chore(deps): upgrade vite-plus to 0.2.1#85
Merged
Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR upgrades the repository’s Vite+ tooling dependency to vite-plus@0.2.1 (a breaking upstream change that now pulls Vitest directly), updates the lockfile accordingly, and adds pnpm workspace configuration exclusions generated by vp config.
Changes:
- Pin
vite-plusfrom^0.1.23to exact0.2.1inpackage.json. - Update
pnpm-lock.yamlto reflect the newvite-plusdependency tree (including transitivevitest@4.1.9). - Add
pnpm-workspace.yamlwithminimumReleaseAgeExcludeentries for newly introduced packages.
Reviewed changes
Copilot reviewed 2 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| pnpm-workspace.yaml | Adds minimumReleaseAgeExclude entries generated by vp config for the new Vite+ package set. |
| pnpm-lock.yaml | Updates resolved dependency graph for vite-plus@0.2.1 and new transitive Vitest packages. |
| package.json | Pins vite-plus to 0.2.1 in devDependencies. |
Files not reviewed (1)
- pnpm-lock.yaml: Generated file
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
fengmk2
force-pushed
the
chore/upgrade-vite-plus-0.2.1
branch
2 times, most recently
from
7131fc8 to
2f1be5d
Compare
fengmk2
force-pushed
the
chore/upgrade-vite-plus-0.2.1
branch
2 times, most recently
from
d79bbda to
18db8c3
Compare
fengmk2
force-pushed
the
chore/upgrade-vite-plus-0.2.1
branch
from
18db8c3 to
45cf654
Compare
Member
Author
|
@codex review |
|
Codex Review: Didn't find any major issues. Can't wait for the next one! Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
fengmk2
force-pushed
the
chore/upgrade-vite-plus-0.2.1
branch
from
45cf654 to
a21d29f
Compare
v0.2.1 consumes upstream Vitest directly; the @voidzero-dev/vite-plus-test
wrapper is removed and vitest (4.1.9) now arrives transitively through
vite-plus. No source changes needed since all tests already import from the
stable vite-plus/test API. Reinstall drops the wrapper from the lockfile and
resolves to a single vitest version.
Commit pnpm-workspace.yaml with a minimumReleaseAgeExclude for the Vite+
toolchain. vp 0.2.x's lockfile verifier rejects packages published within the
last 24h, so installing a brand-new vite-plus release otherwise fails
`vp install` (ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION); the verifier reads the
exclude only from pnpm-workspace.yaml. A glob exclude keeps it release-agnostic.
Move the CI fixtures that run vp (test-node-version, test-vp-install-and-exec,
test-sfw, test-sfw-alpine, test-sfw-blocks-malicious,
test-sfw-with-socketdev-action) out of the repo. With pnpm-workspace.yaml
committed, a fixture inside the repo would be treated as part of this repo's
workspace and vp run/install would resolve to the repo root. Most jobs use
$RUNNER_TEMP; the alpine container job uses /tmp since ${{ runner.temp }} is a
host path that does not exist inside the container. The cache-* jobs keep
./test-project (they never run vp in the fixture, and @actions/glob hashFiles
only hashes paths under GITHUB_WORKSPACE).
fengmk2
force-pushed
the
chore/upgrade-vite-plus-0.2.1
branch
from
a21d29f to
d07ec94
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The project was on
vite-plus@^0.1.23. v0.2.1 has a breaking change: it consumes upstream Vitest directly, so the@voidzero-dev/vite-plus-testwrapper is removed andvitestnow comes in transitively throughvite-plus.Fix
vite-plusto exact0.2.1and reinstall, moving the lockfile off 0.1.x.@voidzero-dev/vite-plus-test) is now gone from the tree;vitest@4.1.9and@voidzero-dev/vite-plus-core@0.2.1arrive transitively. Tree resolves to a single vitest version.vite-plus/testAPI.pnpm-workspace.yamlwas auto-generated by thepreparehook (vp config) withminimumReleaseAgeExcludeentries for the new packages.dist/index.mjs.This repo has no direct vitest usage and no
viteoverride, so no vitest pinning or override updates were needed.Verification
RUN v4.1.9).vp check(format + lint + types): pass.