chore(deps-dev): bump vitest from 3.2.4 to 3.2.6#4183
Conversation
|
|
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit ae3cfc4. Configure here.
| needle@https://codeload.github.com/clearbit/needle/tar.gz/84d28b5f2c3916db1e7eb84aeaa9d976cc40054b: | ||
| resolution: {tarball: https://codeload.github.com/clearbit/needle/tar.gz/84d28b5f2c3916db1e7eb84aeaa9d976cc40054b} | ||
| needle@git+https://git@github.com:clearbit/needle.git#84d28b5f2c3916db1e7eb84aeaa9d976cc40054b: | ||
| resolution: {commit: 84d28b5f2c3916db1e7eb84aeaa9d976cc40054b, repo: git@github.com:clearbit/needle.git, type: git} |
There was a problem hiding this comment.
Needle lockfile uses SSH git
High Severity
The clearbit dependency’s needle resolution was changed from an HTTPS tarball to a git@github.com SSH git URL. Root pnpm i --frozen-lockfile in CI (e.g. backend lint) may fail without SSH keys or when port 22 is blocked, even though the commit and package stayed the same.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit ae3cfc4. Configure here.
| engines: {node: ^18.0.0 || >=20.0.0} | ||
| vite@7.3.5: | ||
| resolution: {integrity: sha512-KuOaNhcnGFN2zIPGA7wRmzF+lJA1sea7rHq17aiJ++9lzY1WWG6Jpwqwe1KNbRVPIqHmr8GLYx7jbrQcN/7/ww==} | ||
| engines: {node: ^20.19.0 || >=22.12.0} |
There was a problem hiding this comment.
Vite seven needs newer Node
Medium Severity
Bumping vitest re-resolved vite from 5.4.x to 7.3.5, which declares node: ^20.19.0 || >=22.12.0. The repo root still allows node >=20.0.0, so pnpm test / vitest run can fail on Node 20.0–20.18 with an engine error despite satisfying root engines.
Reviewed by Cursor Bugbot for commit ae3cfc4. Configure here.
ae3cfc4 to
d8f77ef
Compare
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 3.2.4 to 3.2.6. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v3.2.6/packages/vitest) --- updated-dependencies: - dependency-name: vitest dependency-version: 3.2.6 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
d8f77ef to
66a78d7
Compare
Bumps vitest from 3.2.4 to 3.2.6.
Release notes
Sourced from vitest's releases.
Commits
b6d56f8chore: release v3.2.616f120dfix: pin last supported vite-node version2cbad0achore: release v3.2.5385a1aefix(browser): disable clientcdpAPI whenallowWrite/allowExec: false[ba...af88b1ffeat(api): addallowWriteandallowExecoptions toapi[backport to v3]...Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.
Note
Low Risk
Dev-only test dependency bump with lockfile churn; no runtime service code changes, though CI/local tests may behave differently under vite 7.
Overview
Bumps vitest from
3.2.4to3.2.6in@crowd/packages-workerand@crowd/data-access-layerdevDependencies, withpnpm-lock.yamlrefreshed for the new test toolchain.The lockfile also picks up vitest’s updated graph—notably vite
5.4.21→7.3.5, esbuild0.21.5→0.27.7, and matching rollup /@vitest/*3.2.6packages—plus minor transitive bumps (e.g.postcss,nanoid,tinyglobby) and aclearbitneedle git URL representation change. No application source changes.Reviewed by Cursor Bugbot for commit 66a78d7. Bugbot is set up for automated code reviews on this repo. Configure here.