,6 @@
"@vanilla-extract/css": "^1.17.0",
"fake-indexeddb": "^6.0.0",
"lodash-es": "^4.17.21",
"vitest": "3.1.3"
"vitest": "4.0.15"
}
}
4 changes: 1 addition & 3 deletions packages/frontend/core/src/modules/navigation/__tests__/utils.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
/**
* @vitest-environment happy-dom
*/
import { afterEach } from 'node:test';

import { beforeEach, describe, expect, test, vi } from 'vitest';
import { afterEach, beforeEach, describe, expect, test, vi } from 'vitest';

import { resolveLinkToDoc, toURLSearchParams } from '../utils';

Expand Down
2 changes: 1 addition & 1 deletion packages/frontend/i18n/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,6 @@
"@affine-tools/cli": "workspace:*",
"@affine-tools/utils": "workspace:*",
"glob": "^11.0.0",
"vitest": "3.1.3"
"vitest": "4.0.15"
}
}
2 changes: 1 addition & 1 deletion packages/frontend/routes/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
"@affine-tools/utils": "workspace:*",
"path-to-regexp": "^8.2.0",
"query-string": "^9.1.1",
"vitest": "^3.0.6"
"vitest": "^4.0.15"
},
"peerDependencies": {
"react": "^19.1.0",
Expand Down
2 changes: 1 addition & 1 deletion packages/frontend/track/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,6 @@
"devDependencies": {
"@types/mixpanel-browser": "^2.50.2",
"@types/react": "^19.0.1",
"vitest": "3.1.3"
"vitest": "4.0.15"
}
}
3 changes: 1 addition & 2 deletions vitest.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,8 +66,7 @@ export default defineConfig({
],
testTimeout: 5000,
coverage: {
all: false,
provider: 'istanbul', // or 'c8'
provider: 'istanbul',
reporter: ['lcov'],
reportsDirectory: resolve(rootDir, '.coverage/store'),
},
Expand Down
16 changes: 10 additions & 6 deletions vitest.workspace.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
import { defineWorkspace } from 'vitest/config';
import { defineConfig } from 'vitest/config';

export default defineWorkspace([
'.',
'./packages/frontend/apps/electron',
'./blocksuite/**/*/vitest.config.ts',
]);
export default defineConfig({
test: {
projects: [
'.',
'./packages/frontend/apps/electron',
'./blocksuite/**/*/vitest.config.ts',
],
},
});
Loading
Loading