fix(deps): upgrade vitest 2→4, resolve all npm audit findings#63
Open
flyingrobots wants to merge 17 commits intomainfrom
Open
fix(deps): upgrade vitest 2→4, resolve all npm audit findings#63flyingrobots wants to merge 17 commits intomainfrom
flyingrobots wants to merge 17 commits intomainfrom
Conversation
Vitest 4 removed the deprecated test(name, fn, { options }) signature.
Migrate all per-test timeouts to the new test(name, { timeout }, fn)
form, or lift uniform timeouts to the describe level.
Also fix vi.fn().mockImplementation(() => ...) constructor mocks to
use function expressions per Vitest 4 requirements (SyncController,
HealthCheckService mocks).
Resolves all 5 remaining moderate-severity npm audit advisories
(esbuild, vite, @vitest/mocker, vite-node, vitest).
|
Important Review skippedThis PR was authored by the user configured for CodeRabbit reviews. CodeRabbit does not review PRs authored by this user. It's recommended to use a dedicated user account to post CodeRabbit review feedback. ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
📝 WalkthroughWalkthroughAdd a three-tier Roaring loader (native ESM → CJS require → wasm fallback), bump Vitest and adjust test timeout placements across many suites, mark Changes
Sequence Diagram(s)mermaid Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
Release Preflight
If you tag this commit as |
1 similar comment
Release Preflight
If you tag this commit as |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@package.json`:
- Line 125: package.json's dev dependency upgrade to "vitest": "^4.0.18"
requires locking its toolchain dependency vite-node in the lockfile; add or
update the package-lock entry for vite-node to a compatible version (matching
the vitest/vite toolchain, e.g., the version used by vitest 4.x) and run npm
install/npm audit-fix to regenerate package-lock.json so vite-node appears with
a resolved version; ensure the dependency is present and resolved alongside
vitest, vite, `@vitest/mocker`, and esbuild to complete the upgrade.
ℹ️ Review info
Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: fee3feeb-2ff9-4fce-a73d-bd9e7498dc94
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (10)
package.jsontest/unit/cli/doctor.test.jstest/unit/domain/WarpGraph.cascadeDelete.test.jstest/unit/domain/WarpGraph.deleteGuardEnforce.test.jstest/unit/domain/WarpGraph.noCoordination.test.jstest/unit/domain/WarpGraph.patchMany.test.jstest/unit/domain/WarpGraph.syncMaterialize.test.jstest/unit/domain/services/BisectService.test.jstest/unit/domain/services/IndexRebuildService.deep.test.jstest/unit/domain/services/SyncController.test.js
| "typescript": "^5.9.3", | ||
| "typescript-eslint": "^8.54.0", | ||
| "vitest": "^2.1.8" | ||
| "vitest": "^4.0.18" |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
fd '^package-lock\.json$' -a
python - <<'PY'
import json, os
lock_path = "package-lock.json"
if not os.path.exists(lock_path):
print("RESULT: package-lock.json not found in this PR branch")
raise SystemExit(0)
with open(lock_path, "r", encoding="utf-8") as f:
lock = json.load(f)
pkgs = lock.get("packages", {})
root = pkgs.get("", {})
print("root.devDependencies.vitest =", root.get("devDependencies", {}).get("vitest"))
for dep in ["vitest", "vite", "vite-node", "@vitest/mocker", "esbuild"]:
key = f"node_modules/{dep}"
print(f"{dep} locked version =", pkgs.get(key, {}).get("version"))
PYRepository: git-stunts/git-warp
Length of output: 299
Lockfile is missing resolved version for vite-node.
The package-lock.json has been updated with most Vitest toolchain dependencies (vitest → 4.0.18, vite → 7.3.1, @vitest/mocker → 4.0.18, esbuild → 0.27.3), but vite-node is not present in the resolved lockfile. Ensure vite-node is also locked to a compatible version to complete the Vitest upgrade.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@package.json` at line 125, package.json's dev dependency upgrade to "vitest":
"^4.0.18" requires locking its toolchain dependency vite-node in the lockfile;
add or update the package-lock entry for vite-node to a compatible version
(matching the vitest/vite toolchain, e.g., the version used by vitest 4.x) and
run npm install/npm audit-fix to regenerate package-lock.json so vite-node
appears with a resolved version; ensure the dependency is present and resolved
alongside vitest, vite, `@vitest/mocker`, and esbuild to complete the upgrade.
Vite 7 (pulled in by vitest 4) attempts to transform all imports through its pipeline, which breaks native C++ addons like roaring. Add server.deps.external to skip transformation of the roaring package, restoring Bun integration test compatibility.
Release Preflight
If you tag this commit as |
The external config was placed at the top-level server key instead of under test.server.deps.external where Vitest 4 reads it.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@vitest.config.js`:
- Around line 4-9: The deps.external setting for the native addon 'roaring' is
placed under server.deps (Vite dev server) but needs to be applied to Vitest;
move the external: ['roaring'] entry from server.deps to test.server.deps so
Vitest's runner sees it (i.e., remove it from server.deps and add it under the
test object as test.server.deps.external). Ensure you keep the same array value
and configuration structure so Vitest will not transform the native C++ addon.
Release Preflight
If you tag this commit as |
Vitest 4 (Vite 7) intercepts dynamic import('roaring') through its
SSR transform pipeline, preventing the native .node binary from
loading under Bun. Add both ssr.external and test.server.deps.external
(regex pattern) to ensure the roaring package bypasses Vite's
transform and resolution phases entirely.
Release Preflight
If you tag this commit as |
… Bun/Vite Vite 7's module runner intercepts dynamic import() calls and fails to transform native C++ addons (.node binaries). initRoaring() now catches the import failure and falls back to createRequire() which loads native modules directly, bypassing the module runner.
Release Preflight
If you tag this commit as |
bun install blocks lifecycle scripts by default, so roaring's node-pre-gyp install never runs, leaving the .node binary missing. Bun also reports a fictional Node ABI (v137) that has no prebuilt binaries available. Fix: install nodejs, python3, and ca-certificates in the Bun Dockerfile, then run node-pre-gyp under real Node.js after bun install. This downloads the correct prebuilt binary (or compiles from source as fallback). Bun loads the binary via roaring's MODULE_NOT_FOUND fallback path (build/Release/roaring.node). The root cause was Docker layer cache invalidation from the Vitest 4 upgrade — previous CI runs reused a cached layer that happened to have the binary from an earlier build.
Release Preflight
If you tag this commit as |
The single-stage approach installed nodejs in the Bun container, which caused Vitest 4 to use node instead of bun for running tests, breaking globalThis.crypto (and all 64 integration tests). Switch to a multi-stage build: - Stage 1 (node:18-slim): npm install + node-pre-gyp to download or compile the roaring native binary with the correct Node ABI - Stage 2 (oven/bun:1.2-slim): bun install + COPY the compiled binary from stage 1, keeping the runtime image Node-free
Release Preflight
If you tag this commit as |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
src/domain/utils/roaring.js (1)
117-124: Preserve both load failures for actionable diagnostics.At Line 117, the original
import('roaring')error is dropped. If Line 123 also fails, you lose the first root cause and debugging gets harder.Proposed fix
- } catch { + } catch (importErr) { // Dynamic import() can fail when a module runner (e.g. Vite 7) // intercepts the call and cannot transform native C++ addons. // Fall back to CJS require() which loads .node binaries directly. - const { createRequire } = await import('node:module'); - const req = createRequire(import.meta.url); - roaringModule = /** `@type` {RoaringModule} */ (req('roaring')); + try { + const { createRequire } = await import('node:module'); + const req = createRequire(import.meta.url); + roaringModule = /** `@type` {RoaringModule} */ (req('roaring')); + } catch (requireErr) { + throw new AggregateError( + [importErr, requireErr], + 'Failed to load roaring via both import() and require()' + ); + } }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/domain/utils/roaring.js` around lines 117 - 124, The dynamic import fallback currently swallows the original import('roaring') failure; change the catch to capture the first error (e.g., errImport) then attempt the CJS require fallback (using createRequire/import.meta.url and req('roaring')), and if the require also fails, throw or log a new Error that includes both the original import error and the require error (or attach them as properties) so both failure causes are preserved; target the try/catch around the import('roaring') and the fallback require where roaringModule is assigned.docker/Dockerfile.bun (1)
15-15: Use lockfile-strict install in the builder stage.At Line 15, switching to
npm ci --ignore-scriptswill make roaring native build inputs deterministic across CI runs.Proposed fix
-RUN npm install --ignore-scripts +RUN npm ci --ignore-scripts🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docker/Dockerfile.bun` at line 15, Replace the non-deterministic install in the builder stage: find the Dockerfile instruction "RUN npm install --ignore-scripts" and change it to use the lockfile-strict command "npm ci --ignore-scripts" so native build inputs are deterministic across CI runs; ensure the builder stage still has package-lock.json present in the image context so npm ci can run successfully.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@CHANGELOG.md`:
- Line 12: Update the release note sentence that currently states the Bun
Dockerfile installs `nodejs`, `python3`, and `ca-certificates` so it accurately
describes the multi-stage Docker build and the use of a separate Node builder
image; e.g., change the wording around the sentence mentioning those packages to
note that native binary build/dependencies are provided in a Node builder stage
(or separate builder image) which supplies `node`, `python3`, and certs for
node-pre-gyp rather than being installed in the final Bun runtime image.
---
Nitpick comments:
In `@docker/Dockerfile.bun`:
- Line 15: Replace the non-deterministic install in the builder stage: find the
Dockerfile instruction "RUN npm install --ignore-scripts" and change it to use
the lockfile-strict command "npm ci --ignore-scripts" so native build inputs are
deterministic across CI runs; ensure the builder stage still has
package-lock.json present in the image context so npm ci can run successfully.
In `@src/domain/utils/roaring.js`:
- Around line 117-124: The dynamic import fallback currently swallows the
original import('roaring') failure; change the catch to capture the first error
(e.g., errImport) then attempt the CJS require fallback (using
createRequire/import.meta.url and req('roaring')), and if the require also
fails, throw or log a new Error that includes both the original import error and
the require error (or attach them as properties) so both failure causes are
preserved; target the try/catch around the import('roaring') and the fallback
require where roaringModule is assigned.
ℹ️ Review info
Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 40bb41c0-4645-4199-8a78-91011f98aa7b
📒 Files selected for processing (4)
CHANGELOG.mddocker/Dockerfile.bunsrc/domain/utils/roaring.jsvitest.config.js
CHANGELOG.md
Outdated
|
|
||
| ### Fixed | ||
|
|
||
| - **Roaring native module loading under Bun** — `initRoaring()` now catches dynamic `import('roaring')` failures and falls back to `createRequire()` for direct `.node` binary loading. Bun Dockerfile updated to install `nodejs`, `python3`, and `ca-certificates` so that `node-pre-gyp` can download or compile the roaring native binary (Bun reports a fictional Node ABI v137 with no prebuilt available). Fixes `test-bun` CI failures caused by missing native binary after Vitest 4 upgrade invalidated Docker layer cache. |
There was a problem hiding this comment.
Update release note wording to match the current Docker implementation.
Line 12 says the Bun Dockerfile installs nodejs, python3, and ca-certificates, but the current approach is a multi-stage build with a separate Node builder image. The note should reflect that to avoid operator confusion.
Proposed fix
-- **Roaring native module loading under Bun** — `initRoaring()` now catches dynamic `import('roaring')` failures and falls back to `createRequire()` for direct `.node` binary loading. Bun Dockerfile updated to install `nodejs`, `python3`, and `ca-certificates` so that `node-pre-gyp` can download or compile the roaring native binary (Bun reports a fictional Node ABI v137 with no prebuilt available). Fixes `test-bun` CI failures caused by missing native binary after Vitest 4 upgrade invalidated Docker layer cache.
+- **Roaring native module loading under Bun** — `initRoaring()` now catches dynamic `import('roaring')` failures and falls back to `createRequire()` for direct `.node` binary loading. Bun Dockerfile now uses a Node.js builder stage to run `node-pre-gyp` and then copies roaring native artifacts into the Bun runtime image (Bun reports a fictional Node ABI v137 with no prebuilt available). Fixes `test-bun` CI failures caused by missing native binary after Vitest 4 upgrade invalidated Docker layer cache.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| - **Roaring native module loading under Bun** — `initRoaring()` now catches dynamic `import('roaring')` failures and falls back to `createRequire()` for direct `.node` binary loading. Bun Dockerfile updated to install `nodejs`, `python3`, and `ca-certificates` so that `node-pre-gyp` can download or compile the roaring native binary (Bun reports a fictional Node ABI v137 with no prebuilt available). Fixes `test-bun` CI failures caused by missing native binary after Vitest 4 upgrade invalidated Docker layer cache. | |
| - **Roaring native module loading under Bun** — `initRoaring()` now catches dynamic `import('roaring')` failures and falls back to `createRequire()` for direct `.node` binary loading. Bun Dockerfile now uses a Node.js builder stage to run `node-pre-gyp` and then copies roaring native artifacts into the Bun runtime image (Bun reports a fictional Node ABI v137 with no prebuilt available). Fixes `test-bun` CI failures caused by missing native binary after Vitest 4 upgrade invalidated Docker layer cache. |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@CHANGELOG.md` at line 12, Update the release note sentence that currently
states the Bun Dockerfile installs `nodejs`, `python3`, and `ca-certificates` so
it accurately describes the multi-stage Docker build and the use of a separate
Node builder image; e.g., change the wording around the sentence mentioning
those packages to note that native binary build/dependencies are provided in a
Node builder stage (or separate builder image) which supplies `node`, `python3`,
and certs for node-pre-gyp rather than being installed in the final Bun runtime
image.
…ity) The roaring npm package uses V8 C++ API (#include <node.h>), not Node-API/NAPI. Bun uses JavaScriptCore, not V8, so the native .node binary can never load — 'napi_register_module_v1' symbol not found. Bitmap index tests (materializedView, checkpointIndex.notStale) are excluded from the Bun test suite. This is not a regression — these tests only passed historically due to Docker layer cache luck. The bitmap index system already handles this gracefully via _buildView()'s catch block, degrading to linear scan when roaring is unavailable. Reverts the multi-stage Docker build (unnecessary since the binary can't work regardless of how it's compiled). Simplifies Dockerfile back to git + bun install.
Release Preflight
If you tag this commit as |
When both import('roaring') and createRequire('roaring') fail, throw
an AggregateError containing both root causes instead of silently
dropping the original import error. Also update vitest.config.js
comment to be accurate (roaring uses V8 C++ API, not NAPI).
Release Preflight
If you tag this commit as |
initRoaring() now has a three-tier fallback chain:
Tier 1: import('roaring') — ESM native V8 bindings
Tier 2: createRequire('roaring') — CJS native (Vite workaround)
Tier 3: import('roaring-wasm') — WASM portable fallback
The WASM tier activates automatically when native V8 C++ bindings are
unavailable (Bun's JavaScriptCore, Deno). Serialization formats are
wire-compatible — portable bitmaps from native and WASM are byte-identical.
Bitmap index tests (materializedView, checkpointIndex.notStale) are no
longer excluded from the Bun test suite.
Refactored initRoaring() into per-tier helper functions (tryNativeImport,
tryCjsRequire, tryWasmFallback, unwrapDefault) to satisfy ESLint
complexity/depth/line-count limits.
- README.md: add roaring-wasm to dependency table, add WASM fallback bullet to What's New in v13.0.1 - CLAUDE.md: add roaring-wasm to dependency table
Release Preflight
If you tag this commit as |
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
src/domain/utils/roaring.js (1)
190-197:⚠️ Potential issue | 🟡 MinorReset native availability cache when reinitializing the module.
initRoaring(mod)can swap module implementations, but cachednativeAvailabilityis left untouched. SubsequentgetNativeRoaringAvailable()calls can return stale data from a previous module load.🔧 Proposed fix
export async function initRoaring(mod) { if (mod) { - roaringModule = mod; + roaringModule = unwrapDefault(mod); + nativeAvailability = NOT_CHECKED; initError = null; return; } if (roaringModule) { return; } - roaringModule = + const loaded = (await tryNativeImport()) ?? (await tryCjsRequire()) ?? (await tryWasmFallback()); - if (!roaringModule) { + if (!loaded) { throw new Error( 'Failed to load roaring via import(), require(), and roaring-wasm', ); } - roaringModule = unwrapDefault(roaringModule); + roaringModule = unwrapDefault(loaded); + nativeAvailability = NOT_CHECKED; + initError = null; }Also applies to: 207-207
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/domain/utils/roaring.js` around lines 190 - 197, When reinitializing the roaring module in initRoaring(mod), the cached nativeAvailability must be cleared so later calls to getNativeRoaringAvailable() don't return stale values; update initRoaring to reset nativeAvailability (and keep initError handling) whenever roaringModule is replaced or a new mod is assigned (e.g., where roaringModule = mod and on other code paths that swap implementations around the initError/roaringModule logic) so the availability cache is recomputed for the new module.
🧹 Nitpick comments (1)
src/domain/utils/roaring.js (1)
121-127: Preserve per-tier load failures for actionable diagnostics.Each tier currently swallows errors, so the final throw loses root causes. Keeping the caught exceptions and throwing an
AggregateErrormakes production/runtime failures much easier to debug.🧭 Proposed refactor
-async function tryNativeImport() { +async function tryNativeImport(errors) { try { return /** `@type` {RoaringModule} */ (await import('roaring')); - } catch { + } catch (err) { + errors.push(err); return null; } } -async function tryCjsRequire() { +async function tryCjsRequire(errors) { try { const { createRequire } = await import('node:module'); const req = createRequire(import.meta.url); return /** `@type` {RoaringModule} */ (req('roaring')); - } catch { + } catch (err) { + errors.push(err); return null; } } -async function tryWasmFallback() { +async function tryWasmFallback(errors) { try { const wasmMod = await import('roaring-wasm'); if (typeof wasmMod.roaringLibraryInitialize === 'function') { await wasmMod.roaringLibraryInitialize(); } return adaptWasmApi(/** `@type` {RoaringModule} */ (wasmMod)); - } catch { + } catch (err) { + errors.push(err); return null; } } export async function initRoaring(mod) { ... + const loadErrors = []; const loaded = - (await tryNativeImport()) ?? - (await tryCjsRequire()) ?? - (await tryWasmFallback()); + (await tryNativeImport(loadErrors)) ?? + (await tryCjsRequire(loadErrors)) ?? + (await tryWasmFallback(loadErrors)); if (!loaded) { - throw new Error( - 'Failed to load roaring via import(), require(), and roaring-wasm', - ); + throw new AggregateError( + loadErrors, + 'Failed to load roaring via import(), require(), and roaring-wasm', + ); } ... }Also applies to: 135-142, 150-159, 203-205
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/domain/utils/roaring.js` around lines 121 - 127, The import helpers currently swallow exceptions, losing root causes; update each tier function (e.g., tryNativeImport and the other try*Import functions around the other ranges) to capture the caught Error into a shared errors array instead of simply returning null, and in the final loader (the function that attempts each tier in sequence) throw a single AggregateError(errors, "Failed to load Roaring module") when all tiers fail; keep the existing return types (module or null) for each try*Import but ensure every catch pushes the error into errors so diagnostics are preserved and the final failure surfaces all collected causes.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@README.md`:
- Around line 13-14: The release label in the README ("What's New in v13.0.1")
is inconsistent with the unreleased entry in CHANGELOG.md; update either the
README heading "What's New in v13.0.1" to "Unreleased" (or the correct release
tag) or move the described items from README into the release section in
CHANGELOG.md so both documents reference the same release state; ensure the two
items ("roaring-wasm WASM fallback for Bun/Deno bitmap indexes" and "Dev
dependency security updates") are listed under the identical release heading in
README and CHANGELOG.md.
---
Outside diff comments:
In `@src/domain/utils/roaring.js`:
- Around line 190-197: When reinitializing the roaring module in
initRoaring(mod), the cached nativeAvailability must be cleared so later calls
to getNativeRoaringAvailable() don't return stale values; update initRoaring to
reset nativeAvailability (and keep initError handling) whenever roaringModule is
replaced or a new mod is assigned (e.g., where roaringModule = mod and on other
code paths that swap implementations around the initError/roaringModule logic)
so the availability cache is recomputed for the new module.
---
Nitpick comments:
In `@src/domain/utils/roaring.js`:
- Around line 121-127: The import helpers currently swallow exceptions, losing
root causes; update each tier function (e.g., tryNativeImport and the other
try*Import functions around the other ranges) to capture the caught Error into a
shared errors array instead of simply returning null, and in the final loader
(the function that attempts each tier in sequence) throw a single
AggregateError(errors, "Failed to load Roaring module") when all tiers fail;
keep the existing return types (module or null) for each try*Import but ensure
every catch pushes the error into errors so diagnostics are preserved and the
final failure surfaces all collected causes.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: f54b7e5a-2de4-444e-a1d1-925125eb1802
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (7)
CHANGELOG.mdREADME.mddocker-compose.test.ymldocker/Dockerfile.bunpackage.jsonsrc/domain/utils/roaring.jsvitest.config.js
🚧 Files skipped from review as they are similar to previous changes (3)
- docker/Dockerfile.bun
- vitest.config.js
- package.json
Comment on lines
+13
to
14
| - **`roaring-wasm` WASM fallback for Bun/Deno bitmap indexes** — bitmap indexes now work on Bun (JSC) and Deno via a three-tier fallback: native V8 bindings → CJS require → WASM. Wire-compatible, byte-identical serialization. | ||
| - **Dev dependency security updates** — resolved 4 high-severity advisories (`tar`, `rollup`, `minimatch`, `@isaacs/brace-expansion`). No runtime dependencies affected. |
There was a problem hiding this comment.
Align the release label with the changelog scope.
This change is listed under “What's New in v13.0.1”, but the same work is documented as unreleased in CHANGELOG.md (Line [8]+). That can mislead users about what is already shipped.
📝 Suggested doc fix
-## What's New in v13.0.1
+## What's New in Unreleased🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@README.md` around lines 13 - 14, The release label in the README ("What's New
in v13.0.1") is inconsistent with the unreleased entry in CHANGELOG.md; update
either the README heading "What's New in v13.0.1" to "Unreleased" (or the
correct release tag) or move the described items from README into the release
section in CHANGELOG.md so both documents reference the same release state;
ensure the two items ("roaring-wasm WASM fallback for Bun/Deno bitmap indexes"
and "Dev dependency security updates") are listed under the identical release
heading in README and CHANGELOG.md.
…rs to GraphTraversal Five new graph algorithms in GraphTraversal, all backed by NeighborProviderPort for memory-efficient traversal: - levels(): longest-path level assignment for DAGs (O(V+E)) - transitiveReduction(): minimal edge set preserving reachability (DAGs) - transitiveClosure(): all implied reachability edges with maxEdges safety - rootAncestors(): find all in-degree-0 ancestors via backward BFS - BFS reverse reachability verification (direction: 'in') Includes LogicalTraversal facade methods, index.d.ts types, cross-provider equivalence tests, 4 new fixtures (F15-F18), and dedicated test files (47 new test cases).
Release Preflight
If you tag this commit as |
Three items for making new graph algorithms memory-efficient on large graphs: - B149: levels() two-pass streaming (O(V+E) → O(V) memory) - B150: transitiveReduction() on-demand neighbor fetch - B151: transitiveClosure() async iterator output
…ff items - B152: async generator traversal API (generalized streaming) - B153: topologicalSort lightweight mode (O(V) memory) - B154: transitiveReduction redundant adjList copy fix - B155: levels() as lightweight --view layout (skip ELK) - B156: structural diff via transitive reduction comparison
…execution order - Restructure Standalone Lane from flat Near-Term table + separate pack sections into 8 priority-grouped sub-tables (P0 Quick Wins through P6 Documentation, plus Uncategorized/Platform) - Replace Standalone Priority Sequence with 6 execution waves mapping concrete implementation order - Add Dependency Chains section with ASCII graph showing B97→B85→B57, B153→B149/B150, B154→B150, B151→B152, B36→test velocity chains - Add effort estimates (XS/S/M/L) and dependency annotations to all items - Mark all milestones complete (M10–M14); update Final Command section - Fix inventory count: 43→45 standalone, 131→133 total tracked - Archive B44, B124, B125, B146, B148 to COMPLETED.md
Release Preflight
If you tag this commit as |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
test(name, fn, { timeout })signatures to Vitest 4'stest(name, { timeout }, fn)form across 7 test filesvi.fn().mockImplementation(() => ...)constructor mocks to usefunctionexpressions per Vitest 4 requirementsCombined with v13.0.1 (which fixed the 4 high-severity findings), the repo now has 0 npm audit vulnerabilities.
Test plan
npm auditreturns 0 vulnerabilitiesSummary by CodeRabbit
New Features
Tests
Chores
Documentation