Bump esbuild and vitest#1
Closed
dependabot[bot] wants to merge 2 commits intomainfrom
Closed
Conversation
Bumps [esbuild](https://github.com/evanw/esbuild) to 0.25.12 and updates ancestor dependency [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). These dependencies need to be updated together. Updates `esbuild` from 0.21.5 to 0.25.12 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.21.5...v0.25.12) Updates `vitest` from 2.1.9 to 4.0.15 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.15/packages/vitest) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.25.12 dependency-type: indirect - dependency-name: vitest dependency-version: 4.0.15 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
bird-m
added a commit
that referenced
this pull request
Apr 15, 2026
Review-panel #1 (Severe): Remove competing browser tab in requires_auth path. The requires_auth branch opened the backend's redirect URL via opn() then fell through to performAmplitudeAuth which opened a second browser tab with mismatched PKCE. Now we skip the backend URL and let performAmplitudeAuth handle the entire flow. Added TODO to evaluate using the backend URL in a follow-up. Review-panel #2 (Critical): Init feature flags in agent/CI paths so _headlessSignupEnabled can be true. Previously the flag was only set in the TUI interactive path, making the entire agent/CI headless signup block unreachable dead code. Review-panel #3 (Important): Pre-populate HeadlessSignupScreen from CLI --email/--full-name flags. Auto-submit if both are present. Review-panel #4 (Important): Redact email in agent NDJSON log output to match the redaction pattern in headless-signup.ts. Review-panel #7 (Important): Split fullName into first_name/last_name on first space before sending to provisioning endpoint. Review-panel #9 (Nit): Replace non-null assertions on headlessSignupEmail/headlessSignupFullName with an explicit guard. Review-panel #10 (Nit): Extract completeSignupTokenExchange into headless-signup.ts as a shared helper used by both the agent/CI and TUI code paths, reducing duplication and drift risk. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
bird-m
added a commit
that referenced
this pull request
Apr 16, 2026
`startsWith('[')` matched every log line because the wizard log format
is `[timestamp] msg`. Narrow `[` check to `[{` and `["` so only JSON
arrays are highlighted, not timestamp-prefixed lines.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
bird-m
added a commit
that referenced
this pull request
Apr 16, 2026
…llName Disambiguate CLI-provided headless signup fields from the post-auth userEmail field on WizardSession. The CLI flags (--email, --full-name) are unchanged. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
bird-m
added a commit
that referenced
this pull request
Apr 16, 2026
When a user confirms the "already logged in, log out to create a new account" prompt, also purge ~/.ampli.json. In-memory-only clearing leaves cached OAuth tokens that the fallback path would silently re-use because forceFresh is computed from project-local ampli.json, not ~/.ampli.json. The user told us to log them out — actually do it. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
7 tasks
kelsonpw
added a commit
that referenced
this pull request
Apr 17, 2026
…ting Sent a CLI DX review. Two verbatim reproductions of the user's feel: 1. The Done screen auto-dismissed after 5s on success, 2s otherwise. If the user was mid-read — and the plugin success screen has 4+ lines including two docs URLs and two commands to run — the screen vanished out from under them. That's the "disappears on its own" feeling. Fix: wait for Enter. `useScreenInput` listens for key.return while Phase.Done is active and advances immediately. Keep a long 20s fallback timer so fully unattended/CI runs still complete. The empty "skipped" case still uses 2s (nothing to read). Show an explicit "Press Enter to continue" hint below the success/failure block so the affordance is obvious. 2. Dead air during detection when filesystem probes are slow. The "Looking for supported AI tools…" line had no animation — users don't know if it's hung. Wrap it in a BrailleSpinner. Doesn't yet address the DX reviewer's #1 concern (a suspected DissolveTransition re-animation on Pick→Working). The DissolveTransition in App.tsx is keyed on `store.currentScreen` which doesn't change during McpScreen's internal phase machine, so that particular theory doesn't hold up from the code — but the perceived stall may still be real (plugin install genuinely takes 5–15s on first run for the marketplace clone). Will dig in with the user on a separate pass if it persists after these changes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
kelsonpw
added a commit
that referenced
this pull request
Apr 17, 2026
… picker) Batch of bird-m and Bugbot findings from PR #112: #1 claudeCodeMode default mismatch (medium, flagged 3×): addMCPServerToClientsStep silently defaulted to 'plugin' while mcp-installer.ts defaulted to 'mcp'. Non-TUI fallback via bin.ts could install the plugin with no user prompt. Aligned both to 'mcp' as the safer default — plugin is interactive-only now. #3 remove flow can't uninstall plugin (medium, flagged 2×): getInstalledClients only ever instantiated ClaudeCodeMCPClient. After plugin install removes the bare `amplitude` MCP entry, isServerInstalled returned false and `wizard mcp remove` silently skipped Claude Code. Added an explicit ClaudeCodePluginClient probe before falling through to the MCP check. #4 non-TUI `local` flag ignored for plugin path (low, Bugbot): addMCPServerToClientsStep now forces 'mcp' mode whenever local=true, matching the TUI's behavior. The plugin hardcodes the prod URL and can't serve localhost. #5 `as unknown as RawMCPClient[]` cast (nit, bird-m): resolveClientsForMode returns MCPClient[] directly; the local RawMCPClient interface was a holdover. Dropped the cast and removed the unused interface — install loop now type-checks against MCPClient directly. #6 older Claude CLIs fail opaquely (nit, bird-m): ClaudeCodePluginClient.isClientSupported now probes `claude plugin --help` in addition to `--version`. resolveClientsForMode is async and checks plugin support before swapping — older CLIs quietly keep ClaudeCodeMCPClient instead of failing during `marketplace add`. #7 single-Claude-Code hid plugin/MCP choice (medium, Bugbot): detected.length === 1 routed to Phase.Ask, which doesn't show the split picker. Now: if the lone detected tool is Claude Code and no escape hatch is set, route to Phase.Pick so the user sees plugin vs MCP rows. #8 resolveSelection misleading default (low, Bugbot): wantsPlugin || !wantsMcp ? 'plugin' : 'mcp' returned 'plugin' when the user unchecked both Claude Code rows. Simplified to wantsPlugin ? 'plugin' : 'mcp' — explicit semantics, still correct since downstream guards the Claude-Code-absent case. #9 Codex Windows detection (low, Bugbot): `command -v` is POSIX-only; Windows never matched. Use `where codex` on win32, `command -v codex` on POSIX. Take the first line since `where` may return multiple paths. Narrowed the bundled-app exclusion to macOS only (Conductor-specific). #10 multi-picker uncheck-all dead code (medium, Bugbot): MultiPickerMenu's Enter handler fell back to the focused row when selected was empty, so a user who unchecked every pre-selected row got one install instead of a skip. Now: if defaultSelected was provided, an empty set means deliberate — pass [] through to the caller. Also fixed lexicographic index sort → numeric. #? dev script env var at build-time (low, Bugbot): `AMPLITUDE_WIZARD_DEV=1 pnpm build` only scoped the var to the build subprocess, not the globally-linked binary. Removed from the `dev` script since it was ineffective there — `try` still sets it at runtime where it actually works. Addressed in comment, no code change: #2 non-atomic settings.json write — already replaced with `claude plugin marketplace add` CLI in commit 4679fc4. No direct file write remains. 974 tests pass, lint clean, smoke test passes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
30 tasks
6 tasks
This was referenced Apr 25, 2026
7 tasks
6 tasks
kelsonpw
added a commit
that referenced
this pull request
Apr 26, 2026
Closes #297. Real user log (run_id 66d9fa51, Sentry #7442894144) showed the wizard crashing ~40s into the new attempt with: CLI stderr: Error in hook callback hook_0: Error: Stream closed at m98.sendRequest … Tool permission request failed: Error: Stream closed Root cause: the outer retry loop in `runAgent` calls `signalDone()` and then `continue`s to the next attempt without telling the SDK its prior Query iterator is done. The SDK's underlying subprocess remains alive just long enough for an in-flight tool-use message to fire our PreToolUse hook callback through a stdio bridge that is mid-teardown. The bridge fails on `m98.sendRequest`, the SDK converts the failure into a tool_result with `is_error: true`, and the run dies because the agent can't recover from a tool-permission failure. Fix: hoist the SDK `Query` (an `AsyncIterable<unknown>` here, but its concrete `Query` type extends `AsyncGenerator`) so the catch and post-stream retry paths can call `.return()` on it before the next attempt. `.return()` propagates an EOF down the AsyncGenerator protocol; the SDK closes its stdio cleanly. Errors from `.return()` itself are expected during teardown and are swallowed via a tiny `drainPriorResponse` helper. Defense in depth: also add `'Stream closed'` to the transient error pattern list. If a Stream closed somehow does still bubble out (e.g. late SDK cleanup), the catch path treats it as transient and retries cleanly instead of throwing API_ERROR. Tests: - New: drains the prior response iterator before retrying after a transient API error — spies on .return() and asserts it fires during attempt #1, before query() is invoked for attempt #2. - New: classifies Stream closed errors as transient and retries — locks down the defense-in-depth pattern. - Existing 119 runAgent tests still green (stall retry, GATEWAY_DOWN classification, race-condition handling, legacy text markers, etc.). Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
5 tasks
kelsonpw
added a commit
that referenced
this pull request
Apr 28, 2026
…331) * fix: gracefully handle late-stage API errors so users see the Outro Two related fixes for a UX gap surfaced when an agent run hits an API error AFTER all the meaningful work (events instrumented, dashboard created, setup report written) has completed. Symptom: the wizard would call wizardAbort -> getUI().cancel() -> process.exit(NETWORK_ERROR) before Ink had time to render the next frame, so the user saw a half-rendered "API error occurred" status banner and a sudden process death — no MCP install offer, no Slack prompt, no Outro screen with bug-report hotkeys, and a misleading network error code in CI even though the project was fully set up. ## Fix #1 — wizardAbort awaits OutroScreen dismissal in TUI mode - WizardUI.cancel() returns Promise<void> instead of void. - InkUI: returns a promise that resolves when the OutroScreen is dismissed (keypress / picker action) OR after a 5-minute safety timeout. The TUI now actually gets to render the failure state. - AgentUI / LoggingUI: resolve immediately. No TUI to render, no human to interact. - WizardStore exposes outroDismissed() / signalOutroDismissed() — a one-shot promise that bridges the OutroScreen render loop to wizardAbort. Idempotent and pre-resolves correctly when dismissal arrives before any awaiter (race-safe). - OutroScreen non-success keypress handler now calls store.signalOutroDismissed() instead of process.exit(0). Lets wizardAbort drive the actual exit with the right exit code, run analytics shutdown, and flush Sentry — none of which were happening before because process.exit(0) jumped the queue. - wizardAbort awaits getUI().cancel() before process.exit. UI errors in the await are caught + ignored so a busted UI can't trap the user in a hung process. ## Fix #2 — soft-error path: agent finished, just continue - New `agentArtifactsLookComplete(session)` predicate checks for the dashboard URL on the session. The dashboard MCP create is the last thing the agent does in its conclude phase, after events are instrumented and the setup report is written; if it succeeded, the user's project is in a working state. - API_ERROR / RATE_LIMIT branch in runAgentWizardBody now splits: - artifacts complete -> log a soft-error analytics event, surface a non-fatal status banner, fall through to the post-agent steps (env upload, MCP, Slack, DataIngestion, Outro). User gets the full success experience minus a "late API call failed but your setup is complete" warning. - artifacts missing -> existing hard-abort path, now extracted into `abortOnApiError()` for clarity. ## Tests - src/ui/tui/__tests__/store.test.ts: outroDismissed resolves on signalOutroDismissed, returns the same promise for concurrent awaiters, pre-resolves on early dismissal, and is idempotent. - src/lib/__tests__/agent-runner.test.ts: agentArtifactsLookComplete returns true with a real dashboard URL, false with null, false with empty string. Verified: pnpm lint clean (1 pre-existing warning in untouched code), pnpm test 1660 passing (+7 new tests). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: address bugbot findings on wizardAbort sequencing Two related bugbot findings on PR 331: 1. **Medium: outro-hotkey analytics events were silently dropped.** `analytics.shutdown()` ran before `getUI().cancel(...)`, but cancel now blocks until the user dismisses the OutroScreen. Any `wizardCapture` calls fired during that interaction — `'error outro log opened'` (press L), `'error outro bug report written'` (press C) — got queued *after* the final flush and dropped on `process.exit`. Fix: flip the order to cancel-then-shutdown so those events are flushed in the post-outro batch. 2. **High: process hangs on the version-check cancel path.** `agent-runner.ts` `runAgentWizard` called `getUI().cancel(...)` then `return false` for unsupported framework versions. With cancel now async + awaiting outro dismissal, the user dismisses the outro but nothing exits — Ink keeps the event loop alive indefinitely. The old `process.exit(0)` in OutroScreen used to be the de-facto exit for this path; replacing it with `signalOutroDismissed()` exposed the hang. Fix: route this path through `wizardAbort` (which always exits), and extend `wizardAbort` to forward `cancelOptions.docsUrl` so the manual setup link still surfaces in the Outro. Tests: - New: cancel-before-shutdown ordering, cancelOptions.docsUrl forwarding. - Updated: existing ordering tests flipped to match new sequence; cancel-call-arity expectations include the new options arg. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced Apr 28, 2026
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps esbuild to 0.25.12 and updates ancestor dependency vitest. These dependencies need to be updated together.
Updates
esbuildfrom 0.21.5 to 0.25.12Release notes
Sourced from esbuild's releases.
... (truncated)
Changelog
Sourced from esbuild's changelog.
... (truncated)
Commits
208f539publish 0.25.12 to npm5f03afdupdate release notes6b2ee78minify: remove css rules containing empty:is()f361debadd some additional known static methods07aa646automatically mark "RegExp.escape()" calls as pure9039c46simplify some call expression checks188944dadd some additional known static methodsd3c67f9fix #4310: addIteratorand other known globals4a51f0bfix: escape dev server breadcrumb hrefs properly (#4316)26b29edfix #4315:@mediadeduplication bug edge caseUpdates
vitestfrom 2.1.9 to 4.0.15Release notes
Sourced from vitest's releases.
... (truncated)
Commits
eb1abf0chore: release v4.0.15a68f74efeat(cache): add opt-out on a plugin level, fix internal root cache (#9154)122ff32feat(reporters): print import duration breakdown (#9105)0d2e7e3fix(browser): runtoMatchScreenshotonly once when used with `expect.elemen...d57d8bffix(pool): terminate workers onCTRL+cforceful exits (#9140)bb65e15fix(reporters): show project in github reporter (#9138)52b242bchore(deps): update all non-major dependencies (#9133)4c75492fix: fix external behavior withdeps.optimizer(#9125)a5d98fdrefactor(vitest): get current test name from task property (#9120)fd8bd6dfix: useoptimizeDeps.rolldownOptionsto fix depreated warning + fix `ssr.e...Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vitest since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.