Update npm dependencies#51
Merged
Merged
Conversation
📝 WalkthroughWalkthroughUpgrades Nuxt and Vue versions, adds a Vite block in Nuxt config to restrict dev server hosts and pre-bundle listed dependencies, and updates the CI workflow to use Node.js 24. ChangesDevelopment Environment Setup
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@nuxt.config.ts`:
- Around line 60-91: The optimizeDeps block is currently nested under
vite.server; move the optimizeDeps object out of the server section so it
becomes a sibling property directly under vite (i.e., change from
vite.server.optimizeDeps to vite.optimizeDeps) and keep the include array intact
(preserve the listed package entries like '`@osmcha/maplibre-adiff-viewer`',
'ajv', 'dayjs/plugin/relativeTime', etc.) so Vite can recognize the pre-bundling
configuration.
In `@package.json`:
- Line 28: package.json pins "nuxt": "^4.4.6" which requires Node >=22, but the
CI uses Node 20 causing installs to fail; fix by either updating the CI Node
runtime to a compatible major (22, 24, or 26+) in the workflow configuration or
change the "nuxt" dependency in package.json to a version compatible with Node
20 (downgrade "nuxt" to a 3.x/compatible release). Ensure the chosen approach
updates the CI workflow's node-version entry or the "nuxt" version string so
they match and then run CI locally (or npm ci) to verify installation succeeds.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 0021313d-fe6e-4dd1-b102-91f21471b434
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (2)
nuxt.config.tspackage.json
cyrossignol
force-pushed
the
update-deps
branch
3 times, most recently
from
6994412 to
db6cf35
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/ci.yml:
- Around line 15-18: The workflow uses mutable tags actions/checkout@v4 and
actions/setup-node@v4 which violate the unpinned-uses policy; update both
occurrences to the corresponding immutable commit SHAs (replace
actions/checkout@v4 and actions/setup-node@v4 with their full commit SHA pins)
so the workflow references a specific commit for each action, and verify the SHA
values are the latest recommended SHAs from the official action repositories
before committing.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 89d22712-5d27-45bc-a75e-57546cacd6b6
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (3)
.github/workflows/ci.ymlnuxt.config.tspackage.json
Collaborator
Author
|
Merging—discussed with/approved by @jeffmaki in yesterday's call. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a dependency update that resolves some outstanding security notices. I updated the Nuxt config to account for a couple new features of the dev server:
Changes
Dependencies Updated
^4.0.0→^4.4.6^3.4.19→^3.5.34Nuxt Configuration Enhanced
Added
viteconfiguration tonuxt.config.ts:allowedHoststoworkspaces.localto explicitly allow requests from the local development domain.optimizeDeps.includeto pre-bundle key dependencies, reducing full page reloads during development. Included modules:@osmcha/*,@sindresorhus/slugify, Vue devtools packages,@zip.js/zip.js,ajv/ajv-formats,bootstrap-vue-nextcomponents/composables,dayjsplugins,maplibre-gl,papaparse,vue-qrcode, andvue3-toastify.CI Workflow