Skip to content

chore: bump vite-task to 417b6aa#2076

Merged
wan9chi merged 2 commits into
mainfrom
claude/bump-vite-task-cyegoq
Jul 7, 2026
Merged

chore: bump vite-task to 417b6aa#2076
wan9chi merged 2 commits into
mainfrom
claude/bump-vite-task-cyegoq

Conversation

@wan9chi

@wan9chi wan9chi commented Jul 7, 2026

Copy link
Copy Markdown
Member

Bumps the vite-task git dependency from 6cfa6e4 to 417b6aa, and resolves a security advisory surfaced by the resulting lockfile.

Changelog

[vite-task '6cfa6e4...417b6aa'](https://github.com/voidzero-dev/vite-task/compare/6cfa6e47a1a5fdadd215e1556766cc753603a539...417b6aae5fca92b128c586c8ff3421e43911b553#diff-06572a96a58dc510037d5efa622f9bec8519bc1beab13c9f251e97e657a9d4ed)

The only behavioral change is:

  • Fixed Missing env vars requested through @voidzero-dev/vite-task-client now return undefined instead of null, preserving Vite production NODE_ENV semantics when builds run through vp run (#508).

The remaining commits are dependency, CI, and test-fixture updates. The one Rust change (#508) is scoped to vite-task's own vite_task_client_napi crate, which vite-plus does not consume, so there are no API changes on the consuming side.

Security fix

The Security Analysis (cargo-deny) job flagged crossbeam-epoch 0.9.18 under RUSTSEC-2026-0204 (invalid pointer dereference in the fmt::Pointer impl for Atomic/Shared). Updated it to 0.9.20 per the advisory's prescribed solution (lockfile-only, patch bump).

Verification

  • Rebased onto latest main.
  • cargo check --workspace — passes
  • Rust crate tests (vite_command, vite_error, vite_install, vite_js_runtime, vite_migration, vite_shared, vite_static_config, vite-plus-cli, vite_global_cli) — all pass
  • PTY snapshot suite (global flavor) — passes, no output changes
  • Docs — no user-facing changes to document

@netlify

netlify Bot commented Jul 7, 2026

Copy link
Copy Markdown

Deploy Preview for viteplus-preview canceled.

Name Link
🔨 Latest commit bbe9957
🔍 Latest deploy log https://app.netlify.com/projects/viteplus-preview/deploys/6a4c7beb6ce9d2000827540f

claude added 2 commits July 7, 2026 04:04
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_012QANkkX799YYVngPJnHEbP
Resolves the cargo-deny advisory failure surfaced in the Security Analysis
job: crossbeam-epoch 0.9.18 is affected by RUSTSEC-2026-0204 (invalid
pointer dereference in the fmt::Pointer impl for Atomic/Shared). Advisory
solution is to upgrade to >=0.9.20.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_012QANkkX799YYVngPJnHEbP
@wan9chi wan9chi force-pushed the claude/bump-vite-task-cyegoq branch from fd21183 to bbe9957 Compare July 7, 2026 04:09
@wan9chi wan9chi merged commit 90c280c into main Jul 7, 2026
47 checks passed
@wan9chi wan9chi deleted the claude/bump-vite-task-cyegoq branch July 7, 2026 04:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants