chore(deps): bump the npm_and_yarn group across 13 directories with 15 updates by dependabot[bot] · Pull Request #10 · Welbert5753/enKrypt

dependabot · 2026-06-01T18:49:06Z

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package	From	To
brace-expansion	`1.1.11`	`1.1.15`
defu	`6.1.4`	`6.1.7`
fast-uri	`3.0.3`	`3.1.2`
flatted	`3.3.1`	`3.4.2`
follow-redirects	`1.15.9`	`1.16.0`
h3	`1.13.0`	`1.15.11`
kysely	`0.27.4`	`0.27.6`
node-forge	`1.3.1`	`1.4.0`
picomatch	`2.3.1`	`2.3.2`
qs	`6.5.3`	`6.5.5`
undici	`6.20.1`	`6.26.0`
yaml	`1.10.2`	`1.10.3`

Bumps the npm_and_yarn group with 3 updates in the /packages/extension directory: vitest, uuid and vite.
Bumps the npm_and_yarn group with 1 update in the /packages/hw-wallets directory: vitest.
Bumps the npm_and_yarn group with 1 update in the /packages/keyring directory: vitest.
Bumps the npm_and_yarn group with 1 update in the /packages/name-resolution directory: vitest.
Bumps the npm_and_yarn group with 2 updates in the /packages/request directory: vitest and uuid.
Bumps the npm_and_yarn group with 1 update in the /packages/signers/bitcoin directory: vitest.
Bumps the npm_and_yarn group with 1 update in the /packages/signers/ethereum directory: vitest.
Bumps the npm_and_yarn group with 1 update in the /packages/signers/kadena directory: vitest.
Bumps the npm_and_yarn group with 1 update in the /packages/signers/polkadot directory: vitest.
Bumps the npm_and_yarn group with 1 update in the /packages/storage directory: vitest.
Bumps the npm_and_yarn group with 2 updates in the /packages/swap directory: vitest and uuid.
Bumps the npm_and_yarn group with 1 update in the /packages/utils directory: vitest.

Updates brace-expansion from 1.1.11 to 1.1.15

Release notes

Sourced from brace-expansion's releases.

v1.1.15

Backport v5.0.6 change to v1 (#111) 0b09384

juliangruber/brace-expansion@v1.1.14...v1.1.15

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

2203f4f 1.1.15
0b09384 Backport v5.0.6 change to v1 (#111)
10c05fc 1.1.14
1afa1b2 Add opt-in { max } mitigation to v1 legacy line (#103)
2fbb6a2 Revert "Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)" (#102)
0d7652e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)
6c353ca 1.1.13
7fd684f Backport fix for GHSA-f886-m6hf-6m8v (#95)
44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
Additional commits viewable in compare view

Updates defu from 6.1.4 to 6.1.7

Release notes

Sourced from defu's releases.

v6.1.7

compare changes

📦 Build

Correct the types export entry (#160)

Export Defu types (#157)

❤️ Contributors

Jakub Michálek (@J-Michalek)

Kricsleo (@kricsleo)

v6.1.6

compare changes

📦 Build

Fix mixed types (407b516)

v6.1.5

compare changes

🩹 Fixes

Prevent prototype pollution via __proto__ in defaults (#156)

Ignore inherited enumerable properties (11ba022)

✅ Tests

Add more tests for plain objects (b65f603)

❤️ Contributors

Pooya Parsa (@pi0)

Kricsleo (@kricsleo)

Changelog

Sourced from defu's changelog.

v6.1.7

compare changes

🩹 Fixes

defu.d.cts: Export Defu types (#157)

📦 Build

Correct the types export entry (#160)

❤️ Contributors

Jakub Michálek (@J-Michalek)

Kricsleo (@kricsleo)

v6.1.6

compare changes

📦 Build

Fix mixed types (407b516)

❤️ Contributors

Pooya Parsa (@pi0)

v6.1.5

compare changes

🩹 Fixes

Prevent prototype pollution via __proto__ in defaults (#156)

Ignore inherited enumerable properties (11ba022)

🏡 Chore

Add tea.yaml (70cffe5)

Update repo (23cc432)

Fix typecheck (89df6bb)

✅ Tests

Add more tests for plain objects (b65f603)

🤖 CI

... (truncated)

Commits

80c0146 chore(release): v6.1.7
40d7ef4 fix(defu.d.cts): export Defu types (#157)
3d3a7c8 build: correct the types export entry (#160)
001c290 chore(release): v6.1.6
407b516 build: fix mixed types
23e59e6 chore(release): v6.1.5
11ba022 fix: ignore inherited enumerable properties
3942bfb fix: prevent prototype pollution via __proto__ in defaults (#156)
d3ef16d chore(deps): update actions/checkout action to v6 (#151)
869a053 chore(deps): update actions/setup-node action to v6 (#149)
Additional commits viewable in compare view

Updates fast-uri from 3.0.3 to 3.1.2

Release notes

Sourced from fast-uri's releases.

v3.1.2

⚠️ Security Release

Fix for GHSA-v39h-62p7-jpjc

What's Changed

Handle malformed fragment decoding as a parse error by @mcollina in fastify/fast-uri#171

Full Changelog: fastify/fast-uri@v3.1.1...v3.1.2

v3.1.1

⚠️ Security Release

Fix for GHSA-q3j6-qgpj-74h6

What's Changed

build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @dependabot[bot] in fastify/fast-uri#148

build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in fastify/fast-uri#149

chore(.npmrc): ignore scripts by @Fdawgs in fastify/fast-uri#150

build(deps-dev): remove @fastify/pre-commit by @Fdawgs in fastify/fast-uri#151

build(deps): bump actions/setup-node from 4 to 5 by @dependabot[bot] in fastify/fast-uri#152

ci(ci): add concurrency config by @Fdawgs in fastify/fast-uri#153

build(deps): bump actions/setup-node from 5 to 6 by @dependabot[bot] in fastify/fast-uri#154

build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in fastify/fast-uri#156

chore(license): standardise license notice by @Fdawgs in fastify/fast-uri#159

style: remove trailing whitespace by @Fdawgs in fastify/fast-uri#161

ci: remove unused github files by @Tony133 in fastify/fast-uri#162

chore: update readme by @Tony133 in fastify/fast-uri#164

build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by @dependabot[bot] in fastify/fast-uri#165

build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by @dependabot[bot] in fastify/fast-uri#166

build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by @dependabot[bot] in fastify/fast-uri#167

ci: add lock-threads workflow by @Fdawgs in fastify/fast-uri#169

New Contributors

@Tony133 made their first contribution in fastify/fast-uri#162

Full Changelog: fastify/fast-uri@v3.1.0...v3.1.1

v3.1.0

What's Changed

ci: remove master branch support by @Fdawgs in fastify/fast-uri#126

chore(test) remove .gitkeep by @Fdawgs in fastify/fast-uri#128

ci(ci): set job permissions by @Fdawgs in fastify/fast-uri#129

ci: set permissions at workflow level by @Fdawgs in fastify/fast-uri#131

ci: set workflow permissions to read-only by default by @Fdawgs in fastify/fast-uri#132

ci(ci): restore job level permissions by @Fdawgs in fastify/fast-uri#133

build(deps-dev): bump tsd from 0.31.2 to 0.32.0 by @dependabot[bot] in fastify/fast-uri#134

ci(ci): pin actions to commit-hash by @Fdawgs in fastify/fast-uri#135

ci: add node 24 to test matrix by @Fdawgs in fastify/fast-uri#136

... (truncated)

Commits

919dd8e Bumped v3.1.2
c65ba57 fixup: linting
6c86c17 Merge commit from fork
a95158a Handle malformed fragment decoding without throwing (#171)
cea547c Bumped v3.1.1
876ce79 Merge commit from fork
dcdf690 ci: add lock-threads workflow (#169)
c860e65 build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (#167)
9b4c6dc build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#166)
85d09a9 build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...
Additional commits viewable in compare view

Updates flatted from 3.3.1 to 3.4.2

Commits

3bf0909 3.4.2
885ddcc fix CWE-1321
0bdba70 added flatted-view to the benchmark
2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
Additional commits viewable in compare view

Updates follow-redirects from 1.15.9 to 1.16.0

Commits

0c23a22 Release version 1.16.0 of the npm package.
844c4d3 Add sensitiveHeaders option.
5e8b8d0 ci: add Node.js 24.x to the CI matrix
7953e22 ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6
86dc1f8 Sanitizing input.
21ef28a Release version 1.15.11 of the npm package.
7c88135 Roll back tree shaking.
6e389ba Release version 1.15.10 of the npm package.
5bc496e Shake me up before you go-go.
694d6b4 Bump minimist from 1.2.5 to 1.2.8
See full diff in compare view

Updates h3 from 1.13.0 to 1.15.11

Release notes

Sourced from h3's releases.

v1.15.11

compare changes

🏡 Chore

Update defu to 6.1.6 (6125485)

Update deps (4998dd8)

Update cookie-es (d166186)

v1.15.10

compare changes

🩹 Fixes

Preserve percent-encoded req.url in app event handler (#1355)

❤️ Contributors

Sergio Azócar (@sergioazoc)

v1.15.9

compare changes

🩹 Fixes

Preserve %25 in pathname (1103df6)

static: Prevent path traversal via double-encoded dot segments (%252e%252e) (c56683d)

sse: Sanitize carriage returns in event stream data and comments (ba3c3fe)

v1.15.8

compare changes

🩹 Fixes

Preserve %25 in pathname (1103df6)

v1.15.7

compare changes

🩹 Fixes

static: Narrow path traversal check to match .. as a path segment only (c049dc0)

app: Decode percent-encoded path segments to prevent auth bypass (313ea52)

💅 Refactors

Remove implicit event handler conversion warning (#1340)

❤️ Contributors

... (truncated)

Changelog

Sourced from h3's changelog.

v1.15.11

compare changes

🏡 Chore

Update defu to 6.1.6 (6125485)

Update deps (4998dd8)

Update cookie-es (d166186)

❤️ Contributors

Pooya Parsa (@pi0)

v1.15.10

compare changes

🩹 Fixes

Preserve percent-encoded req.url in app event handler (#1355)

🏡 Chore

Update deps (26fec6f)

❤️ Contributors

Pooya Parsa (@pi0)

Sergio Azócar (@sergioazoc)

v1.15.9

compare changes

🩹 Fixes

Preserve %25 in pathname (1103df6)

static: Prevent path traversal via double-encoded dot segments (%252e%252e) (c56683d)

sse: Sanitize carriage returns in event stream data and comments (ba3c3fe)

🏡 Chore

release: V1.15.8 (e3b9c9e)

Update deps (23045df)

❤️ Contributors

Pooya Parsa (@pi0)

... (truncated)

Commits

7b9f41f chore(release): v1.15.11
d166186 chore: update cookie-es
4998dd8 chore: update deps
6125485 chore: update defu to 6.1.6
b72bb57 chore(release): v1.15.10
d8ef318 remove resolutions for h3
26fec6f chore: update deps
51ca9b3 fix: preserve percent-encoded req.url in app event handler (#1355)
4e8d43a chore(release): v1.15.9
23045df chore: update deps
Additional commits viewable in compare view

Updates kysely from 0.27.4 to 0.27.6

Release notes

Sourced from kysely's releases.

0.27.6

Hey 👋

v0.28 is right around the corner! 👀

🚀 Features

🐞 Bugfixes

fix: implements a underscore validation to camelcase plugin by @rhyzzor in kysely-org/kysely#1290

fix: resolve edge case with varying shapes in multiple item inserts causing undefined in parameters. by @naorpeled & @igalklebanov in kysely-org/kysely#1311

PostgreSQL 🐘

Use JS sort method to sort migrations by name by @DavesBorges in kysely-org/kysely#844

fix: WithSchemaPlugin is adding schema to table function arguments and causes db errors in json_agg and to_json. by @igalklebanov in kysely-org/kysely#827

SQLite 📘

fix: isAutoIncrementing: true for sqlite integer primary key by @tgriesser in kysely-org/kysely#1344 and kysely-org/kysely#1349

📖 Documentation

Update CONTRIBUTING.md by @igalklebanov in kysely-org/kysely@bfbd002

badge stuff @ README.md by @igalklebanov in kysely-org/kysely@541c935

add CODE_OF_CONDUCT.md by @igalklebanov in kysely-org/kysely#564

add another example to CoC. by @igalklebanov in kysely-org/kysely@9ba0f02

explain examples in CoC. by @igalklebanov in kysely-org/kysely@708afad

add example to CoC. by @igalklebanov in kysely-org/kysely@1ba5586

add examples to CoC. by @igalklebanov in kysely-org/kysely@1cbe9b5

CoC wording. by @igalklebanov in kysely-org/kysely@5598338

add reactions as an example in CoC. by @igalklebanov in kysely-org/kysely@67e413e

Add a reference to ref in table's docstring by @AlexErrant in kysely-org/kysely#1315

add FUNDING.md by @igalklebanov in kysely-org/kysely#1317

Update _prerequisites.mdx by @igalklebanov in kysely-org/kysely@bd167d3

fix minor typo in raw-builder/sql by @austin-tildei in kysely-org/kysely#1346

fix(docs): Fixed closing backtick in Migrator JSDoc by @nick-w-nick in kysely-org/kysely#1348

remove X links. by @igalklebanov in kysely-org/kysely@4870549 and kysely-org/kysely@deedd28

add Marvin's (Deno) quote. by @igalklebanov in kysely-org/kysely#1360

Add Oracle dialect to dialects.md by @JosephTuffin in kysely-org/kysely#1371

PostgreSQL 🐘

Add PGlite dialect to dialects.md by @czeidler in kysely-org/kysely#1319

📦 CICD & Tooling

⚠️ Breaking Changes

🐤 New Contributors

... (truncated)

Commits

6bc667a v0.27.6
b7c29fc add Oracle dialect to dialects.md (#1371)
ffc4058 docs: add Marvin's (Deno) quote. (#1360)
deedd28 replace twitter with bluesky in docs footer.
4870549 remove X from README.
0d87f94 refactor: improve sqlite-introspector metadata query (#1349)
a201386 fixed closing backtick (#1348)
9164c66 fix: isAutoIncrementing: true for sqlite integer primary key (#1344)
0711472 fix minor typo in raw-builder/sql (#1346)
660dfb4 fix: resolve edge case with varying shapes in multiple item inserts causing `...
Additional commits viewable in compare view

Updates node-forge from 1.3.1 to 1.4.0

Changelog

Sourced from node-forge's changelog.

1.4.0 - 2026-03-24

Security

HIGH: Denial of Service in BigInteger.modInverse()

A Denial of Service (DoS) vulnerability exists due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU.

Reported by Kr0emer.

CVE ID: CVE-2026-33891

GHSA ID: GHSA-5gfm-wpxj-wjgq

HIGH: Signature forgery in RSA-PKCS due to ASN.1 extra field.

RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing "garbage" bytes within the ASN.1 structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN.1 structure, rather than outside of it.

Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries.

Reported as part of a U.C. Berkeley security research project by:

Austin Chu, Sohee Kim, and Corban Villa.

CVE ID: CVE-2026-33894

GHSA ID: GHSA-ppp5-5v6c-4jwp

HIGH: Signature forgery in Ed25519 due to missing S < L check.

Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (S >= L). A valid signature and its S + L variant both verify in forge, while Node.js crypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed.

Reported as part of a U.C. Berkeley security research project by:

Austin Chu, Sohee Kim, and Corban Villa.

CVE ID: CVE-2026-33895

GHSA ID: GHSA-q67f-28xg-22rw

HIGH: basicConstraints bypass in certificate chain verification.

pki.verifyCertificateChain() does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid.

Reported by Doruk Tan Ozturk (@peaktwilight) - doruk.ch

CVE ID: CVE-2026-33896

GHSA ID: GHSA-2328-f5f3-gj25

... (truncated)

Commits

fa385f9 Release 1.4.0.
07d4e16 Update changelog.
cb90fd9 Update changelog.
963e7c5 Add unit test for "pseudonym"
f0b6f5b Add pseudonym OID
3df48a3 Fix missing CVE ID.
2e49283 Add x509 basicConstraints check.
bdecf11 Add canonical signature scaler check for S < L.
af094e6 Add RSA padding and DigestInfo length checks.
796eeb1 Improve jsbn fix.
Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

fix: exception when glob pattern contains constructor by @Jason3S in micromatch/picomatch#144

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Changelogs are for humans, not machines.

There should be an entry for every single version.

The same types of changes should be grouped.

Versions and sections should be linkable.

The latest version comes first.

The release date of each versions is displayed.

Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

Added for new features.

Changed for changes in existing functionality.

Deprecated for soon-to-be removed features.

Removed for now removed features.

Fixed for any bug fixes.

Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Fix bad text values in parse #126, thanks to @connor4312

Changed

Remove process global to work outside of node #129, thanks to @styfle

Add sideEffects to package.json #128, thanks to @frandiox

Removed os, make compatible browser environment. See #124, thanks to @gwsbhqt

3.0.1

Fixes

... (truncated)

Commits

81cba8d Publish 2.3.2
fc1f6b6 Merge commit from fork
eec17ae Merge commit from fork
78f8ca4 Merge pull request #156 from micromatch/backport-144
3f4f10e Merge pull request #144 from Jason3S/jdent-object-properties
See full diff in compare view

Updates qs from 6.5.3 to 6.5.5

Changelog

Sourced from qs's changelog.

6.5.5

[Fix] fix regressions from robustness refactor

[meta] add npmignore to autogenerate an npmignore file

[actions] update reusable workflows

6.5.4

[Robustness] avoid .push, use void

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] replace runkit CI badge with shields.io check-runs badge

[actions] fix rebase workflow permissions

Commits

3a6d9f8 v6.5.5
48160e7 [actions] update reusable workflows
2fc004a [meta] add npmignore to autogenerate an npmignore file
ddcc5d5 [Fix] fix regressions from robustness refactor
c190488 v6.5.4
40b77c3 [actions] fix rebase workflow permissions
6e39e92 [readme] document that addQueryPrefix does not add ? to empty output
4e393de [readme] replace runkit CI badge with shields.io check-runs badge
dbb0346 [readme] clarify parseArrays and arrayLimit documentation
6b8b4d8 [Robustness] avoid .push, use void
See full diff in compare view

Updates undici from 6.20.1 to 6.26.0

Release notes

Sourced from undici's releases.

v6.26.0

What's Changed

fix: validate EOF for chunked h1 responses by @mcollina in nodejs/undici#5308

Full Changelog: nodejs/undici@v6.25.0...v6.26.0

v6.25.0

What's Changed

Full Changelog: nodejs/undici@v6.24.1...v6.25.0

v6.24.1

Full Changelog: nodejs/undici@v6.24.0...v6.24.1

v6.24.0

Undici v6.24.0 Security Release Notes (LTS)

This release backports fixes for security vulnerabilities affecting the v6 line.

Upgrade guidance

All users on v6 should upgrade to v6.24.0 or later.

Fixed advisories

GHSA-2mjp-6q6p-2qxm / CVE-2026-1525 (Medium)
Inconsistent interpretation of HTTP requests (request/response smuggling class issue).

GHSA-f269-vfmq-vjvj / CVE-2026-1528 (High)
Malicious WebSocket 64-bit frame length handling could crash the client.

GHSA-4992-7rv2-5pvq / CVE-2026-1527 (Medium)
CRLF injection via the upgrade option.

GHSA-v9p9-hfj2-hcw8 / CVE-2026-2229 (High)
Unhandled exception from invalid server_max_window_bits in WebSocket permessage-deflate negotiation.

GHSA-vrm6-8vpv-qv8q / CVE-2026-1526 (High)
Unbounded memory consumption in WebSocket permessage-deflate decompression.

Not applicable to v6

GHSA-phc3-fgpg-7m6h / CVE-2026-2581 affects >= 7.17.0 < 7.24.0 only.

Affected and patched ranges (v6)

CVE-2026-1525: affected < 6.24.0, patched 6.24.0

CVE-2026-1528: affected >= 6.0.0 < 6.24.0, patched 6.24.0

... (truncated)

Commits

768beac Bumped v6.26.0 (#5323)
7917b25 fix: validate EOF for chunked h1 responses (#5308)
3420499 Bumped v6.25.0 (#5029)
d7a1e55 feat: add configurable maxPayloadSize for WebSocket (#4955)
a9d1848 Do not mark v6.x releases as latest
0126586 Ignore local agent configuration files
c0cf656 Bumped v6.24.1
f5a9f0c Fix v6 release workflow branch targeting
af2cb8f wqremove maxDecompressedMessageSize (#4891)
8873c94 Bumped v6.24.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for undici since your current version.

Updates yaml from 1.10.2 to 1.10.3

Commits

cfe8f04 1.10.3
7abcf45 fix: Catch stack overflow during CST composition
a0252f8 chore: Add rules avoiding processing of tests/json-test-suite
a5e83b0 style: Apply updates Prettier rules
b8ddca0 chore: Refresh lockfile
395f892 ci: Use a different (working) submodule checkout
6fd2720 test-events: Add {} and [] indicators to flow maps & sequences
See full diff in compare view

Updates vitest from 2.1.9 to 4.1.8

Release notes

Sourced from vitest's releases.

v4.1.8

   🐞 Bug Fixes

browser:

Disable client cdp API when allowWrite/allowExec: false [backport to v4] - by @hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)

Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4] - by @toxik and @Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

runner: Limit concurrency per task branch in addition to per leaf callbacks (backport) - by @hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

browser: Provide project reference in ToMatchScreenshotResolvePath - by @macarie and @sheremet-va in vitest-dev/vitest#10138 (31882)

Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options - by @hi-ogawa, Codex and @sheremet-va in vitest-dev/vitest#10196 (2847d)

browser: Simplify orchestrator otel carrier - by @hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

Stringify diff objects only once - by @sheremet-va in vitest-dev/vitest#10276 (9f7...
Description has been truncated

…5 updates Bumps the npm_and_yarn group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.15` | | [defu](https://github.com/unjs/defu) | `6.1.4` | `6.1.7` | | [fast-uri](https://github.com/fastify/fast-uri) | `3.0.3` | `3.1.2` | | [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` | | [h3](https://github.com/h3js/h3) | `1.13.0` | `1.15.11` | | [kysely](https://github.com/kysely-org/kysely) | `0.27.4` | `0.27.6` | | [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` | | [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` | | [qs](https://github.com/ljharb/qs) | `6.5.3` | `6.5.5` | | [undici](https://github.com/nodejs/undici) | `6.20.1` | `6.26.0` | | [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` | Bumps the npm_and_yarn group with 3 updates in the /packages/extension directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest), [uuid](https://github.com/uuidjs/uuid) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Bumps the npm_and_yarn group with 1 update in the /packages/hw-wallets directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Bumps the npm_and_yarn group with 1 update in the /packages/keyring directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Bumps the npm_and_yarn group with 1 update in the /packages/name-resolution directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Bumps the npm_and_yarn group with 2 updates in the /packages/request directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) and [uuid](https://github.com/uuidjs/uuid). Bumps the npm_and_yarn group with 1 update in the /packages/signers/bitcoin directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Bumps the npm_and_yarn group with 1 update in the /packages/signers/ethereum directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Bumps the npm_and_yarn group with 1 update in the /packages/signers/kadena directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Bumps the npm_and_yarn group with 1 update in the /packages/signers/polkadot directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Bumps the npm_and_yarn group with 1 update in the /packages/storage directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Bumps the npm_and_yarn group with 2 updates in the /packages/swap directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) and [uuid](https://github.com/uuidjs/uuid). Bumps the npm_and_yarn group with 1 update in the /packages/utils directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Updates `brace-expansion` from 1.1.11 to 1.1.15 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.15) Updates `defu` from 6.1.4 to 6.1.7 - [Release notes](https://github.com/unjs/defu/releases) - [Changelog](https://github.com/unjs/defu/blob/main/CHANGELOG.md) - [Commits](unjs/defu@v6.1.4...v6.1.7) Updates `fast-uri` from 3.0.3 to 3.1.2 - [Release notes](https://github.com/fastify/fast-uri/releases) - [Commits](fastify/fast-uri@v3.0.3...v3.1.2) Updates `flatted` from 3.3.1 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.1...v3.4.2) Updates `follow-redirects` from 1.15.9 to 1.16.0 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.9...v1.16.0) Updates `h3` from 1.13.0 to 1.15.11 - [Release notes](https://github.com/h3js/h3/releases) - [Changelog](https://github.com/h3js/h3/blob/v1.15.11/CHANGELOG.md) - [Commits](h3js/h3@v1.13.0...v1.15.11) Updates `kysely` from 0.27.4 to 0.27.6 - [Release notes](https://github.com/kysely-org/kysely/releases) - [Commits](kysely-org/kysely@0.27.4...0.27.6) Updates `node-forge` from 1.3.1 to 1.4.0 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.4.0) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `qs` from 6.5.3 to 6.5.5 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.3...v6.5.5) Updates `undici` from 6.20.1 to 6.26.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v6.20.1...v6.26.0) Updates `yaml` from 1.10.2 to 1.10.3 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v1.10.2...v1.10.3) Updates `vitest` from 2.1.9 to 4.1.8 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest) Updates `uuid` from 10.0.0 to 14.0.0 - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v10.0.0...v14.0.0) Updates `vite` from 5.4.21 to 8.0.16 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.16/packages/vite) Updates `vitest` from 2.1.9 to 4.1.8 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest) Updates `vitest` from 2.1.9 to 4.1.8 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest) Updates `vitest` from 2.1.9 to 4.1.8 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest) Updates `vitest` from 2.1.9 to 4.1.8 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest) Updates `uuid` from 10.0.0 to 14.0.0 - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v10.0.0...v14.0.0) Updates `vitest` from 2.1.9 to 4.1.8 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest) Updates `vitest` from 2.1.9 to 4.1.8 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest) Updates `vitest` from 2.1.9 to 4.1.8 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest) Updates `vitest` from 2.1.9 to 4.1.8 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest) Updates `vitest` from 2.1.9 to 4.1.8 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest) Updates `vitest` from 2.1.9 to 4.1.8 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest) Updates `uuid` from 10.0.0 to 14.0.0 - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v10.0.0...v14.0.0) Updates `vitest` from 2.1.9 to 4.1.8 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest) --- updated-dependencies: - dependency-name: brace-expansion dependency-version: 1.1.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: defu dependency-version: 6.1.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-uri dependency-version: 3.1.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: h3 dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: kysely dependency-version: 0.27.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.5.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 6.26.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: yaml dependency-version: 1.10.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.8 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: uuid dependency-version: 14.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 8.0.16 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.8 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.8 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.8 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.8 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: uuid dependency-version: 14.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.8 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.8 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.8 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.8 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.8 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.8 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: uuid dependency-version: 14.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.8 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 1, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 13 directories with 15 updates#10

chore(deps): bump the npm_and_yarn group across 13 directories with 15 updates#10
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-450dceb1ef

dependabot Bot commented on behalf of github Jun 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 1, 2026

v1.1.15

v1.1.12

v6.1.7

📦 Build

❤️ Contributors

v6.1.6

📦 Build

v6.1.5

🩹 Fixes

✅ Tests

❤️ Contributors

v6.1.7

🩹 Fixes

📦 Build

❤️ Contributors

v6.1.6

📦 Build

❤️ Contributors

v6.1.5

🩹 Fixes

🏡 Chore

✅ Tests

🤖 CI

v3.1.2

⚠️ Security Release

What's Changed

v3.1.1

⚠️ Security Release

What's Changed

New Contributors

v3.1.0

What's Changed

v1.15.11

🏡 Chore

v1.15.10

🩹 Fixes

❤️ Contributors

v1.15.9

🩹 Fixes

v1.15.8

🩹 Fixes

v1.15.7

🩹 Fixes

💅 Refactors

❤️ Contributors

v1.15.11

🏡 Chore

❤️ Contributors

v1.15.10

🩹 Fixes

🏡 Chore

❤️ Contributors

v1.15.9

🩹 Fixes

🏡 Chore

❤️ Contributors

0.27.6

🚀 Features

🐞 Bugfixes

PostgreSQL 🐘

SQLite 📘

📖 Documentation

PostgreSQL 🐘

📦 CICD & Tooling

⚠️ Breaking Changes

🐤 New Contributors

1.4.0 - 2026-03-24

Security

2.3.2

What's Changed

Release history

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

6.5.5

6.5.4