Skip to content

chore(deps): upgrade vite-plus to 0.1.18#35300

Merged
lyzno1 merged 1 commit intomainfrom
codex/bump-vite-plus-0.1.18
Apr 16, 2026
Merged

chore(deps): upgrade vite-plus to 0.1.18#35300
lyzno1 merged 1 commit intomainfrom
codex/bump-vite-plus-0.1.18

Conversation

@lyzno1
Copy link
Copy Markdown
Member

@lyzno1 lyzno1 commented Apr 16, 2026

Summary

  • upgrade the workspace catalog from vite-plus / @voidzero-dev/vite-plus-core / @voidzero-dev/vite-plus-test 0.1.16 to 0.1.18
  • refresh pnpm-lock.yaml so every importer resolves to the patched Vite+ packages with no 0.1.16 residue left behind
  • keep the change limited to dependency metadata and lockfile updates

Why

Dependabot alert #312 flags vite-plus <= 0.1.16 for GHSA-33r3-4whc-44c2. The first patched version is 0.1.17, and the current stable release is 0.1.18, so this PR moves the monorepo to the latest stable patched line.

Impact

  • removes the vulnerable vite-plus resolution from the workspace
  • keeps vite, vite-plus, and vitest aliases aligned to the same upstream release
  • updates transitive Vite+ bundled tooling in the lockfile as part of the upstream package refresh

Validation

  • npx -y pnpm@10.33.0 --dir web type-check:tsgo
  • npx -y pnpm@10.33.0 --dir web lint (completed with 0 errors; existing repo-wide warnings remain)
  • rg -n '0\.1\.16' pnpm-lock.yaml pnpm-workspace.yaml

@github-actions github-actions Bot added the web This relates to changes on the web. label Apr 16, 2026
@lyzno1 lyzno1 marked this pull request as ready for review April 16, 2026 04:24
@dosubot dosubot Bot added size:XS This PR changes 0-9 lines, ignoring generated files. dependencies Pull requests that update a dependency file labels Apr 16, 2026
@lyzno1 lyzno1 enabled auto-merge April 16, 2026 04:30
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 16, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.10%. Comparing base (665978a) to head (ab4fefe).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #35300      +/-   ##
==========================================
- Coverage   85.10%   85.10%   -0.01%     
==========================================
  Files        4399     4399              
  Lines      201355   201355              
  Branches    38299    38299              
==========================================
- Hits       171369   171366       -3     
- Misses      26882    26885       +3     
  Partials     3104     3104
Flag Coverage Δ
web 86.23% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@lyzno1 lyzno1 added this pull request to the merge queue Apr 16, 2026
@dosubot dosubot Bot added the lgtm This PR has been approved by a maintainer label Apr 16, 2026
Merged via the queue into main with commit 70556d9 Apr 16, 2026
35 checks passed
@lyzno1 lyzno1 deleted the codex/bump-vite-plus-0.1.18 branch April 16, 2026 04:47
HanqingZ pushed a commit to HanqingZ/dify that referenced this pull request Apr 23, 2026
@lyzno1 @HanqingZ
chore(deps): upgrade vite-plus to 0.1.18 (langgenius#35300)
38f0287
asukaminato0721 pushed a commit to asukaminato0721/dify that referenced this pull request Apr 24, 2026
@lyzno1 @asukaminato0721
chore(deps): upgrade vite-plus to 0.1.18 (langgenius#35300)
92ab5e1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hyoban hyoban hyoban approved these changes

@crazywoola crazywoola Awaiting requested review from crazywoola crazywoola is a code owner

@laipz8200 laipz8200 Awaiting requested review from laipz8200 laipz8200 is a code owner

@Yeuoly Yeuoly Awaiting requested review from Yeuoly Yeuoly is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file lgtm This PR has been approved by a maintainer size:XS This PR changes 0-9 lines, ignoring generated files. web This relates to changes on the web.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lyzno1 @hyoban