Add npm run up-deps and update deps to latest (Vite 5=>6, Svelte, etc)

[sean-zlai]

Summary

Due to some of our odd issues (out of memory, etc) I thought it would be helpful to be on the latest Vite and Svelte versions.

I also added npm run up-deps similar to pnpm PR but leveraging npm-check-updates package to make bumping versions easier (and interactive).

This updates all dependencies except bits-ui (0.21.16 => 0.22.0) and svelte-radix (1.1.1 => 2.0.1) which are used by shadcn-svelte. They are probably safe to update (especially bits-ui) but would require more visual validation.

I had to add a vite override as some internal deps of vitest were still requesting vite@5 (and oddly this isn't an issue when using pnpm as I have a similar vite 6 setup on other repos.

Checklist

• Added Unit Tests
• Covered by existing CI
• Integration tested
• Documentation update

Summary by CodeRabbit

• New Features

  • Added a new script for dependency management.

• Updates

  • Multiple package versions updated to enhance performance and compatibility, including key libraries such as Svelte, Playwright, and TypeScript.

[coderabbitai]

Walkthrough

This pull request updates the frontend/package.json file, introducing a new script for dependency management and upgrading numerous dependencies to their latest versions. The updates include various development and production packages, particularly those related to Svelte, Playwright, and TypeScript. Additionally, an override for the Vite package version has been added.

Changes

File	Change Summary
frontend/package.json	- Added new script: "up-deps": "npx npm-check-updates -i" - Updated multiple dev dependencies (Svelte, Playwright, TypeScript, ESLint, etc.) - Updated dotenv dependency - Added Vite override - Added optional dependency "@rollup/rollup-linux-x64-gnu": "^4.29.0"

Suggested Reviewers

• nikhil-zlai
• piyush-zlai
• ken-zlai

Possibly Related PRs

• Replace npm with pnpm #136: PR involving replacement of npm with pnpm in the frontend/package.json file

Poem

🐰 Hop, hop, dependencies dance!
Versions leap with every glance
Svelte and Vite, a merry crew
Updating packages, shiny and new
Code's refresh, a rabbit's delight! 🚀

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro (Legacy)

📥 Commits

Reviewing files that changed from the base of the PR and between fc58a4c and ccb7dfe.

⛔ Files ignored due to path filters (1)

• frontend/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• frontend/package.json (3 hunks)

🔇 Additional comments (4)

frontend/package.json (4)

20-21: Consider using safer dependency update flags

The interactive mode might lead to inconsistent updates.

---

79-80: Verify cross-platform compatibility

Platform-specific rollup dependency might affect builds on other platforms.

✅ Verification successful

Platform-specific dependency is correctly configured

The @rollup/rollup-linux-x64-gnu is listed under optionalDependencies, which is the correct way to handle platform-specific binaries in npm. Optional dependencies will be skipped on unsupported platforms without affecting the build process.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if other platform-specific rollup binaries are needed
rg "rollup.*gnu|rollup.*darwin|rollup.*windows" package.json

Length of output: 115

---

Script:

#!/bin/bash
# Find package.json files
fd package.json

# Check platform-specific rollup deps in found package.json files
fd package.json --exec rg "rollup.*gnu|rollup.*darwin|rollup.*windows" {}

Length of output: 161

---

76-77: Verify Vite override compatibility

The Vite override might conflict with vitest's requirements.

✅ Verification successful

Vite v6.0.5 is compatible with the setup

Vitest 3.0.0-beta.2 doesn't specify a Vite peer dependency, and the current configuration in vite.config.ts works with Vite 6. The force optimization is already handled for git branch switches.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check vitest's vite peer dependency
curl -s https://registry.npmjs.org/vitest/3.0.0-beta.2 | jq -r '.peerDependencies.vite'

Length of output: 92

---

Script:

#!/bin/bash
# Check package.json for vitest version and dependencies
cat frontend/package.json | jq -r '.dependencies.vitest, .devDependencies.vitest'

# Check if vitest is used in the project
rg "vitest" -l

Length of output: 266

---

Script:

#!/bin/bash
# Check vite config
cat frontend/vite.config.ts

# Check vitest version requirements
curl -s https://registry.npmjs.org/vitest/3.0.0-beta.2 | jq -r '.peerDependencies'

Length of output: 1128

---

47-47: ⚠️ Potential issue

Risky: Multiple beta/major version updates

Using beta versions (Svelte 5, vitest) in production is risky. Vite 6 needs migration validation.

Also applies to: 55-56

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

frontend/package.json (1)

76-77: Remove redundant Vite override

Vite is already specified in devDependencies with the same version. Having it in overrides is redundant unless there's a specific reason to force this version for transitive dependencies.

 "overrides": {
   "cross-spawn": "^7.0.6",
   "cookie": "^0.7.0",
   "glob": "^9.0.0",
-  "vite": "^6.0.5"
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro (Legacy)

📥 Commits

Reviewing files that changed from the base of the PR and between 1730474 and ff182ab.

⛔ Files ignored due to path filters (1)

• frontend/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• frontend/package.json (3 hunks)

🔇 Additional comments (2)

frontend/package.json (2)

66-66: LGTM: Safe patch update for dotenv

The update to dotenv is a patch version change that should not introduce any breaking changes.

---

24-55: ⚠️ Potential issue

⚠️ Critical version updates require careful consideration

Several major version updates introduce potential risks:

1. Vite 6 (line 54):

   • Released recently with breaking changes
   • Might have stability issues
   • Requires Node.js 18+

2. Svelte 5 (line 46):

   • Still in preview/beta
   • Introduces Runes and breaking changes
   • Migration guide should be followed

3. Vitest beta (line 55):

   • Using beta version in production dependencies

Let's verify Node.js compatibility and potential breaking changes:

Recommendations:

1. Add "engines" field to package.json to specify Node.js version requirements
2. Consider staying on Vite 5 until 6.x stabilizes
3. Use stable version of Vitest instead of beta

[coderabbitai]

🛠️ Refactor suggestion

Consider using safer dependency update flags

The new up-deps script uses the interactive mode (-i) of npm-check-updates, which might lead to inconsistent updates. Consider using more specific flags for better control and reproducibility:

-"up-deps": "npx npm-check-updates -i"
+"up-deps": "npx npm-check-updates --target minor --reject svelte,@sveltejs/*,vite --format group"

This approach:

• Limits updates to minor versions only
• Excludes major framework updates that need careful migration
• Groups updates by type for better review

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"test:unit:once": "vitest --run",
	"up-deps": "npx npm-check-updates -i"
	"test:unit:once": "vitest --run",
	"up-deps": "npx npm-check-updates --target minor --reject svelte,@sveltejs/*,vite --format group"

[sean-zlai]

@ken-zlai npm run check, npm run lint, and npm run test:unit, and npm run test:integration all run successfully locally.

PR to fix running workflow to check package.json/etc (i.e. not just src)

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

frontend/package.json (1)

37-37: Create follow-up issue for pending updates

As mentioned in the PR objectives, bits-ui and svelte-radix were intentionally not updated pending visual validation.

Would you like me to create a GitHub issue to track the visual validation and future updates of these packages?

Also applies to: 50-50

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro (Legacy)

📥 Commits

Reviewing files that changed from the base of the PR and between ff182ab and 896534d.

⛔ Files ignored due to path filters (1)

• frontend/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• frontend/package.json (3 hunks)

🔇 Additional comments (2)

frontend/package.json (2)

20-21: Consider using safer dependency update flags

The new up-deps script uses the interactive mode (-i) of npm-check-updates, which might lead to inconsistent updates.

---

76-77: Track temporary vite override

The vite override is added to handle vitest's internal dependencies still requiring vite@5. This should be temporary.

Let's check if there are any open issues or PRs addressing this:

Would you like me to create a GitHub issue to track the removal of this override once vitest updates its dependencies?

[coderabbitai]

💡 Codebase verification

Major version updates require attention

Based on the verification results:

1. Vite 6.0.0 is a stable release with mostly internal changes and improvements. The breaking changes are minimal and mainly affect:

   • Node.js version requirements
   • Some internal APIs and types
   • Asset handling improvements

2. Svelte 5.15.0 is still in development and not recommended for production use. The official Svelte team marks version 5 as preview/beta.

3. Using beta versions of testing libraries (vitest) in production is not recommended.

Recommendations:

• Consider staying on Svelte 4.x for production use until version 5 is officially stable
• Wait for vitest to reach a stable 3.0.0 release
• Proceed with Vite 6 upgrade after thorough testing as its changes are mostly internal

🔗 Analysis chain

Review major version updates carefully

Several significant version updates require careful consideration:

1. Svelte 5.x is still in beta/preview and might not be production-ready
2. vitest 3.0.0-beta.2 is a beta version
3. Vite 6.x is a major version update that might have breaking changes

Please ensure:

• Thorough testing of the application with these versions
• Review of migration guides for breaking changes
• Consider waiting for stable releases of beta packages

Let's check the migration guides and known issues:

Also applies to: 54-54, 55-55

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for migration guides and known issues

# Check Vite's releases for breaking changes
gh api repos/vitejs/vite/releases | jq -r '.[] | select(.tag_name=="v6.0.0") | .body'

# Check Svelte's releases for stability status
gh api repos/sveltejs/svelte/releases | jq -r '.[] | select(.tag_name | startswith("v5.")) | .body'

Length of output: 304

---

Script:

#!/bin/bash
# Let's check the changelog directly and look for breaking changes
curl -s https://raw.githubusercontent.com/vitejs/vite/v6.0.0/packages/vite/CHANGELOG.md | head -n 100

# Let's also check if Svelte 5 is marked as beta/preview in package.json
rg "svelte.*beta|svelte.*preview" -A 2 -B 2

# Check for any migration guides or breaking changes documentation
fd "MIGRAT|BREAKING|UPGRADE" -i

Length of output: 17326

[ken-zlai]

nice stuff. all endpoints/new packages work, cicd is happy :)