Skip to content

Use vitest v3, Resolve GHSA-9crc-q9x8-ghqq #7340

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hl662 merged 25 commits into from
Feb 17, 2025
Merged

Use vitest v3, Resolve GHSA-9crc-q9x8-ghqq #7340

hl662 merged 25 commits into from
Feb 17, 2025

Conversation

@hl662
Copy link
Contributor

@hl662 hl662 commented Nov 8, 2024
edited
Loading

  • Resolve GHSA-9crc-q9x8-hgqq

  • Consume vitest 3.0.5 (and adjacent vitest packages like browser, coverage-v8.

  • All vitest deps follow the same version number, to avoid dependency mismatch warnings when running tests.

  • Bump core-geometry's global testTimeout to a minute - there's no slowdown to the CI times or locally, since the tests are running in parallel.

  • Drop coverage reporting in core-frontend until the dynamic imports issue can be resolved (Opened issue).

  • Import core-frontend's barrel file before running any core-frontend test suite.

  • Enable parallel tests in core-frontend again. (This helps counteract the performance slowdown importing the barrel file above will have)

@hl662 hl662 self-assigned this Nov 8, 2024
@hl662 hl662 requested review from a team as code owners November 8, 2024 16:44
aruniverse
aruniverse approved these changes Nov 8, 2024
View reviewed changes
Copy link
Member

@aruniverse aruniverse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why didn't rush catch this?

@hl662
Copy link
Contributor Author

hl662 commented Nov 8, 2024

Why didn't rush catch this?

The mismatched dependencies were in the pnpm lockfile. Some were '2.1.1', while others were '2.1.0'. I guess rush doesn't catch mismatched deps that are in lockfiles

@hl662
Copy link
Contributor Author

hl662 commented Nov 13, 2024

setting back to draft for now, circling back to fix regression for vitest/browser at a later point

@hl662 hl662 marked this pull request as draft November 13, 2024 19:59
@hl662 hl662 marked this pull request as ready for review November 15, 2024 22:18
@hl662 hl662 requested review from a team, bbastings and ben-polinsky as code owners November 15, 2024 22:18
@hl662
Copy link
Contributor Author

hl662 commented Nov 15, 2024

Marked as active again - I had to update the setup file for core frontend to import the barrel file. Vitest now inlines setup files into test files , messing up dependency resolution in test files and reintroducing circular imports otherwise

@hl662 hl662 enabled auto-merge (squash) November 15, 2024 22:21
@mergify
Copy link
Contributor

mergify bot commented Nov 16, 2024

This pull request is now in conflicts. Could you fix it @hl662? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

@hl662 hl662 marked this pull request as draft November 20, 2024 18:43
auto-merge was automatically disabled November 20, 2024 18:43

Pull request was converted to draft

hl662
hl662 commented Feb 13, 2025
View reviewed changes
@hl662 hl662 marked this pull request as ready for review February 17, 2025 14:31
@hl662 hl662 requested a review from saeeedtorabi as a code owner February 17, 2025 14:31
@hl662 hl662 requested a review from ben-polinsky February 17, 2025 14:40
dassaf4
dassaf4 approved these changes Feb 17, 2025
View reviewed changes
Copy link
Member

@dassaf4 dassaf4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

core-geometry looks good

@hl662 hl662 mentioned this pull request Feb 17, 2025
Open
@hl662 hl662 requested a review from aruniverse February 17, 2025 15:12
@hl662
Copy link
Contributor Author

hl662 commented Feb 17, 2025

@Mergifyio backport release/4.10.x release/4.11.x

@mergify
Copy link
Contributor

mergify bot commented Feb 17, 2025
edited
Loading

backport release/4.10.x release/4.11.x

✅ Backports have been created

Details

@hl662 hl662 changed the title Bump vitest dependencies Use vitest v3, Resolve GHSA-9crc-q9x8-ghqq Feb 17, 2025
@hl662 hl662 enabled auto-merge (squash) February 17, 2025 16:25
@hl662 hl662 merged commit ffa6c0f into master Feb 17, 2025
16 checks passed
@hl662 hl662 deleted the nam/fix-mismatch-vitest branch February 17, 2025 16:47
mergify bot pushed a commit that referenced this pull request Feb 17, 2025
@hl662 @mergify
Use vitest v3, Resolve GHSA-9crc-q9x8-ghqq (#7340)
de27ee2 
Co-authored-by: Arun George <[email protected]>
(cherry picked from commit ffa6c0f)

# Conflicts:
#	common/config/rush/pnpm-lock.yaml
#	core/bentley/package.json
#	core/common/package.json
#	core/frontend/src/test/setupTests.ts
#	core/geometry/package.json
#	core/quantity/package.json
@mergify mergify bot mentioned this pull request Feb 17, 2025
Closed
mergify bot pushed a commit that referenced this pull request Feb 17, 2025
@hl662 @mergify
Use vitest v3, Resolve GHSA-9crc-q9x8-ghqq (#7340)
5ca9472 
Co-authored-by: Arun George <[email protected]>
(cherry picked from commit ffa6c0f)

# Conflicts:
#	common/config/rush/pnpm-lock.yaml
#	core/bentley/package.json
#	core/common/package.json
#	core/frontend/src/test/setupTests.ts
#	core/geometry/package.json
#	core/quantity/package.json
@mergify mergify bot mentioned this pull request Feb 17, 2025
Merged
@hl662 hl662 mentioned this pull request Feb 17, 2025
Merged
aruniverse added a commit that referenced this pull request Feb 19, 2025
@mergify @hl662
@aruniverse @chuckkir @naveedkhan8067
Use vitest v3, Resolve GHSA-9crc-q9x8-ghqq, GHSA-vjh7-7g9h-fjfh (back…
ea1d791 
…port #7340) [release/4.11.x] (#7714)

Co-authored-by: Nam Le <[email protected]>
Co-authored-by: Arun George <[email protected]>
Co-authored-by: chuckkir <[email protected]>
Co-authored-by: naveedkhan8067 <[email protected]>
pankhur94 pushed a commit that referenced this pull request Feb 24, 2025
@hl662 @aruniverse @pankhur94
Use vitest v3, Resolve GHSA-9crc-q9x8-ghqq (#7340)
14d2024 
Co-authored-by: Arun George <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dassaf4 dassaf4 dassaf4 approved these changes

@DStradley DStradley Awaiting requested review from DStradley DStradley is a code owner automatically assigned from iTwin/itwinjs-core

@MichaelSwigerAtBentley MichaelSwigerAtBentley Awaiting requested review from MichaelSwigerAtBentley MichaelSwigerAtBentley is a code owner automatically assigned from iTwin/itwinjs-core

@MBudreviciusBentley MBudreviciusBentley Awaiting requested review from MBudreviciusBentley MBudreviciusBentley is a code owner automatically assigned from iTwin/itwinjs-core

@bbastings bbastings Awaiting requested review from bbastings bbastings is a code owner

@saeeedtorabi saeeedtorabi Awaiting requested review from saeeedtorabi saeeedtorabi is a code owner

@ben-polinsky ben-polinsky Awaiting requested review from ben-polinsky ben-polinsky is a code owner

@aruniverse aruniverse Awaiting requested review from aruniverse aruniverse is a code owner

Assignees

@hl662 hl662

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@hl662 @aruniverse @dassaf4 @ben-polinsky