feat(deps): upgrade upstream dependencies#515
Conversation
There was a problem hiding this comment.
Pull request overview
This PR upgrades several upstream dependencies as part of an automated daily upgrade process. The changes include upgrades to oxc packages (runtime, types, parser, transform, minify), oxlint-tsgolint, and rolldown with its associated upstream hash updates.
Changes:
- Upgraded oxc-related packages from 0.110.0 to 0.111.0
- Upgraded oxlint-tsgolint from 0.11.2 to 0.11.3
- Updated rolldown bundled version from 1.0.0-rc.1 to 1.0.0-rc.2
- Updated upstream hash for rolldown repository
- Added new Cargo dependencies (memchr) to rolldown internal modules
Reviewed changes
Copilot reviewed 3 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| pnpm-workspace.yaml | Updated catalog versions for oxc packages (runtime, types, parser, transform, minify) from 0.110.0 to 0.111.0, and oxlint-tsgolint from 0.11.2 to 0.11.3 |
| pnpm-lock.yaml | Updated lock file entries for all upgraded packages including their platform-specific bindings and snapshots |
| packages/tools/.upstream-versions.json | Updated rolldown upstream git hash to track latest changes |
| packages/core/package.json | Updated bundledVersions.rolldown from 1.0.0-rc.1 to 1.0.0-rc.2 |
| Cargo.lock | Added memchr dependency to rolldown_ecmascript_utils and rolldown_utils to rolldown_plugin_vite_load_fallback |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| oxc-minify: =0.110.0 | ||
| oxc-parser: =0.110.0 | ||
| oxc-transform: =0.110.0 | ||
| oxc-minify: =0.111.0 |
There was a problem hiding this comment.
The oxc-minify version in docs/package.json is still at 0.110.0, but the catalog has been upgraded to 0.111.0. Since this is an automated dependency upgrade PR, the docs package should also be upgraded to use the new version 0.111.0 to maintain consistency across the codebase. Consider either updating docs/package.json to use "catalog:" instead of a fixed version, or updating the version to "^0.111.0".
Fast-forward over the previous ca55bb23 pin (contains it), so no divergence. The new head merged main, so it now carries main's v0.2.3 release commit (417b6aae, the two dep-bump chores my earlier pin was missing) plus ef49b4ac (fix: clarify task process wait errors, #515) and the v0.2.4 dep bump. The prompt param the picker needs is unchanged; snapshots are byte-stable. Final pin still moves to the merged SHA once #510 lands.
Fast-forward over the previous ca55bb23 pin (contains it), so no divergence. The new head merged main, so it now carries main's v0.2.3 release commit (417b6aae, the two dep-bump chores my earlier pin was missing) plus ef49b4ac (fix: clarify task process wait errors, #515) and the v0.2.4 dep bump. The prompt param the picker needs is unchanged; snapshots are byte-stable. Final pin still moves to the merged SHA once #510 lands.
Fast-forward over the previous ca55bb23 pin (contains it), so no divergence. The new head merged main, so it now carries main's v0.2.3 release commit (417b6aae, the two dep-bump chores my earlier pin was missing) plus ef49b4ac (fix: clarify task process wait errors, #515) and the v0.2.4 dep bump. The prompt param the picker needs is unchanged; snapshots are byte-stable. Final pin still moves to the merged SHA once #510 lands.
Fast-forward over the previous ca55bb23 pin (contains it), so no divergence. The new head merged main, so it now carries main's v0.2.3 release commit (417b6aae, the two dep-bump chores my earlier pin was missing) plus ef49b4ac (fix: clarify task process wait errors, #515) and the v0.2.4 dep bump. The prompt param the picker needs is unchanged; snapshots are byte-stable. Final pin still moves to the merged SHA once #510 lands.
Fast-forward over the previous ca55bb23 pin (contains it), so no divergence. The new head merged main, so it now carries main's v0.2.3 release commit (417b6aae, the two dep-bump chores my earlier pin was missing) plus ef49b4ac (fix: clarify task process wait errors, #515) and the v0.2.4 dep bump. The prompt param the picker needs is unchanged; snapshots are byte-stable. Final pin still moves to the merged SHA once #510 lands.
Fast-forward over the previous ca55bb23 pin (contains it), so no divergence. The new head merged main, so it now carries main's v0.2.3 release commit (417b6aae, the two dep-bump chores my earlier pin was missing) plus ef49b4ac (fix: clarify task process wait errors, #515) and the v0.2.4 dep bump. The prompt param the picker needs is unchanged; snapshots are byte-stable. Final pin still moves to the merged SHA once #510 lands.
Fast-forward over the previous ca55bb23 pin (contains it), so no divergence. The new head merged main, so it now carries main's v0.2.3 release commit (417b6aae, the two dep-bump chores my earlier pin was missing) plus ef49b4ac (fix: clarify task process wait errors, #515) and the v0.2.4 dep bump. The prompt param the picker needs is unchanged; snapshots are byte-stable. Final pin still moves to the merged SHA once #510 lands.
Automated daily upgrade of upstream dependencies:
Build status: success
Note
Medium Risk
Primarily dependency bumps across the bundling/tooling stack (
rolldown,oxc-*, lint/format binaries), which can subtly change build output or parsing/transform behavior despite minimal code changes.Overview
Updates upstream tooling dependencies, bumping the bundled
rolldownversion inpackages/corefrom1.0.0-rc.1to1.0.0-rc.2and advancing the trackedrolldownupstream commit hash.Refreshes the workspace lockfiles to
oxc-*0.111.0(parser/transform/runtime/types) andoxlint-tsgolint0.11.3/oxfmt0.27.0, plus small Rust-side dependency adjustments reflected inCargo.lock.Written by Cursor Bugbot for commit b14d319. This will update automatically on new commits. Configure here.