vitest-dev/vitest v2.1.9

on GitHub

This release includes security patches for:

• Browser mode serves arbitrary files | CVE-2025-24963
• Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964

   🐞 Bug Fixes

• backport #7317 to v2 - by @hi-ogawa in #7318
• (backport #7340 to v2) restrict served files from /__screenshot-error - by @hi-ogawa in #7343

    View changes on GitHub