chore(deps-dev): bump vite from 7.3.1 to 8.0.2 in /frontend#91
Open
dependabot[bot] wants to merge 589 commits intomainfrom
Open
chore(deps-dev): bump vite from 7.3.1 to 8.0.2 in /frontend#91dependabot[bot] wants to merge 589 commits intomainfrom
dependabot[bot] wants to merge 589 commits intomainfrom
Conversation
- Add inline monitor SVG icon next to header title - Update MousePointerClickIcon with macOS cursor-click design - Remove unused import
Show file attachment cards in 2-column grid below report content preview, matching Manus-style design with file icon, name, type/size, and "View all files in this task" button. Files are inside the report card border as a separate visual section below the content fade.
Attachments are now shown inside the report card's grid section, so the separate AttachmentsInlineGrid below is redundant. Remove it to prevent the same file appearing twice.
Move file attachment cards out of ReportCard into ChatMessage as a standalone grid below the report preview. Report card now only shows the content preview (header, metadata, content with fade). File cards and "View all files" button render as a separate 2-column grid in the chat flow, matching the Manus design pattern.
Replace spinner with centered "Planning..." title with bouncing dots, subtitle text, and animated dot group for a cleaner loading state.
Override h3 serif display font with --font-sans on search result titles. Increase title to 15px/600 weight and snippet to 14px with tertiary color for cleaner, more readable search results matching reference design.
- Replace custom CSS file grid with Tailwind classes matching Manus layout (auto-fill grid, max-w-568px, rounded-12px cards, 0.5px border) - Use FileSearch icon for "View all files" button - Fix serif font on h1/h2/h3 in report preview (force --font-sans) - Align report card max-width to 568px to match file grid
- Use 0.75 scale with aspect-[16/9] content preview (matching Manus) - 0.5px border, 12px radius, 118px fade gradient - Header bar: 14px/500 font, 12px padding, standard Manus layout - Force sans-serif on h1/h2/h3 in prose-compact with !important to override global --font-display (Instrument Serif) rule - Remove metadata block (Author/Date rendered in content itself)
Match Manus design: h1 is shown in header bar, hidden in content preview so content starts with metadata (Author/Date) then h2.
Stop stripping metadata lines (Author/Date) from processedContent — they should be visible in the preview matching the Manus design where metadata appears between the header bar and the first h2 section.
The report markdown doesn't include metadata as text, so inject Author and Date from report fields at the top of processedContent. Matches Manus design: Author/Date shown before first h2 section.
…ecreation The sandbox /workspace was read-only because the container was running from old config predating the tmpfs entry. Added /workspace tmpfs to production compose and MongoDB ulimits (soft/hard 64000) to dev compose.
…sults Use nullish coalescing (?? '') instead of logical OR (||) for result.url/result.link to satisfy strict type checking — both fields are optional strings.
When maintenance_service cleans stale sessions, frontend catch blocks were silently swallowing 404s causing infinite retry loops. Added isSessionNotFoundError() and handleSessionExpired() helpers, updated 6 catch blocks to stop polling and redirect on 404.
…ndency Downloaded Instrument Sans, Instrument Serif, and Roboto as woff2 files with latin/latin-ext subsets. Removed CDN links from index.html. Aligns with Self-Hosted First principle.
…ng spam Added skill_invoke to known tool event handlers to eliminate "unknown tool event" warnings. Suppressed warnings.warn() for AUTH_PROVIDER=none in non-production environments — logger.warning() already captures it.
Fixes pre-existing ruff S110 lint violation in _park_cursor().
Download woff2 files (regular, bold, italic × latin + latin-ext) and add @font-face declarations for local serving.
Replace all hardcoded system font stacks with CSS variables (var(--font-sans), var(--font-display)). Update --font-sans and --font-display to default to Libre Baskerville. Widen PythinkerTextIcon SVG to prevent text clipping.
…erville for logo Set --font-sans and --font-content to Arial for all UI and content areas. Libre Baskerville remains only on --font-display for Pythinker branding.
Tests referenced CSS classes (.streaming-preview, .final-screenshot-image, .final-screenshot-placeholder) that no longer exist after the dual-path viewport refactor (scaled mini-viewport vs direct-render dc-wrapper). Updated to use current .dc-panel and LiveViewer component assertions.
Ruff 0.15.7 detects `hint if hint else None` as a ternary that can be simplified to `hint or None`.
CI installed ruff 0.15.7 (latest) while local had 0.14.11, causing FURB110 to fail only in CI. Bump the floor constraint to prevent version drift between local and CI environments.
- Remove ensurepip bundled wheels and system dist-packages that contain old jaraco.context (5.3.0) and wheel (0.45.1) versions (CVE-2026-23949, CVE-2026-24049). The venv already has patched versions. - Add .trivyignore for CVE-2026-33186 (grpc in gh CLI binary) — gh 2.88.1 is the latest release, no upstream fix available yet. - Configure Trivy action to read per-image .trivyignore files.
…nels Split text-based views (reports, terminal, code, search) out of the scale-transformed viewport into direct-render panels using container query units (cqw) for responsive typography. Browser/live views retain the scaled viewport. Increases default container sizes and adds professional mini card styling with inset body background. Updates all 12 tests to use new dc-panel selectors.
Reduce padding, gap, and border-radius to align with TaskProgressBar's pill-shaped style. Constrain thinking message to single line with ellipsis. Use matching background and shadow styles.
Add energy sparks traveling inward along spokes, vertex glow bursts, ambient rotation ring, third orbiting dot, double center pulse, and punchier timing. Includes prefers-reduced-motion support.
Use the animated hexagonal neural network SVG instead of a plain pulsing dot for the running task status in the collapsed progress bar.
Add edit/done toggle button in ReportModal header that enables TipTap editing. TiptapReportEditor now emits update:html on content changes when editable. Pending edits auto-save on modal close.
- Qdrant: use getattr for _using_local_fallback to handle tests that create instances via __new__() without calling __init__ - TaskCompletedFooter: update test to match 3-phase rating flow — star click expands the card, rate emits on Submit/Skip
ChatMessage now extracts the report/skill ID from message content and passes it through the emit, fixing the TS2339 and TS2322 type errors where ChatPage's handler signature didn't match the emit definition.
…ing card - Disable all controls during submission to prevent double-clicks - Add loading spinner on submit button - Add error bar for graceful failure display - Smooth fade/slide transitions between phases - Submitted badge shows rating score permanently (no re-rating) - Responsive disabled states for textarea, checkbox, stars
sendmail() received "Pythinker <noreply@pythinker.com>" instead of bare "noreply@pythinker.com" for MAIL FROM — causing HostGator to defer/reject the email. Use email.utils.parseaddr() to extract the bare address.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SVG Tiny PS format logo (8.7KB) for BIMI DNS record. Enables brand logo display in Gmail when paired with SPF+DKIM+DMARC authentication. DNS record needed: default._bimi TXT "v=BIMI1; l=https://pythinker.com/bimi-logo.svg; a=;"
Add flex-shrink: 0 to left-panel-container so the sidebar maintains its width and doesn't get compressed by the flex layout on narrow viewports.
On tablet viewports (<1024px), the tool panel covers the entire main area. The fixed-positioned chat dock was still visible on top. Hide it with v-show when isMobileViewport && isToolPanelOpen. Also recalculate dock position after sidebar transition completes to prevent overlap.
The rate event was always passing two arguments (rating, undefined) even when no feedback was provided. Vue's emitted() captures all args literally, causing the test to see [4, undefined] instead of [4]. Conditionally omit the feedback argument when empty.
Reduce oversized search/tool payloads and tighten efficiency guards so the runtime spends less time on repetitive reads and expensive browser/search loops. Made-with: Cursor
Improve Chrome/screencast stability with faster websocket failure handling, reconnect circuit breaking, safer Chrome process cleanup, and stricter sandbox browser defaults to avoid repeated crash loops. Made-with: Cursor
Claim getUpdates ownership immediately on boot to avoid delayed polling conflicts, and update channel tests to account for the new startup handshake call. Made-with: Cursor
…60s+ LLM calls Two safety valves against context window saturation: 1. Hard context cap (50K chars): if total conversation context exceeds the cap after budget management, force-truncate all tool results to 500 chars. Prevents the 60-80s LLM calls observed at ~80K char contexts. 2. Summarization recovery: when the agent returns an empty response (likely context-saturated), aggressively truncate all tool results to 300 chars before the recovery LLM call to free context space.
Without resetting, browser_navigate calls from step 1 remain in the sliding window and trigger false 'excessive_same_tool' during later steps. - StuckDetector.reset_for_new_step(): clears tool action history - EfficiencyMonitorMiddleware.reset_browser_budget(): resets nav counter - Uses step_iteration_count drop detection instead of step_index metadata - PlanActFlow calls both resets before each step execution
Each failed Playwright navigation wastes 5-6s. A lightweight HEAD request (<1s) detects 404 and 5xx responses before committing to full navigation. HEAD failures (timeout, DNS, connection refused) are ignored — some servers reject HEAD but accept GET, so we only block on definitive HTTP errors.
…utor step_executor is resolved later per step — the reset must target the default agent (self.executor) which owns the stuck detector and middleware pipeline.
Log HEAD pre-check failures at debug level for observability without adding noise to production logs.
Blocked steps and steps reconciled at workflow completion were updating
internal state but never emitting SSE events, leaving the frontend
timeline with stale step statuses ("running"/"pending" cards that never
resolve).
- Yield StepEvent(FAILED) for blocked/unsatisfied-dependency steps
- Yield StepEvent(COMPLETED) for steps reconciled before final PlanEvent
handlePlanEvent only replaced plan.value (sidebar) but never synced step statuses into messages[] (timeline), causing stale step cards after rapid completion sequences. Also removed the lastStep fallback in handleStepEvent that could corrupt previous step status when a blocked/skipped step was never started. - Add step status reconciliation in handlePlanEvent - Remove dangerous lastStep fallback for completion events - Remove unused lastStep variable
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.1 to 8.0.2. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.2/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
dependabot
bot
added
dependencies
|
Important Review skippedBot user detected. To trigger a single review, invoke the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@frontend/package.json`:
- Line 96: Add an "engines.node" field to frontend/package.json to declare Vite
8's Node requirement; specifically, add an "engines" object containing "node":
"^20.19.0 || >=22.12.0" so the project documents the Node version compatibility
for the dependency update to "vite": "^8.0.2". Update the top-level package.json
object (near the "vite" dependency) to include this engines field and ensure
CI/local tooling will surface the requirement.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: d2923aab-21c1-476b-b056-2f6a41f0d502
⛔ Files ignored due to path filters (2)
frontend/bun.lockis excluded by!**/*.lockfrontend/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (1)
frontend/package.json
| "typescript": "^5.9.3", | ||
| "typescript-eslint": "^8.53.1", | ||
| "vite": "^7.3.1", | ||
| "vite": "^8.0.2", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== vite@8.0.2 engines =="
npm view vite@8.0.2 engines --json
echo
echo "== `@vitejs/plugin-vue`@6.0.3 peerDependencies =="
npm view `@vitejs/plugin-vue`@6.0.3 peerDependencies --json
echo
echo "== vitest@4.1.0 peerDependencies =="
npm view vitest@4.1.0 peerDependencies --json
echo
echo "== Node version constraints used in CI workflows (if present) =="
if [ -d ".github/workflows" ]; then
rg -n --glob '*.yml' --glob '*.yaml' 'node-version|setup-node|matrix' .github/workflows
else
echo "No .github/workflows directory found."
fiRepository: mohamed-elkholy95/Pythinker
Length of output: 3904
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Current frontend/package.json engines field =="
cat frontend/package.json | jq '.engines' 2>/dev/null || echo "No engines field or file not found"
echo
echo "== Node version setup in CI workflows (detailed) =="
find .github/workflows -name '*.yml' -o -name '*.yaml' | while read f; do
echo "File: $f"
cat "$f" | grep -A 2 -B 2 'node-version\|setup-node' || echo " (no node-version/setup-node found)"
doneRepository: mohamed-elkholy95/Pythinker
Length of output: 731
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Node version hints in repo root =="
ls -la | grep -E '.nvmrc|.tool-versions|node-version' || echo "No obvious version files"
echo
echo "== .nvmrc content (if exists) =="
[ -f .nvmrc ] && cat .nvmrc || echo "No .nvmrc found"
echo
echo "== .tool-versions content (if exists) =="
[ -f .tool-versions ] && cat .tool-versions || echo "No .tool-versions found"
echo
echo "== Frontend Dockerfile Node base image (if exists) =="
[ -f frontend/Dockerfile ] && grep -i 'FROM.*node' frontend/Dockerfile | head -5 || echo "No frontend Dockerfile or no FROM node"
echo
echo "== test-and-lint.yml full content =="
cat .github/workflows/test-and-lint.ymlRepository: mohamed-elkholy95/Pythinker
Length of output: 8801
Add engines.node to frontend/package.json to document Vite 8 Node requirement.
Line 96 upgrades to vite@8.0.2, which requires node ^20.19.0 || >=22.12.0. Add this constraint to package.json:
"engines": {
"node": "^20.19.0 || >=22.12.0"
}Peer dependencies (@vitejs/plugin-vue@6.0.3, vitest@4.1.0) are already compatible with vite@8. CI uses Bun latest (which bundles compatible Node) and the Dockerfile pins node:22, so there is no immediate breakage. However, explicit engines.node improves clarity for local dev and dependency resolution.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@frontend/package.json` at line 96, Add an "engines.node" field to
frontend/package.json to declare Vite 8's Node requirement; specifically, add an
"engines" object containing "node": "^20.19.0 || >=22.12.0" so the project
documents the Node version compatibility for the dependency update to "vite":
"^8.0.2". Update the top-level package.json object (near the "vite" dependency)
to include this engines field and ensure CI/local tooling will surface the
requirement.
Contributor
Author
|
A newer version of vite exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps vite from 7.3.1 to 8.0.2.
Release notes
Sourced from vite's releases.
... (truncated)
Changelog
Sourced from vite's changelog.
... (truncated)
Commits
63e040ffix(glob): fix HMR for array patterns with exclusions (#20872)24a61a3fix(css): improve url escape characters handling (#20847)6bc6c4dfix(dev): skip JS responses for document requests (#20866)166a178chore: update url ofcreate-react-applicense (#20865)d4eca98fix: keep ids for virtual modules as-is (#20808)e670799fix(deps): update artichokie to 0.4.2 (#20864)bb950e9fix(server): drain stdin when not interactive (#20837)788a183fix(deps): update all non-major dependencies (#20855)4dd06fdchore(deps): update rolldown-related dependencies (#20854)d65a983fix(server): improve malformed URL handling in middlewares (#20830)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Summary by CodeRabbit