feat(deps): upgrade upstream dependencies#1735
Merged
Merged
Conversation
✅ Deploy Preview for viteplus-preview canceled.
|
fengmk2
reviewed
Jun 1, 2026
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
- vite: c917f1e -> v8.0.15 (8d1b019) Code changes: - Bump lint-staged catalog entry from ^16.2.6 to ^17.0.7 in pnpm-workspace.yaml (also adds lint-staged, tinyexec, and tsx to minimumReleaseAgeExclude). - Update bundled vite version to 8.0.15 in packages/core/package.json. - Refresh staged-command snapshot for lint-staged v17 task label change in packages/cli/snap-tests-global/command-staged-with-config/snap.txt. - Regenerate pnpm-lock.yaml.
Revert the lint-staged bump from this upstream update and keep its version for now. Restores the catalog entry to ^16.2.6, drops the lint-staged, tinyexec, and tsx minimumReleaseAgeExclude entries that were added for the v17 bump, restores the v16 staged-command snapshot wording, and regenerates pnpm-lock.yaml back to main. The vite 8.0.15 bump is kept.
The previous revert restored pnpm-lock.yaml to main wholesale, which left it inconsistent with the bumped vite hash and broke CI with ERR_PNPM_OUTDATED_LOCKFILE (create-vite now requires tsdown ^0.22.1, and upstream vite bumps its own devDeps lint-staged ^17.0.7 and tsx ^4.22.4). Regenerate the lockfile against the new vite source and re-add lint-staged, tinyexec, and tsx to minimumReleaseAgeExclude, since those freshly published versions are pulled in by the vite upgrade itself. The vite-plus catalog lint-staged stays at ^16.2.6 (the cli still bundles 16.4.0), so the staged snapshot keeps its v16 wording.
Regenerating the lockfile against the new vite source left duplicate transitive versions (tinyexec, tsx, and a number of babel/sass-embedded packages), which failed the `pnpm dedupe --check` CI gate. Run `pnpm dedupe` to collapse them.
fengmk2
force-pushed
the
deps/upstream-update
branch
from
3b4fbb1 to
eb10775
Compare
The fixture used `vitest: ^3.0.0`, which now resolves to vitest@3.2.5. That release depends on vite-node@3.2.5 (lockstep, exact), but vite-node@3.2.5 was never published to npm (the 3.x line stops at 3.2.4, and vite-node's latest is now 6.0.0). As a result `vp install` fails with ERR_PNPM_NO_MATCHING_VERSION, breaking this global snap test on main and every PR. Pin to the exact latest installable 3.x (3.2.4, which has a matching vite-node@3.2.4) so the install is deterministic. 3.2.4 is still < 4.0.0, so migrate still reports the project as unsupported and the snapshot is otherwise unchanged.
fengmk2
approved these changes
Jun 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Automated upstream dependency upgrade.
vitetov8.0.15(8d1b019).lint-stagedis kept at^16.2.6(the original run's bump to^17.0.7was reverted), so the staged-command snapshot keeps its v16 wording.Code changes
packages/core/package.json-bundledVersions.vite8.0.14to8.0.15.packages/tools/.upstream-versions.json- update the trackedvitecommit hash.pnpm-workspace.yaml- addlint-staged,tinyexec, andtsxtominimumReleaseAgeExclude. These freshly published versions are pulled in by the vite upgrade itself (upstream vite's own devDeps now requirelint-staged@17.0.7andtsx@4.22.4, andcreate-viterequirestsdown@^0.22.1, which pullstinyexec@1.2.4), so the excludes are required regardless of the catalog version.pnpm-lock.yaml- regenerated against the new vite source.