chore(deps): bump vite-plus to v0.1.24#8
Conversation
…owngrade pkg.pr.new entries lack time metadata, which trustPolicy: no-downgrade rejects. Add the vite-plus stack to trustPolicyExclude so the supply-chain check passes.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the vite-plus dependency and related @voidzero-dev packages to use temporary pkg.pr.new builds across the workspace, lockfile, and templates, alongside adjusting release age and trust policy exclusions in pnpm-workspace.yaml. Feedback highlights a critical issue where hardcoding a temporary, short-lived pkg.pr.new URL in the default template's package.json will lead to installation failures for end-users once the build expires, suggesting a stable version range instead.
| "@typescript/native-preview": "^7.0.0-dev.20260527.2", | ||
| "tailwindcss": "^4.3.0", | ||
| "vite-plus": "^0.1.23" | ||
| "vite-plus": "https://pkg.pr.new/voidzero-dev/vite-plus@1738" |
There was a problem hiding this comment.
Hardcoding a temporary pkg.pr.new URL in a template package.json is problematic because these builds are short-lived and can be deleted or expire. When end-users use create-rari-app to bootstrap a new project, their installation will fail once this temporary build is no longer available. Please use a stable version range instead.
| "vite-plus": "https://pkg.pr.new/voidzero-dev/vite-plus@1738" | |
| "vite-plus": "^0.1.24" |
fengmk2
changed the title
1 participant
Summary
Bump
vite-plusand related packages to the pkg.pr.new prerelease build for v0.1.24.Updated where applicable:
vite-plus-> pkg.pr.newvite/vitestaliases and overrides ->@voidzero-dev/vite-plus-core/@voidzero-dev/vite-plus-test@voidzero-dev/vite-plus-*direct deps,overrides/resolutions/pnpm.overrides/ catalogsminimum-release-agewith vite-plus stack excluded (pnpm / npm / bun / yarn as applicable)pnpm.*package.json fields intopnpm-workspace.yamlwhere presentTest plan