chore(deps-dev): bump vite from 7.3.1 to 7.3.2 in /ui/goose2#8528
chore(deps-dev): bump vite from 7.3.1 to 7.3.2 in /ui/goose2#8528dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
dependabot
bot
added
dependencies
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2cf02762d8
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "tsx": "^4.21.0", | ||
| "typescript": "~5.9.0", | ||
| "vite": "^7.0.4", | ||
| "vite": "^7.3.2", |
There was a problem hiding this comment.
This change updates package.json to require vite ^7.3.2, but the checked-in lockfile still resolves vite to 7.3.1 and keeps the old specifier (ui/goose2/pnpm-lock.yaml lines 289-290), so the intended security bump is not actually recorded. In this repo, Goose2 CI runs pnpm install --frozen-lockfile in ui/goose2 (.github/workflows/goose2-ci.yml lines 22 and 39/57/97), so this mismatch will break those jobs until the lockfile is regenerated and committed.
Useful? React with 👍 / 👎.
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.1 to 7.3.2. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.3.2/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 7.3.2 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/ui/goose2/vite-7.3.2
branch
from
2cf0276 to
39ab0f8
Compare
Bumps vite from 7.3.1 to 7.3.2.
Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
Commits
cc383e0release: v7.3.209d8c90fix: avoid path traversal with optimize deps sourcemap handler (#22161)f8103ccfix: checkserver.fsafter stripping query as well (#22160)19db0f2fix: backport #22159, apply server.fs check to env transport (#22162)