chore: bump the testing group across 1 directory with 2 updates

[dependabot]

Bumps the testing group with 2 updates in the / directory: @playwright/test and vitest.

Updates @playwright/test from 1.58.2 to 1.59.1

Release notes

Sourced from @​playwright/test's releases.

v1.59.1

Bug Fixes

• [Windows] Reverted hiding console window when spawning browser processes, which caused regressions including broken codegen, --ui and show commands (#39990)

v1.59.0

🎬 Screencast

New page.screencast API provides a unified interface for capturing page content with:

• Screencast recordings
• Action annotations
• Visual overlays
• Real-time frame capture
• Agentic video receipts

Screencast recording — record video with precise start/stop control, as an alternative to the recordVideo option:

await page.screencast.start({ path: 'video.webm' });
// ... perform actions ...
await page.screencast.stop();

Action annotations — enable built-in visual annotations that highlight interacted elements and display action titles during recording:

await page.screencast.showActions({ position: 'top-right' });

screencast.showActions() accepts position ('top-left', 'top', 'top-right', 'bottom-left', 'bottom', 'bottom-right'), duration (ms per annotation), and fontSize (px). Returns a disposable to stop showing actions.

Action annotations can also be enabled in test fixtures via the video option:

// playwright.config.ts
export default defineConfig({
  use: {
    video: {
      mode: 'on',
      show: {
        actions: { position: 'top-left' },
        test: { position: 'top-right' },
      },
</tr></table> 

... (truncated)

Commits

• d466ac5 chore: mark v1.59.1 (#40005)
• 530e7e5 cherry-pick(#4004): fix(cli): kill-all should kill dashboard
• 9aa216c cherry-pick(#39994): Revert "fix(windows): hide console window when spawning ...
• 01b2b15 cherry-pick(#39980): chore: more release notes fixes
• a5cb6c9 cherry-pick(#39972): chore: expose browser.bind and browser.unbind APIs
• 99a17b5 cherry-pick(#39975): chore: support opening .trace files via .link indirection
• 43607c3 cherry-pick(#39974): chore(webkit): update Safari user-agent version to 26.4
• 62cabe1 cherry-pick(#39969): chore(npm): include all *.md from lib (#39970)
• 0c65a75 cherry-pick(#39968): chore: screencast.showActions api
• f04155b cherry-pick(#39958): chore: release notes for langs v1.59
• Additional commits viewable in compare view

Updates vitest from 4.1.2 to 4.1.4

Release notes

Sourced from vitest's releases.

v4.1.4

   🚀 Experimental Features

• coverage:
  • Default to text reporter skipFull if agent detected  -  by @​hi-ogawa in vitest-dev/vitest#10018 (53757)
• experimental:
  • Expose assertion as a public field  -  by @​sheremet-va in vitest-dev/vitest#10095 (a120e)
  • Support aria snapshot  -  by @​hi-ogawa, Claude Opus 4.6 (1M context), @​AriPerkkio, Codex and @​sheremet-va in vitest-dev/vitest#9668 (d4fbb)
• reporter:
  • Add filterMeta option to json reporter  -  by @​nami8824 and @​sheremet-va in vitest-dev/vitest#10078 (b77de)

   🐞 Bug Fixes

• Use "black" foreground for labeled terminal message to ensure contrast  -  by @​hi-ogawa in vitest-dev/vitest#10076 (203f0)
• Make expect(..., message) consistent as error message prefix  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10068 (a1b5f)
• Do not hoist imports whose names match class properties .  -  by @​SunsetFi in vitest-dev/vitest#10093 and vitest-dev/vitest#10094 (0fc4b)
• browser: Spread user server options into browser Vite server in project  -  by @​GoldStrikeArch in vitest-dev/vitest#10049 (65c9d)

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

• Add experimental.preParse flag  -  by @​sheremet-va in vitest-dev/vitest#10070 (78273)
• Support browser.locators.exact option  -  by @​sheremet-va in vitest-dev/vitest#10013 (48799)
• Add TestAttachment.bodyEncoding  -  by @​hi-ogawa in vitest-dev/vitest#9969 (89ca0)
• Support custom snapshot matcher  -  by @​hi-ogawa, Claude Sonnet 4.6 and Codex in vitest-dev/vitest#9973 (59b0e)

   🐞 Bug Fixes

• Advance fake timers with expect.poll interval  -  by @​hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#10022 (3f5bf)
• Add @vitest/coverage-v8 and @vitest/coverage-istanbul as optional dependency  -  by @​alan-agius4 in vitest-dev/vitest#10025 (146d4)
• Fix defineHelper for webkit async stack trace + update playwright 1.59.0  -  by @​hi-ogawa in vitest-dev/vitest#10036 (5a5fa)
• Fix suite hook throwing errors for unused auto test-scoped fixture  -  by @​hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#10035 (39865)
• expect:
  • Remove JestExtendError.context from verbose error reporting  -  by @​hi-ogawa in vitest-dev/vitest#9983 (66751)
  • Don't leak "runner" types  -  by @​sheremet-va in vitest-dev/vitest#10004 (ec204)
• snapshot:
  • Fix flagging obsolete snapshots for snapshot properties mismatch  -  by @​hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#9986 (6b869)
  • Export custom snapshot matcher helper from vitest  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10042 (691d3)
• ui:
  • Don't leak vite types  -  by @​sheremet-va in vitest-dev/vitest#10005 (fdff1)
• vm:
  • Fix external module resolve error with deps optimizer query  -  by @​hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#10024 (9dbf4)

    View changes on GitHub

Commits

• ac04bac chore: release v4.1.4
• 82c858d chore: Remove no-op function in plugin config logic (#8501)
• d4fbb5c feat(experimental): support aria snapshot (#9668)
• b77de96 feat(reporter): add filterMeta option to json reporter (#10078)
• a120e3a feat(experimental): expose assertion as a public field (#10095)
• 5375780 feat(coverage): default to text reporter skipFull if agent detected (#10018)
• a1b5f0f fix: make expect(..., message) consistent as error message prefix (#10068)
• 203f07a fix: use "black" foreground for labeled terminal message to ensure contrast (...
• 2dc0d62 chore: release v4.1.3
• 7827363 feat: add experimental.preParse flag (#10070)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 28c9f44.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@playwright/test	1.59.1	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 GitHub code reviews found for 29 commits out of the last 30 -- score normalized to 9 CII-Best-Practices ⚠️ 0 no badge detected Vulnerabilities 🟢 10 no vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 no published package detected Token-Permissions ⚠️ 0 non read-only tokens detected in GitHub workflows Binary-Artifacts 🟢 6 binaries present in source code Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches
npm/@vitest/expect	4.1.4	Unknown	Unknown
npm/@vitest/mocker	4.1.4	Unknown	Unknown
npm/@vitest/pretty-format	4.1.4	Unknown	Unknown
npm/@vitest/runner	4.1.4	Unknown	Unknown
npm/@vitest/snapshot	4.1.4	Unknown	Unknown
npm/@vitest/spy	4.1.4	Unknown	Unknown
npm/@vitest/utils	4.1.4	Unknown	Unknown
npm/playwright	1.59.1	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 GitHub code reviews found for 29 commits out of the last 30 -- score normalized to 9 CII-Best-Practices ⚠️ 0 no badge detected Vulnerabilities 🟢 10 no vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 no published package detected Token-Permissions ⚠️ 0 non read-only tokens detected in GitHub workflows Binary-Artifacts 🟢 6 binaries present in source code Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches
npm/playwright-core	1.59.1	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 GitHub code reviews found for 29 commits out of the last 30 -- score normalized to 9 CII-Best-Practices ⚠️ 0 no badge detected Vulnerabilities 🟢 10 no vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 no published package detected Token-Permissions ⚠️ 0 non read-only tokens detected in GitHub workflows Binary-Artifacts 🟢 6 binaries present in source code Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches
npm/tinyexec	1.1.1	Unknown	Unknown
npm/tinyglobby	0.2.16	Unknown	Unknown
npm/vitest	4.1.4	Unknown	Unknown

Scanned Files

• pnpm-lock.yaml