Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #484 +/- ##
==========================================
- Coverage 99.59% 99.59% -0.01%
==========================================
Files 51 51
Lines 997 995 -2
Branches 346 344 -2
==========================================
- Hits 993 991 -2
Misses 4 4 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
This PR updates frontend/tooling dependencies to address vulnerabilities, including removing the Figma code-connect integration and moving the build tooling to a new major Vite version.
Changes:
- Remove
@figma/code-connectfrom devDependencies. - Upgrade Vite and related tooling (including
@vitejs/plugin-react) and bump TypeScript. - Update Storybook’s Vite framework package version.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -27,8 +27,7 @@ | |||
| "unpublish:ui-kit": "npx figma connect unpublish" | |||
There was a problem hiding this comment.
publish:ui-kit / unpublish:ui-kit still run npx figma connect ..., but @figma/code-connect has been removed from devDependencies (and there’s no other figma package in the lockfile). These scripts will now fail (or unexpectedly download a package at runtime via npx). Remove these scripts or replace them with the new intended publishing flow/tooling.
| "@storybook/addon-a11y": "10.2.13", | ||
| "@storybook/addon-docs": "10.2.13", | ||
| "@storybook/addon-links": "10.2.13", | ||
| "@storybook/addon-vitest": "10.2.13", | ||
| "@storybook/react-vite": "10.2.13", | ||
| "@storybook/react-vite": "10.3.4", | ||
| "@testing-library/dom": "10.4.1", |
There was a problem hiding this comment.
@storybook/react-vite is bumped to 10.3.4, but the root storybook package and most Storybook addons are still pinned to 10.2.13. @storybook/react-vite@10.3.4 has a peerDependency on storybook ^10.3.4, so this version skew can lead to npm peer warnings and runtime incompatibilities. Align the Storybook-related packages to the same release (either all 10.3.4+ or revert @storybook/react-vite to 10.2.13).
| "@types/node": "20.19.9", | ||
| "@types/react": "19.2.7", | ||
| "@vitejs/plugin-react": "^5.1.4", | ||
| "@vitejs/plugin-react": "^6.0.1", | ||
| "@vitest/browser-playwright": "^4.1.2", | ||
| "@vitest/coverage-v8": "^4.1.2", |
There was a problem hiding this comment.
With the Vite/plugin updates, some dependencies now require newer Node versions (e.g., @vitejs/plugin-react@6 declares node ^20.19.0 || >=22.12.0). Consider adding an explicit engines.node constraint in package.json (and/or documenting it) so local dev/CI environments don’t drift onto unsupported Node versions.
…ty concerns and fixing rollup issues.
Description
Updating several packages and testing locally to ensure no more vulnerabilities.
Removed figma integration as was causing lodash version to have a critical vulnerability.
Motivation and Context
Many packages needed updating at once and moving to Vite major version.
How Has This Been Tested?
Locally running project