fix(@angular/build): update vite to 7.3.2#32955
fix(@angular/build): update vite to 7.3.2#32955alan-agius4 wants to merge 1 commit intoangular:20.3.xfrom
7.3.2#32955Conversation
alan-agius4
added
action: review
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the vite dependency to version 7.3.2 and introduces esbuild version 0.27.7. A critical issue was identified in the pnpm-lock.yaml file, where the entry for vite@7.3.2 is missing several core dependencies and the entire optionalDependencies block, suggesting that the lockfile was incorrectly generated.
| vite@7.3.2(@types/node@24.9.1)(jiti@1.21.7)(less@4.4.0)(sass@1.90.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.1): | ||
| dependencies: | ||
| esbuild: 0.25.9 | ||
| fdir: 6.5.0(picomatch@4.0.4) | ||
| picomatch: 4.0.4 | ||
| postcss: 8.5.6 | ||
| rollup: 4.59.0 | ||
| tinyglobby: 0.2.15 | ||
| optionalDependencies: | ||
| '@types/node': 24.9.1 | ||
| fsevents: 2.3.3 | ||
| jiti: 1.21.7 | ||
| less: 4.4.0 | ||
| sass: 1.90.0 | ||
| terser: 5.43.1 | ||
| tsx: 4.20.6 | ||
| yaml: 2.8.1 | ||
|
|
||
| vite@7.1.5(@types/node@24.9.1)(jiti@1.21.7)(less@4.4.0)(sass@1.90.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.1): | ||
| dependencies: | ||
| esbuild: 0.25.9 | ||
| esbuild: 0.27.7 | ||
| fdir: 6.5.0(picomatch@4.0.4) | ||
| picomatch: 4.0.4 | ||
| postcss: 8.5.6 |
There was a problem hiding this comment.
The pnpm-lock.yaml entry for vite@7.3.2 appears to be incomplete. It is missing several core dependencies (such as rollup and tinyglobby) and the entire optionalDependencies block that were present in the previous version (7.1.11). This suggests the lockfile may have been manually edited or incorrectly generated, which will likely lead to build or runtime failures. Please regenerate the lockfile using pnpm install to ensure all dependencies are correctly resolved and captured.
1 participant
This fixes GHSA-v2wj-q39q-566r