Skip to content

AAP-59328: vite and other dependencies upgrade by npm audit fix#1803

Merged
hasys merged 4 commits intomainfrom
js_dependencies
Dec 12, 2025
Merged

AAP-59328: vite and other dependencies upgrade by npm audit fix#1803
hasys merged 4 commits intomainfrom
js_dependencies

Conversation

@hasys
Copy link
Contributor

@hasys hasys commented Dec 12, 2025
edited by cursor bot
Loading

Jira Issue: https://issues.redhat.com/browse/AAP-59328

Description

Updated Vite to latest 6.x release at the date and addition npm audit fix upgrades

Testing

Steps to test

  1. Pull down the PR
  2. ...
  3. ...

Type of Change

  • Bug fix (non-breaking change fixing an issue)
  • New feature (non-breaking change adding functionality)
  • Breaking change (fix or feature causing existing functionality to break)
  • Security fix
  • Performance improvement
  • Code refactoring
  • Documentation update
  • CI/CD update

Backport Policy

This change should be:

  • Not backported - main/master only
  • Backported to specific releases (add labels after merge)

Automated Backport Instructions

After this PR is merged, add one or more labels to automatically create backport PRs:

  • backport/stable-2.4 - Backport to stable-2.4 branch
  • backport/stable-2.5 - Backport to stable-2.5 branch
  • backport/stable-2.6 - Backport to stable-2.6 branch
  • backport/all - Backport to all active stable branches
  • no-backport - Explicitly mark as not needing backport

Backport Justification

Special backport considerations:

Scenarios tested

minor and micro version updated, tested by execution of npm install

Production deployment

  • This code change is ready for production on its own
  • This code change requires the following considerations before going to production:

Note

Upgrade Vite to 6.4.1 across both chatbot packages and update lockfiles with audited dependency bumps (e.g., glob, js-yaml, mdast-util-to-hast, Playwright).

  • Dependencies:
    • Vite: Bump to ^6.4.1 in aap_chatbot/package.json and ansible_ai_connect_chatbot/package.json.
    • Lockfile updates (package-lock.json):
      • vite to 6.4.1.
      • Transitive upgrades: glob@10.5.0, js-yaml@4.1.1, mdast-util-to-hast@13.2.1, playwright@1.57.0 and playwright-core@1.57.0, plus related metadata changes.

Written by Cursor Bugbot for commit d173e69. This will update automatically on new commits. Configure here.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 12, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@hasys hasys enabled auto-merge (squash) December 12, 2025 10:51
@hasys hasys merged commit b29df7f into main Dec 12, 2025
13 checks passed
@hasys hasys deleted the js_dependencies branch December 12, 2025 11:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@romartin romartin romartin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hasys @romartin

Comments