deps: bump the minor-updates group across 1 directory with 9 updates

[dependabot]

Bumps the minor-updates group with 8 updates in the / directory:

Package	From	To
@anthropic-ai/sdk	0.74.0	0.95.2
@github/copilot-sdk	0.2.0	0.3.0
dotenv	17.2.4	17.4.2
onnxruntime-node	1.24.3	1.26.0
openai	6.18.0	6.37.0
yaml	2.8.3	2.9.0
@types/node	25.2.1	25.7.0
@vitest/coverage-v8	4.0.18	4.1.6

Updates @anthropic-ai/sdk from 0.74.0 to 0.95.2

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.95.2

0.95.2 (2026-05-11)

Full Changelog: sdk-v0.95.1...sdk-v0.95.2

sdk: v0.95.1

0.95.1 (2026-05-07)

Full Changelog: sdk-v0.95.0...sdk-v0.95.1

Chores

• redact api-key headers in debug logs (fad8fee)

sdk: v0.95.0

0.95.0 (2026-05-06)

Full Changelog: sdk-v0.94.0...sdk-v0.95.0

Features

• api: add support for Managed Agents multiagents and outcomes, webhooks, vault validation (e0c0e9b)

Bug Fixes

• api: Adjust webhook configuration (deed3f6)

sdk: v0.94.0

0.94.0 (2026-05-05)

Full Changelog: sdk-v0.93.0...sdk-v0.94.0

Features

• client: allow targeting a workspace for OIDC federation token exchange (bde6620)

sdk: v0.93.0

0.93.0 (2026-05-04)

Full Changelog: sdk-v0.92.0...sdk-v0.93.0

Features

• client: add Workload Identity Federation, interactive OAuth, and auth profiles (d5d6abd)

sdk: v0.92.0

0.92.0 (2026-04-30)

Full Changelog: sdk-v0.91.1...sdk-v0.92.0

... (truncated)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.95.2 (2026-05-11)

Full Changelog: sdk-v0.95.1...sdk-v0.95.2

0.95.1 (2026-05-07)

Full Changelog: sdk-v0.95.0...sdk-v0.95.1

Chores

• redact api-key headers in debug logs (fad8fee)

0.95.0 (2026-05-06)

Full Changelog: sdk-v0.94.0...sdk-v0.95.0

Features

• api: add support for Managed Agents multiagents and outcomes, webhooks, vault validation (e0c0e9b)

Bug Fixes

• api: Adjust webhook configuration (deed3f6)

0.94.0 (2026-05-05)

Full Changelog: sdk-v0.93.0...sdk-v0.94.0

Features

• client: allow targeting a workspace for OIDC federation token exchange (bde6620)

0.93.0 (2026-05-04)

Full Changelog: sdk-v0.92.0...sdk-v0.93.0

Features

• client: add Workload Identity Federation, interactive OAuth, and auth profiles (d5d6abd)

0.92.0 (2026-04-30)

Full Changelog: sdk-v0.91.1...sdk-v0.92.0

Features

• api: improve Managed Agents APIs (ca1bf4a)
• support setting headers via env (32f67d4)

... (truncated)

Commits

• e3bcdd4 chore: release main
• 08943f1 feat(aws): Add AWS client for Claude Platform on AWS
• 7834ceb ci(release-please): exclude subpackages from root changelog (#991)
• e6f4239 chore: release main
• 6f06905 chore: redact api-key headers in debug logs
• 7693ec9 chore: release main (#1030)
• 9ddb1ad chore: release main
• 6d73820 feat(client): allow targeting a workspace for OIDC federation token exchange
• d6f562c chore: release main (#1025)
• d3aff28 chore: release main (#1017)
• Additional commits viewable in compare view

Updates @github/copilot-sdk from 0.2.0 to 0.3.0

Release notes

Sourced from @​github/copilot-sdk's releases.

v0.3.0

This release adds new capabilities — per-session authentication, scoped permissions, agent-level tool and skill control, MCP interop utilities, and more — alongside a broad naming cleanup across all four SDK languages. As we close in on a GA release, we've done a deep clean on our naming to bring it closer to the final state, reducing the amount of churn you should expect in subsequent releases. The result is a more consistent, more readable API surface across the board.

---

New features

Per-session GitHub authentication

Sessions can now carry their own GitHub identity. Different sessions on the same CLI server can have different GitHub users, Copilot plans, and quota limits.

const session = await client.createSession({
    onPermissionRequest: approveAll,
    gitHubToken: userAToken, // Session-level identity
});

This is independent of the client-level gitHubToken (which authenticates the CLI process itself, and is not required if all sessions bring their own auth). The session-level token determines the identity used for content exclusion, model routing, and quota checks.

Per-agent tool visibility

A new defaultAgent.excludedTools option lets you hide tools from the default agent while keeping them available to custom sub-agents, enabling the orchestrator pattern where the default agent delegates to specialized sub-agents. (#1098)

Per-agent skills

Custom agents can now declare skills: string[] to eagerly inject specific skills into their context at startup. Skills are opt-in — agents receive no skills by default, and sub-agents do not inherit skills from the parent. (#995)

Sub-agent streaming content

When streaming is enabled, assistant.message_delta and assistant.reasoning_delta events are now also delivered for sub-agents. Each event carries an agentId field identifying which sub-agent produced it (absent for the root agent). If your application renders all streaming deltas to the UI, you'll want to filter by agentId (or for pure back-compat, set includeSubAgentStreamingEvents: false on SessionConfig to get the old behavior of only streaming main-agent content updates). (#1108)

Session idle timeout

A new sessionIdleTimeoutSeconds client option configures automatic session cleanup after inactivity. When set, sessions without activity for the specified duration are cleaned up. Disabled by default (sessions live indefinitely). Previously, sessions would always time out after 30 minutes of idleness - this change fixes that. (#1093)

Custom HTTP headers for BYOK model providers

Provider headers and per-message requestHeaders can now be passed through createSession, resumeSession, and send, enabling custom header forwarding to bring-your-own-key model providers. (#1094)

MCP CallToolResult conversion

A new convertMcpCallToolResult() utility function converts MCP CallToolResult objects (with content arrays of text, image, and resource blocks) into the SDK's ToolResultObject format. This makes it easy to use MCP tool servers as backends for SDK tool handlers. (#1049)

ProviderConfig exported

ProviderConfig is now re-exported from the Node.js and Python SDK entry points, so consumers no longer need to duplicate the type locally when configuring Responses API providers. (#1048)

New RPC methods

... (truncated)

Changelog

Sourced from @​github/copilot-sdk's changelog.

Changelog

All notable changes to the Copilot SDK are documented in this file.

This changelog is automatically generated by an AI agent when stable releases are published. See GitHub Releases for the full list.

v0.2.2 (2026-04-10)

Feature: enableConfigDiscovery for automatic MCP and skill config loading

Set enableConfigDiscovery: true when creating a session to let the runtime automatically discover MCP server configurations (.mcp.json, .vscode/mcp.json) and skill directories from the working directory. Discovered settings are merged with any explicitly provided values; explicit values take precedence on name collision. (#1044)

const session = await client.createSession({
  enableConfigDiscovery: true,
});

var session = await client.CreateSessionAsync(new SessionConfig {
    EnableConfigDiscovery = true,
});

• Python: await client.create_session(enable_config_discovery=True)
• Go: client.CreateSession(ctx, &copilot.SessionConfig{EnableConfigDiscovery: ptr(true)})

v0.2.1 (2026-04-03)

Feature: commands and UI elicitation across all four SDKs

Register slash commands that CLI users can invoke and drive interactive input dialogs from any SDK language. This feature was previously Node.js-only; it now ships in Python, Go, and .NET as well. (#906, #908, #960)

const session = await client.createSession({
  onPermissionRequest: approveAll,
  commands: [{
    name: "summarize",
    description: "Summarize the conversation",
    handler: async (context) => { /* ... */ },
  }],
  onElicitationRequest: async (context) => {
    if (context.type === "confirm") return { action: "confirm" };
  },
});
// Drive dialogs from the session
const confirmed = await session.ui.confirm({ message: "Proceed?" });
const choice = await session.ui.select({ message: "Pick one", options: ["A", "B"] });
</tr></table>

... (truncated)

Commits

• dd2dcbc Per-session GitHub authentication for all SDK languages, plus update runtime ...
• b4ef955 Add configurable session idle timeout option (#1093)
• a3e273c SessionFs structured error contract and codegen changes
• b1b0df5 feat: add per-agent tool visibility via defaultAgent.excludedTools (#1098)
• 922959f Expose IncludeSubAgentStreamingEvents in all four SDKs (#1108)
• fd0495c Update @​github/copilot to 1.0.32 (#1107)
• cf5694c Update @​github/copilot to 1.0.32-1 (#1105)
• 48e244d Clean up redundant Python codegen lambdas (#1104)
• dbcea81 Add deprecated schema support to all four code generators (#1099)
• 883cc02 Update @​github/copilot to 1.0.30 (#1096)
• Additional commits viewable in compare view

Updates dotenv from 17.2.4 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

• Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

• Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

• Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

• Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

• Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

• Add a new README section on dotenv’s approach to the agentic future.

Changed

• Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

Commits

• f116f70 17.4.2
• 3a81612 fix visual order of faq
• 13f55a8 Merge branch 'skill'
• 4bbbf73 reorganize faq
• c3da64b Merge pull request #1009 from motdotla/skill
• 6f743b1 update source
• fc2c624 update skill
• 972315b Tighten up skill
• 2795fce reorganize faq
• d5495d4 adjust skill
• Additional commits viewable in compare view

Updates onnxruntime-node from 1.24.3 to 1.26.0

Release notes

Sourced from onnxruntime-node's releases.

1.26.0

n.b. The following was generated via LLM from Git history. Only the contributor list has been verified.

ONNX Runtime Release 1.26.0

Announcement - Breaking Changes

• Support for CUDA 12 will be removed in 1.27.0.
  • CUDA 13 will continue to be published as onnxruntime-<os>-<arch>-gpu_cuda13-<version>.<ext>
• CUDA runtime will be moving soon to a dedicated Execution Provider (EP) instead of a published package from ORT core.

Highlights

• Added optional memory mapping for .ort model loads (#28164).
• Added RISC-V Vector (RVV) support for CPU EP (#28261).
• OpenVINO EP upgraded for 1.26.0 development release (#28297).
• WebGPU gained GridSample support (#28264) and Split-K improvements (#28151).
• CUDA plugin EP gained graph support (#28002), profiling API (#28216).

Security and Reliability Hardening

• Replaced unrestricted Python setattr configuration with an allowlist (#28083).
• Hardened multiple OOB and overflow scenarios across ML and core ops:
  • Attention mask index OOB write (#27789).
  • MaxPoolGrad indices bounds validation (#27903).
  • SVM and TreeEnsemble bounds/security fixes (#27950, #27951, #27952, #27989).
  • RNN sequence_lens OOB read and integer overflow handling (#28052, #28003).
  • GroupQueryAttention seqlens_k bounds validation and compatibility follow-up (#28031, #28259).
  • MatMulBnb4 and ML coefficient SafeInt checks (#27995, #28001).
  • CUDA Gather int32 overflow fix (#28108).
  • GridSample float->int64 cast hardening for NaN/Inf/out-of-range coords (#28302).
• Fixed session logger use-after-free during EP teardown under verbose logging (#28274).

CUDA, Attention, and MLAS

• Filled CUDA opset/operator gaps and extended support:
  • Transpose opset 23 -> 25 (#27740).
  • QuantizeLinear/DequantizeLinear opset 25 (#28046).
  • CUDA TopK INT8/INT16/UINT8 support (#27862).
  • LabelEncoder CUDA support for numeric types (#28045).
• Attention/GQA improvements:
  • Fixed ONNX Attention min-bias alignment crash on SM<80 and masked-batch NaN behavior (#27831).
  • Added FP32 QK accumulation path for unfused GQA attention (#28198).
  • Added CUDART_VERSION reduction compatibility in GQA attention (#28296).
  • Fixed CUDA 13 build error in GQA unfused attention (#28309).
  • PagedAttention fallback for SM<80 fp16 (#28200).
• MLAS updates:
  • FP16 Gelu enablement (#26815).
  • Arm64 BF16 fast-math conv kernels for NCHW/NCHWc paths (#27878).

... (truncated)

Commits

• 8c546c3 1.26.0 - cherry-pick for RC2 (#28347)
• 55c5c82 GridSample: harden float->int64 casts against NaN/Inf/out-of-range coords (#2...
• 60ce9cc Relax GQA seqlens_k shape validation for backward compat with older models (#...
• d02a0fd Fix DoubleQDQPairsRemover adding spurious dimension to scalar scale/zero-poin...
• 9b30f30 remove weights_are_all_positive_ from TreeEnsemble (#27552)
• 5f2f848 fix(ci): incorrect relative template includes for setup-feeds (#28312)
• de2bc90 Add QNN Plugin EP repo link to README (#28225)
• 8dd4a06 Include license file in built distributions (#27783)
• 6e19374 Fix CUDA 13 build error in gqa_unfused_attention.cu (#28309)
• d6c363c [OVEP] OpenVINO EP 1.26.0 Development Release Updates (#28297)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by erscor, a new releaser for onnxruntime-node since your current version.

Updates openai from 6.18.0 to 6.37.0

Release notes

Sourced from openai's releases.

v6.37.0

6.37.0 (2026-05-07)

Full Changelog: v6.36.0...v6.37.0

Features

• api: add quantity field to admin organization usage responses (273a8f7)
• api: add web_search_call.results output option to responses (91c75e0)
• api: launch realtime translate + update image 2 (a296b66)
• api: manual updates (794b905)
• api: manual updates (6963729)
• api: realtime 2 (f4b7177)

Bug Fixes

• api: fix imagegen size enum regression (4fe8469)

Chores

• redact api-key headers in debug logs (99c9c80)

v6.36.0

6.36.0 (2026-05-01)

Full Changelog: v6.35.0...v6.36.0

Features

• api: add group_type/user metadata fields, update types across admin resources (cc52f97)
• api: add support for Admin API Keys per endpoint (770d187)
• api: admin API updates (ee2bd2d)
• api: manual updates (6af2b6d)
• api: manual updates (f2dceda)

Bug Fixes

• api: support admin api key auth (e3862a3)
• api: tighten auth header selection (f1203bd)

Chores

• format: run eslint and prettier separately (104543a)
• internal: codegen related update (05d86da)
• internal: codegen related update (f184586)

... (truncated)

Changelog

Sourced from openai's changelog.

6.37.0 (2026-05-07)

Full Changelog: v6.36.0...v6.37.0

Features

• api: add quantity field to admin organization usage responses (273a8f7)
• api: add web_search_call.results output option to responses (91c75e0)
• api: launch realtime translate + update image 2 (a296b66)
• api: manual updates (794b905)
• api: manual updates (6963729)
• api: realtime 2 (f4b7177)

Bug Fixes

• api: fix imagegen size enum regression (4fe8469)

Chores

• redact api-key headers in debug logs (99c9c80)

6.36.0 (2026-05-01)

Full Changelog: v6.35.0...v6.36.0

Features

• api: add group_type/user metadata fields, update types across admin resources (cc52f97)
• api: add support for Admin API Keys per endpoint (770d187)
• api: admin API updates (ee2bd2d)
• api: manual updates (6af2b6d)
• api: manual updates (f2dceda)

Bug Fixes

• api: support admin api key auth (e3862a3)
• api: tighten auth header selection (f1203bd)

Chores

• format: run eslint and prettier separately (104543a)
• internal: codegen related update (05d86da)
• internal: codegen related update (f184586)

6.35.0 (2026-04-28)

... (truncated)

Commits

• b0e89cd release: 6.37.0
• 2151063 feat(api): realtime 2
• a5c4184 feat(api): manual updates
• 17c79fb chore: redact api-key headers in debug logs
• 36f69f6 codegen metadata
• 5cd49e4 codegen metadata
• a1b2c9c codegen metadata
• badc738 fix(api): fix imagegen size enum regression
• 15d48e0 codegen metadata
• 0ff2cda feat(api): add quantity field to admin organization usage responses
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for openai since your current version.

Updates yaml from 2.8.3 to 2.9.0

Release notes

Sourced from yaml's releases.

v2.9.0

The changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of parseDocument() and parseAllDocuments(): I've removed the claim that they'll "never throw".

It remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which yaml CVEs have been issued so far.

Starting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.

• fix: Avoid calling Array.prototype.push.apply() with large source array
• fix(lexer): Avoid recursive calls that may exhaust the call stack

v2.8.4

• Disable alias resolution with maxAliasCount:0 (#677)
• Handle invalid unicode escapes (e1a1a77)
• Apply minFractionDigits only to decimal strings (#676)

Commits

• ddb21b0 2.9.0
• 167365b docs: Clarify that not all errors can be avoided
• 6eca2a7 fix: Avoid calling Array.prototype.push.apply() with large source array
• 0543cd5 fix(lexer): Avoid recursive calls that may exhaust the call stack
• ccdf743 2.8.4
• f625789 fix: Disable alias resolution with maxAliasCount:0 (#677)
• e1a1a77 fix: Handle invalid unicode escapes
• a163ea0 style: Satify Prettier
• b2a5a6c fix: Apply minFractionDigits only to decimal strings (#676)
• 93c951b chore: Bump JSR version to v2.8.3 (#673)
• Additional commits viewable in compare view

Updates @types/node from 25.2.1 to 25.7.0

Commits

• See full diff in compare view

Updates @vitest/coverage-v8 from 4.0.18 to 4.1.6

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.6

   🐞 Bug Fixes

• browser: Provide project reference in ToMatchScreenshotResolvePath  -  by @​macarie and @​sheremet-va in vitest-dev/vitest#10138 (31882)
• Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options  -  by @​hi-ogawa, Codex and @​sheremet-va in vitest-dev/vitest#10196 (2847d)
• browser: Simplify orchestrator otel carrier  -  by @​hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

• Stringify diff objects only once  -  by @​sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

• coverage: Istanbul to support instrumenter option  -  by @​BartWaardenburg and @​AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

• --project negation excludes browser instances  -  by @​felamaslen in vitest-dev/vitest#10131 (9423d)
• Project color label on html reporter  -  by @​hi-ogawa in vitest-dev/vitest#10142 (596f7)
• Fix vi.defineHelper called as object method  -  by @​hi-ogawa in vitest-dev/vitest#10163 (122c2)
• Alias agent reporter to minimal  -  by @​sheremet-va in vitest-dev/vitest#10157 (663b9)
• Respect diff config options in soft assertions  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#8696 (9787d)
• Respect diff config options in soft assertions "  -  by @​sheremet-va in vitest-dev/vitest#8696 (7dc6d)
• ast-collect: Recognize _vi_import prefix in static test discovery  -  by @​Yejneshwar in vitest-dev/vitest#10129 (32546)
• coverage: Descriptive error message when reports directory is removed during test run  -  by @​DaveT1991 and @​AriPerkkio in vitest-dev/vitest#10117 (14133)
• snapshot: Increase default snapshot max output length  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)
• ui: Fix jsx/tsx syntax highlight  -  by @​hi-ogawa in vitest-dev/vitest#10152 (f1b1f)
• web-worker: Support MessagePort objects referenced inside postMessage data  -  by @​whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)
• api: Make test-specification options writable  -  by @​sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

v4.1.4

   🚀 Experimental Features

• coverage:
  • Default to text reporter skipFull if agent detected  -  by @​hi-ogawa in vitest-dev/vitest#10018 (53757)
• experimental:
  • Expose assertion as a public field  -  by @​sheremet-va in vitest-dev/vitest#10095 (a120e)
  • Support aria snapshot  -  by @​hi-ogawa, Claude Opus 4.6 (1M context), @​AriPerkkio, Codex and @​sheremet-va in vitest-dev/vitest#9668 (d4fbb)
• reporter:
  • Add filterMeta option to json reporter  -  by @​nami8824 and @​sheremet-va in vitest-dev/vitest#10078 (b77de)

   🐞 Bug Fixes

• Use "black" foreground for labeled terminal message to ensure contrast  -  by @​hi-ogawa in vitest-dev/vitest#10076 (203f0)
• Make expect(..., message) consistent as error message prefix  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10068 (a1b5f)

... (truncated)

Commits

• a8fd24c chore: release v4.1.6
• e399846 chore: release v4.1.5
• ac04bac chore: release v4.1.4
• 2dc0d62 chore: release v4.1.3
• fc6f482 chore: release v4.1.2
• 1f2d318 chore: release v4.1.1
• aaf9f18 fix(coverage): simplify provider types (#9931)
• 4150b91 chore: release v4.1.0
• 0c2c013 chore: release v4.1.0-beta.6
• 689a22a fix(browser): types of getCDPSession and cdp() (#9716)
• Additional commits viewable in compare view

Updates vitest from 4.0.18 to 4.1.6

Release notes

Sourced from vitest's releases.

v4.1.6

   🐞 Bug Fixes

• browser: Provide project reference in ToMatchScreenshotResolvePath  -  by @​macarie and @​sheremet-va in vitest-dev/vitest#10138 (31882)
• Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options  -  by @​hi-ogawa, Codex and @​sheremet-va in vitest-dev/vitest#10196 (2847d)
• browser: Simplify orchestrator otel carrier  -  by @​hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

• Stringify diff objects only once  -  by @​sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

• coverage: Istanbul to support instrumenter option  -  by @​BartWaardenburg and @​AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

• --project negation excludes browser instances  -  by @​felamaslen in vitest-dev/vitest#10131 (9423d)
• Project color label on html reporter  -  by @​hi-ogawa in vitest-dev/vitest#10142 (596f7)
• Fix vi.defineHelper called as object method  -  by @​hi-ogawa in vitest-dev/vitest#10163 (122c2)
• Alias agent reporter to minimal  -  by @​sheremet-va in vitest-dev/vitest#10157 (663b9)
• Respect diff config options in soft assertions  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#8696 (9787d)
• Respect diff config options in soft assertions "  -  by @​sheremet-va in vitest-dev/vitest#8696 (7dc6d)
• ast-collect: Recognize _vi_import prefix in static test discovery  -  by @​Yejneshwar in vitest-dev/vitest#10129 (32546)
• coverage: Descriptive error message when reports directory is removed during test run  -  by @​DaveT1991 and @​AriPerkkio in vitest-dev/vitest#10117 (14133)
• snapshot: Increase default snapshot max output length  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)
• ui: Fix jsx/tsx syntax highlight  -  by @​hi-ogawa in vitest-dev/vitest#10152 (f1b1f)
• web-worker: Support MessagePort objects referenced inside postMessage data  -  by @​whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)
• api: Make test-specification options writable  -  by @​sheremet-va in vitest-dev/vitest#10154 (6abd5)

    

[github-actions]

✅ Test & Coverage Summary

Tier	Tests	Passed	Failed	Skipped	Time	Stmts	Branch	Funcs	Lines
✅ Unit Tests	2119	2119	0	0	20.5s	78.4% ✅	70.2% ✅	81.0% ✅	78.9% ✅
✅ Integration L3	256	256	0	0	7.8s	33.3% ✅	30.7% ✅	32.1% ✅	33.8% ✅
✅ Integration L4-L6	80	80	0	0	1.7s	19.2% ✅	15.3% ✅	21.9% ✅	19.7% ✅
✅ Integration L7	244	244	0	0	2.1s	66.0% ✅	53.8% ✅	72.0% ✅	67.1% ✅
✅ E2E	236	236	0	0	14.7s	10.8% ✅	7.5% ❌	10.4% ❌	11.1% ✅
Total	2935	2935	0	0

📊 Unit Coverage Details (78.9% lines)

Metric	Covered / Total	Percentage
Statements	6280/8006	78.44%
Branches	3055/4352	70.19%
Functions	1246/1539	80.96%
Lines	5959/7556	78.86%

[github-actions]

Coverage Report for Unit

Status	Category	Percentage	Covered / Total
🔵	Lines	78.86%	5959 / 7556
🔵	Statements	78.44%	6280 / 8006
🔵	Functions	80.96%	1246 / 1539
🔵	Branches	70.19%	3055 / 4352

File Coverage

File	Stmts	Branches	Functions	Lines	Uncovered Lines
Changed Files
src/L2-clients/llm/CopilotProvider.ts	66.66%	42.62%	71.42%	67.54%	90, 94, 114-118, 173-178, 209, 220-223, 248-253, 261-279, 288-313

Generated in workflow #406 for commit beb114b by the Vitest Coverage Report Action

[htekdev]

LGTM - Dependabot minor dep updates. Fixed 3 type errors from copilot-sdk 0.3 type changes (added intermediate unknown casts). All 14 CI checks green.