Merge pull request #914 from logto-io/renovate/npm-vitest-vulnerability

chore(deps): update dependency vitest to v2.1.9 [security]

packages/browser/package.json

@@ -36,13 +36,13 @@
   "devDependencies": {
     "@silverhand/eslint-config": "^6.0.1",
     "@silverhand/ts-config": "^6.0.0",
-    "@vitest/coverage-v8": "^1.6.0",
+    "@vitest/coverage-v8": "^2.1.9",
     "eslint": "^8.57.0",
     "happy-dom": "^16.0.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.6.0"
+    "vitest": "^2.0.0"
   },
   "eslintConfig": {
     "extends": "@silverhand"

packages/capacitor/package.json

@@ -37,13 +37,13 @@
     "@capacitor/preferences": "^6.0.0",
     "@silverhand/eslint-config": "^6.0.1",
     "@silverhand/ts-config": "^6.0.0",
-    "@vitest/coverage-v8": "^1.6.0",
+    "@vitest/coverage-v8": "^2.1.9",
     "eslint": "^8.57.0",
     "happy-dom": "^16.0.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.6.0"
+    "vitest": "^2.0.0"
   },
   "eslintConfig": {
     "extends": "@silverhand"

packages/client/package.json

@@ -41,14 +41,14 @@
     "@silverhand/eslint-config": "^6.0.1",
     "@silverhand/ts-config": "^6.0.0",
     "@types/node": "^22.0.0",
-    "@vitest/coverage-v8": "^1.6.0",
+    "@vitest/coverage-v8": "^2.1.9",
     "eslint": "^8.57.0",
     "happy-dom": "^16.0.0",
     "lint-staged": "^15.0.0",
     "nock": "14.0.0-beta.19",
     "prettier": "^3.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.6.0"
+    "vitest": "^2.0.0"
   },
   "eslintConfig": {
     "extends": "@silverhand"

packages/client/src/mock.ts

@@ -96,9 +96,9 @@ export const idToken = 'id_token_value';
 
 export const currentUnixTimeStamp = Date.now() / 1000;
 
-export const mockFetchOidcConfig: (
-  delay?: number
-) => Mock<unknown[], Promise<OidcConfigResponse>> = (delay = 0) =>
+export const mockFetchOidcConfig: (delay?: number) => Mock<() => Promise<OidcConfigResponse>> = (
+  delay = 0
+) =>
   vi.fn(async () => {
     await new Promise((resolve) => {
       setTimeout(resolve, delay);
@@ -115,7 +115,7 @@ export const mockFetchOidcConfig: (
     };
   });
 
-export const fetchOidcConfig: Mock<unknown[], Promise<OidcConfigResponse>> = mockFetchOidcConfig();
+export const fetchOidcConfig: Mock<() => Promise<OidcConfigResponse>> = mockFetchOidcConfig();
 export const requester = vi.fn();
 export const failingRequester = vi.fn().mockRejectedValue(new Error('Failed request'));
 export const navigate = vi.fn();

packages/express/package.json

@@ -40,7 +40,7 @@
     "@types/express": "^5.0.0",
     "@types/express-session": "^1.17.5",
     "@types/supertest": "^6.0.0",
-    "@vitest/coverage-v8": "^1.6.0",
+    "@vitest/coverage-v8": "^2.1.9",
     "cookie-parser": "^1.4.6",
     "eslint": "^8.57.0",
     "express": "^4.20.0",
@@ -49,7 +49,7 @@
     "prettier": "^3.0.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.6.0"
+    "vitest": "^2.0.0"
   },
   "peerDependencies": {
     "express": ">=4"

packages/express/src/index.test.ts

@@ -22,6 +22,17 @@ const getIdTokenClaims = vi.fn(() => ({
 const signOut = vi.fn();
 const getContext = vi.fn(async () => ({ isAuthenticated: true }));
 
+/**
+ * All the expect function to be called assertions wrapped in the `end` callback
+ * in the following test cases are randomly failing under the vitest --coverage mode.
+ *
+ * So we manually added a delay to wait for the promise to resolve before making the assertions.
+ */
+const delay = async (ms: number) =>
+  new Promise<void>((resolve) => {
+    setTimeout(resolve, ms);
+  });
+
 vi.mock('./storage', () => ({
   default: vi.fn(() => ({
     setItem,
@@ -64,7 +75,8 @@ describe('Express', () => {
         testRouter(handleAuthRoutes(configs))
           .get('/logto/sign-in')
           .expect('Location', signInUrl)
-          .end(() => {
+          .end(async () => {
+            await delay(100);
             expect(signIn).toHaveBeenCalled();
           });
       });
@@ -73,7 +85,8 @@ describe('Express', () => {
         testRouter(handleAuthRoutes({ ...configs, authRoutesPrefix: 'custom' }))
           .get('/logto/sign-in')
           .expect('Location', signInUrl)
-          .end(() => {
+          .end(async () => {
+            await delay(100);
             expect(signIn).toHaveBeenCalled();
           });
       });
@@ -84,7 +97,8 @@ describe('Express', () => {
         testRouter(handleAuthRoutes(configs))
           .get('/logto/sign-up')
           .expect('Location', `${signInUrl}?interactionMode=signUp`)
-          .end(() => {
+          .end(async () => {
+            await delay(100);
             expect(signIn).toHaveBeenCalled();
           });
       });
@@ -95,7 +109,8 @@ describe('Express', () => {
         testRouter(handleAuthRoutes(configs))
           .get('/logto/sign-in-callback')
           .expect('Location', configs.baseUrl)
-          .end(() => {
+          .end(async () => {
+            await delay(100);
             expect(handleSignInCallback).toHaveBeenCalled();
           });
       });
@@ -106,7 +121,8 @@ describe('Express', () => {
         testRouter(handleAuthRoutes(configs))
           .get('/logto/sign-out')
           .expect('Location', configs.baseUrl)
-          .end(() => {
+          .end(async () => {
+            await delay(100);
             expect(signOut).toHaveBeenCalled();
           });
       });

packages/js/package.json

@@ -35,7 +35,7 @@
     "@silverhand/eslint-config": "^6.0.1",
     "@silverhand/ts-config": "^6.0.0",
     "@types/node": "^22.0.0",
-    "@vitest/coverage-v8": "^1.6.0",
+    "@vitest/coverage-v8": "^2.1.9",
     "angular-auth-oidc-client": "^19.0.0",
     "eslint": "^8.57.0",
     "happy-dom": "^16.0.0",
@@ -44,7 +44,7 @@
     "prettier": "^3.0.0",
     "rollup": "^4.22.4",
     "typescript": "^5.3.3",
-    "vitest": "^1.6.0"
+    "vitest": "^2.0.0"
   },
   "eslintConfig": {
     "extends": "@silverhand"

packages/next/package.json

@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "^6.0.0",
     "@silverhand/ts-config-react": "^6.0.0",
     "@types/cookie": "^0.6.0",
-    "@vitest/coverage-v8": "^1.6.0",
+    "@vitest/coverage-v8": "^2.1.9",
     "eslint": "^8.57.0",
     "lint-staged": "^15.0.0",
     "next": "^15.1.2",
@@ -69,7 +69,7 @@
     "react": "19.0.0",
     "react-dom": "19.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.6.0"
+    "vitest": "^2.0.0"
   },
   "peerDependencies": {
     "next": ">=12"

packages/node/package.json

@@ -47,12 +47,12 @@
     "@silverhand/ts-config": "^6.0.0",
     "@types/cookie": "^0.6.0",
     "@types/node": "^22.0.0",
-    "@vitest/coverage-v8": "^1.6.0",
+    "@vitest/coverage-v8": "^2.1.9",
     "eslint": "^8.57.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.6.0"
+    "vitest": "^2.0.0"
   },
   "eslintConfig": {
     "extends": "@silverhand"

packages/react/package.json

@@ -39,7 +39,7 @@
     "@silverhand/ts-config-react": "^6.0.0",
     "@testing-library/react": "^16.0.0",
     "@types/react": "^18.2.56",
-    "@vitest/coverage-v8": "^1.6.0",
+    "@vitest/coverage-v8": "^2.1.9",
     "eslint": "^8.57.0",
     "happy-dom": "^16.0.0",
     "lint-staged": "^15.0.0",
@@ -49,7 +49,7 @@
     "react-dom": "^18.0.2",
     "stylelint": "^16.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.6.0"
+    "vitest": "^2.0.0"
   },
   "peerDependencies": {
     "react": ">=16.8.0"

packages/remix/package.json

@@ -36,12 +36,12 @@
     "@silverhand/eslint-config": "^6.0.1",
     "@silverhand/ts-config": "^6.0.0",
     "@types/node": "^22.0.0",
-    "@vitest/coverage-v8": "^1.6.0",
+    "@vitest/coverage-v8": "^2.1.9",
     "eslint": "^8.57.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.6.0"
+    "vitest": "^2.0.0"
   },
   "peerDependencies": {
     "@remix-run/node": ">=1"

packages/sveltekit/package.json

@@ -38,12 +38,12 @@
     "@swc/core": "^1.6.5",
     "@types/cookie": "^0.6.0",
     "@types/node": "^22.0.0",
-    "@vitest/coverage-v8": "^1.6.0",
+    "@vitest/coverage-v8": "^2.1.9",
     "eslint": "^8.57.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.6.0"
+    "vitest": "^2.0.0"
   },
   "eslintConfig": {
     "extends": "@silverhand"

packages/sveltekit/src/__mocks__/@sveltejs/kit.ts

@@ -1,7 +1,4 @@
 import { type redirect as originalRedirect } from '@sveltejs/kit';
 import { type Mock, vi } from 'vitest';
 
-export const redirect: Mock<
-  Parameters<typeof originalRedirect>,
-  ReturnType<typeof originalRedirect>
-> = vi.fn();
+export const redirect: Mock<typeof originalRedirect> = vi.fn();

packages/vue/package.json

@@ -35,15 +35,15 @@
   "devDependencies": {
     "@silverhand/eslint-config": "^6.0.1",
     "@silverhand/ts-config": "^6.0.0",
-    "@vitest/coverage-v8": "^1.6.0",
+    "@vitest/coverage-v8": "^2.1.9",
     "eslint": "^8.57.0",
     "happy-dom": "^16.0.0",
     "lint-staged": "^15.0.0",
     "postcss": "^8.4.31",
     "prettier": "^3.0.0",
     "stylelint": "^16.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.6.0",
+    "vitest": "^2.0.0",
     "vue": "^3.4.19"
   },
   "peerDependencies": {

packages/vue/src/index.test.ts

@@ -14,7 +14,7 @@ const getAccessToken = vi.fn(() => {
   throw new Error('not authenticated');
 });
 const signIn = vi.fn();
-const injectMock = vi.fn<string[], unknown>((): unknown => {
+const injectMock = vi.fn((key: string): unknown => {
   return undefined;
 });
 vi.mock('vue', async (importOriginal) => {