chore: bump vite to 5.4.6

linode / manager

Akamai's Cloud Manager is an open-source, single-page application designed as the primary frontend interface for interacting with the Linode API. It is entrusted by hundreds of thousands of customers with the management of their Linode services.

https://cloud.linode.com

Apache License 2.0

690 stars 361 forks source link

chore: bump vite to 5.4.6 #10960

Closed abailly-akamai closed 1 month ago

abailly-akamai commented 1 month ago

Description 📝

Bumps vite and vite related packages

we have slew of new dep vulnerabilities, and while this is all dev vulnerabilities, this one looks like an easy target.

opening in favor of the dependabot PR: https://github.com/linode/manager/pull/10957 in order to have all suites running easily

Changes 🔄

bump vite and vite related packages to latest versions

How to test 🧪

Verification steps

make sure app and test suites get no regression from PR

abailly-akamai commented 1 month ago

@jdamore-linode component test suite passes locally - confused why it wouldn't here - any clue?

abailly-akamai commented 1 month ago

@bnussman yeah always forget. We're in a monorepo, why do we have three of the same dependency in our own packages?

bnussman-akamai commented 1 month ago

We might be able to specify it as a top level but I think it's generally better to specify it at each package level.

Some solutions out there might exist like https://github.com/pnpm/pnpm/issues/2713#issuecomment-2192682211

This is something we can look deeper into as part of the modularization

abailly-akamai commented 1 month ago

I think it's generally better to specify it at each package level

can you clarify why?

github-actions[bot] commented 1 month ago

Coverage Report: ✅
Base Coverage: 86.93%
Current Coverage: 86.93%

bnussman-akamai commented 1 month ago

I suppose it wouldn't hurt to move it. I was just worried about making vitest available to any package within the monorepo and if that would have any unintended side effects. Not sure if there is any value in keeping each package's package.json representative of what it actually depends on

Edit: I took a look at some other open source projects and many of them did infact have testing tools in the root package.json, so I'm cool with it if we want to try that

abailly-akamai commented 1 month ago

@bnussman-akamai sounds good - i'll make a ticket to identify a few deps that could be rooted. I think limiting to a few key dev dependencies would be a good first step

bnussman-akamai commented 1 month ago

Can you rerun yarn and push up the lockfile changes? Seeing a diff when I run yarn locally

abailly-akamai commented 1 month ago

Confirmed the e2e failures are unrelated and passing locally