Skip to content

chore(deps): bump @decocms/start to 5.3.0-rc.2#50

Merged
vibe-dex merged 1 commit into
nextfrom
fix/segment-cookie-test
May 19, 2026
Merged

chore(deps): bump @decocms/start to 5.3.0-rc.2#50
vibe-dex merged 1 commit into
nextfrom
fix/segment-cookie-test

Conversation

@vibe-dex
Copy link
Copy Markdown
Contributor

@vibe-dex vibe-dex commented May 19, 2026
edited by cubic-dev-ai Bot
Loading

Summary

Bumps `@decocms/start` from the deprecated `5.3.0-rc.0` to `5.3.0-rc.2` (the o11y stack rebased onto the post-revert main).

Brings the operations work on this branch (createVtexFetch / createShopifyFetch / fetchWithCache wiring) onto a non-broken framework foundation. Both rc.0 and rc.1 were npm-deprecated upstream after PR #164's framework-agnostic-entrypoints refactor was reverted in decocms/deco-start#181 (loaders 404'd, direct-POST observability silently no-op'd).

Notes

  • The o11y API surface (`instrumentWorker`, `withTracing`, `recordCacheMetric`, `injectTraceContext`, `createOtlpHttpMeterAdapter`, `createOtlpHttpErrorLogAdapter`) is identical between rc.0 and rc.2 — no source changes needed.
  • rc.2 dropped the `next: '>=15.0.0'` peer dep (Next.js entrypoint was reverted upstream). `apps-start` never imported from `@decocms/start/next`, so this is a no-op for us.

Validation

  • `npm run typecheck` — clean.
  • `npm test` — 413/413 passing.

What this enables

  • Merging this to `next` cuts `@decocms/apps@1.15.0-next.2` (via semantic-release on `next`), which casaevideo PR #264 (Phase 4) will pin alongside `@decocms/start@5.3.0-rc.2` for end-to-end o11y preview validation.

Lockfile churn

The `package-lock.json` diff is large because npm re-resolved peer-deps when bumping. Spot-checked: the only intentional version change is `@decocms/start: 5.3.0-rc.0 → 5.3.0-rc.2`. Other "removals" are npm consolidating duplicated transitive trees.

Made with Cursor

Summary by cubic

Bump @decocms/start from 5.3.0-rc.0 to 5.3.0-rc.2 to replace deprecated builds and fix framework regressions (loader 404s, no-op direct-POST observability). The o11y API is unchanged; no source changes needed.

  • Dependencies
    • Update peerDependencies and devDependencies to @decocms/start@5.3.0-rc.2.
    • rc.2 removes the next peer; this repo does not use @decocms/start/next.

Written for commit 62dc4a4. Summary will update on new commits. Review in cubic

@vibe-dex @cursoragent
chore(deps): bump @decocms/start to 5.3.0-rc.2
62dc4a4 
5.3.0-rc.0 (currently pinned) and 5.3.0-rc.1 were both deprecated upstream
because they carried PR #164's framework-agnostic-entrypoints refactor, which
duplicated module-level state across bundled entries (loaders 404'd,
direct-POST observability channels no-op'd). Upstream reverted on main
(@decocms/start@5.2.2) and re-applied the o11y stack on the src/-exports
baseline as 5.3.0-rc.2.

Substantive deltas the o11y operations work in this branch depends on
(createVtexFetch / createShopifyFetch / fetchWithCache wiring) are
preserved in rc.2 — the o11y API surface (instrumentWorker, withTracing,
recordCacheMetric, injectTraceContext, createOtlpHttpMeterAdapter,
createOtlpHttpErrorLogAdapter) is identical between rc.0 and rc.2.

Typecheck + 413 vitest tests pass against rc.2.

Drops the `next: >=15.0.0` peer (Next.js entrypoint was reverted from
@decocms/start). apps-start never imported from @decocms/start/next so
no source changes needed.

Co-authored-by: Cursor <cursoragent@cursor.com>
@vibe-dex vibe-dex requested a review from a team May 19, 2026 17:37
@vibe-dex vibe-dex merged commit cc6b66c into next May 19, 2026
1 check passed
@vibe-dex vibe-dex mentioned this pull request May 19, 2026
Merged
vibe-dex added a commit that referenced this pull request May 19, 2026
@vibe-dex @cursoragent
fix(deps): restore complete package-lock.json after rc.2 bump (#51)
d51be79 
PR #50 (chore(deps): bump @decocms/start to 5.3.0-rc.2) shipped with a
truncated lockfile produced via `npm install --legacy-peer-deps`. The
legacy-peer-deps flag was a workaround for a local registry config issue
(a global npmrc pointing at npm.pkg.github.com/bawclothing/ was intercepting
public-package fetches), not because of a real peer-dep conflict.

The truncated lockfile passed local `npm test` (which doesn't require a
complete tree for resolved test deps) but blocked the Release workflow's
`npm ci` — strict-frozen install that fails on any missing transitive
package — so semantic-release never ran and 1.15.0-next.2 was not cut.

This commit regenerates the lockfile with the public registry forced
(`npm_config_registry=https://registry.npmjs.org/ npm install`), restoring
504 packages and the full transitive tree. typecheck + 413 vitest tests
pass against rc.2.

Co-authored-by: Cursor <cursoragent@cursor.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vibe-dex