Skip to content

chore(deps): bump dependencies + widen vite override#748

Merged
ericfitz merged 2 commits into
mainfrom
deps/bump-main
Jun 23, 2026
Merged

chore(deps): bump dependencies + widen vite override#748
ericfitz merged 2 commits into
mainfrom
deps/bump-main

Conversation

@ericfitz

Copy link
Copy Markdown
Owner

Dependency bump on main, split out into a PR because main is branch-protected.

Safe minor/patch updates (Node/pnpm)

  • @analogjs/vite-plugin-angular 2.5.3 → 2.6.1
  • @jsverse/transloco 8.3.0 → 8.4.0
  • @oxc-project/runtime 0.130.0 → 0.137.0 (closes Dependabot PR chore(deps-dev): bump @oxc-project/runtime from 0.136.0 to 0.137.0 #745)
  • @playwright/test 1.60.0 → 1.61.0
  • @testing-library/angular 19.3.0 → 19.4.1
  • @typescript-eslint/eslint-plugin, parser, typescript-eslint 8.60.1 → 8.62.0
  • @vitest/coverage-v8, @vitest/ui, vitest 4.1.8 → 4.1.9
  • dompurify 3.4.7 → 3.4.11
  • eslint 10.4.1 → 10.5.0
  • globals 17.6.0 → 17.7.0
  • http-proxy-middleware 4.0.0 → 4.1.1
  • marked 18.0.4 → 18.0.5
  • prettier 3.8.3 → 3.8.4
  • stylelint 17.12.0 → 17.13.0
  • survey-angular-ui, survey-core 2.5.27 → 2.5.29
  • uuid 14.0.0 → 14.0.1 (closes Dependabot PR chore(deps): bump uuid from 14.0.0 to 14.0.1 #747)

Vite override fix

Widened "vite@>=7.0.0 <8.0.0": ">=7.3.5 <8.0.0""vite@>=7.0.0": ">=7.3.5". The <8 ceiling was rewriting the vite peer range on vitest / @analogjs/vite-plugin-angular and producing spurious unmet-peer warnings against the installed vite 8.0.16, even though both packages natively support vite 8. Keeps the 7.3.5 security floor, drops the obsolete ceiling. Side effect: @vitejs/plugin-basic-ssl (transitive via @angular/build, dev-only ng serve --ssl) de-dupes onto the single vite 8.0.16.

Held / deferred (not in this PR)

Angular 21→22 ecosystem, @angular-eslint 22, typescript 6, @types/node 26 (Dependabot #746), @antv/x6 v3 (pinned). All major version updates requiring coordinated effort.

Validation

Build, test (4137 passing), and lint all pass.

🤖 Generated with Claude Code

ericfitz and others added 2 commits June 23, 2026 01:46
Safe minor/patch updates (Node/pnpm):
- @analogjs/vite-plugin-angular 2.5.3 -> 2.6.1
- @jsverse/transloco 8.3.0 -> 8.4.0
- @oxc-project/runtime 0.130.0 -> 0.137.0
- @playwright/test 1.60.0 -> 1.61.0
- @testing-library/angular 19.3.0 -> 19.4.1
- @typescript-eslint/eslint-plugin 8.60.1 -> 8.62.0
- @typescript-eslint/parser 8.60.1 -> 8.62.0
- typescript-eslint 8.60.1 -> 8.62.0
- @vitest/coverage-v8 4.1.8 -> 4.1.9
- @vitest/ui 4.1.8 -> 4.1.9
- vitest 4.1.8 -> 4.1.9
- dompurify 3.4.7 -> 3.4.11
- eslint 10.4.1 -> 10.5.0
- globals 17.6.0 -> 17.7.0
- http-proxy-middleware 4.0.0 -> 4.1.1
- marked 18.0.4 -> 18.0.5
- prettier 3.8.3 -> 3.8.4
- stylelint 17.12.0 -> 17.13.0
- survey-angular-ui 2.5.27 -> 2.5.29
- survey-core 2.5.27 -> 2.5.29
- uuid 14.0.0 -> 14.0.1

Covers Dependabot PRs #745 (oxc-runtime), #747 (uuid).
Build, test (4137), and lint all pass.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The override "vite@>=7.0.0 <8.0.0": ">=7.3.5 <8.0.0" was rewriting the vite
peer range on vitest and @analogjs/vite-plugin-angular down to <8.0.0,
producing spurious unmet-peer warnings even though both packages natively
support vite 8. Widen to "vite@>=7.0.0": ">=7.3.5" to keep the 7.3.5 security
floor while dropping the obsolete <8 ceiling.

Side effect: @vitejs/plugin-basic-ssl (transitive via @angular/build, used
only by ng serve --ssl) now resolves to the single vite 8.0.16 instead of a
separate 7.3.5 copy. Dev-only; Angular 21's build pipeline already runs on
vite 8. Build, test (4137), and lint pass.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@github-project-automation github-project-automation Bot moved this to Backlog in TMI Jun 23, 2026
@ericfitz ericfitz merged commit a6a6007 into main Jun 23, 2026
2 checks passed
@ericfitz ericfitz deleted the deps/bump-main branch June 23, 2026 13:49
@github-project-automation github-project-automation Bot moved this from Backlog to Done in TMI Jun 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Archived in project

Development

Successfully merging this pull request may close these issues.

1 participant