chore(deps-dev): bump vitest from 3.2.4 to 3.2.6

[dependabot]

Bumps vitest from 3.2.4 to 3.2.6.

Release notes

Sourced from vitest's releases.

v3.2.6

   🐞 Bug Fixes

• Pin last supported vite-node version  -  by @​sheremet-va (16f12)

    View changes on GitHub

v3.2.5

   🚀 Features

• api: Add allowWrite and allowExec options to api [backport to v3]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10445 (af88b)

   🐞 Bug Fixes

• browser: Disable client cdp API when allowWrite/allowExec: false [backport to v3]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10456 (385a1)

    View changes on GitHub

Commits

• b6d56f8 chore: release v3.2.6
• 16f120d fix: pin last supported vite-node version
• 2cbad0a chore: release v3.2.5
• 385a1ae fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
• af88b1f feat(api): add allowWrite and allowExec options to api [backport to v3]...
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.

---

Note

Medium Risk
Low application-runtime impact (dev-only), but the transitive Vite 7 / esbuild upgrade can break CI or local vitest run on older Node versions or change test behavior.

Overview
Bumps vitest from 3.2.4 to 3.2.6 in @crowd/packages-worker and @crowd/data-access-layer (package.json + pnpm-lock.yaml). Both packages still run tests via vitest run in their existing scripts; only the dev dependency version changes.

The lockfile refresh pulls in a larger Vitest/Vite toolchain update: Vite 5.4.21 → 7.3.5, esbuild 0.21.5 → 0.27.7, and matching Rollup / @vitest/packages. Vitest3.2.6also pins a compatible **vite-node** (still3.2.4` in the lockfile). Expect test and local dev installs to use the newer bundler stack; confirm CI Node versions meet Vite 7’s engine range if tests fail after install.

^{Reviewed by Cursor Bugbot for commit bc6c5ef. Bugbot is set up for automated code reviews on this repo. Configure here.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[github-actions]

⚠️ Jira Issue Key Missing

Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability.

Example:

• feat: add user authentication (CM-123)
• feat: add user authentication (IN-123)

Projects:

• CM: Community Data Platform
• IN: Insights

Please add a Jira issue key to your PR title.

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit ae3cfc4. Configure here.}

[cursor]

Needle lockfile uses SSH git

High Severity

The clearbit dependency’s needle resolution was changed from an HTTPS tarball to a git@github.com SSH git URL. Root pnpm i --frozen-lockfile in CI (e.g. backend lint) may fail without SSH keys or when port 22 is blocked, even though the commit and package stayed the same.

Additional Locations (1)

• pnpm-lock.yaml#L15032-L15034

 

^{Reviewed by Cursor Bugbot for commit ae3cfc4. Configure here.}

[cursor]

Vite seven needs newer Node

Medium Severity

Bumping vitest re-resolved vite from 5.4.x to 7.3.5, which declares node: ^20.19.0 || >=22.12.0. The repo root still allows node >=20.0.0, so pnpm test / vitest run can fail on Node 20.0–20.18 with an engine error despite satisfying root engines.

 

^{Reviewed by Cursor Bugbot for commit ae3cfc4. Configure here.}