You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: Cargo.lock
Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path Cargo.toml --workspace
error: failed to load manifest for workspace member `/tmp/renovate/repos/github/voidzero-dev/vite-plus/packages/cli/binding`
referenced by workspace at `/tmp/renovate/repos/github/voidzero-dev/vite-plus/Cargo.toml`
Caused by:
failed to load manifest for dependency `rolldown_binding`
Caused by:
failed to read `/tmp/renovate/repos/github/voidzero-dev/vite-plus/rolldown/crates/rolldown_binding/Cargo.toml`
Caused by:
No such file or directory (os error 2)
However, the resolved lockfile version for zip is not 8.0.0, but 8.6.0:
[[package]]
name = "zip"
-version = "7.2.0"+version = "8.6.0"
So I think we should review this as:
junction: 1.4.x -> 2.0.0
zip: 7.2.0 -> 8.6.0
junction update
junction is updated from 1.4.x to 2.0.0.
The main upstream behavior change in 2.0.0 is:
junction::get_target now doesn't check whether the junction's destination directory exists.
That means get_target() can now successfully return the junction target path even if the target directory no longer exists.
For vite-plus, the risk is likely not API compatibility, but behavior compatibility.
Potentially affected area:
Windows setup / upgrade / shim / junction cleanup logic
The thing we should verify is whether any code currently treats this pattern as an existence check:
if junction::get_target(path).is_ok(){// previously this may have implied that the target exists}
After this update, that assumption may no longer be valid. If we need to know whether the target exists, we should check it explicitly:
let target = junction::get_target(path)?;if !target.exists(){// handle stale junction target}
Suggested validation for junction:
- Verify Windows setup flow.
- Verify Windows upgrade flow.
- Verify shim / junction replacement behavior.
- Verify cleanup behavior when the junction target directory has already been removed.
- Search call sites of junction::get_target and make sure success is not used as an implicit target-exists check.
zip update
zip is declared as:
-zip = "7.2"+zip = "8.0"
But the lockfile resolves it to:
zip 8.6.0
So the effective update is:
zip 7.2.0 -> 8.6.0
Important upstream changes across this range include:
8.0.0:
- Migrates the crate to Rust 2024.
- Removes deprecated DateTime methods.
8.1.x - 8.6.x:
- Adds support for getting the underlying writer from ZipWriter.
- Adds file option support for reproducible archives across platforms.
- Improves extra-field parsing.
- Adds CRC32 ignore option.
- Adds unsupported-compression enum error.
- Adds [u8] filename support.
- Includes several ZIP reader / writer refactors and parsing fixes.
For vite-plus, the direct usage appears to be simple. We mainly use zip for runtime archive extraction:
Since we do not appear to use the removed DateTime APIs or writer APIs directly, the direct API compatibility risk looks low.
The main risks are:
- MSRV / toolchain compatibility, because zip 8.x moved to Rust 2024.
- Transitive dependency changes, because Cargo.lock resolves to zip 8.6.0, not just 8.0.0.
- Runtime ZIP extraction behavior changes, especially for Windows runtime archives.
- Default feature / crypto dependency changes from zip 8.6.0.
The lockfile also shows several dependency changes caused by the zip update, for example:
There is also an important Renovate warning in this PR:
Artifact update problem
Renovate failed to update an artifact related to this branch.
You probably do not want to merge this PR as-is.
The failure happened while updating Cargo.lock:
failed to load manifest for workspace member `packages/cli/binding`
Caused by:
failed to load manifest for dependency `rolldown_binding`
Caused by:
failed to read `rolldown/crates/rolldown_binding/Cargo.toml`
Caused by:
No such file or directory
Because of this, I do not think this PR should be automerged as-is. The lockfile should be regenerated from a complete checkout where the workspace and submodule / vendored dependencies are available.
Suggested validation before merging
I suggest doing the following before merging:
cargo update -p junction -p zip
cargo test --workspace
And specifically validate:
- Windows setup / upgrade flow.
- Windows shim / junction replacement flow.
- Cleanup behavior when a junction target no longer exists.
- Runtime archive download and extraction.
- ZIP extraction for Windows runtime archives.
- Whether resolving zip = "8.0" to zip 8.6.0 is intentional.
- Whether the current Rust toolchain/MSRV is compatible with zip 8.6.0.
Recommendation
I would not automerge this PR yet.
junction looks relatively low risk, but needs a Windows behavior check around stale junction targets.
zip has simple direct usage in vite-plus, but the effective update is 7.2.0 -> 8.6.0, with Rust 2024 / MSRV and transitive dependency implications. Combined with the Renovate artifact failure for Cargo.lock, I think we should regenerate the lockfile in a complete checkout and run the Windows/runtime extraction checks before merging.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.4.1→2.0.07.2→8.0Configuration
📅 Schedule: (in timezone Asia/Shanghai)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.