chore: bump the misc group across 1 directory with 3 updates#72
chore: bump the misc group across 1 directory with 3 updates#72dependabot[bot] wants to merge 2 commits into
Conversation
Bumps the misc group with 3 updates in the / directory: [tsdown](https://github.com/rolldown/tsdown), [unrun](https://github.com/Gugustinette/unrun) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `tsdown` from 0.22.1 to 0.22.3 - [Release notes](https://github.com/rolldown/tsdown/releases) - [Commits](rolldown/tsdown@v0.22.1...v0.22.3) Updates `unrun` from 0.3.0 to 0.3.1 - [Release notes](https://github.com/Gugustinette/unrun/releases) - [Commits](Gugustinette/unrun@v0.3.0...v0.3.1) Updates `vite` from 8.0.14 to 8.0.16 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.16/packages/vite) --- updated-dependencies: - dependency-name: tsdown dependency-version: 0.22.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: misc - dependency-name: unrun dependency-version: 0.3.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: misc - dependency-name: vite dependency-version: 8.0.16 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: misc ... Signed-off-by: dependabot[bot] <support@github.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d042d4aa8a
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "unrun": ["unrun@0.3.1", "", { "dependencies": { "rolldown": "^1.0.0" }, "peerDependencies": { "synckit": "^0.11.11" }, "optionalPeers": ["synckit"], "bin": { "unrun": "./dist/cli.mjs" } }, "sha512-onIck/oNnCaytwths1ZVp1LK2Gq2hPoyFhiHebObuUXqR3S0uHuLLaBK8K6mRRgV7Ptip8AnNvaUsgzwWwBZuA=="], | ||
|
|
||
| "vite": ["vite@8.0.14", "", { "dependencies": { "lightningcss": "^1.32.0", "picomatch": "^4.0.4", "postcss": "^8.5.15", "rolldown": "1.0.2", "tinyglobby": "^0.2.16" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "@vitejs/devtools": "^0.1.18", "esbuild": "^0.27.0 || ^0.28.0", "jiti": ">=1.21.0", "less": "^4.0.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "@vitejs/devtools", "esbuild", "jiti", "less", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-s4BJJ+5y1pYL6Otw51FHhVJQhPnuRinKig64g/1+EUNaJsd3gCKdD31IPFvswUgW9/60QT9oFHbZHbQK5imcxw=="], | ||
| "vite": ["vite@8.0.16", "", { "dependencies": { "lightningcss": "^1.32.0", "picomatch": "^4.0.4", "postcss": "^8.5.15", "rolldown": "1.0.3", "tinyglobby": "^0.2.17" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "@vitejs/devtools": "^0.1.18", "esbuild": "^0.27.0 || ^0.28.0", "jiti": ">=1.21.0", "less": "^4.0.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "@vitejs/devtools", "esbuild", "jiti", "less", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-h9bXPmJichP5fLmVQo3PyaGSDE2n3aPuomeAlVRm0JLmt4rY6zmPKd59HYI4LNW8oTK7tlTsuC7l/m7awx9Jcw=="], |
There was a problem hiding this comment.
Regenerate provenance for the Vite bump
When this lockfile bump changes Vite to 8.0.16, the checked-in provenance still names pkg:npm/vite@8.0.14 in provenance/projects/root/sbom.cdx.json:10 and vite 8.0.14 in provenance/THIRD-PARTY-NOTICES.repo.txt:9. I checked .github/workflows/ci.yml:47 and .github/workflows/ci.yml:258-262: bun.lock changes trigger the provenance job, which runs provenance-check, so this dependency PR will fail CI until the provenance artifacts are regenerated alongside the lockfile.
Useful? React with 👍 / 👎.
Bumps the misc group with 3 updates in the / directory: tsdown, unrun and vite.
Updates
tsdownfrom 0.22.1 to 0.22.3Release notes
Sourced from tsdown's releases.
Commits
472b69echore: release v0.22.3a2eac3bfeat!: drop node 24.0 - 24.10 support1ba7e12docs: removepublicPathoption from wasm plugin9f05179perf(css): skip renderChunk when no CSS has been collected (#967)742f314ci: switch deployment branch to release8e33975chore: upgrade deps88900c9ci: generate docs before void deploy (#970)b587b03ci: deploy docs to Void (#969)bfc649efix: inline CI detection15ac682chore: release v0.22.2Updates
unrunfrom 0.3.0 to 0.3.1Release notes
Sourced from unrun's releases.
Commits
b1e8952chore: release v0.3.1b34bbf0fix: use deep merge on user-provided rolldown optionsUpdates
vitefrom 8.0.14 to 8.0.16Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
Commits
f94df87release: v8.0.16dc245c7fix: reject windows alternate paths (#22572)50b9512fix(deps): reject UNC paths for launch-editor-middleware (#22571)8d1b019release: v8.0.152686d7dfix(deps): update all non-major dependencies (#22511)3052a67chore(deps): update rolldown-related dependencies (#22566)e3cfb9dfix(optimizer): close the rolldown bundle when write() rejects (#22528)6978a9crefactor: correct logic incollectAllModulesfunction (#22562)646dbedfeat: update rolldown to 1.0.3 (#22538)85a0efffix: capitalize error messages and remove spurious space in parse error (#22488)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions