chore(deps): bump vite, @vitest/coverage-v8 and vitest#15
Closed
dependabot[bot] wants to merge 2 commits into
Closed
chore(deps): bump vite, @vitest/coverage-v8 and vitest#15dependabot[bot] wants to merge 2 commits into
dependabot[bot] wants to merge 2 commits into
Conversation
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) to 8.0.14 and updates ancestor dependencies [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). These dependencies need to be updated together. Updates `vite` from 5.4.21 to 8.0.14 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.14/packages/vite) Updates `@vitest/coverage-v8` from 1.6.1 to 4.1.7 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.7/packages/coverage-v8) Updates `vitest` from 1.6.1 to 4.1.7 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.7/packages/vitest) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.14 dependency-type: indirect - dependency-name: "@vitest/coverage-v8" dependency-version: 4.1.7 dependency-type: direct:development - dependency-name: vitest dependency-version: 4.1.7 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
RBKunnela
added a commit
that referenced
this pull request
May 22, 2026
Wire vitest run into the build matrix between type-check and build, across Node 18 + 20. paybot-sdk auto-publishes to npm on every push to main; before this change CI never ran the test suite, so code could ship to customers without its own tests ever executing. Test suite: 102 tests / 7 files in tests/, vitest.config.ts scoped to tests/**/*.test.ts. Local: 102/102 pass in 1.72s. Not in this PR (deliberately split per Orion routing during Phase 1 discovery): - Task #14: dual-mode dead-code bug in src/x402-v2.ts:251 (no-dupe-else-if surfaces it; requires semantic decision on what dual-mode should emit — separate @dev story) - Task #15: coverage gate at 80% threshold + tests for x402-v2.ts and payment-engine.ts (currently 0% covered, 805 LOC combined) - Task #16: coverage/ gitignore hygiene No change to required_status_checks contexts: the new step runs inside the existing build (18) + build (20) matrix entries, adding substance without adding new context names. 5th application of automated-pr-merge-authority.md.
5 tasks
RBKunnela
added a commit
that referenced
this pull request
May 22, 2026
…g dual-mode (Story 14) (#36) Bug: pre-existing if/else-if chain in `signPayment` (src/x402-v2.ts line 251+) included an unreachable `else if (protocol === 'dual')` arm — line 163 already matched `dual` because of `protocol === 'x402' || protocol === 'dual'`. The dead branch was meant to produce both an x402 EIP-3009 signature AND an MPP PaymentAuthorization signature; instead, dual-mode silently fell into the x402-only branch and attached MPP fields as inert metadata under `signedData.mppFormat` — no real MPP signature was ever produced. Bug origin commit: dbe4c89 (2026-05-20 rebase artifact). Customer impact: ZERO at present (paybot-sdk 0.3.0 unreleased; paybot-mcp and paybot-core pin to ^0.2.0). Fix lands before 0.3.0 ships. Fix (Option C per 2026-05-22 roundtable verdict): - Extracted `signX402(account, requirements)` private helper, verbatim body from the pre-refactor x402 branch. - Extracted `signMPP(account, requirements, intentId)` private helper, verbatim body from the pre-refactor mpp branch. - Rewrote `signPayment` as a `switch` dispatcher with explicit `x402` / `mpp` / `dual` cases and a `default` arm throwing PayBotApiError with code `UNSUPPORTED_PROTOCOL` (status 402). - Dual-mode now calls BOTH helpers; `signedData = { x402, mpp }` packs both signed payloads; top-level `signature` mirrors the x402 signature for legacy compatibility. - Deleted the unreachable dead-code branch (was lines 251-311). No silent behavior change for `x402` or `mpp` consumers — proven by Test 13 (byte-for-byte regression). Tests: new tests/x402-v2.test.ts (was zero) — 13 unit tests covering signX402 happy/error/edge, signMPP happy/error/edge, dispatcher x402/mpp/ dual/unsupported/missing-key paths, and two regression tests including the canonical Test 12 that runs EIP-712 signature recovery against the dual-mode MPP signature and confirms it recovers the signer address (i.e., proves the signature is real cryptography, not metadata). Determinism: vi.useFakeTimers + vi.setSystemTime + mocked generateEIP3009Nonce. Quality: 115/115 tests pass (102 existing + 13 new); lint clean; typecheck clean; all new code lines (signX402 / signMPP / signPayment) hit. JSDoc added to all three methods with @param / @returns / @throws / @example. Out of scope per Story 14: discriminated union for signedData, broader coverage backfill on other untested public methods (Task #15), 0.3.0 release. SignedPayment.signedData stays Record<string, unknown>; no breaking type change. Refs: docs/stories/14.dual-mode-refactor.md (AIOX-Enterprise) SDC chain: @sm draft → @po validated 12/12 → @dev (this PR) → @qa pending → @devops merge. 🤖 Generated with Claude Code Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
9 tasks
RBKunnela
added a commit
that referenced
this pull request
May 22, 2026
…ory 15) (#38) Closes Task #15. Builds on Story 15.1 (PR #37 @ 23694dd) which unblocked this work by fixing the EIP-55 checksum + 0x-prefix issues in src/micropayment-engine.ts. Track A — extend tests/x402-v2.test.ts (tests #14-#26) - on402Response: happy / non-402 status / missing+malformed header - submitPayment: 200 OK / non-2xx / network error rewrap - verifyReceipt: 200+verified / non-2xx / network error (no throw) - createPaymentIntentHeader: happy / optional fields undef - negotiatePaymentIntent: happy / TODO branch locked - src/x402-v2.ts: 63.74% → 97.32% line coverage Track B — create tests/micropayment-engine.test.ts (B-1 through B-18) - constructor (3): 0x-guard, defaults, custom thresholds - queuePayment (3): paymentId shape, usdToBaseUnits errors, auto-settle - batchPayments (3): EIP-712 BatchSettlement sign / missing IDs / skipGas - getGasEstimate (2): 6-decimal USD, inverse scaling - setBatchWindow (2): s→ms conversion, window-boundary observable - getQueueStatistics (2): empty zeroes, multi-window aggregation - clearOldPayments (2): nothing-to-clear, settled+old removal - getPaymentStatus (1): find-or-undefined cross-window - src/micropayment-engine.ts: 0% → 100% line coverage Track C — .github/workflows/ci.yml - Add `Coverage gate` step (npm run coverage) between Run tests + Build - Add `Upload coverage report` step (actions/upload-artifact@ea165f8 v4) with if: always(), 14-day retention, per matrix Node version Test count: 115 baseline + 13 Track A + 18 Track B = 146 tests, all PASS Coverage: global 97.52% lines / 86.75% branches / 100% funcs / 97.52% stmts (exceeds vitest.config.ts thresholds 80/80/70/80 → npm run coverage exit 0) Determinism: all tests use vi.useFakeTimers + vi.setSystemTime + frozen Math.random; fetch is stubbed via vi.stubGlobal; zero real network I/O. Verbatim source preservation: 0 changes to src/ (verified git diff --stat). Zero skipped tests, zero .todo/xit/xdescribe/.only. Story chain: full SINKRA — @sm draft (v0.1) → @po GO-conditional → @sm patch (v0.2) → @dev attempt 1 → bug escalation → @aios-master roundtable → Story 15.1 source fix (PR #37) → @dev resume (this PR) → @qa pending → @devops pending merge.
RBKunnela
added
the
friendlyai-review-refresh
Owner
|
@dependabot recreate |
Contributor
Author
|
The dependabot.yml entry that created this PR has been deleted so this PR can't be recreated. Please close the PR so Dependabot can create a new one with the current dependabot.yml. |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Owner
|
Closing — merge conflict after main updates. Dependabot will reopen with fresh base if still needed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps vite to 8.0.14 and updates ancestor dependencies vite, @vitest/coverage-v8 and vitest. These dependencies need to be updated together.
Updates
vitefrom 5.4.21 to 8.0.14Release notes
Sourced from vite's releases.
... (truncated)
Changelog
Sourced from vite's changelog.
... (truncated)
Commits
c917f1erelease: v8.0.145d94d1bfix(html): handle trailing slash paths in transformIndexHtml (#22480)98b8163fix(deps): update all non-major dependencies (#22471)96efc88feat: update rolldown to 1.0.2 (#22484)ebf39a0test(css): sass does not use main field (#22449)0ae2844refactor(glob): do not rewrite import path for absolute base (#22310)7cb728echore(deps): update rolldown-related dependencies (#22470)b3132dafix(optimizer): pass oxc jsx options to transformSync in dependency scan ...e8e9a34fix(dev): handle errors when sending messages to vite server (#22450)2c69495chore: remove irrelevant commits from changelogUpdates
@vitest/coverage-v8from 1.6.1 to 4.1.7Release notes
Sourced from @vitest/coverage-v8's releases.
... (truncated)
Commits
a09d472chore: release v4.1.7a8fd24cchore: release v4.1.6e399846chore: release v4.1.5ac04bacchore: release v4.1.42dc0d62chore: release v4.1.3fc6f482chore: release v4.1.21f2d318chore: release v4.1.1aaf9f18fix(coverage): simplify provider types (#9931)4150b91chore: release v4.1.00c2c013chore: release v4.1.0-beta.6Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@vitest/coverage-v8since your current version.Updates
vitestfrom 1.6.1 to 4.1.7Release notes
Sourced from vitest's releases.
... (truncated)
Commits
a09d472chore: release v4.1.7a8fd24cchore: release v4.1.618af98cfix(browser): simplify orchestrator otel carrier (#10285)3188260feat(browser): provide project reference inToMatchScreenshotResolvePath(#...e399846chore: release v4.1.57dc6d54Revert "fix: respect diff config options in soft assertions (#8696)"9787dedfix: respect diff config options in soft assertions (#8696)325463afix(ast-collect): recognize _vi_import prefix in static test discovery (#10...0e0ff41feat(coverage): istanbul to supportinstrumenteroption (#10119)663b99ffix: aliasagentreporter tominimal(#10157)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.