Skip to content

chore: refresh development dependencies#152

Merged
steipete merged 1 commit into
mainfrom
chore/refresh-dev-dependencies
Jul 1, 2026
Merged

chore: refresh development dependencies#152
steipete merged 1 commit into
mainfrom
chore/refresh-dev-dependencies

Conversation

@steipete

@steipete steipete commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

  • update Oxfmt to 0.57.0 and Oxlint to 1.72.0
  • constrain transitive Vite to ^8.0.16, clearing GHSA-fx2h-pf6j-xcff and GHSA-v6wh-96g9-6wx3
  • explicitly exempt the patched Vite release from pnpm's release-age gate so clean installs cannot retain vulnerable 8.0.12

Proof

  • pnpm install --frozen-lockfile
  • pnpm typecheck
  • pnpm lint
  • pnpm format:check
  • pnpm test — 877 passed, 1 skipped
  • pnpm build
  • pnpm website:smoke
  • pnpm pack:smoke
  • pnpm audit --json — 0 vulnerabilities
  • pnpm outdated --format json — empty
  • structured autoreview — clean, no actionable findings

Risk: low. Development tooling and lock policy only; no runtime or model-bearing surface. No changelog entry because this has no user-visible behavior.

@steipete steipete requested a review from a team as a code owner July 1, 2026 07:00
@steipete

steipete commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Exact-head proof for bd2b81f9f86ad70532b30c3875ecc844b12229c0:

@steipete steipete merged commit 140b0ac into main Jul 1, 2026
7 checks passed
@steipete steipete deleted the chore/refresh-dev-dependencies branch July 1, 2026 07:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant