Skip to content

fix(deps): Upgrading vite and tsdown for using rolldown 1.0.0.#3386

Merged
RobinTail merged 4 commits into
masterfrom
up-rolldown-100
May 11, 2026
Merged

fix(deps): Upgrading vite and tsdown for using rolldown 1.0.0.#3386
RobinTail merged 4 commits into
masterfrom
up-rolldown-100

Conversation

@RobinTail

@RobinTail RobinTail commented May 11, 2026

Copy link
Copy Markdown
Owner

instead of #3374

Summary by CodeRabbit

Release Notes

  • Chores
    • Updated development dependencies to latest compatible versions.

Review Change Stack

@RobinTail RobinTail added the dependencies Pull requests that update a dependency file label May 11, 2026
@coderabbitai

coderabbitai Bot commented May 11, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 137f83f5-92d2-4e41-89b3-31319f428d08

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

The tsdown development dependency version is incremented from ^0.21.10 to ^0.22.0 in package.json. This minor version bump allows the build toolchain to use the latest compatible release of the bundler.

Changes

Tsdown Version Bump

Layer / File(s) Summary
Dependency Version Update
package.json
The tsdown devDependency version constraint is bumped from ^0.21.10 to ^0.22.0.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

Poem

🐰 A whisker twitch, a version dance—
Tsdown bounds from .21 to .22 with grace!
Minor bumps, no breaking change,
Just bundler tools keeping up their range.
Onward hopped to brighter pastures fair! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name Status Explanation Resolution
Title check ❓ Inconclusive The title mentions upgrading vite and tsdown for rolldown 1.0.0, but the raw_summary shows only tsdown was updated; vite changes are not documented in the provided summary. Clarify whether vite was actually updated in this PR. The raw_summary only documents tsdown changes from ^0.21.10 to ^0.22.0, making it unclear if the title accurately represents all changes.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch up-rolldown-100

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@socket-security

socket-security Bot commented May 11, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedtsdown@​0.21.10 ⏵ 0.22.09810088 +196 +1100

View full report

@pullfrog pullfrog Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No new issues found.

TL;DR — Graduates the tsdown build-tool driver to ^0.22.0 so the transitive rolldown lands at GA 1.0.0 instead of 1.0.0-rc.17. Dev-only change with no published-surface impact.

Key changes

  • Bump tsdown to ^0.22.0 — root devDependency move; resolves rolldown from 1.0.0-rc.17 to 1.0.0 along with all 15 @rolldown/binding-* platform packages.
  • Lockfile cohort updatesvite 8.0.10 → 8.0.12, rolldown-plugin-dts 0.23.2 → 0.25.0, dts-resolver 2.x → 3.0.0, import-without-cache 0.3.3 → 0.4.0, postcss 8.5.12 → 8.5.14, nanoid 3.3.11 → 3.3.12, @oxc-project/types 0.127 → 0.129, @babel/* rc.3 → rc.4, plus unrun drops out.

Summary | 2 files | 1 commit | base: masterup-rolldown-100


rolldown graduates to GA

Before: tsdown@0.21.10 pulls rolldown@1.0.0-rc.17 and forces unrun@0.2.37 as a peer.
After: tsdown@0.22.0 pulls rolldown@1.0.0; unrun becomes optional and drops out of the graph; tsx and unrun are now declared as optional peers.

Bundler is dev-only, so this does not touch the published express-zod-api peer surface and no CHANGELOG entry is required by the breaking-change policy.

package.json · pnpm-lock.yaml


Engines tightening checked

Before: tsdown, dts-resolver, import-without-cache, and rolldown-plugin-dts all required node >=20.19.0.
After: They now require ^22.18.0 || >=24.0.0.

Compatible with the repo's engines.node (^22.19.0 || ^24.0.0 || ^26.0.0) and the full CI matrix (22.19.0, 22.x, 24.0.0, 24.x, 26.0.0, 26.x) — all six build jobs pass on 81f29d0, alongside CodeQL and Socket Security.

Pullfrog  | View workflow run | Using Claude Opus𝕏

@coveralls-official

coveralls-official Bot commented May 11, 2026

Copy link
Copy Markdown

Coverage Status

coverage: 100.0%. remained the same — up-rolldown-100 into master

@pullfrog pullfrog Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No new issues found.

TL;DR — Incremental review of two lockfile-dedup follow-ups (7d79c6b, a6011a98) on top of the already-reviewed 81f29d0. No package.json or behavior change.

Key changes

  • Dedup @babel/helper-string-parser (7d79c6b) — drops the redundant 8.0.0-rc.3 entry and rewires @babel/types@8.0.0-rc.3 to helper-string-parser@8.0.0-rc.4.
  • Dedup remaining @babel/* 8.0.0-rc.3 entries (a6011a98) — removes now-unreferenced helper-validator-identifier, parser, and types rc.3 entries; re-pins ast-kit@3.0.0-beta.1 at @babel/parser@8.0.0-rc.4; bumps @babel/parser 7.29.2 → 7.29.3 (used only by magicast).

Summary | 1 file | 2 commits | base: masterup-rolldown-100

Lockfile-only housekeeping — no new direct deps, no engines change, public peer surface unchanged. CI on a6011a98 already shows four of six build jobs green with the remaining two in progress.

Pullfrog  | View workflow run | Using Claude Opus𝕏

@pullfrog pullfrog Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No new issues found.

TL;DR — Single follow-up commit c1c920f3 "deduplicating tinyexec" — drops the redundant tinyexec@1.1.1 lockfile entry and repins vitest@4.1.5 at tinyexec@1.1.2. Pure lockfile housekeeping with no package.json or behavior change.

Summary | 1 file | 1 commit | base: masterup-rolldown-100

Pullfrog  | View workflow run | Using Claude Opus𝕏

@RobinTail RobinTail merged commit 6bc852e into master May 11, 2026
14 checks passed
@RobinTail RobinTail deleted the up-rolldown-100 branch May 11, 2026 07:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant