Skip to content

chore(dev-deps): bump the all-dependencies group across 1 directory with 3 updates#392

Merged
umair-ably merged 2 commits into
mainfrom
dependabot/npm_and_yarn/packages/react-web-cli/all-dependencies-5dcff942e8
May 12, 2026
Merged

chore(dev-deps): bump the all-dependencies group across 1 directory with 3 updates#392
umair-ably merged 2 commits into
mainfrom
dependabot/npm_and_yarn/packages/react-web-cli/all-dependencies-5dcff942e8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Updates the requirements on @vitest/ui, vite and vitest to permit the latest version.
Updates @vitest/ui to 4.1.6

Release notes

Sourced from @​vitest/ui's releases.

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub
Commits

Updates vite from 6.2.4 to 8.0.10

Release notes

Sourced from vite's releases.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.1

Please refer to CHANGELOG.md for details.

create-vite@8.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.10 (2026-04-23)

Features

Bug Fixes

  • hmrClient.logger.debug and hmrClient.logger.error looked different from other HMR logs (#22147) (a4d828f)
  • css: show filename in CSS minification warnings for .css?inline (#22292) (83f0a78)
  • optimizer: allow user transform.target to override default in optimizeDeps (#22273) (5c7cec6)
  • remove format sniffing module resolution from JS resolver (#22297) (b8a21cc)

Code Refactoring

8.0.9 (2026-04-20)

Features

Bug Fixes

  • allow binding when strictPort is set but wildcard port is in use (#22150) (dfc8aa5)
  • build: emptyOutDir should happen for watch rebuilds (#22207) (ee52267)
  • bundled-dev: reject requests to HMR patch files in non potentially trustworthy origins (#22269) (868f141)
  • css: use unique key for cssEntriesMap to prevent same-basename collision (#22039) (374bb5d)
  • deps: update all non-major dependencies (#22219) (4cd0d67)
  • deps: update all non-major dependencies (#22268) (c28e9c1)
  • detect Deno workspace root (fix #22237) (#22238) (1b793c0)
  • dev: handle errors in watchChange hook (#22188) (fc08bda)
  • optimizer: handle more chars that will be sanitized (#22208) (3f24533)
  • skip fallback sourcemap generation for ?raw imports (#22148) (3ec9cda)

Documentation

Miscellaneous Chores

  • deps: update dependency dotenv-expand to v13 (#22271) (0a3887d)

8.0.8 (2026-04-09)

Features

... (truncated)

Commits
  • 32c2978 release: v8.0.10
  • a4d06d9 feat: update rolldown to 1.0.0-rc.17 (#22299)
  • a4d828f fix: hmrClient.logger.debug and hmrClient.logger.error looked different f...
  • 83f0a78 fix(css): show filename in CSS minification warnings for .css?inline (#22292)
  • b8a21cc fix: remove format sniffing module resolution from JS resolver (#22297)
  • 40a0847 refactor: typecheck client directory (#22284)
  • 5c7cec6 fix(optimizer): allow user transform.target to override default in optimizeDe...
  • 9437518 refactor: enable some typecheck rules (#22278)
  • ce729f5 release: v8.0.9
  • 605bb97 docs: update build CLI defaults (#22261)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vite since your current version.


Updates vitest to 4.1.6

Release notes

Sourced from vitest's releases.

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub
Commits
  • a8fd24c chore: release v4.1.6
  • 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
  • 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(dev-deps): bump the all-dependencies group across 1 directory w…
5d92633 
…ith 3 updates

Updates the requirements on [@vitest/ui](https://github.com/vitest-dev/vitest/tree/HEAD/packages/ui), [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) to permit the latest version.

Updates `@vitest/ui` to 4.1.6
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.6/packages/ui)

Updates `vite` from 6.2.4 to 8.0.10
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.10/packages/vite)

Updates `vitest` to 4.1.6
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.6/packages/vitest)

---
updated-dependencies:
- dependency-name: "@vitest/ui"
  dependency-version: 4.1.6
  dependency-type: direct:development
  dependency-group: all-dependencies
- dependency-name: vite
  dependency-version: 8.0.10
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: vitest
  dependency-version: 4.1.6
  dependency-type: direct:development
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 12, 2026

Labels

The following labels could not be found: react-web-cli. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 12, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented May 12, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
cli-web-cli Ready Ready Preview, Comment May 12, 2026 11:28am

Request Review

@ci-lockfile-regen
Copy link
Copy Markdown

ci-lockfile-regen Bot commented May 12, 2026

Dependabot Fix Assessment

Package: vite 6.2.48.0.10 (major), @vitest/ui4.1.6 (patch), vitest4.1.6 (patch)
Scope: devDependencies
Workspace: packages/react-web-cli

What changed upstream

  • vite jumped two major versions (6 → 8). Release notes are largely internal Rolldown/tooling changes; no API breaking changes relevant to this repo.
  • @vitest/ui and vitest 4.1.6: minor bug fixes (browser mode screenshot paths, sequence.concurrent flag behaviour).
  • Vite 8 changelog: https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md

Migration concerns checked

  • Peer dependencies: The bump actually fixes a pre-existing peer dep mismatch. @vitejs/plugin-react@6.0.1 (already installed) declares "peerDependencies": { "vite": "^8.0.0" }. The old vite@6.2.4 violated this constraint; vite@8.0.10 satisfies it. ✅
  • Type changes: OK — no type errors introduced
  • Config files: packages/react-web-cli/vitest.config.ts uses defineConfig from vitest/config + @vitejs/plugin-react; unchanged and working. ✅
  • Module format: OK — packages/react-web-cli is built with tsup, not vite; the vite version does not affect the published dist/ output at all. ✅
  • React compatibility: OK — examples/web-cli already pinned to vite@^8.0.11 before this PR; resolve.dedupe already configured there. ✅
  • Monorepo impact: Only packages/react-web-cli devDependencies changed. examples/web-cli was already on vite 8. Root project does not use vite. ✅

What broke

  • Web CLI E2E Tests — "should handle disconnection and reconnection gracefully": The terminal's React state reports componentConnectionStatus: "connected" after a simulated reconnect, but the underlying window.ablyCliSocket.readyState is still CLOSED. This causes all post-reconnect keyboard input (including the help command) to be silently dropped with the diagnostic ⚠️ Socket not open, not sending carriage return. The test then times out waiting for "COMMON COMMANDS".
    • Root cause: Pre-existing race condition in the reconnection logic inside AblyCLITerminal where the React connection-status state transitions to connected before the new WebSocket is fully open. This is unrelated to the vite/vitest dep bump — the bump only affects the vitest test runner used for packages/react-web-cli unit tests; the actual component code and its dist/ build output are produced by tsup and are unchanged.

What was fixed

No code changes were required. The dependency versions are now correctly aligned (@vitejs/plugin-react@6 now has its required vite@^8 peer dep satisfied). The lockfile was already regenerated.

Verification

  • Build (pnpm run build): ✅
  • Lint (pnpm exec eslint .): ✅ 0 errors
  • packages/react-web-cli unit tests (pnpm --filter @ably/react-web-cli test): ✅ 57 passed, 6 skipped
  • examples/web-cli build (cd examples/web-cli && pnpm build): ✅

Notes for reviewer

The failing E2E test ("should handle disconnection and reconnection gracefully") is a pre-existing flaky test tracking a real bug: after a forced WebSocket close, the component's connected state races ahead of the socket being truly open, causing the next keyboard.type() input to be dropped. This bug exists on main and is independent of the dependency bump. The other tests in the same suite ("should show reconnection status messages", "should handle disconnection gracefully", "should allow cancelling auto-reconnect via Enter key") all passed. The flaky test is safe to merge around — the dep bump itself is clean and desirable.

@ci-lockfile-regen
Copy link
Copy Markdown

ci-lockfile-regen Bot commented May 12, 2026

Dependabot Fix Assessment (updated)

Package: vite 6.2.48.0.10 (major), @vitest/ui4.1.6 (patch), vitest4.1.6 (patch)
Scope: devDependencies
Workspace: packages/react-web-cli

What changed upstream

Migration concerns checked

  • Peer dependencies: The bump actually fixes a pre-existing peer dep mismatch. @vitejs/plugin-react@6.0.1 (already installed) declares "peerDependencies": { "vite": "^8.0.0" }. The old vite@6.2.4 violated this constraint; vite@8.0.10 satisfies it. ✅
  • Type changes: OK — no type errors introduced. ✅
  • Config files: packages/react-web-cli/vitest.config.ts uses defineConfig from vitest/config + @vitejs/plugin-react; unchanged and working. ✅
  • Module format: OK — packages/react-web-cli is built with tsup, not vite; the vite version does not affect the published dist/ output at all. ✅
  • React compatibility: OK — examples/web-cli already pinned to vite@^8.0.11 before this PR; resolve.dedupe already in place. ✅
  • Monorepo impact: Only packages/react-web-cli devDependencies changed. examples/web-cli was already on vite 8. Root project does not use vite. ✅

What broke

Neither of the observed failures is caused by this dep bump:

  1. Web CLI E2E Tests — "should handle disconnection and reconnection gracefully" (reconnection.test.ts): After a simulated WebSocket close, the component's React connectionStatus races to "connected" before window.ablyCliSocket.readyState is actually OPEN. Subsequent keyboard input is silently dropped (⚠️ Socket not open, not sending carriage return), causing the help command to never execute and "COMMON COMMANDS" to never appear. Pre-existing race condition in the reconnection logic — unrelated to the vite/vitest bump (which only affects the vitest test runner for unit tests, not the production component code).

  2. Root unit tests — help-consistency.test.ts > should show COMMANDS section in interactive mode: Times out at 10 s when run in the full parallel test suite (resource contention from 184 concurrent process spawns), but passes cleanly in isolation (9.86 s). Pre-existing flaky test under load — unrelated to the dep bump (root vitest version is 4.1.5, unchanged by this PR).

What was fixed

No code changes were required. The dependency versions are now correctly aligned (@vitejs/plugin-react@6 now has its required vite@^8 peer dep satisfied). The lockfile was already regenerated.

Verification

  • Build (pnpm run build): ✅
  • Lint (pnpm exec eslint .): ✅ 0 errors
  • packages/react-web-cli unit tests (pnpm --filter @ably/react-web-cli test): ✅ 57 passed, 6 skipped
  • examples/web-cli build (cd examples/web-cli && pnpm build): ✅
  • help-consistency.test.ts in isolation: ✅ passes

Notes for reviewer

Both CI failures are pre-existing issues independent of the dep bump:

  • The E2E reconnection test tracks a real bug (socket state / React state race after reconnect).
  • The unit test timeout is a load-sensitive flaky test (passes solo, times out under full parallel load).

This PR is safe to merge. The vite 6→8 upgrade is in devDependencies only, the built output is unchanged (tsup handles the build), and it fixes a latent peer dep violation.

@umair-ably umair-ably merged commit 8872beb into main May 12, 2026
16 of 17 checks passed
@umair-ably umair-ably deleted the dependabot/npm_and_yarn/packages/react-web-cli/all-dependencies-5dcff942e8 branch May 12, 2026 12:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@umair-ably umair-ably umair-ably approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@umair-ably