chore(deps): update dependency vite to v7.3.1

[renovate-bot-cbcoutinho]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
vite (source)	7.2.7 → 7.3.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

vitejs/vite (vite)

v7.3.1

Compare Source

Features

• add ignoreOutdatedRequests option to optimizeDeps (#​21364) (9d39d37)

v7.3.0

Compare Source

Features

• deps: update esbuild from ^0.25.0 to ^0.27.0 (#​21183) (cff26ec)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[claude]

PR Review: Vite Dependency Update (^7.1.3 → ^7.3.0)

Summary

This Renovate bot PR updates the vite dependency in the Astrolabe Nextcloud app from ^7.1.3 to ^7.3.0. The changes are limited to dependency updates in package.json and package-lock.json.

Code Quality ✅

• Clean dependency update: Changes are confined to package manifests
• Proper lockfile update: package-lock.json correctly reflects the new vite version and its transitive dependency (esbuild ^0.27.0)
• No breaking changes: This is a minor version bump (7.2.7 → 7.3.0)

Test Coverage 🟡

Recommendation: Verify that existing build processes work correctly after this update.

Since this updates a build tool, I recommend:

1. Test the build command: npm run build
2. Verify the dev mode: npm run dev
3. Check the watch mode: npm run watch

The integration tests are currently running (per CI status), which should catch any breaking changes.

Performance Considerations ✅

• Minor version updates to Vite typically include performance improvements
• The esbuild upgrade (0.25.0 → 0.27.0) may provide faster build times
• No concerns identified

Security Concerns ✅

• This appears to be a routine maintenance update
• Renovate merge confidence badges show good adoption and passing tests
• No known security vulnerabilities in the version range

Potential Issues ⚠️

esbuild major version bump: The transitive dependency update includes esbuild going from ^0.25.0 to ^0.27.0. While this is typically backward compatible, you may want to:

• Review the esbuild changelog for any breaking changes in parsing or bundling behavior
• Watch for any changes in bundle size or build output
• Test the production build to ensure assets are generated correctly

Recommendations

1. ✅ Approve after CI passes: The integration tests should validate that the build toolchain still works
2. 🔍 Quick manual verification: Run npm run build locally in third_party/astrolabe/ to confirm successful compilation
3. 📊 Monitor after merge: Watch for any unexpected changes in bundle size or build performance

Alignment with CLAUDE.md

• ✅ Follows dependency update best practices
• ✅ Automated via Renovate (good maintenance hygiene)
• ✅ Changes are isolated to third-party Nextcloud app

Overall Assessment: APPROVE (pending CI)

This is a straightforward maintenance update with low risk. The Renovate bot has correctly updated both package.json and package-lock.json. Once the integration tests complete successfully, this should be safe to merge.

Note: The CI shows integration-test is still in progress. I recommend waiting for that to complete before merging.

[claude]

PR Review: Vite 7.2.7 → 7.3.0 Upgrade

Summary

This PR upgrades Vite from 7.2.7 to 7.3.0 in the Astrolabe Nextcloud app. This is an automated dependency update from Renovate.

Code Quality ✅

• Clean dependency update: The changes are limited to package.json and package-lock.json
• Proper versioning: Uses standard semver notation (7.3.0)
• Lock file updated: package-lock.json properly regenerated with new esbuild dependency (0.25.0 → 0.27.2)

Potential Issues 🔍

1. Breaking Changes in esbuild 0.27.x

The Vite upgrade brings esbuild from 0.25.0 to 0.27.2 (a minor version jump). Key changes to watch:

• New platform-specific binaries added (OpenHarmony support)
• Potential changes in build output or tree-shaking behavior
• May affect bundle size or build performance

Recommendation: Monitor the CI build step to ensure no unexpected changes in compiled assets.

2. Build Verification

The Node.js workflow (.github/workflows/node.yml:84-85) checks for uncommitted build artifacts:

bash -c "[[ \! \`git status --porcelain \` ]] || ..."

Action Required: Ensure npm run build produces identical output or the CI will fail.

Performance Considerations ⚡

• esbuild 0.27.x typically includes performance improvements
• Vite 7.3.0 may have optimizations in the dev server and HMR
• Build time might improve slightly

Security Concerns ✅

• No known vulnerabilities: Vite 7.3.0 is a patch release
• Renovate confidence score: Check the merge confidence badges in the PR description
• Stability days check: Passed (as shown in status checks)

Test Coverage 🧪

Current CI Status:

• ✅ linting: PASSED
• 🟡 integration-test: IN PROGRESS
• 🟡 claude-review: IN PROGRESS (this review)

Missing Test Coverage:

• No automated frontend/build tests specifically for Vite
• The node.yml workflow will verify build output integrity

Recommendations:

1. Wait for integration tests to complete
2. Manually test the build locally:

   cd third_party/astrolabe
   npm ci
   npm run build

3. Verify the generated js/ output has not changed unexpectedly

Best Practices Alignment ✅

Per CLAUDE.md conventions:

• ✅ Follows project structure (dependencies in third_party/astrolabe/)
• ✅ DevDependency update (appropriate for build tooling)
• ✅ Lock file updated atomically with package.json
• ✅ Automated via Renovate (reduces manual error)

Release Notes

Vite 7.3.0 changelog: https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md

Expected changes:

• Bug fixes for dev server
• Performance improvements
• Better error messages
• Potential HMR enhancements

Final Recommendation 🎯

APPROVE with conditions:

1. ✅ Wait for CI integration tests to pass
2. ✅ Verify no unexpected changes to build output (checked by CI)
3. ✅ Merge once all checks are green

Post-merge:

• Monitor the next Astrolabe build for any unusual behavior
• If issues arise, easy to revert (single dependency change)

---

Automated Review Status: Ready to merge pending CI completion

Reviewed by Claude Code per repository conventions in CLAUDE.md

[claude]

PR Review: Update vite to v7.3.0

Summary

This is an automated dependency update by Renovate Bot upgrading Vite from v7.2.7 to v7.3.0 in the Astrolabe Nextcloud app (third_party/astrolabe). The update also includes upgrading esbuild from 0.25.12 to 0.27.2 as a transitive dependency.

Code Quality & Best Practices ✅

Positive observations:

• Clean, minimal change - only updates package.json and package-lock.json
• Follows semantic versioning - minor version bump (7.2.7 → 7.3.0)
• Updates both package.json and package-lock.json consistently
• All esbuild platform-specific packages updated uniformly to 0.27.2

Potential Issues & Considerations

1. Breaking Changes - esbuild 0.25 → 0.27 ⚠️

The transitive update from esbuild 0.25.12 to 0.27.2 skips a major version (0.26.x). According to esbuild's release history, major version bumps can include:

• Changes to minification behavior
• Updates to JavaScript syntax support
• Modifications to source map generation

Impact: The Astrolabe build uses:

• minify: 'terser' (vite.config.js:29) - relies on terser, not esbuild minification
• Source maps enabled (vite.config.js:28)
• Custom output file naming patterns

Recommendation: Test the build output to ensure:

• Source maps are still generated correctly
• Output file structure matches expectations (js/[name].mjs pattern)
• No regressions in minified bundle size

2. Build Configuration Compatibility ✅

Reviewing vite.config.js:

• Uses standard Vite configuration patterns
• No deprecated or experimental features detected
• Rollup options should be compatible with Vite 7.3.0

3. Test Coverage ⚠️

Gap identified: No automated tests for the Astrolabe build process appear to exist in the repository structure.

Recommendation: Consider adding:

• Build smoke test to verify output artifacts are generated
• Bundle size regression test
• Integration test that the built assets load correctly in Nextcloud

Performance Considerations

Positive impacts:

• Vite 7.3.0 may include performance improvements in dev server and build times
• esbuild 0.27.2 typically includes faster compilation times

Testing needed:

• Measure build time before/after upgrade
• Verify dev server hot reload still works
• Check production bundle sizes haven't increased unexpectedly

Security Concerns ✅

No security issues identified:

• Both Vite and esbuild are actively maintained with good security track records
• Update appears to be a routine maintenance release
• No CVEs reported for the versions being replaced

Missing Information

1. CHANGELOG review: Unable to fetch upstream Vite 7.3.0 changelog to identify specific changes
2. CI status: Could not verify if automated tests passed
3. Build verification: No evidence of manual build testing

Recommendations

Before merging:

1. Manual testing (REQUIRED):

   cd third_party/astrolabe
   npm install
   npm run build
   # Verify output in js/ and css/ directories
   # Test in live Nextcloud instance

2. Verify build artifacts:

   • Check that js/main.mjs, js/astrolabe-adminSettings.mjs, js/astrolabe-personalSettings.mjs are generated
   • Confirm CSS files are in css/ directory
   • Test source maps load correctly in browser DevTools

3. Browser testing:

   • Load Astrolabe admin settings page
   • Load Astrolabe personal settings page
   • Verify 3D visualization dashboard loads
   • Check browser console for errors

4. Future improvement: Add automated build smoke tests to prevent regressions

Verdict

Conditional APPROVE - This is a low-risk dependency update, but requires manual verification:

✅ Safe to merge IF:

• Build completes successfully without errors
• Output artifacts are generated correctly
• Astrolabe UI loads in Nextcloud without console errors
• No visual regressions in the settings pages

⚠️ Do NOT merge without:

• Running npm run build and verifying success
• Testing in a Nextcloud instance

The upgrade path (Vite 7.2.7→7.3.0, esbuild 0.25→0.27) is generally safe for this configuration, but the esbuild major version jump warrants verification.

[claude]

PR Review: Update Vite to v7.3.1

Overview

This PR updates Vite from v7.2.7 to v7.3.1 in the Astrolabe Nextcloud application (third_party/astrolabe). This is an automated dependency update from Renovate Bot.

Changes Summary

• Vite: 7.2.7 → 7.3.1
• esbuild: 0.25.12 → 0.27.2 (transitive dependency)
• All platform-specific esbuild binaries updated accordingly

Code Quality Assessment

✅ Positive Aspects

1. Automated dependency management - Renovate Bot ensures dependencies stay current
2. Lock file consistency - Both package.json and package-lock.json are properly updated
3. CI validation - Linting checks have passed successfully
4. Conservative update - Minor version bump (7.2.7 → 7.3.1), reducing breaking change risk
5. Stability period respected - Renovate's stability-days check passed

🔍 Considerations

esbuild Major Version Jump
The most significant change is the esbuild dependency bump from 0.25.x to 0.27.x (skipping 0.26.x entirely). This is a major version jump that could potentially introduce:

• Build behavior changes
• Different output characteristics
• Performance variations

Recommendation: While Vite manages esbuild internally and should handle compatibility, it would be prudent to:

1. ✅ Wait for integration tests to complete (currently in progress)
2. Monitor for any build output differences
3. Test the built application in a development environment before merging

Security Concerns

✅ No security concerns identified

• Both Vite and esbuild are well-maintained, widely-used build tools
• Updates come from official npm registry
• No unusual changes to dependencies beyond version numbers

Performance Considerations

Potential improvements: Vite 7.3.x typically includes:

• Performance optimizations in dev server
• Faster build times
• Improved HMR (Hot Module Replacement)

Action items: After merge, consider comparing build times to establish any performance delta.

Test Coverage

Current status:

• ✅ Linting: PASSED
• ⏳ Integration tests: IN PROGRESS
• ⏳ Claude review: IN PROGRESS

Recommendations:

1. ✅ Wait for integration tests to complete before merging
2. Ensure the build process completes without errors
3. Verify generated assets match expected output (the CI workflow checks this via git status --porcelain)

Best Practices Compliance

According to CLAUDE.md conventions:

• ✅ Proper versioning in package.json
• ✅ Lock file updated
• ✅ Follows project structure (changes only in third_party/astrolabe)
• ✅ No code changes required beyond dependency updates

Recommendations

Before merging:

1. ✅ Wait for integration tests to complete successfully
2. Consider manual smoke testing of the Astrolabe build:

   cd third_party/astrolabe
   npm ci
   npm run build

3. Verify the built assets work correctly when loaded in Nextcloud

After merging:

1. Monitor for any unexpected build issues in subsequent development
2. Watch for any Nextcloud app compatibility issues
3. If issues arise, consider pinning to 7.2.7 temporarily while investigating

Conclusion

Verdict: ✅ APPROVE with conditions

This is a routine dependency update that should be safe to merge once:

• Integration tests pass
• No unexpected build artifacts changes detected

The esbuild version jump is the only notable concern, but Vite's internal management of esbuild dependencies should handle this gracefully. The Renovate Bot's merge confidence metrics and stability checks provide additional assurance.

---

Review performed by Claude Code

[claude]

PR Review: Vite v7.2.7 → v7.3.1 Update

Summary

This PR updates Vite from v7.2.7 to v7.3.1, which includes an esbuild upgrade from ^0.25.0 to ^0.27.0.

Code Quality ✅

• Lockfile consistency: All platform-specific esbuild binaries properly updated across all architectures
• Dependency resolution: Clean update with no unexpected transitive dependency changes
• Version constraints: Proper semantic versioning maintained

Changes Analysis

Vite v7.3.0 (2025-12-15)

• esbuild upgrade: ^0.25.0 → ^0.27.0
  • Two minor version bumps in esbuild (0.25 → 0.26 → 0.27)
  • Potential improvements in build performance and JavaScript/TypeScript handling

Vite v7.3.1 (2026-01-07)

• New feature: Added ignoreOutdatedRequests option to optimizeDeps
  • Helps prevent race conditions during development with rapid dependency changes
  • Should improve DX when dependencies are frequently modified

Security Considerations ✅

• No known security vulnerabilities in this update range
• esbuild updates typically include parser improvements and bug fixes
• Regular maintenance update from trusted source (Renovate bot)

Performance Considerations ✅

• esbuild 0.27.x likely includes performance optimizations
• The ignoreOutdatedRequests feature can prevent wasted optimization cycles
• No breaking changes that would affect build performance

Potential Issues ⚠️

1. esbuild breaking changes: The jump from 0.25 → 0.27 spans multiple esbuild releases

   • While Vite maintains compatibility, edge cases in bundling behavior may differ
   • Recommendation: Test the Astrolabe build process thoroughly

2. Platform-specific binaries: All 28 platform-specific esbuild packages updated

   • Verify builds work across development environments if team uses different platforms

Testing Recommendations 📋

Before merging, verify:

cd third_party/astrolabe
npm run build     # Production build
npm run dev       # Development mode
npm run watch     # Watch mode

Recommendations

✅ APPROVE with testing conditions:

1. Run full build process to ensure no esbuild incompatibilities
2. Test in development mode to verify the new ignoreOutdatedRequests feature doesn't cause issues
3. Verify CI/CD pipeline passes all checks

This is a straightforward maintenance update with low risk. The esbuild version jump is the main consideration, but Vite's test suite should catch any compatibility issues.

---

Review performed by Claude Code following CLAUDE.md conventions