feat(deps): upgrade upstream dependencies#1581
Conversation
✅ Deploy Preview for viteplus-preview canceled.
|
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub. |
fengmk2
force-pushed
the
deps/upstream-update
branch
from
2d68398 to
8976c24
Compare
- rolldown: ac5c710 -> v1.0.1 (2777945) - vite: 66f3194 -> v8.0.13 (a46f11a) - vitest: 4.1.5 -> 4.1.6 - oxfmt: 0.48.0 -> 0.49.0 - oxlint: 1.63.0 -> 1.64.0 - oxc (Rust): 0.128.0 -> 0.130.0 - @oxc-project/runtime: 0.129.0 -> 0.130.0 - @oxc-project/types: 0.129.0 -> 0.130.0 - oxc-minify: 0.129.0 -> 0.130.0 - oxc-parser: 0.129.0 -> 0.130.0 - oxc-transform: 0.129.0 -> 0.130.0 - @vitejs/devtools: 0.1.21 -> 0.1.23 Code changes: - packages/core/build.ts: update rolldown pluginutils source path to read from `packages/rolldown/node_modules/@rolldown/pluginutils`. - packages/tools/src/sync-remote-deps.ts: support `.mjs` / `.d.mts` exports when transforming pluginutils, and update the pluginutils package.json lookup path to match the new nested location. - packages/core/package.json: switch `./rolldown/pluginutils` and `./rolldown/pluginutils/filter` exports to `.mjs` / `.d.mts`; bump bundled `vite`/`rolldown` versions. - pnpm-workspace.yaml: add `@rolldown/pluginutils` catalog entry and drop its workspace override; bump `rolldown-plugin-dts` (^0.23 -> ^0.25), `valibot` (1.3.1 -> 1.4.0), `vitepress-plugin-graphviz` (^0.0.1 -> ^0.1.0); update `vitest-dev` override to `^4.1.6`. - Cargo.toml: pin `mimalloc-safe = "=0.1.58"`. - rust-toolchain.toml: bump nightly channel to `nightly-2026-03-15`. - packages/cli/snap-tests-global/command-staged-broken-config/snap.txt: refresh snapshot for the new oxc parser error formatting (`Error: Unexpected token` -> `Unexpected token`). - packages/tools/.upstream-versions.json, Cargo.lock, pnpm-lock.yaml: regenerated to match the new versions.
- collapsible_match: fold the bounds check into the KeyCode::Down match arm guard in vite_install package_manager - unnecessary_sort_by: switch descending sorts in vite_js_runtime and vite_setup to sort_by_key with std::cmp::Reverse - unnecessary_trailing_comma: drop trailing comma in a help.rs test assertion
bundleVitest copied vitest's distribution into packages/test/dist
without cleaning the directory first. When the upstream vitest
version changed, the new build emitted hashed chunks with new names
(e.g. cac.<new-hash>.js) but stale chunks from the previous version
lingered. The later brandVitest step iterates every cac.*.js chunk
looking for cac("vitest") and threw when it hit a stale chunk whose
pattern was absent or already rewritten, breaking pnpm bootstrap-cli.
Clear dist/ at the start of bundleVitest so each build starts from
a known-empty tree.
The npm-published rolldown@1.0.1 binding enables the mimalloc v3 feature (`crates/rolldown_binding/Cargo.toml` rolldown#9349), which panics with `[internal exception] blocking task ran twice` in tokio when tsdown drives rolldown through vp pack on darwin-arm64. The result is that vp pack exits silently after "Build start", which breaks every CLI snap test that bundles via vp pack (command-pack, command-pack-exe, command-pack-external, command-pack-monorepo, vp-cache-monorepo-missing, vp-pack-cache-disabled). Force the binding download to use rolldown@1.0.0 while keeping the 1.0.1 JS sources (and the pluginutils relocation that depends on them). The 1.0.0 binding is ABI-compatible with the surface vite-plus exercises through tsdown/rolldown. Revert once an upstream rolldown release ships without mimalloc v3 or fixes the panic. The command-staged-broken-config snap.txt also rolls back to its pre-PR form because the diagnostic prefix comes from the binding's bundled oxc — `Error: Unexpected token` (1.0.0/oxc 0.128) vs. `Unexpected token` (1.0.1/oxc 0.130).
Match the lighter-weight handling from #1569: - packages/core/package.json: collapse the two pluginutils exports back to single .mjs strings. TypeScript already resolves a sibling .d.mts for an .mjs path under moduleResolution: bundler / node16, so the explicit `types` entries were redundant. - packages/tools/src/sync-remote-deps.ts: drop the parallel .mjs branch in transformPluginutilsExport — once we stop wrapping string exports into objects, the matching `types` derivation isn't needed either. - .github/actions/build-upstream/action.yml, justfile: drop the `pnpm --filter @rolldown/pluginutils build` step. Since rolldown moved pluginutils out of its workspace into a standalone npm package (rolldown/plugins), no workspace package matches that filter — the step was a silent no-op (`No projects matched the filters`).
The justfile's build recipe and the root package.json's build script had drifted: the justfile knew it needed to build rolldown's native binding, rolldown's JS, and vite's types before the @voidzero-dev/* chain, while package.json's build only ran the @voidzero-dev/* + vite-plus step. That meant pnpm bootstrap-cli (which calls pnpm build) silently produced an incomplete tree on fresh checkouts — packages/ core/dist/vite/node/index.d.ts wouldn't exist, and vp check then failed with TS7016 on every @voidzero-dev/vite-plus-core import. Move the upstream prerequisites into the pnpm build script and have the justfile recipe just call pnpm build, so the build sequence has a single source of truth. CI is unaffected: bootstrap-cli:ci runs only pnpm install-global-cli, and the per-target build-upstream action keeps its own chain (it skips build-binding:release because the binding is pulled from npm, and runs build-ts instead of build because NAPI bindings are built and cached as a separate step).
fengmk2
force-pushed
the
deps/upstream-update
branch
from
ac85c38 to
289dc52
Compare
The existing comment justifies using nightly at all (Z-bindeps and windows_process_extensions_main_thread_handle), but a future `feat(deps): upgrade upstream dependencies` PR bumps the date and nobody remembers why. Add a note that the date itself is gated by oxc_transformer >=0.130 using `if let` guards, which only stabilized in rustc 1.94 (2026-01-29) — earlier nightlies fail with E0658.
This reverts commit 60ae3de.
Root cause of the macOS-only CI failure (and why a workaround was wrong)TL;DRIt is not a tsdown/rolldown version mismatch — every layer is on the same Version consistency — no drift anywhere
All four Local reproducerSame fixture (
So Why macOS fails but Linux and Windows passCI ran the same snap shard on three targets; only macOS fails: There are two separate reasons for the asymmetry: Windows is a red herring — // Windows MSVC: cc::Build, source = c_src/mimalloc/src/static.c
if target_os == "windows" && target_env == "msvc" {
build_mimalloc_win();
return;
}
// Everything else: cmake::Config picks the source tree by feature flag
#[cfg(not(feature = "v3"))]
let mut cmake_config = Config::new("c_src/mimalloc");
#[cfg(feature = "v3")]
let mut cmake_config = Config::new("c_src/mimalloc3");
macOS vs Linux differ in one feature — # macOS (and any other non-Linux/FreeBSD target)
mimalloc-safe = { features = ["skip_collect_on_exit", "v3"] }
# Linux x86_64
mimalloc-safe = { features = ["skip_collect_on_exit", "local_dynamic_tls", "v3"] }
# Linux aarch64
mimalloc-safe = { features = ["skip_collect_on_exit", "no_opt_arch", "local_dynamic_tls", "v3"] }
mimalloc v3's "reduce idle memory" change moved more allocator hot-path state into per-thread storage, making the TLS path significantly busier. On macOS's default TLS model inside a
So Linux escapes via Workaround reverted
Proposed fix paths
Happy to pursue any of these — let me know which direction. |
The reviewer asked us to share a single nightly with voidzero-dev/ vite-task, whose rust-toolchain.toml is currently pinned to nightly-2026-03-05. Match that and replace the date-rationale comment with a directive that future bumps track the vite-task pin. The earlier rationale (oxc_transformer >=0.130 needs `if_let_guard`, stabilized in rustc 1.94 / 2026-01-29) is still satisfied — any nightly past late January 2026 works.
1 participant
Summary
rolldowntov1.0.1andvitetov8.0.13; bumpsvitestto4.1.6and the oxc family (oxcRust crate,@oxc-project/*,oxc-minify/parser/transform,oxlint,oxfmt) to their latest releases.@rolldown/pluginutilsunderpackages/rolldown/node_modules/@rolldown/pluginutilsand to its new.mjs/.d.mtsexports.mimalloc-safeto=0.1.58and bumps the nightly Rust toolchain tonightly-2026-03-15.Dependency updates
rolldownac5c710v1.0.1 (2777945)vite66f3194v8.0.13 (a46f11a)vitest4.1.54.1.6oxfmt0.48.00.49.0oxlint1.63.01.64.0oxc(Rust)0.128.00.130.0@oxc-project/runtime0.129.00.130.0@oxc-project/types0.129.00.130.0oxc-minify0.129.00.130.0oxc-parser0.129.00.130.0oxc-transform0.129.00.130.0@vitejs/devtools0.1.210.1.23Unchanged dependencies
tsdown:0.22.0@oxc-node/cli:0.1.0@oxc-node/core:0.1.0oxlint-tsgolint:0.22.1Code changes
packages/core/build.ts: update the rolldown pluginutils source path to the new nestedpackages/rolldown/node_modules/@rolldown/pluginutilslocation.packages/tools/src/sync-remote-deps.ts: handle.mjs/.d.mtsexports intransformPluginutilsExport, and look uppluginutils/package.jsonunder the new nested path.packages/core/package.json: switch./rolldown/pluginutilsand./rolldown/pluginutils/filterexports to.mjs/.d.mts; bump@vitejs/devtoolsto^0.1.23and bundledvite/rolldownversions.pnpm-workspace.yaml: add@rolldown/pluginutils: ^1.0.0to the catalog and remove the workspace override for it; bumprolldown-plugin-dtsto^0.25.0,valibotto1.4.0,vitepress-plugin-graphvizto^0.1.0; update thevitest-devoverride tonpm:vitest@^4.1.6.Cargo.toml: bump theoxcfamily of crates to0.130.0; pinmimalloc-safe = "=0.1.58".rust-toolchain.toml: bump nightly channel tonightly-2026-03-15.packages/cli/snap-tests-global/command-staged-broken-config/snap.txt: refresh snapshot for the new oxc parser error formatting.packages/tools/.upstream-versions.json,Cargo.lock,pnpm-lock.yaml: regenerated to match the new versions.Build status
sync-remote-and-build: failurebuild-upstream: failure