fix(deps): Upgrading vite and tsdown for using rolldown 1.0.0.#3386
Conversation
|
Important Review skippedReview was skipped due to path filters ⛔ Files ignored due to path filters (1)
CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
📝 WalkthroughWalkthroughThe ChangesTsdown Version Bump
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
No new issues found.
TL;DR — Graduates the tsdown build-tool driver to ^0.22.0 so the transitive rolldown lands at GA 1.0.0 instead of 1.0.0-rc.17. Dev-only change with no published-surface impact.
Key changes
- Bump
tsdownto^0.22.0— root devDependency move; resolvesrolldownfrom1.0.0-rc.17to1.0.0along with all 15@rolldown/binding-*platform packages. - Lockfile cohort updates —
vite8.0.10 → 8.0.12,rolldown-plugin-dts0.23.2 → 0.25.0,dts-resolver2.x → 3.0.0,import-without-cache0.3.3 → 0.4.0,postcss8.5.12 → 8.5.14,nanoid3.3.11 → 3.3.12,@oxc-project/types0.127 → 0.129,@babel/*rc.3 → rc.4, plusunrundrops out.
Summary | 2 files | 1 commit | base: master ← up-rolldown-100
rolldown graduates to GA
Before:
tsdown@0.21.10pullsrolldown@1.0.0-rc.17and forcesunrun@0.2.37as a peer.
After:tsdown@0.22.0pullsrolldown@1.0.0;unrunbecomes optional and drops out of the graph;tsxandunrunare now declared as optional peers.
Bundler is dev-only, so this does not touch the published express-zod-api peer surface and no CHANGELOG entry is required by the breaking-change policy.
Engines tightening checked
Before:
tsdown,dts-resolver,import-without-cache, androlldown-plugin-dtsall requirednode >=20.19.0.
After: They now require^22.18.0 || >=24.0.0.
Compatible with the repo's engines.node (^22.19.0 || ^24.0.0 || ^26.0.0) and the full CI matrix (22.19.0, 22.x, 24.0.0, 24.x, 26.0.0, 26.x) — all six build jobs pass on 81f29d0, alongside CodeQL and Socket Security.
Claude Opus | 𝕏
There was a problem hiding this comment.
No new issues found.
TL;DR — Incremental review of two lockfile-dedup follow-ups (7d79c6b, a6011a98) on top of the already-reviewed 81f29d0. No package.json or behavior change.
Key changes
- Dedup
@babel/helper-string-parser(7d79c6b) — drops the redundant8.0.0-rc.3entry and rewires@babel/types@8.0.0-rc.3tohelper-string-parser@8.0.0-rc.4. - Dedup remaining
@babel/*8.0.0-rc.3entries (a6011a98) — removes now-unreferencedhelper-validator-identifier,parser, andtypesrc.3entries; re-pinsast-kit@3.0.0-beta.1at@babel/parser@8.0.0-rc.4; bumps@babel/parser7.29.2 → 7.29.3 (used only bymagicast).
Summary | 1 file | 2 commits | base: master ← up-rolldown-100
Lockfile-only housekeeping — no new direct deps, no engines change, public peer surface unchanged. CI on a6011a98 already shows four of six build jobs green with the remaining two in progress.
Claude Opus | 𝕏
There was a problem hiding this comment.
No new issues found.
TL;DR — Single follow-up commit c1c920f3 "deduplicating tinyexec" — drops the redundant tinyexec@1.1.1 lockfile entry and repins vitest@4.1.5 at tinyexec@1.1.2. Pure lockfile housekeeping with no package.json or behavior change.
Summary | 1 file | 1 commit | base: master ← up-rolldown-100
Claude Opus | 𝕏

instead of #3374
Summary by CodeRabbit
Release Notes