build(deps-dev): bump @vitest/coverage-v8 from 3.2.4 to 4.0.18 in /peek

[dependabot]

Bumps @vitest/coverage-v8 from 3.2.4 to 4.0.18.

---

The body of this PR is automatically managed by the workflow runtime.

---

The body of this PR is automatically managed by the Update PR Body workflow.

[github-actions]

❌ UI Smoke Test Review — a0632f0

🎭 Smoke Test Results

⚠️ Could not parse smoke test results. Check the workflow run for details.

📸 Screenshot Preflight

⚠️ Could not parse preflight diagnostics. Check the workflow run for details.

💡 Recommendations

• 🔧 Smoke test results were unavailable or invalid — rerun this workflow and verify peek/smoke-results.json is generated.
• 🔧 Investigate console or page errors reported by the screenshot preflight.

---

📎 Full diagnostics and screenshots: workflow run

[github-actions]

[HIGH] Coverage plugin major is incompatible with pinned Vitest major

This bumps @vitest/coverage-v8 to ^4.0.18, but the same file still pins vitest to ^3.2.4 (peek/package.json, line 139). @vitest/coverage-v8@4.0.18 has a peer dependency on vitest@4.0.18, so npm ci now fails with ERESOLVE could not resolve due to the peer conflict.

Concrete failure: running cd peek && npm ci on this PR fails before tests/build can run.

Please keep these majors aligned (either keep coverage on v3.x for now, or upgrade vitest and related Vitest packages to v4 together).

[github-actions]

Dependency Update Analysis

Summary: This PR upgrades @vitest/coverage-v8 from 3.2.4 to 4.0.18 (npm devDependency); it is a major-version jump with a likely compatibility gap because this repo still pins vitest at ^3.2.4.

@vitest/coverage-v8 3.2.4 → 4.0.18

Ecosystem: npm / Node

Check	Result
Breaking changes	⚠️ Found (major bump; Vitest 4 release includes multiple breaking changes)
Testable in PR	✅ Yes (CI runs on pull_request), but ⚠️ coverage path itself is only exercised on push

Changelog highlights (v3.2.4 → v4.0.18)

From upstream Vitest releases:

• v4.0.0 introduces breaking changes (e.g., removed deprecated APIs/options, reporter changes including removal of basic, pool/runtime changes, and coverage-related deprecations removed).
• v4.0.18 is primarily bug fixes/experimental updates on top of v4.

Practical implication for this PR: moving from 3.x to 4.x should be treated as a migration-level change, not a routine patch/minor update.

Usage in this repository

• Declared in peek/package.json:123 as a devDependency.
• Coverage provider is configured in peek/vitest.config.ts:22-24 with provider: "v8".
• Coverage script uses it via peek/package.json:38 (vitest ... --coverage).
• Make target test-unit-coverage runs that script (Makefile:255-257).
• CI workflow:
  • pull_request + push trigger exists (.github/workflows/ci.yml:4-5, :21-22).
  • PR path runs changed-file unit tests (.github/workflows/ci.yml:110-113).
  • Coverage run is only on push (.github/workflows/ci.yml:114-116).

Compatibility signal observed in this PR diff:

• @vitest/coverage-v8@4.0.18 declares peer deps for vitest: 4.0.18 in peek/package-lock.json.
• Repo still declares vitest: ^3.2.4 in peek/package.json:139.

Compatibility assessment

• High-confidence risk: peer-version mismatch (coverage-v8@4 vs vitest@3) is likely incompatible and should be aligned before merge.
• Node runtime compatibility appears acceptable for this repo (CI uses Node 24), but the key blocker is Vitest major alignment.
• Suggested follow-up: update vitest (and any related Vitest packages/config touched by v4 migration notes) in the same PR or keep coverage package on v3.

Labels Applied

• Recommended: needs-human-review (major version bump + likely peer compatibility issue).
• No labels were applied by this run.

---

What is this? | From workflow: Dependency Review

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

[github-actions]

Dependency Update Analysis

Summary: This PR upgrades @vitest/coverage-v8 from 3.2.4 to 4.0.18 (npm/devDependency) and introduces a major-version compatibility risk because the repo is still pinned to vitest ^3.2.4.

Dependency: @vitest/coverage-v8 3.2.4 → 4.0.18

Ecosystem: npm / Node

Check	Result
Breaking changes	⚠️ Found (major bump to v4; Vitest 4 release includes breaking changes)
Testable in PR	⚠️ Partially — package install runs on PR, but coverage execution path is push-only in CI

Changelog highlights (v3.2.4 → v4.0.18)

From Vitest releases:

• v4.0.0 introduces multiple breaking changes (including removal of deprecated APIs/options and other runner/reporter changes).
• v4.0.18 is primarily incremental (bug fixes + one experimental hook), with no new headline breaking changes in that patch release.

Relevant source references:

• https://api.github.com/repos/vitest-dev/vitest/releases/tags/v4.0.0
• https://api.github.com/repos/vitest-dev/vitest/releases/tags/v4.0.18

Usage in this repository

• Dependency declaration updated in:
  • peek/package.json:123
  • peek/package-lock.json:65
• Coverage provider is configured in:
  • peek/vitest.config.ts:37-39 (coverage.provider: "v8")
• Coverage command wiring:
  • peek/package.json:38 (test:coverage → vitest ... --coverage)
  • Makefile:255-257 (test-unit-coverage calls npm run test:coverage)
  • .github/workflows/ci.yml:114-116 runs make test-unit-coverage only on push.

Compatibility assessment

The lockfile shows a direct peer mismatch after this bump:

• @vitest/coverage-v8@4.0.18 peers on vitest: 4.0.18 (peek/package-lock.json:6458-6461)
• Repo still depends on vitest: ^3.2.4 (peek/package-lock.json:81, resolved package at peek/package-lock.json:17288-17290)

So this PR updates only the coverage plugin to Vitest 4 while the core test runner remains on Vitest 3. That is a high-likelihood incompatibility for coverage execution and should be reviewed/validated carefully (ideally by upgrading vitest in lockstep or confirming compatibility matrix from upstream).

Testability note:

• CI is triggered on pull_request for these paths (.github/workflows/ci.yml:3-13), but the coverage run path itself is currently push-only (.github/workflows/ci.yml:114-116), so the exact coverage behavior is not fully exercised in PR checks.

Labels Applied

No labels applied in this run.

---

What is this? | From workflow: Dependency Review

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

[github-actions]

Dependency Update Analysis

Summary: This PR upgrades @vitest/coverage-v8 from 3.2.4 to 4.0.18 (major bump, npm devDependency), and current repo usage indicates high compatibility risk because vitest remains on ^3.2.4 while the new coverage package peers on vitest@4.0.18.

@vitest/coverage-v8 v3.2.4 → v4.0.18

Ecosystem: npm / Node (devDependency)

Check	Result
Breaking changes	⚠️ Found (Vitest 4 major release includes breaking changes)
Testable in PR	⚠️ No — coverage path runs on push only (.github/workflows/ci.yml lines 115-116)

Changelog highlights (v3.2.4 → v4.0.18)

• v4.0.0 release explicitly marks multiple breaking changes (reporter removals/renames, deprecated API removals, config/type removals, Vite 5 support removal, module-runner changes, coverage option deprecations removed).
• v4.0.18 is a patch release with mostly fixes/experimental additions, but it is still on top of the 4.x breaking baseline.
• In this PR diff, @vitest/coverage-v8 now declares peer deps vitest: 4.0.18 and optional @vitest/browser: 4.0.18 (from peek/package-lock.json patch block around node_modules/@vitest/coverage-v8``).

Usage in this repository

• Dependency declaration: peek/package.json:123 ("@vitest/coverage-v8": "^4.0.18").
• Vitest version remains: peek/package.json:139 ("vitest": "^3.2.4").
• Coverage usage: peek/vitest.config.ts:37-39 sets coverage.provider = "v8" and reporters.
• Coverage command: peek/package.json:38 (test:coverage runs vitest ... --coverage).
• CI trigger context:
  • PR path runs make test-unit (.github/workflows/ci.yml:111-112).
  • Coverage run is only on push (.github/workflows/ci.yml:115-116).

Compatibility assessment

• This is a major semver bump for a test tool dependency.
• The updated package peers on Vitest 4, but the repo still pins Vitest 3 (peek/package.json:139), which is a concrete mismatch and may cause install/runtime incompatibility in coverage flows.
• Because PR CI does not execute the coverage path, this specific upgrade is not fully validated before merge.

Recommended follow-up:

1. Upgrade vitest to a compatible 4.x version in the same PR (or pin coverage plugin back to 3.x).
2. Run coverage in PR context at least once for dependency bumps in this area (or add a temporary PR job when peek/package*.json changes).

Labels Applied

No labels applied by this run. Based on policy, this change qualifies for:

• needs-human-review (major bump + breaking changes + peer compatibility concern)
• higher-risk (coverage execution path is push-only, not PR-validated)

---

What is this? | From workflow: Dependency Review

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

[github-actions]

🤖 AI Assistant 🤖

7 Enabled Automations • 0 Disabled Automations

Enabled automations

• Investigate CI Failures
• Run an extra, in-depth, PR Review
• Auto-label pull requests
• Keep the body of the PR updated
• Address review feedback
• Address merge conflicts
• Enable PR Preview deployment

Troubleshooting

This control panel only adds or removes labels on the PR.
It does not directly start workflows.
If you toggle an option, related automation may not run until its next normal trigger event.

• Re-sync control panel from labels

[github-actions]

Dependency Update Analysis

Summary: This PR bumps @vitest/coverage-v8 from 3.2.4 to 4.0.18 (npm/devDependency) and introduces major-version risk plus a current peer-version mismatch with vitest still pinned to ^3.2.4.

@vitest/coverage-v8 3.2.4 → 4.0.18

Ecosystem: npm / Node (devDependency)

Check	Result
Breaking changes	⚠️ Found (major jump crosses Vitest 4.0 breaking changes)
Testable in PR	⚠️ No — coverage execution path runs on push to main, not PR runs

Changelog highlights (v3.2.4 → v4.0.18)

• v4.0.0 includes a large breaking-change set (official release notes): removed deprecated APIs/types/options, removed Vite 5 support, reporter changes, and coverage-related deprecations cleanup.
• v4.0.18 itself is mostly small fixes + one experimental hook (onModuleRunner), but the risk is dominated by the earlier 4.x breaking transition.
• Source: vitest-dev/vitest release notes for v4.0.0, v4.0.18, and prior v3.2.4.

Usage in this repository

• Dependency declaration updated in peek/package.json:123.
• Coverage provider is actively used in peek/vitest.config.ts:37-40 (provider: "v8").
• Coverage command path:
  • peek/package.json:38 → test:coverage = vitest run --config vitest.config.ts --coverage --passWithNoTests
  • Makefile:255-257 (test-unit-coverage runs npm run test:coverage)
  • .github/workflows/ci.yml:114-116 runs make test-unit-coverage only on push.
• PR path skips coverage by design:
  • .github/workflows/ci.yml:110-113 runs make test-unit on PRs
  • Makefile:229-230 explicitly notes coverage thresholds are skipped for incremental PR runs.

Compatibility assessment

• @vitest/coverage-v8@4.0.18 declares peer vitest: 4.0.18 (peek/package-lock.json:6506-6509).
• Repo still declares vitest: ^3.2.4 in peek/package.json:139, and lockfile resolves vitest@3.2.4 (peek/package-lock.json:17336-17339).
• This is a concrete major-version/peer-alignment mismatch in the current PR diff and warrants human review before merge.
• Because PR CI does not exercise coverage mode, this mismatch may evade PR-time validation.

Labels Applied

No labels were applied by this run. Recommended labels based on policy: needs-human-review (major bump + breaking-change surface + peer mismatch) and higher-risk (coverage path not validated in PR context).

---

What is this? | From workflow: Dependency Review

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

[github-actions]

Dependency Update Analysis

Summary: This PR updates one npm devDependency (@vitest/coverage-v8 3.2.4 → 4.0.18), and the update is currently incompatible with the repo because vitest remains on ^3.2.4, causing npm ci to fail with a peer dependency conflict.

@vitest/coverage-v8 3.2.4 → 4.0.18

Ecosystem: npm / Node (devDependency)

Check	Result
Breaking changes	⚠️ Found — this is a major-version bump (3.x → 4.x), and Vitest 4.0 release notes include a breaking-changes section and migration guide.
Testable in PR	✅ Yes — relevant workflows run on pull_request for peek/package*.json changes.

Changelog highlights (v3.2.4 → v4.0.18)

• v4.0.18 itself is mostly fixes/features, but this upgrade crosses the Vitest 4 major boundary.
• vitest v4.0.0 release notes explicitly call out breaking changes and a migration guide, including removal/deprecation cleanup in reporter/coverage-related areas.
• Source checked: vitest-dev/vitest releases for v3.2.4, v4.0.0, and v4.0.18.

Usage in this repository

• Declared in peek/package.json:123 as "@vitest/coverage-v8": "^4.0.18".
• vitest remains "^3.2.4" in peek/package.json:139.
• Coverage provider is used in peek/vitest.config.ts:37-40 (coverage.provider: "v8").
• CI/workflow coverage context:
  • Makefile:255-257 runs coverage via test-unit-coverage (npm run test:coverage).
  • .github/workflows/ci.yml:4-13 includes pull_request trigger for peek/package*.json.
  • .github/workflows/ci.yml:103-116 installs deps with npm ci and runs PR tests.

Compatibility assessment

• The updated package now peers on vitest@4.0.18, while this repo still pins vitest@^3.2.4.
• I verified this directly by running cd peek && npm ci, which fails with ERESOLVE:
  • Could not resolve dependency: peer vitest@"4.0.18" from @vitest/coverage-v8@4.0.18
• Result: this PR is not currently installable as-is; it needs coordinated Vitest major upgrade (or reverting coverage package to the 3.x line).

Labels Applied

• No labels applied in this run.
• Recommended: needs-human-review (major bump + confirmed install-time peer conflict).

---

What is this? | From workflow: Dependency Review

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

[github-actions]

Dependency Update Analysis

Summary: This PR updates @vitest/coverage-v8 from 3.2.4 to 4.0.18 (npm devDependency), but it currently introduces a hard peer-dependency conflict with vitest@^3.2.4, so npm ci fails in CI.

@vitest/coverage-v8: 3.2.4 → 4.0.18

Ecosystem: npm / Node

Check	Result
Breaking changes	⚠️ Found (major bump 3.x → 4.x; Vitest 4 breaking changes are documented)
Testable in PR	✅ Yes — PR CI runs npm ci on pull_request and currently fails with ERESOLVE

Changelog highlights (v3.2.4 → v4.0.18)

• v4.0.0 release includes an explicit Breaking Changes section (e.g., removed deprecated coverage options, removed deprecated APIs, workspace → projects, reporter changes, Node 18 support dropped in the v4 series).
• v4.0.18 itself is mainly bug fixes + one experimental hook; no additional major break announcement in that patch release.

Sources: vitest-dev/vitest releases for tags v4.0.0 and v4.0.18.

Usage in this repository

• Dependency declaration: peek/package.json:123 ("@vitest/coverage-v8": "^4.0.18" in this PR).
• Core test runner is still pinned to Vitest 3: peek/package.json:139 ("vitest": "^3.2.4").
• Coverage execution path:
  • peek/package.json:38 → test:coverage runs vitest ... --coverage
  • Makefile:255-257 → make test-unit-coverage calls npm run test:coverage
  • .github/workflows/ci.yml:114-116 runs make test-unit-coverage on push.
• PR CI installation path:
  • .github/workflows/ci.yml:103-105 runs cd peek && npm ci (including on pull_request).

Compatibility assessment

• The new package requires vitest@4.0.18 as a peer dependency (from lockfile peer metadata), while this repo still depends on vitest@^3.2.4.
• Verified locally in this workflow run: cd peek && npm ci fails with:
  • Could not resolve dependency: peer vitest@"4.0.18" from @vitest/coverage-v8@4.0.18
  • Found: vitest@3.2.4
• This is a blocking compatibility issue until either:
  1. vitest is upgraded to the matching 4.x line (and config/tests validated for Vitest 4 migration), or
  2. @vitest/coverage-v8 is kept on a 3.x version compatible with Vitest 3.

Labels Applied

• Recommended: needs-human-review (major bump + confirmed install-time breakage).
• higher-risk not indicated: this change is exercised in PR context via npm ci on pull_request.

---

What is this? | From workflow: Dependency Review

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

[github-actions]

Dependency Update Analysis

Summary: @vitest/coverage-v8 was bumped from 3.2.4 to 4.0.18 (devDependency, npm ecosystem); this is a major-version update with a current Vitest peer-version mismatch, so risk is moderate-to-high and needs human review.

@vitest/coverage-v8 v3.2.4 → v4.0.18

Ecosystem: npm / Node (devDependency)

Check	Result
Breaking changes	⚠️ Found (Vitest 4 release includes breaking changes; details below)
Testable in PR	⚠️ Partial — PR runs unit tests on pull_request, but coverage path is only executed on push

Changelog highlights (v3.2.4 → v4.0.18)

• v4.0.0 introduces a large breaking-change set (Vitest 4 migration): deprecated APIs removed, default behavior changes, and migration guide required.
• Coverage-related breaking note in v4.0.0: deprecated coverage options were removed in favor of vitest/node exports.
• v4.0.18 itself is mostly bug fixes/experimental additions and does not appear to add major new breakage versus earlier 4.x.
• Source checked: vitest-dev/vitest releases for v4.0.0, v4.0.18, and baseline v3.2.4.

Usage in this repository

Primary usage is via Vitest coverage CLI path:

peek/package.json:38   "test:coverage": "vitest run --config vitest.config.ts --coverage --passWithNoTests"
Makefile:255-257       test-unit-coverage -> npm run test:coverage
.github/workflows/ci.yml:114-116   Unit tests with coverage (full) runs on push only

Related version declarations:

peek/package.json:123  "`@vitest/coverage-v8`": "^4.0.18"
peek/package.json:139  "vitest": "^3.2.4"

@vitest/coverage-v8@4.0.18 declares peer dependency vitest: 4.0.18 (from the lockfile diff), while repo still pins Vitest 3.x.

Compatibility assessment

• Major bump (3.x → 4.x) is inherently higher risk for test tooling.
• Peer dependency mismatch is present now (coverage-v8 expects Vitest 4, repo still has Vitest 3), which is the main compatibility concern and can cause install/runtime issues depending on resolver behavior.
• CI validation gap: PR path runs changed-file unit tests, but the explicit coverage execution path (make test-unit-coverage) is push-only in ci.yml, so the updated coverage provider is not fully exercised before merge.

Recommended follow-up: upgrade vitest to a compatible 4.x version in the same PR (or revert @vitest/coverage-v8), then re-run full unit+coverage checks.

Labels Applied

• No labels applied in this run.
• Recommended: needs-human-review (major bump + peer mismatch) and higher-risk (coverage path validated on push-only workflow step).

---

What is this? | From workflow: Dependency Review

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

[github-actions]

Dependency Update Analysis

Summary: This PR updates one npm devDependency (@vitest/coverage-v8 ^3.2.4 → ^4.0.18); risk is high because it is a major bump and now peers against Vitest 4 while this repo is still on Vitest 3.

@vitest/coverage-v8: v3.2.4 → v4.0.18

Ecosystem: npm / Node (devDependency)

Check	Result
Breaking changes	⚠️ Found — Vitest 4.0 introduces broad breaking changes and migration requirements
Testable in PR	✅ Yes — CI runs on pull_request for peek/package*.json changes

Changelog highlights (v3.2.4 → v4.0.18)

• v4.0.0 release explicitly includes a "🚨 Breaking Changes" section and links to a migration guide.
• Notable Vitest 4 breaks include removal of deprecated APIs/options and runtime/config behavior changes (e.g., deprecated coverage options removed, Vite 5 support removed in Vitest core, reporter changes).
• v4.0.18 itself is mainly bug fixes, but it is still on the Vitest 4 major line.

Usage in this repository

• Dependency declaration changed in peek/package.json (devDependency): line 123.
• Lockfile updated in peek/package-lock.json.
• Coverage is enabled via provider: "v8" in peek/vitest.config.ts lines 37-40.
• PR validation path exists: .github/workflows/ci.yml triggers on pull_request for peek/package*.json and runs lint/build/tests (including unit tests on PRs).

Compatibility assessment

• The updated package now declares peer dependencies vitest: 4.0.18 and @vitest/browser: 4.0.18 (optional) in lockfile metadata.
• This repo still pins vitest to ^3.2.4 in peek/package.json (line 139), and lockfile still resolves node_modules/vitest to 3.2.4.
• That major-version peer mismatch is the key risk: coverage plugin and test runner are on different major lines, which can cause runtime incompatibilities even if install succeeds.
• Recommended remediation: upgrade vitest (and related @vitest/* packages) to the 4.x line in the same PR, then run the existing CI test matrix.

Labels Applied

• Recommended: needs-human-review (major bump + peer-major mismatch with current Vitest 3 usage).
• higher-risk: not recommended, because this change is exercised by pull_request CI.

---

What is this? | From workflow: Dependency Review

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

[strawgate]

/ai please resolve issues with this PR

[strawgate]

/ai please resolve issues with this PR

[github-actions]

TL;DR

CI failed before tests/build because npm ci hit a peer-dependency conflict: vitest coverage-v8 4.0.18 requires vitest 4.0.18, but the PR still pins vitest ^3.2.4. Immediate fix: bump vitest (and any tightly-coupled Vitest packages) to the same major/version line as coverage.

Remediation

• Update peek/package.json to align Vitest packages, at minimum:
  • vitest -> ^4.0.18 (or the exact version line chosen for this PR)
  • keep vitest coverage-v8 on the same compatible line
• Regenerate lockfile (cd peek && npm install locally or refresh via Dependabot/rebased update) so npm ci resolves cleanly.
• Validate by rerunning CI (or locally cd peek && npm ci) and confirm both Unit Tests and Lint & Build pass dependency installation.

Investigation details

Root Cause

Both failing jobs stop at Install dependencies due to an npm ERESOLVE conflict introduced by upgrading only the coverage package to 4.0.18 while vitest remains 3.2.4.

Evidence

• Workflow: CI run 22839328975
• Job/step:
  • Unit Tests -> Install dependencies
  • Lint & Build -> Install dependencies
• Key log excerpt:
  • npm error While resolving: ...coverage-v8@4.0.18
  • npm error Found: vitest@3.2.4
  • npm error Could not resolve dependency: peer vitest@"4.0.18" from ...coverage-v8@4.0.18
• PR file changes confirm mismatch:
  • peek/package.json changed coverage-v8 from ^3.2.4 to ^4.0.18
  • vitest remains ^3.2.4

Validation

• Local tests/commands run: not run (analysis based on workflow job logs and PR diff only).

Follow-up

• If you want to keep vitest@3.x, revert coverage-v8 to the matching 3.2.x line instead.

---

What is this? | From workflow: PR Actions Detective

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

[github-actions]

I attempted to resolve this by merging the latest main into the PR branch, but Git reported unrelated histories; forcing the merge (--allow-unrelated-histories) produced 64 add/add conflicts across many files, so this could not be safely auto-resolved in this workflow.

Please recreate/update the PR branch from current main (or rerun Dependabot against latest main) and then rerun the merge-conflict workflow.

---

What is this? | From workflow: Address Merge Conflict

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

[github-actions]

Dependency Update Analysis

Summary: @vitest/coverage-v8 was bumped from 3.2.4 to 4.0.18 (major). Risk is moderate-to-high because the repo still pins vitest to ^3.2.4, while the new coverage package peers on vitest@4.0.18.

@vitest/coverage-v8: 3.2.4 → 4.0.18

Ecosystem: npm / Node (devDependency)

Check	Result
Breaking changes	⚠️ Found (major v3 → v4)
Testable in PR	⚠️ Limited — PR CI runs unit tests, but coverage path is push-only

Changelog highlights (v3.2.4 → v4.0.18)

• v4.0.0 includes many breaking changes across Vitest (release notes explicitly mark "🚨 Breaking Changes").
• Relevant examples: removal of deprecated coverage options, removal of deprecated APIs/types, reporter changes, runner/pool behavior changes, and module-runner migration.
• v4.0.18 itself is mostly bugfix/experimental polish over v4.0.17.

Sources:

• vitest-dev/vitest release v4.0.0
• vitest-dev/vitest release v4.0.18

Usage in this repository

• Dependency declaration changed in peek/package.json:
  • @vitest/coverage-v8: ^3.2.4 → ^4.0.18 (peek/package.json#L123)
  • vitest remains ^3.2.4 (peek/package.json#L139)
• Coverage is used via Vitest config:
  • coverage.provider: "v8" in peek/vitest.config.ts#L39-L42
• CI execution paths:
  • PRs run make test-unit (.github/workflows/ci.yml#L98-L100)
  • Coverage (make test-unit-coverage) runs on push only (.github/workflows/ci.yml#L102-L104)

Compatibility assessment

• The lockfile diff shows @vitest/coverage-v8@4.0.18 with peer deps vitest: 4.0.18 (and optional @vitest/browser: 4.0.18), while this PR keeps vitest@^3.2.4.
• That version skew is an unsupported pairing upstream and is the primary risk in this PR.
• Because PR CI does not execute coverage mode, this specific integration risk is not fully validated before merge.

Recommendation:

• Prefer updating vitest to ^4.x in the same PR (or pin @vitest/coverage-v8 back to the 3.x line) so core + coverage packages stay aligned.

Labels Applied

No labels applied (no allowed classification label set was provided in this run).

---

What is this? | From workflow: Dependency Review

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

[github-actions]

Requesting changes due to a blocking lockfile consistency issue.

npm ci --legacy-peer-deps fails because package-lock.json is out of sync with package.json for @opentelemetry/sdk-trace-base (lockfile reflects 2.5.1 while the manifest requires ^2.6.0). Please regenerate the lockfile from the current manifest so clean installs succeed.

---

What is this? | From workflow: PR Review

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.