feat(deps): upgrade upstream dependencies#1924
Conversation
- rolldown: d7f919c -> v1.1.2 (e0d0b1b) - vite: f94df87 -> v8.1.0 (63b1489) - oxfmt: 0.55.0 -> 0.56.0 - oxlint: 1.70.0 -> 1.71.0 - @oxc-project/runtime: 0.136.0 -> 0.137.0 - @oxc-project/types: 0.136.0 -> 0.137.0 - oxc-minify: 0.136.0 -> 0.137.0 - oxc-parser: 0.136.0 -> 0.137.0 - oxc-transform: 0.136.0 -> 0.137.0 Code changes: - crates/vite_static_config/src/lib.rs: use `result.diagnostics` instead of `result.errors` for the oxc parser result (oxc 0.135 -> 0.137 API change). - Cargo.toml: bump oxc crates 0.135 -> 0.137, oxc_resolver 11.21.0 -> 11.21.3, oxc_sourcemap 7 -> 8.0.1; drop unused workspace deps (commondir, num-format, ropey, urlencoding, rolldown_plugin_vite_wasm_fallback); add idna_adapter and supports-color pins. - packages/cli/binding/index.cjs, packages/cli/binding/index.d.cts: regenerated NAPI bindings (add BindingErrorStage export; drop React Compiler option types). - packages/core/package.json: bump bundledVersions (vite 8.1.0, rolldown 1.1.2) and @vitejs/devtools peer range ^0.1.18 -> ^0.3.0. - pnpm-workspace.yaml: catalog bumps (@babel/* 7.24.7 -> 7.29.7, @napi-rs/cli, acorn) and added minimumReleaseAgeExclude entries.
✅ Deploy Preview for viteplus-preview canceled.
|
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub. |
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
The oxlint bump to 1.71.0 (published <24h before this PR's CI ran) broke two jobs. `vp migrate` runs `vp dlx @oxlint/migrate@<bundled oxlint>`, and both package managers reject the fresh version as too new: - dify e2e: pnpm ERR_PNPM_NO_MATURE_MATCHING_VERSION. dify keeps `resolutionMode: time-based`, which on its own re-activates the minimumReleaseAge policy with a 1440 (24h) default even after the patch strips `minimumReleaseAge: 0`. Strip resolutionMode too. - vp create remote-vite-react-ts (yarn): yarn quarantines it (YN0016) via npmMinimalAgeGate (default 1440). Set YARN_NPM_MINIMAL_AGE_GATE=0 for the create test job (no-op for npm/pnpm/bun). The migrate tool is version-pinned to the bundled oxlint, so a minimum release-age gate adds no safety here.
The earlier resolutionMode strip was a no-op for `vp dlx` (the bundled pnpm does not derive a minimumReleaseAge default from resolutionMode, verified locally), so dify still failed on the fresh @oxlint/migrate@1.71.0 with ERR_PNPM_NO_MATURE_MATCHING_VERSION. Set `pnpm_config_minimum_release_age=0` on the migrate step instead. The `pnpm_config_` prefix is required: `npm_config_*` does not override pnpm-workspace.yaml settings. Revert the no-op resolutionMode strip; the yarn create fix (YARN_NPM_MINIMAL_AGE_GATE=0) already passed and stays.
vite-plus
@voidzero-dev/vite-plus-core
@voidzero-dev/vite-plus-prompts
@voidzero-dev/vite-plus-cli-darwin-arm64
@voidzero-dev/vite-plus-cli-darwin-x64
@voidzero-dev/vite-plus-cli-linux-arm64-gnu
@voidzero-dev/vite-plus-cli-linux-arm64-musl
@voidzero-dev/vite-plus-cli-linux-x64-gnu
@voidzero-dev/vite-plus-cli-linux-x64-musl
@voidzero-dev/vite-plus-cli-win32-arm64-msvc
@voidzero-dev/vite-plus-cli-win32-x64-msvc
@voidzero-dev/vite-plus-darwin-arm64
@voidzero-dev/vite-plus-darwin-x64
@voidzero-dev/vite-plus-linux-arm64-gnu
@voidzero-dev/vite-plus-linux-arm64-musl
@voidzero-dev/vite-plus-linux-x64-gnu
@voidzero-dev/vite-plus-linux-x64-musl
@voidzero-dev/vite-plus-win32-arm64-msvc
@voidzero-dev/vite-plus-win32-x64-msvc
commit: |
Bump dify's pin to latest main (50b3228b), which moves it from pnpm 11.5.2 to 11.8.0. That is the real fix for the migrate failure: - 11.5.2 errors (ERR_PNPM_NO_MATURE_MATCHING_VERSION) on the fresh @oxlint/migrate dlx via resolutionMode: time-based, and crashes (ERR_PNPM_RESOLUTION_POLICY_VIOLATIONS_UNHANDLED) on dify's file: overrides whenever the minimumReleaseAge policy is active. - 11.8.0 fixed the policy-violations crash and auto-excludes freshly published dlx packages instead of erroring. Verified locally: dify migrate + install succeeds end-to-end on 11.8.0, and all three e2e test files still exist at 50b3228b. Revert the pnpm_config_minimum_release_age env override (it activated the policy on 11.5.2 and triggered the crash). The yarn create fix (YARN_NPM_MINIMAL_AGE_GATE=0) stays.
1 participant
Summary
v1.1.2and vite tov8.1.0.@oxc-project/*,oxc-*) from0.136.0/0.55.0/1.70.0to0.137.0/0.56.0/1.71.0, plus the workspace oxc crates0.135.0->0.137.0.vite_static_configfor the oxc parser API change and regenerated NAPI bindings.build-upstreamstep failed; see Build status.Dependency updates
rolldownd7f919cv1.1.2 (e0d0b1b)vitef94df87v8.1.0 (63b1489)oxfmt0.55.00.56.0oxlint1.70.01.71.0@oxc-project/runtime0.136.00.137.0@oxc-project/types0.136.00.137.0oxc-minify0.136.00.137.0oxc-parser0.136.00.137.0oxc-transform0.136.00.137.0Unchanged dependencies
vitestand@vitest/*:4.1.9tsdown:0.22.3@oxc-node/cli:0.1.0@oxc-node/core:0.1.0oxlint-tsgolint:0.23.0@vitejs/devtools:0.3.3Code changes
crates/vite_static_config/src/lib.rs: useresult.diagnosticsinstead ofresult.errorsfor the oxc parser result (oxc0.135->0.137API change).Cargo.toml: bump workspace oxc crates0.135.0->0.137.0,oxc_resolver11.21.0->11.21.3,oxc_sourcemap7->8.0.1; drop unused workspace deps (commondir,num-format,ropey,urlencoding,rolldown_plugin_vite_wasm_fallback); addidna_adapterandsupports-colorpins.packages/cli/binding/index.cjs,packages/cli/binding/index.d.cts: regenerated NAPI bindings (addBindingErrorStageexport; remove React Compiler option types).packages/core/package.json: bumpbundledVersions(vite8.1.0,rolldown1.1.2) and@vitejs/devtoolspeer range^0.1.18->^0.3.0.pnpm-workspace.yaml: catalog bumps (@babel/*7.24.7->7.29.7,@napi-rs/cli,acorn) and addedminimumReleaseAgeExcludeentries.Cargo.lock,pnpm-lock.yaml: lockfile updates.Build status
sync-remote-and-build: successbuild-upstream: failure