chore(deps): bump vite-plus to pkg-pr-new pr-1588#6
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the vite-plus dependency in both the root and playground package.json files to a pre-release URL, and adds exclusion rules to .npmrc for min-release-age. The reviewer recommends pinning the vite-plus dependency to a specific commit SHA instead of the mutable PR number to ensure build reproducibility and stability.
| "typescript": "^6.0.3", | ||
| "vite": "^8.0.10", | ||
| "vite-plus": "^0.1.19", | ||
| "vite-plus": "https://pkg.pr.new/voidzero-dev/vite-plus@1588", |
There was a problem hiding this comment.
The dependency is currently pointing to the mutable PR number @1588 (https://pkg.pr.new/voidzero-dev/vite-plus@1588). Since PRs can receive new commits, this can lead to non-reproducible builds. To ensure stability and reproducibility (as also noted in the PR description: overrides → SHA-pinned (5577b01)), please pin the dependency to the specific commit SHA instead of the PR number.
| "vite-plus": "https://pkg.pr.new/voidzero-dev/vite-plus@1588", | |
| "vite-plus": "https://pkg.pr.new/voidzero-dev/vite-plus@5577b01", |
| "typescript": "^6.0.3", | ||
| "vite": "^8.0.3", | ||
| "vite-plus": "^0.1.19", | ||
| "vite-plus": "https://pkg.pr.new/voidzero-dev/vite-plus@1588", |
There was a problem hiding this comment.
Similar to the root package.json, please pin this dependency to the specific commit SHA 5577b01 instead of the mutable PR number @1588 to ensure build reproducibility.
| "vite-plus": "https://pkg.pr.new/voidzero-dev/vite-plus@1588", | |
| "vite-plus": "https://pkg.pr.new/voidzero-dev/vite-plus@5577b01", |
1 participant
Summary
Bump vite-plus to pkg-pr-new build for PR #1588 (replace @voidzero-dev/vite-plus-test wrapper with upstream vitest@4.1.5).
Test plan