feat(deps): upgrade upstream dependencies#1646
Merged
Merged
Conversation
- rolldown: ac5c710 -> v1.0.2 (f2757ed)
- vite: 66f3194 -> v8.0.13 (a46f11a)
- vitest: 4.1.6 -> 4.1.7
- oxfmt: 0.48.0 -> 0.51.0
- oxlint: 1.63.0 -> 1.66.0
- oxlint-tsgolint: 0.22.1 -> 0.23.0
- @oxc-project/runtime: 0.129.0 -> 0.132.0
- @oxc-project/types: 0.129.0 -> 0.132.0
- oxc-minify: 0.129.0 -> 0.132.0
- oxc-parser: 0.129.0 -> 0.132.0
- oxc-transform: 0.129.0 -> 0.132.0
- @vitejs/devtools: 0.1.21 -> 0.1.24
Code changes:
- Bump oxc Rust crates 0.128.0 -> 0.132.0 and minor deps (dashmap, jsonschema, mimalloc-safe, pnp) in Cargo.toml.
- Bump Rust toolchain to nightly-2026-03-15 in rust-toolchain.toml.
- Drop `@rolldown/pluginutils` workspace build/override; consume it as a transitive dep of rolldown (.github/actions/build-upstream/action.yml, package.json, pnpm-workspace.yaml).
- Repoint pluginutils path to `rolldown/packages/rolldown/node_modules/@rolldown/pluginutils` in packages/core/build.ts and packages/tools/src/sync-remote-deps.ts.
- Switch `./rolldown/pluginutils` exports to direct `.mjs` entries in packages/core/package.json; bump bundledVersions for vite/rolldown.
- Sync catalog versions for transitive deps (remeda, rolldown-plugin-dts, rollup, semver, tsx, valibot, vitepress-plugin-graphviz, ws) in pnpm-workspace.yaml.
- Refresh snapshots for new oxlint `--debug` flag and updated parser error format (packages/cli/snap-tests/{bin-oxlint-wrapper,command-helper,build-vite-env,synthetic-build-cache-disabled}/snap.txt, packages/cli/snap-tests-global/command-staged-broken-config/snap.txt).
- Silence `unicorn/consistent-function-scoping` for inline helpers in packages/cli/src/create/__tests__/org-tarball.spec.ts and packages/prompts/src/{group-multi-select,progress-bar,select-key}.ts.
✅ Deploy Preview for viteplus-preview canceled.
|
Fix clippy errors surfaced by the nightly-2026-03-15 toolchain upgrade: - collapsible_match in vite_install package_manager - unnecessary_sort_by in vite_js_runtime and vite_setup - unnecessary_trailing_comma in cli help test
…orkspace The bundled cargo-deny check inside oxc-project/security-action runs `cargo metadata`, which fails because the workspace Cargo.toml references `./rolldown/crates/*` paths that only exist after cloning the rolldown repo. Pre-clone via the existing `./.github/actions/clone` and clear `origin` so the action's nested taiki-e/checkout-action can re-add it without conflict.
Rolldown crates use `#![expect(clippy::print_stderr)]` at the crate root, but vite-plus's workspace sets `print_stderr = "allow"`. When rolldown crates are built as path dependencies of our workspace, our lint level wins and the expects never fire, triggering `unfulfilled_lint_expectations`. Allow the rust lint so upstream-only expects don't break our build.
Member
|
@codex review |
fengmk2
approved these changes
May 21, 2026
|
Codex Review: Didn't find any major issues. What shall we delve into next? ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
Member
|
security analysis ci follow up here #1635 (comment) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
v1.0.2and vite tov8.0.13, plus vitest4.1.7and the oxc/oxlint/oxfmt toolchain.0.128.0 -> 0.132.0and pin Rust toolchain tonightly-2026-03-15.@rolldown/pluginutilsbuild and consume it as a transitive dep of rolldown, repointing the licensing/build paths and updating@voidzero-dev/vite-plus-coreexports.unicorn/consistent-function-scopinglint hits.Dependency updates
rolldownac5c710v1.0.2 (f2757ed)vite66f3194v8.0.13 (a46f11a)vitest4.1.64.1.7oxfmt0.48.00.51.0oxlint1.63.01.66.0oxlint-tsgolint0.22.10.23.0@oxc-project/runtime0.129.00.132.0@oxc-project/types0.129.00.132.0oxc-minify0.129.00.132.0oxc-parser0.129.00.132.0oxc-transform0.129.00.132.0@vitejs/devtools0.1.210.1.24Unchanged dependencies
tsdown:0.22.0@oxc-node/cli:0.1.0@oxc-node/core:0.1.0Code changes
Cargo.toml: bump oxc workspace crates0.128.0 -> 0.132.0; bumpdashmap,jsonschema,mimalloc-safe, andpnpminor versions.rust-toolchain.toml: bump nightly channel tonightly-2026-03-15..github/actions/build-upstream/action.yml,package.json: drop the standalonepnpm --filter @rolldown/pluginutils buildstep.pnpm-workspace.yaml: add@rolldown/pluginutilsto the catalog, remove itsworkspace:override, bumpvitest-devoverride to^4.1.7, and sync transitive deps (remeda,rolldown-plugin-dts,rollup,semver,tsx,valibot,vitepress-plugin-graphviz,ws).packages/core/build.ts,packages/tools/src/sync-remote-deps.ts: repoint pluginutils sources torolldown/packages/rolldown/node_modules/@rolldown/pluginutilsand its colocatedLICENSE.packages/core/package.json: collapse./rolldown/pluginutils[/filter]exports to direct.mjsentries; bump@vitejs/devtoolsandbundledVersions(vite/rolldown).packages/test/package.json: bump@vitest/*packages andvitest-devto4.1.7.packages/cli/snap-tests/{bin-oxlint-wrapper,command-helper}/snap.txt: include new oxlint--debug=OPTIONShelp entry.packages/cli/snap-tests/{build-vite-env,synthetic-build-cache-disabled}/snap.txt: refresh built asset hash.packages/cli/snap-tests-global/command-staged-broken-config/snap.txt: update parser error prefix ([PARSE_ERROR] Unexpected token).packages/cli/src/create/__tests__/org-tarball.spec.ts,packages/prompts/src/{group-multi-select,progress-bar,select-key}.ts: addunicorn/consistent-function-scopingeslint-disable lines for intentionally inlined helpers.packages/tools/.upstream-versions.json: pinned upstream hashes for rolldown/vite.Build status
sync-remote-and-build: failurebuild-upstream: failure