Copilot commented on code in PR #10244:
URL: https://github.com/apache/gravitino/pull/10244#discussion_r2888680333
##########
web-v2/web/package.json:
##########
@@ -49,12 +49,12 @@
},
"devDependencies": {
"@iconify/react": "^4.1.1",
- "@iconify/tools": "^4.1.2",
+ "@iconify/tools": "^5.0.5",
Review Comment:
The dependency upgrades introduce new transitive packages (e.g., `fflate`,
`modern-tar`, `sax`, `@cyberalien/svg-utils`, `commander@11`) and remove others
(e.g., `cheerio`, `@trysound/sax`, `tar`, `extract-zip`, `undici`). The
`LICENSE.bin` and `licenses/` directory should be updated to reflect these
changes — stale entries for removed packages should be cleaned up, and entries
for newly introduced packages should be added.
##########
web-v2/web/package.json:
##########
@@ -69,5 +69,14 @@
"tsx": "^4.16.0",
"typescript": "^5.5.3",
"vitest": "^2.1.9"
+ },
+ "pnpm": {
+ "overrides": {
+ "rollup": "^4.59.0",
+ "minimatch": "^9.0.7",
+ "undici": "^7.18.2",
+ "ajv": "^6.14.0",
+ "esbuild": "^0.25.0"
+ }
}
}
Review Comment:
The `esbuild` override forces `^0.25.0` but Vite 5.4.x ships with
`esbuild@^0.21.3` as its dependency. Since esbuild uses 0.x semver (where minor
version bumps can include breaking changes), this is a significant version jump
(0.21 → 0.25). While the lockfile resolves successfully, this may cause subtle
build issues or behavioral differences. Consider verifying the build output
thoroughly, or alternatively upgrading Vite itself to a version that natively
supports esbuild 0.25.x (Vite 6.x).
```suggestion
"ajv": "^6.14.0"
}
}
}
```
##########
web-v2/web/package.json:
##########
@@ -69,5 +69,14 @@
"tsx": "^4.16.0",
"typescript": "^5.5.3",
"vitest": "^2.1.9"
+ },
+ "pnpm": {
+ "overrides": {
+ "rollup": "^4.59.0",
+ "minimatch": "^9.0.7",
+ "undici": "^7.18.2",
Review Comment:
The `undici` override (`^7.18.2`) no longer has any effect because `undici`
is no longer a transitive dependency in the lockfile — it was previously pulled
in by `cheerio`, which was a dependency of `@iconify/[email protected]`. Since
`@iconify/tools` has been upgraded to `5.0.5` (which no longer depends on
`cheerio`), this override is a no-op and can be removed to avoid confusion.
```suggestion
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
