Skip to content

build(deps): bump the npm_and_yarn group across 4 directories with 2 updates#281

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/apps/next-js/npm_and_yarn-e1a252a652
Closed

build(deps): bump the npm_and_yarn group across 4 directories with 2 updates#281
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/apps/next-js/npm_and_yarn-e1a252a652

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026
edited by devin-ai-integration Bot
Loading

Bumps the npm_and_yarn group with 1 update in the /apps/next-js directory: vitest.
Bumps the npm_and_yarn group with 1 update in the /moss-live-labs/examples/image-search/react-app directory: react-router.
Bumps the npm_and_yarn group with 1 update in the /packages/vercel-sdk directory: vitest.
Bumps the npm_and_yarn group with 1 update in the /packages/vitepress-plugin-moss directory: vitest.

Updates vitest from 3.2.4 to 4.1.0

Release notes

Sourced from vitest's releases.

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

   🚀 Features

... (truncated)

Commits
  • 4150b91 chore: release v4.1.0
  • 1de0aa2 fix: correctly identify concurrent test during static analysis (#9846)
  • c3cac1c fix: use isAgent check, not just TTY, for watch mode (#9841)
  • eab68ba chore(deps): update all non-major dependencies (#9824)
  • 031f02a fix: allow catch/finally for async assertion (#9827)
  • 3e9e096 feat(reporters): add agent reporter to reduce ai agent token usage (#9779)
  • 0c2c013 chore: release v4.1.0-beta.6
  • 8181e06 fix: hideSkippedTests should not hide test.todo (fix #9562) (#9781)
  • a8216b0 fix: manual and redirect mock shouldn't load or transform original module...
  • 689a22a fix(browser): types of getCDPSession and cdp() (#9716)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.


Updates react-router from 7.14.1 to 7.16.0

Release notes

Sourced from react-router's releases.

v7.16.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7160

v7.15.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7151

v7.15.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7150

v7.14.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7142

Changelog

Sourced from react-router's changelog.

v7.16.0

Minor Changes

  • Stabilize future.unstable_trailingSlashAwareDataRequests as future.v8_trailingSlashAwareDataRequests (#15098)

Patch Changes

  • Disable manifest path when lazy route dicovery is disabled (#15068)

  • Fix browser URL creation to use the configured history window instead of the global window. (#15066)

    • Pass the history/router window through to createBrowserURLImpl so custom window contexts keep the correct URL origin.

  • Fix useNavigation() return type to preserve discriminated union across navigation states (#15095)

  • Widen MetaDescriptor script:ld+json type from LdJsonObject to LdJsonObject | LdJsonObject[] to permit multiple JSON-LD schemas in a single <script type="application/ld+json"> tag emitted by <Meta /> (#15082)

v7.15.1

Patch Changes

  • Update router to operate on fetcher Maps in an immutable manner to avoid delayed React renders from potentially reading an updated but not yet committed Map. This could result in brief flickers in some fetcher-driven optimistic UI scenarios. (#15028)
  • Fix serverLoader() returning stale SSR data when a client navigation aborts pending hydration before the hydration clientLoader resolves (#15022)
  • Fix RouterProvider onError callback not being called for synchronous initial loader errors in SPA mode (#15039) (#14942)
  • Memoize useFetchers to return a stable identity and only change if fetchers changed (#15028)
  • Internal refactor to consolidate mutation request detection through shared utility (#15033)

Unstable Changes

⚠️ Unstable features are not recommended for production use

  • Add a new unstable_useRouterState() hook that consolidates access to active and pending router states (RFC: #12358) (#15017)

    • Data/Framework/RSC only — throws when used without a data router

    • This should allow you to consolidate usages of the following hooks which will likely be deprecated and removed in a future major version

      • useLocation
      • useSearchParams
      • useParams
      • useMatches
      • useNavigationType
      • useNavigation
      let { active, pending } = unstable_useRouterState();
// Active is always populated with the current location
active.location; // replaces useLocation()
active.searchParams; // replaces useSearchParams()[0]
active.params; // replaces useParams()
active.matches; // replaces useMatches()
active.type; // replaces useNavigationType()

... (truncated)

Commits

Updates vitest from 3.1.1 to 4.1.0

Release notes

Sourced from vitest's releases.

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

   🚀 Features

... (truncated)

Commits
  • 4150b91 chore: release v4.1.0
  • 1de0aa2 fix: correctly identify concurrent test during static analysis (#9846)
  • c3cac1c fix: use isAgent check, not just TTY, for watch mode (#9841)
  • eab68ba chore(deps): update all non-major dependencies (#9824)
  • 031f02a fix: allow catch/finally for async assertion (#9827)
  • 3e9e096 feat(reporters): add agent reporter to reduce ai agent token usage (#9779)
  • 0c2c013 chore: release v4.1.0-beta.6
  • 8181e06 fix: hideSkippedTests should not hide test.todo (fix #9562) (#9781)
  • a8216b0 fix: manual and redirect mock shouldn't load or transform original module...
  • 689a22a fix(browser): types of getCDPSession and cdp() (#9716)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.


Updates vitest from 3.2.4 to 4.1.0

Release notes

Sourced from vitest's releases.

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

   🚀 Features

... (truncated)

Commits
  • 4150b91 chore: release v4.1.0
  • 1de0aa2 fix: correctly identify concurrent test during static analysis (#9846)
  • c3cac1c fix: use isAgent check, not just TTY, for watch mode (#9841)
  • eab68ba chore(deps): update all non-major dependencies (#9824)
  • 031f02a fix: allow catch/finally for async assertion (#9827)
  • 3e9e096 feat(reporters): add agent reporter to reduce ai agent token usage (#9779)
  • 0c2c013 chore: release v4.1.0-beta.6
  • 8181e06 fix: hideSkippedTests should not hide test.todo (fix #9562) (#9781)
  • a8216b0 fix: manual and redirect mock shouldn't load or transform original module...
  • 689a22a fix(browser): types of getCDPSession and cdp() (#9716)
  • Additional commits viewable in compare view
Maintainer changes

This version was ...

Description has been truncated

Open in Devin Review

@dependabot
build(deps): bump the npm_and_yarn group across 4 directories with 2 …
e8b397b 
…updates

Bumps the npm_and_yarn group with 1 update in the /apps/next-js directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).
Bumps the npm_and_yarn group with 1 update in the /moss-live-labs/examples/image-search/react-app directory: [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router).
Bumps the npm_and_yarn group with 1 update in the /packages/vercel-sdk directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).
Bumps the npm_and_yarn group with 1 update in the /packages/vitepress-plugin-moss directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).


Updates `vitest` from 3.2.4 to 4.1.0
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest)

Updates `react-router` from 7.14.1 to 7.16.0
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router@7.16.0/packages/react-router)

Updates `vitest` from 3.1.1 to 4.1.0
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest)

Updates `vitest` from 3.2.4 to 4.1.0
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest)

---
updated-dependencies:
- dependency-name: vitest
  dependency-version: 4.1.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: react-router
  dependency-version: 7.16.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vitest
  dependency-version: 4.1.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vitest
  dependency-version: 4.1.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 4, 2026
@dependabot dependabot Bot mentioned this pull request Jun 4, 2026
Closed
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Jun 4, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

devin-ai-integration[bot]
devin-ai-integration Bot reviewed Jun 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 1 potential issue.

Open in Devin Review

Comment thread packages/vitepress-plugin-moss/package.json
Comment on lines 53 to 59
"vite": "^8.0.6",
"vite-plugin-dts": "^5.0.0",
"vitepress": "^1.5.0",
"vitest": "^3.1.1",
"vitest": "^4.1.0",
"vue": "^3.5.0"
},
"keywords": [
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration Bot Jun 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚩 Pre-existing vite version inconsistency in vitepress-plugin-moss

The packages/vitepress-plugin-moss/package.json declares "vite": "^8.0.6" as a devDependency (line 53), but the pnpm overrides block (line 74) forces all vite resolutions to "^6.4.2". This means the declared devDependency range (8.x) is never actually installed — pnpm resolves vite to 6.4.2 instead. The pnpm-lock.yaml confirms vitest 4.1.0 is resolved with vite@6.4.2. While vitest 4's peer dep (^6.0.0 || ^7.0.0 || ^8.0.0-0) is satisfied by 6.4.2, this divergence between the declared devDependency and the override may cause confusion if the override is ever removed.

(Refers to lines 53-74)

Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Jun 4, 2026

Superseded by #285.

@dependabot dependabot Bot closed this Jun 4, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/apps/next-js/npm_and_yarn-e1a252a652 branch June 4, 2026 18:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

@HarshaNalluru HarshaNalluru Awaiting requested review from HarshaNalluru HarshaNalluru is a code owner

@r4ghu r4ghu Awaiting requested review from r4ghu r4ghu is a code owner

@CoderOMaster CoderOMaster Awaiting requested review from CoderOMaster CoderOMaster is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CLAassistant