Skip to content

build(deps): bump @tanstack/react-virtual from 3.14.2 to 3.14.3#154

Merged
qnbs merged 1 commit into
mainfrom
dependabot/npm_and_yarn/tanstack/react-virtual-3.14.3
Jun 16, 2026
Merged

build(deps): bump @tanstack/react-virtual from 3.14.2 to 3.14.3#154
qnbs merged 1 commit into
mainfrom
dependabot/npm_and_yarn/tanstack/react-virtual-3.14.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps @tanstack/react-virtual from 3.14.2 to 3.14.3.

Release notes

Sourced from @​tanstack/react-virtual's releases.

@​tanstack/react-virtual@​3.14.3

Patch Changes

  • #1201 2ba5eb6 - Make directDomUpdates a no-op for direct DOM writes when containerRef is omitted. Previously the virtualizer still wrote item positions while never sizing the container (a broken half-state). Now omitting containerRef skips all direct writes while still skipping re-renders, letting consumers own the DOM updates themselves (e.g. in onChange).

  • Updated dependencies [ef69ea3]:

    • @​tanstack/virtual-core@​3.17.1
Changelog

Sourced from @​tanstack/react-virtual's changelog.

3.14.3

Patch Changes

  • #1201 2ba5eb6 - Make directDomUpdates a no-op for direct DOM writes when containerRef is omitted. Previously the virtualizer still wrote item positions while never sizing the container (a broken half-state). Now omitting containerRef skips all direct writes while still skipping re-renders, letting consumers own the DOM updates themselves (e.g. in onChange).

  • Updated dependencies [ef69ea3]:

    • @​tanstack/virtual-core@​3.17.1
Commits
  • 75ae896 ci: Version Packages (#1202)
  • 2ba5eb6 fix(react-virtual): make directDomUpdates a no-op without containerRef (#1201)
  • ef69ea3 fix(virtual-core): adjust scroll on first measurement during backward scroll ...
  • 932c358 test(react-virtual): add e2e test for React Compiler with directDomUpdates, b...
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 15, 2026
@dependabot
dependabot Bot requested a review from qnbs as a code owner June 15, 2026 23:51
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 15, 2026
@vercel

vercel Bot commented Jun 15, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
storycraft-studio Error Error Jun 16, 2026 9:37pm
worldscript-studio Ready Ready Preview, Comment Jun 16, 2026 9:37pm

@codeant-ai

codeant-ai Bot commented Jun 15, 2026

Copy link
Copy Markdown

Skipping PR review because a bot author is detected.

If you want to trigger CodeAnt AI, comment @codeant-ai review to trigger a manual review.

@socket-security

socket-security Bot commented Jun 15, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatednpm/​@​tanstack/​react-virtual@​3.14.2 ⏵ 3.14.31001006998100

View full report

@qnbs

qnbs commented Jun 16, 2026

Copy link
Copy Markdown
Owner

@dependabot rebase

@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/tanstack/react-virtual-3.14.3 branch from 5e0dc90 to 76d0d31 Compare June 16, 2026 09:12
qnbs added a commit that referenced this pull request Jun 16, 2026
The prior cooldown used default-days: 3, but .npmrc enforces
minimum-release-age=10080 (7 days) at `pnpm install --frozen-lockfile`.
A 3-day cooldown still produces PRs that fail CI for 4 more days with
ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION (e.g. #154/#155). Raise all three
ecosystems (npm, cargo, github-actions) to default-days: 7 so a release is
never PR'd before the install gate would accept it.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
qnbs added a commit that referenced this pull request Jun 16, 2026
CodeAnt flagged the post-release section still documenting a 3-day
cooldown while .github/dependabot.yml configures default-days: 7. Align
the AUDIT entry to 7 days, cite dependabot.yml as the source of truth,
and refresh the open-queue status (candle-nn merged, dev-tooling
playwright-core dedup, #154/#155 minimum-release-age quarantine).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@qnbs

qnbs commented Jun 16, 2026

Copy link
Copy Markdown
Owner

@dependabot rebase

Bumps [@tanstack/react-virtual](https://github.com/TanStack/virtual/tree/HEAD/packages/react-virtual) from 3.14.2 to 3.14.3.
- [Release notes](https://github.com/TanStack/virtual/releases)
- [Changelog](https://github.com/TanStack/virtual/blob/main/packages/react-virtual/CHANGELOG.md)
- [Commits](https://github.com/TanStack/virtual/commits/@tanstack/react-virtual@3.14.3/packages/react-virtual)

---
updated-dependencies:
- dependency-name: "@tanstack/react-virtual"
  dependency-version: 3.14.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/tanstack/react-virtual-3.14.3 branch from 76d0d31 to 24af0db Compare June 16, 2026 21:37
@qnbs
qnbs merged commit 0745f63 into main Jun 16, 2026
17 checks passed
@qnbs
qnbs deleted the dependabot/npm_and_yarn/tanstack/react-virtual-3.14.3 branch June 16, 2026 21:59
qnbs added a commit that referenced this pull request Jun 16, 2026
…own + CI fixes (#168)

* docs(v1.23): post-release corpus sync — metrics, flags, roadmap, history archival

Reconcile all repo documentation with the shipped v1.23.0 code:
- README metrics re-synced (2706->2709 keys, 481->485 test files) via sync-readme-metrics
- AUDIT.md header advanced v1.22.0->v1.23.0 (version, quality gate, follow-up chain) + new post-release pass section
- CLAUDE.md feature flags corrected 21->23; default model was inverted (full set on, only 5 opt-in off); retired flags removed
- featureFlagsSlice JSDoc: 3 (default: true) annotations that contradicted runtime defaults fixed to (default: false)
- AGENTS.md bundle budget 6500/4000 -> 6200/2500
- ROADMAP/TODO: v1.23 ACTIVE -> RELEASED 2026-06-16; forward work consolidated into Upcoming block
- ADR-0008 present-tense brand StoryCraft -> WorldScript Studio
- Archived finished plans + checkpoints into docs/history/ (git mv); inbound links repaired

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* ci(v1.23): dependabot cooldown + tauri updater asset-URL fix

- dependabot.yml: add cooldown default-days:3 to npm/cargo/github-actions so new
  releases age 3 days before a PR is opened (dependabot.yml equivalent of the
  .npmrc minimum-release-age already set for pnpm install-time)
- tauri-build.yml: normalize space->dot in updater asset URLs (GitHub renames
  uploaded assets) and pass --repo to gh release upload (job has no checkout)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* ci(v1.23): align dependabot cooldown to 7-day minimum-release-age policy

The prior cooldown used default-days: 3, but .npmrc enforces
minimum-release-age=10080 (7 days) at `pnpm install --frozen-lockfile`.
A 3-day cooldown still produces PRs that fail CI for 4 more days with
ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION (e.g. #154/#155). Raise all three
ecosystems (npm, cargo, github-actions) to default-days: 7 so a release is
never PR'd before the install gate would accept it.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs(v1.23): fix README feature-flag drift flagged by CodeAnt

- Remove enableCrossProjectSearch as a feature flag (promoted to permanent
  core behaviour in v1.8; the slice has no such flag).
- enableIdbAtRestEncryption is on by default since v1.23 (slice default
  true), not off — correct the IDB at-rest encryption section.

Brings top-level README in lockstep with featureFlagsSlice.ts defaults and
the AUDIT.md v1.23.0 doc-corpus claim.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs(v1.23): correct AUDIT dependabot-cooldown entry to 7 days

CodeAnt flagged the post-release section still documenting a 3-day
cooldown while .github/dependabot.yml configures default-days: 7. Align
the AUDIT entry to 7 days, cite dependabot.yml as the source of truth,
and refresh the open-queue status (candle-nn merged, dev-tooling
playwright-core dedup, #154/#155 minimum-release-age quarantine).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs(v1.23): reconcile all flag docs to the 23-flag model (CodeAnt wave)

CodeAnt flagged that AUDIT's "doc corpus in lockstep" claim was
contradicted by stale flag metadata across the corpus. Bring every
current-state flag reference into line with featureFlagsSlice.ts
(23 flags, 18 default-on, 5 opt-in default-off):

- docs/FEATURE-PARITY.md: correct the Default column, drop the four
  retired/promoted flags (enableCodexAutoTracking, enableCrossProjectSearch,
  enablePlotBoardV2, enableCloudSync), add the four newer flags
  (enableWorkerBusV2, enableRustCompute, enableGlobalCopilot,
  enableLocalFirstSync); refresh header + drift summary.
- AGENTS.md: featureFlags count + the WorkerBus/RustCompute/DuckDB
  "off by default" notes (all on); replace the "~20 flags, a few on"
  blurb with the full-set-on model.
- .github/copilot-instructions.md: 23-flag model, enableProForge on,
  drop retired enableCloudSync from the v2.0-stubs list.
- docs/PLUGINS-BETA.md, docs/IDB-ENCRYPTION.md, .github/SECURITY.md:
  enablePluginSystem / enableIdbAtRestEncryption are on by default.
- AUDIT.md: implementation-map flag bullet refreshed.

Dated historical audit sections (v1.9.0 "12 flags" etc.) left intact.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant