[PR #2042] [MERGED] Bump vitest from 2.1.6 to 2.1.9 in /frontend #3380

New Issue

Closed

opened 2025-11-20 06:04:29 -05:00 by saavagebueno · 0 comments

saavagebueno commented 2025-11-20 06:04:29 -05:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/community-scripts/ProxmoxVE/pull/2042
Author: @dependabot[bot]
Created: 2/5/2025
Status: ✅ Merged
Merged: 2/5/2025
Merged by: @michelroegl-brunner

Base: main ← Head: dependabot/npm_and_yarn/frontend/vitest-2.1.9

---

📝 Commits (1)

• eee5542 Bump vitest from 2.1.6 to 2.1.9 in /frontend

📊 Changes

2 files changed (+190 additions, -240 deletions)

View changed files

📝 frontend/package-lock.json (+189 -239)
📝 frontend/package.json (+1 -1)

📄 Description

Bumps vitest from 2.1.6 to 2.1.9.

Release notes

Sourced from vitest's releases.

v2.1.9

This release includes security patches for:

• Browser mode serves arbitrary files | CVE-2025-24963
• Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964

   🐞 Bug Fixes

• backport vitest-dev/vitest#7317 to v2 - by @​hi-ogawa in vitest-dev/vitest#7318
• (backport #7340 to v2) restrict served files from /__screenshot-error - by @​hi-ogawa in vitest-dev/vitest#7343

    View changes on GitHub

v2.1.8

   🐞 Bug Fixes

• Support Node 21  -  by @​sheremet-va (92f7a)

    View changes on GitHub

v2.1.7

   🐞 Bug Fixes

• Revert support for Vite 6  -  by @​sheremet-va (fbe5c)
  • This introduced some breaking changes (vitest-dev/vitest#6992). We will enable support for it later. In the meantime, you can still use pnpm.overrides or yarn resolutions to override the vite version in the vitest package - the APIs are compatible.

    View changes on GitHub

Commits

• c9e59a0 chore: release v2.1.9
• e0fe1d8 fix: backport #7317 to v2 (#7318)
• d69cc75 bump: 2.1.8
• 92f7a2a fix: support Node 21
• 81ed45b chore: release v2.1.7
• fbe5c39 fix: revert support for Vite 6
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/community-scripts/ProxmoxVE/pull/2042 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 2/5/2025 **Status:** ✅ Merged **Merged:** 2/5/2025 **Merged by:** [@michelroegl-brunner](https://github.com/michelroegl-brunner) **Base:** `main` ← **Head:** `dependabot/npm_and_yarn/frontend/vitest-2.1.9` --- ### 📝 Commits (1) - [`eee5542`](https://github.com/community-scripts/ProxmoxVE/commit/eee5542e25a3b870a531f335e78b6612826e8b44) Bump vitest from 2.1.6 to 2.1.9 in /frontend ### 📊 Changes **2 files changed** (+190 additions, -240 deletions) <details> <summary>View changed files</summary> 📝 `frontend/package-lock.json` (+189 -239) 📝 `frontend/package.json` (+1 -1) </details> ### 📄 Description Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 2.1.6 to 2.1.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitest-dev/vitest/releases">vitest's releases</a>.</em></p> <blockquote> <h2>v2.1.9</h2> <p>This release includes security patches for:</p> <ul> <li><a href="https://github.com/vitest-dev/vitest/security/advisories/GHSA-8gvc-j273-4wm5">Browser mode serves arbitrary files | CVE-2025-24963</a></li> <li><a href="https://github.com/vitest-dev/vitest/security/advisories/GHSA-9crc-q9x8-hgqq">Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964</a></li> </ul> <h3>   🐞 Bug Fixes</h3> <ul> <li>backport <a href="https://redirect.github.com/vitest-dev/vitest/issues/7317">vitest-dev/vitest#7317</a> to v2 - by <a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/pull/7318">vitest-dev/vitest#7318</a></li> <li>(backport <a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/7340">#7340</a> to v2) restrict served files from <code>/__screenshot-error</code> - by <a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/pull/7343">vitest-dev/vitest#7343</a></li> </ul> <h5>    <a href="https://github.com/vitest-dev/vitest/compare/v2.1.8...v2.1.9">View changes on GitHub</a></h5> <h2>v2.1.8</h2> <h3>   🐞 Bug Fixes</h3> <ul> <li>Support Node 21  -  by <a href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> <a href="https://github.com/vitest-dev/vitest/commit/92f7a2ad"><!-- raw HTML omitted -->(92f7a)<!-- raw HTML omitted --></a></li> </ul> <h5>    <a href="https://github.com/vitest-dev/vitest/compare/v2.1.7...v2.1.8">View changes on GitHub</a></h5> <h2>v2.1.7</h2> <h3>   🐞 Bug Fixes</h3> <ul> <li>Revert support for Vite 6  -  by <a href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> <a href="https://github.com/vitest-dev/vitest/commit/fbe5c39d"><!-- raw HTML omitted -->(fbe5c)<!-- raw HTML omitted --></a> <ul> <li>This introduced some breaking changes (<a href="https://redirect.github.com/vitest-dev/vitest/issues/6992">vitest-dev/vitest#6992</a>). We will enable support for it later. In the meantime, you can still use <code>pnpm.overrides</code> or yarn resolutions to override the <code>vite</code> version in the <code>vitest</code> package - the APIs are compatible.</li> </ul> </li> </ul> <h5>    <a href="https://github.com/vitest-dev/vitest/compare/v2.1.6...v2.1.7">View changes on GitHub</a></h5> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitest-dev/vitest/commit/c9e59a089d94642eea29a43f2ee1986a5afb99c6"><code>c9e59a0</code></a> chore: release v2.1.9</li> <li><a href="https://github.com/vitest-dev/vitest/commit/e0fe1d81e2d4bcddb1c6ca3c5c3970d8ba697383"><code>e0fe1d8</code></a> fix: backport <a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/7317">#7317</a> to v2 (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/7318">#7318</a>)</li> <li><a href="https://github.com/vitest-dev/vitest/commit/d69cc75698dd6dbeaed5c237ebb46ccd41bfb438"><code>d69cc75</code></a> bump: 2.1.8</li> <li><a href="https://github.com/vitest-dev/vitest/commit/92f7a2ad18453343bfef1333af4b4c8191f72ec4"><code>92f7a2a</code></a> fix: support Node 21</li> <li><a href="https://github.com/vitest-dev/vitest/commit/81ed45b3a46759ac5b8aaa3a5fad80767316c4ae"><code>81ed45b</code></a> chore: release v2.1.7</li> <li><a href="https://github.com/vitest-dev/vitest/commit/fbe5c39d8891abcd91dc6b03720ee2b6c7678197"><code>fbe5c39</code></a> fix: revert support for Vite 6</li> <li>See full diff in <a href="https://github.com/vitest-dev/vitest/commits/v2.1.9/packages/vitest">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/community-scripts/ProxmoxVE/network/alerts). </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

saavagebueno added the pull-request label 2025-11-20 06:04:29 -05:00

saavagebueno closed this issue 2025-11-20 06:04:29 -05:00

saavagebueno referenced this issue 2025-11-20 06:09:12 -05:00

[PR #3380] [MERGED] [Github Action] Update CHANGELOG.md #4270

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

github-action-update-changelog

pr-update-app-files

add-script-bambuddy-1774853250

MickLesk-patch-1

fix/immich-maintenance-mode-redis-error

fix/npm-unmask-openresty-on-migration

fix/ollama-intel-gpg-error-handling

github-action-archive-changelog

add-script-yourls-1774732133

add-script-matter-server-1774638379

fix/dispatcharr-pg-port

cron_update_lxc

chore/immich-v2.6.3

add-script-geopulse-1774548387

cdn_improvements

add-script-birdnet-1774535320

fix/tools-func-exit-codes

fix/immich-update-db-hostname

update/frigate-0.17.1

fix/use-absolute-path-for-install

fix/pin-npm-version

shell_safe_fixes

remove_booklore

chore/update-url-community-scripts

komodov2

refactor/turnkey-modernize

add-script-nextexplorer-1774344421

add-script-homebrew-1774342032

fix/shell-security-hardening-v2

improve/build-func-performance-cleanup

fix/build-dns-prefix

fix/anytype-mongodb-wait

fix/frigate-cpu-model-path

copilot/fix-installation-failure-isponsorblocktv

fix/reactive-resume-add-git

copilot/scanopy-fix-apt-configuration-error

add-script-isponsorblocktv-1774009652

add-script-alpine-wakapi-1774008954

fix/coder-code-server-existing-config-and-reachability

add-script-teleport-1773928044

CrazyWolf13-patch-wealthfolio-1

refactor/tools-func-qol

fix/stirling-pdf-jdk-reinstall

fix/pinned-version-wording

MickLesk-patch-10

fix/reactive-resume-v5013

fix/tracearr-update-version-oom

copilot/fix-hdd-space-for-owncast

tremor021-patch-6

pocketbase_bot

disp_fix

fix/tdarr-binary-check-curl-retry

MickLesk-patch-9

refactor/podman-quadlets

alpine-ntfy

refactor/jellyfin

CrazyWolf13-patch-11

feature/autousermod_hwaccell

add-script-split-pro-1773677692

fix/frigate-openvino-fallback

fix/paperless-ngx-default-ram

fix/plex-restart-after-update

fix/gluetun-openvpn-env

MickLesk-patch-8

termix_add_guacd

MickLesk-patch-7

fix/tududi-nodejs-in-update

fix/sparkyfitness-npm-peer-deps

docs/website-metadata-workflow

fix-pbs_microcode

remove_jsons

michelroegl-brunner-patch-4

add-script-test-1773325265

cleanup_workflows

feat/remove-frontend

automated/update-github-versions

feat/mode-generated

fix/n8n-build-essential

fix/sparkyfitness-shared-deps

fix/rocm-path-escaping

fix/storage-validation-cross-node

fix/frigate-nvidia-version-regex

arm64-build-support

readme

michelroegl-brunner-patch-3

fix/coder-code-server-backup

copilot/fix-immich-update-dependency-issue

rust

fix/linkwarden-update-playwright

fix/powerdns-sqlite-permissions

fix/duplicate-nameserver-searchdomain

CrazyWolf13-patch-7

feat/ollama-rocm-support

fix/seerr-migration-update-script

preflight_tests

adgu_fix

2026-03-30

2026-03-29

2026-03-28

2026-03-27

2026-03-26

2026-03-25

2026-03-24

2026-03-23

2026-03-22

2026-03-21

2026-03-20

2026-03-19

2026-03-18

2026-03-17

2026-03-16

2026-03-15

2026-03-14

2026-03-13

2026-03-12

2026-03-11

2026-03-10

2026-03-09

2026-03-08

2026-03-07

2026-03-06

2026-03-05

2026-03-04

2026-03-03

2026-03-02

2026-03-01

2026-02-28

2026-02-27

2026-02-26

2026-02-25

2026-02-24

2026-02-23

2026-02-22

2026-02-21

2026-02-20

2026-02-19

2026-02-18

2026-02-17

2026-02-16

2026-02-15

2026-02-14

2026-02-13

2026-02-12

2026-02-11

2026-02-10

2026-02-09

2026-02-08

2026-02-07

2026-02-06

2026-02-05

2026-02-04

2026-02-03

2026-02-02

2026-02-01

2026-01-31

2026-01-30

2026-01-29

2026-01-28

2026-01-27

2026-01-26

2026-01-25

2026-01-24

2026-01-23

2026-01-22

2026-01-21

2026-01-20

2026-01-19

2026-01-18

2026-01-17

2026-01-16

2026-01-15

2026-01-14

2026-01-13

2026-01-12

2026-01-11

2026-01-10

2026-01-09

2026-01-08

2026-01-07

2026-01-06

2026-01-05

2026-01-04

2026-01-03

2026-01-02

2026-01-01

2025-12-31

2025-12-30

2025-12-29

2025-12-28

2025-12-27

2025-12-26

2025-12-25

2025-12-24

2025-12-23

2025-12-22

2025-12-21

2025-12-20

2025-12-19

2025-12-18

2025-12-17

2025-12-16

2025-12-15

2025-12-14

2025-12-13

2025-12-12

2025-12-11

2025-12-10

2025-12-09

2025-12-08

2025-12-07

2025-12-06

2025-12-05

2025-12-04

2025-12-03

2025-12-02

2025-12-01

2025-11-30

2025-11-29

2025-11-28

2025-11-27

2025-11-26

2025-11-25

2025-11-24

2025-11-23

2025-11-22

2025-11-21

2025-11-20

2025-11-19

2025-11-18

2025-11-17

2025-11-16

2025-11-15

2025-11-14

2025-11-13

2025-11-12

2025-11-11

2025-11-10

2025-11-09

2025-11-08

2025-11-07

2025-11-06

2025-11-05

2025-11-04

2025-11-03

2025-11-02

2025-11-01

2025-10-31

2025-10-30

2025-10-29

2025-10-28

2025-10-27

2025-10-26

2025-10-25

2025-10-24

2025-10-23

2025-10-22

2025-10-21

2025-10-20

2025-10-19

2025-10-18

2025-10-17

2025-10-16

2025-10-15

2025-10-14

2025-10-13

2025-10-12

2025-10-11

2025-10-10

2025-10-09

2025-10-08

2025-10-07

2025-10-06

2025-10-05

2025-10-04

2025-10-03

2025-10-02

2025-10-01

2025-09-30

2025-09-29

2025-09-28

2025-09-27

2025-09-26

2025-09-25

2025-09-24

2025-09-23

2025-09-22

2025-09-21

2025-09-20

2025-09-19

2025-09-18

2025-09-17

2025-09-16

2025-09-15

2025-09-14

2025-09-13

2025-09-12

2025-09-11

2025-09-10

2025-09-09

2025-09-08

2025-09-07

2025-09-06

2025-09-05

2025-09-04

2025-09-03

2025-09-02

2025-09-01

2025-08-31

2025-08-30

2025-08-29

2025-08-28

2025-08-27

2025-08-26

2025-08-25

2025-08-24

2025-08-23

2025-08-22

2025-08-21

2025-08-20

2025-08-19

2025-08-18

2025-08-17

2025-08-16

2025-08-15

2025-08-14

2025-08-13

2025-08-12

2025-08-11

2025-08-10

2025-08-09

2025-08-08

2025-08-07

2025-08-06

2025-08-05

2025-08-04

2025-08-03

2025-08-02

2025-08-01

2025-07-31

2025-07-30

2025-07-29

2025-07-28

2025-07-27

2025-07-26

2025-07-25

2025-07-24

2025-07-23

2025-07-22

2025-07-21

2025-07-20

2025-07-19

2025-07-18

2025-07-17

2025-07-16

2025-07-15

2025-07-14

2025-07-11

2025-07-10

2025-07-09

2025-07-08

2025-07-07

2025-07-06

2025-07-05

2025-07-04

2025-07-03

2025-07-02

2025-07-01

2025-06-30

2025-06-29

2025-06-28

2025-06-27

2025-06-26

2025-06-25

2025-06-24

2025-06-23

2025-06-22

2025-06-21

2025-06-20

2025-06-19

2025-06-18

2025-06-17

2025-06-16

2025-06-15

2025-06-14

2025-06-13

2025-06-12

2025-06-11

2025-06-10

2025-06-09

2025-06-08

2025-06-07

2025-06-06

2025-06-05

2025-06-04

2025-06-03

2025-06-02

2025-06-01

2025-05-31

2025-05-30

2025-05-29

2025-05-28

2025-05-27

2025-05-26

2025-05-25

2025-05-24

2025-05-23

2025-05-22

2025-05-21

2025-05-20

2025-05-19

2025-05-18

2025-05-17

2025-05-16

2025-05-15

2025-05-14

2025-05-13

2025-05-12

2025-05-11

2025-05-10

2025-05-09

2025-05-08

2025-05-07

2025-05-06

2025-05-05

2025-05-04

2025-05-03

2025-05-02

2025-05-01

2025-04-30

2025-04-29

2025-04-28

2025-04-27

2025-04-26

2025-04-25

2025-04-24

2025-04-23

2025-04-22

2025-04-20

2025-04-21

2025-04-19

2025-04-18

2025-04-17

2025-04-15

2025-04-16

2025-04-14

2025-04-13

2025-04-12

2025-04-11

2025-04-10

2025-04-09

2025-04-08

2025-04-07

2025-04-06

2025-04-05

2025-04-04

2025-04-03

2025-04-02

2025-04-01

2025-03-31

2025-03-30

2025-03-29

2025-03-28

2025-03-27

2025-03-26

2025-03-25

2025-03-24

2025-03-23

2025-03-22

2025-03-21

2025-03-20

2025-03-19

2025-03-18

2025-03-17

2025-03-16

2025-03-15

2025-03-14

2025-03-13

2025-03-12

2025-03-11

2025-03-10

2025-03-09

2025-03-08

2025-03-07

2025-03-06

2025-03-05

2025-03-04

2025-03-03

2025-03-02

2025-03-01

2025-02-28

2025-02-27

2025-02-26

2025-02-25

2025-02-24

2025-02-23

2025-02-21

2025-02-20

2025-02-19

2025-02-18

2025-02-17

2025-02-16

2025-02-15

2025-02-14

2025-02-13

2025-02-12

2025-02-11

2025-02-10

2025-02-09

2025-02-08

2025-02-07

2025-02-06

2025-02-05

2025-02-04

2025-02-03

2025-02-02

2025-02-01

2025-01-31

2025-01-30

2025-01-29

2025-01-28

2025-01-27

2025-01-26

2025-01-24

2025-01-23

2025-01-22

2025-01-21

2025-01-20

2025-01-19

2025-01-18

2025-01-17

2025-01-16

2025-01-15

2025-01-14

2025-01-13

2025-01-11

2025-01-10

2025-01-09

2025-01-08

2025-01-07

2025-01-06

2025-01-05

2025-01-04

2025-01-03

2025-01-02

2025-01-01

2024-12-31

2024-12-30

2024-12-29

2024-12-28

2024-12-27

2024-12-26

2024-12-25

2024-12-23

2024-12-21

2024-12-20

2024-12-19

2024-12-18

2024-12-17

2024-12-16

2024-12-13

2024-12-12

2024-12-09

2024-12-08

2024-12-07

2024-12-06

2024-12-05

2024-12-04

2024-12-03

2024-12-02

2024-11-30

2024-11-29

2024-11-28

2024-11-27

2024-11-26

2024-11-25

2024-11-24

2024-11-23

Labels

Clear labels

🛑 Failure to comply with the guidelines

breaking change

bug

bug

bugfix

deferred

delete script

dependencies

enhancement

external

feature

github

help wanted

Implemented in VED waiting push to Main

in project pipeline

invalid

investigation

json

maintenance

new script

new script

nice to have

not a script issue

not planned

organization

pull-request

Mirrored from GitHub Pull Request

question

refactor

rename script

security

update script

website

wontdo

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

saavagebueno

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SVI/ProxmoxVE#3380