chore(deps-dev): bump vite from 6.4.2 to 6.4.3#1393
Open
dependabot[bot] wants to merge 1 commit into
Open
Conversation
dependabot
Bot
added
dependencies
srid
added a commit
that referenced
this pull request
Jun 17, 2026
…ped — breaks e2e) (#1394) Consolidates Dependabot dependency bumps into a single PR sharing one CI run and one set of regenerated Nix pnpm-deps hashes. ## Bumps | PR | Package | From → To | Scope | Status | |----|---------|-----------|-------|--------| | #1392 | `dompurify` | 3.4.8 → **3.4.11** | root workspace | ✅ included | | #1390 | `astro` | 6.1.10 → **6.4.7** (`^6.4.6`) | `/website` | ✅ included | | #1393 | `vite` (dev) | 6.4.2 → 6.4.3 | root workspace | ❌ **dropped** | ## Why vite 6.4.3 was dropped vite 6.4.3's client bundle **deterministically breaks** the `render_recovery` e2e scenario ("Regaining window focus repaints a render-stalled terminal", added in #1381) on **x86_64-linux**: - **master**: e2e green on linux - **this branch with vite 6.4.3**: `render_recovery` failed **4/4 attempts** on the same warm CI box - **darwin**: passes on both The test asserts zero xterm paints while the render loop is stalled; under vite 6.4.3 an extra paint slips through, tripping the assertion before it even verifies the focus-repaint behavior. Bisected to vite as the sole client-affecting change (lockfile delta was only vite + dompurify). vite is pinned back to 6.4.2 here; the 6.4.3 ↔ `render_recovery` interaction should be tracked and resolved separately before re-attempting that bump. ## Notes - The astro Dependabot PR only touched `website/package.json`; its lockfile was stale, so `website/pnpm-lock.yaml` was regenerated (astro resolves to 6.4.7 within `^6.4.6`). - dompurify resolves to **3.4.11** (newest within the bumped `^3.4.9` range — supersedes the 3.4.9 security fix). - Both `fetchPnpmDeps` hashes regenerated and verified deterministic via `nix build --rebuild`: - root `default.nix` → `sha256-YaxrK53rfL5nWhS29No4PqG4FOvKQXfDdUFhfgNqb/c=` - `website/default.nix` → `sha256-RxMbH3KNdnrO050cp+nQm1TKcPAThPL+q5pmPBfxFiw=` Closes #1392 Closes #1390 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.4.2 to 6.4.3. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.4.3/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.4.3/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.4.3 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/vite-6.4.3
branch
from
b94f85e to
833d057
Compare
srid
added a commit
that referenced
this pull request
Jun 18, 2026
…3 still excluded (#1397) Consolidates the remaining open Dependabot bumps into one PR — a single CI run and one regenerated Nix pnpm-deps hash, the same pattern as #1394. ## Bumps | PR | Package | From → To | Scope | Status | |----|---------|-----------|-------|--------| | #1396 | `ws` | 8.20.1 → **8.21.0** | root workspace (`server` + surface examples) | ✅ included | | #1395 | `astro` | 6.1.10 → **6.4.8** (`^6.4.6`) | `docs/atlas` (standalone) | ✅ included | | #1393 | `vite` (dev) | 6.4.2 → 6.4.3 | root workspace | ❌ **excluded** | ## Why vite 6.4.3 is still excluded #1394 dropped vite 6.4.3 because its client bundle **deterministically breaks** the `render_recovery` e2e scenario ("Regaining window focus repaints a render-stalled terminal", #1381) on **x86_64-linux** — failed 4/4 attempts on a warm CI box; darwin passes. That interaction is still unresolved, so vite stays pinned at 6.4.2. #1393 should be re-attempted only once the vite ↔ `render_recovery` interaction is fixed. ## Nix hash - `ws` touches the root workspace lockfile. The surface examples (`base.nix` and friends) reuse the root `pnpmDeps`, so **only the root `default.nix` `fetchPnpmDeps` hash changed**: `sha256-7damxI1mQ2xbZpDO5NvE8mmPGjyAuck3nybEBsaDUT4=`. - Regenerated by forcing a re-fetch (the FOD won't re-run on an unchanged declared hash); full `nix build .#default` is green afterward. - `website/default.nix` is untouched (its astro was already bumped in #1394). ## docs/atlas `docs/atlas` is a standalone project — its own `pnpm-lock.yaml`, **no `default.nix`** (not Nix-built). Its lockfile was regenerated and `docs/atlas/dist/` rebuilt + committed (the only delta is the `<meta generator>` string moving `Astro v6.4.3` → `v6.4.8` across all 41 pages) so the `ci::atlas-sync` gate stays green. Closes #1396 Closes #1395 🤖 Generated with [Claude Code](https://claude.com/claude-code)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps vite from 6.4.2 to 6.4.3.
Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
Commits
6c2c881release: v6.4.396b0c10fix: backport #22572, reject windows alternate paths (#22576)8fed5cffix(deps): backport #22571, reject UNC paths for launch-editor-middleware (#2...