chore(deps): bump vite-plus to v0.1.24#8
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates workspace dependencies to use temporary pkg.pr.new preview URLs for vite, vite-plus, and vitest, alongside updating the lockfile. Feedback on these changes highlights two key issues: first, hardcoding temporary preview URLs in the template package.json will cause installation failures for end-users bootstrapping new projects; second, the newly added minimumReleaseAge and related settings are invalid in pnpm-workspace.yaml and must be moved to .npmrc instead.
| minimumReleaseAge: 60 | ||
| minimumReleaseAgeExclude: | ||
| - vite-plus | ||
| - vite | ||
| - vitest | ||
| - '@voidzero-dev/*' | ||
| - '@oxc-project/*' | ||
| - '@oxlint/*' | ||
| - oxlint | ||
| - oxfmt | ||
| - oxlint-tsgolint | ||
| blockExoticSubdeps: false |
There was a problem hiding this comment.
The settings minimumReleaseAge, minimumReleaseAgeExclude, and blockExoticSubdeps are not valid configuration options for pnpm-workspace.yaml and will be silently ignored by pnpm.
These are .npmrc configuration options and must be defined in the .npmrc file at the root of your project using kebab-case.
Please remove these lines from pnpm-workspace.yaml and add them to your .npmrc instead:
minimum-release-age=60
minimum-release-age-exclude[]=vite-plus
minimum-release-age-exclude[]=vite
minimum-release-age-exclude[]=vitest
minimum-release-age-exclude[]=@voidzero-dev/*
minimum-release-age-exclude[]=@oxc-project/*
minimum-release-age-exclude[]=@oxlint/*
minimum-release-age-exclude[]=oxlint
minimum-release-age-exclude[]=oxfmt
minimum-release-age-exclude[]=oxlint-tsgolint
block-exotic-subdeps=false| "vite": "https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-core@1738", | ||
| "vite-plus": "https://pkg.pr.new/voidzero-dev/vite-plus@1738" |
There was a problem hiding this comment.
Hardcoding temporary pkg.pr.new preview URLs in the template package.json is problematic. Since this template is copied when users bootstrap new projects using create-remdx, any newly created project will depend on these temporary, PR-specific builds instead of stable npm registry releases. This can lead to installation failures, caching issues, and security warnings for end-users once the PR is closed or the temporary build is cleaned up.
Please revert these dependencies to use stable versions or standard npm registry aliases.
| "vite": "https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-core@1738", | |
| "vite-plus": "https://pkg.pr.new/voidzero-dev/vite-plus@1738" | |
| "vite": "npm:@voidzero-dev/vite-plus-core@latest", | |
| "vite-plus": "latest" |
fengmk2
changed the title
1 participant
Summary
Bump
vite-plusand related packages to the pkg.pr.new prerelease build for v0.1.24.Updated where applicable:
vite-plus-> pkg.pr.newvite/vitestaliases and overrides ->@voidzero-dev/vite-plus-core/@voidzero-dev/vite-plus-test@voidzero-dev/vite-plus-*direct deps,overrides/resolutions/pnpm.overrides/ catalogsminimum-release-agewith vite-plus stack excluded (pnpm / npm / bun / yarn as applicable)pnpm.*package.json fields intopnpm-workspace.yamlwhere presentTest plan