chore(deps): bump vite-plus to pkg-pr-new pr-1588#6
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates several package.json files to use temporary PR build URLs from pkg.pr.new for vite-plus and its core/prompt sub-dependencies, and configures pnpm-workspace.yaml to allow exotic sub-dependencies and exclude certain packages from minimum release age checks. The review comments correctly point out that using ephemeral PR build URLs is highly risky for stable branches as they can break dependency installation if removed. Additionally, disabling blockExoticSubdeps in the workspace configuration bypasses a safeguard that prevents multiple conflicting versions of packages from being installed, which should be reverted or handled with caution.
| "vite-plus": "https://pkg.pr.new/voidzero-dev/vite-plus@1588" | ||
| }, | ||
| "packageManager": "pnpm@10.12.1", | ||
| "pnpm": { | ||
| "overrides": { | ||
| "react": "^19.2.4", | ||
| "react-dom": "^19.2.4" | ||
| "react-dom": "^19.2.4", | ||
| "@voidzero-dev/vite-plus-core": "https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-core@5577b0154f33d1480a3c96347e94fa5d2094de2e", | ||
| "@voidzero-dev/vite-plus-prompts": "https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-prompts@5577b0154f33d1480a3c96347e94fa5d2094de2e" |
There was a problem hiding this comment.
Using temporary PR build URLs from pkg.pr.new for dependencies (vite-plus) and overrides (@voidzero-dev/vite-plus-core, @voidzero-dev/vite-plus-prompts) is highly risky for a stable branch. These builds are ephemeral and can be removed at any time, which would break dependency installation for this project.
While this approach is acceptable for temporary branches to test cross-repository changes, these dependencies should be updated to use officially published versions from a package registry before this PR is merged into a main or release branch.
| "terser": "^5.36.0", | ||
| "tsx": "^4.21.0", | ||
| "vite-plus": "latest" | ||
| "vite-plus": "https://pkg.pr.new/voidzero-dev/vite-plus@1588" |
There was a problem hiding this comment.
This dependency points to a temporary PR build URL, which is not suitable for a stable branch as these builds are not permanent. Please use a published version of vite-plus before merging.
| "tailwindcss": "4.0.0-beta.8", | ||
| "typescript": "^5.7.3", | ||
| "vite-plus": "latest" | ||
| "vite-plus": "https://pkg.pr.new/voidzero-dev/vite-plus@1588" |
There was a problem hiding this comment.
This dependency points to a temporary PR build URL, which is not suitable for a stable branch as these builds are not permanent. Please use a published version of vite-plus before merging.
| "tw-animate-css": "^1.4.0", | ||
| "typescript": "^5", | ||
| "vite-plus": "latest" | ||
| "vite-plus": "https://pkg.pr.new/voidzero-dev/vite-plus@1588" |
There was a problem hiding this comment.
This dependency points to a temporary PR build URL, which is not suitable for a stable branch as these builds are not permanent. Please use a published version of vite-plus before merging.
| packages: | ||
| - "packages/*" | ||
| - "packages/e2e/fixtures/*" | ||
| blockExoticSubdeps: false |
There was a problem hiding this comment.
Setting blockExoticSubdeps: false disables a pnpm safeguard that helps ensure a single version of each dependency is used across the workspace. This can lead to multiple versions of the same package being installed, which may increase node_modules size and could introduce subtle versioning-related bugs. While this might be necessary for testing with the current PR build of vite-plus, it's a setting that should be used with caution and ideally reverted once dependencies are on stable, published versions.
commit: |
1 participant
Summary
Bump vite-plus to pkg-pr-new build for PR #1588 (replace @voidzero-dev/vite-plus-test with upstream vitest@4.1.5).
Test plan