Skip to content

chore(deps): bump @vercel/og from 0.6.2 to 0.11.1#112

Open
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/npm_and_yarn/vercel/og-0.11.1
Open

chore(deps): bump @vercel/og from 0.6.2 to 0.11.1#112
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/npm_and_yarn/vercel/og-0.11.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps @vercel/og from 0.6.2 to 0.11.1.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 1, 2026

@hasparus hasparus left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI is green on all functional checks (lint, typecheck, build, Playwright e2e including OG image tests all pass) despite the @vercel/og 0.6→0.11 major bump. The only failing job step is Deploy Preview to Vercel (deploy.mjs: missing --token), which fails identically on every open Dependabot PR because secrets aren't available in dependabot-triggered pull_request runs — a pre-existing CI gap unrelated to this bump. Approving and merging.


Generated by Claude Code

hasparus commented Jul 1, 2026

Copy link
Copy Markdown
Owner

·@·d·ependabot r·ebase


Generated by Claude Code

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vercel/og-0.11.1 branch from b07d36f to 1858b15 Compare July 1, 2026 10:12
Bumps @vercel/og from 0.6.2 to 0.11.1.

---
updated-dependencies:
- dependency-name: "@vercel/og"
  dependency-version: 0.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vercel/og-0.11.1 branch from 1858b15 to e798e12 Compare July 1, 2026 19:53
Dependabot PRs run from the same repo (not a fork), so the deploy
step's fork-only guard let it through even though GitHub withholds
repository secrets from dependabot-actor runs. That caused
deploy.mjs to fail with 'missing --token'. Treat dependabot[bot]
runs the same as fork PRs: build/lint/typecheck/test still run,
but preview deploy and lighthouse are skipped until a maintainer
adds the 'trusted' label.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>

hasparus commented Jul 2, 2026

Copy link
Copy Markdown
Owner

CI was failing on build-and-deploy with deploy.mjs: missing --token, unrelated to this dependency bump (build/lint/typecheck/test all passed). Root cause: Dependabot PRs run from a branch in this repo (not a fork), so the "fork-only" guard on the Vercel preview-deploy step let the step run — but GitHub withholds repository secrets from dependabot[bot]-authored runs, so VERCEL_TOKEN was empty.

Pushed a fix that also excludes github.actor == 'dependabot[bot]' from the "trusted" condition (matching the pattern already used for OG_IMAGE_SECRET), so build/lint/typecheck/test still run but the deploy/lighthouse steps are skipped until a maintainer labels the PR trusted. Re-running CI now.


Generated by Claude Code

hasparus commented Jul 2, 2026

Copy link
Copy Markdown
Owner

Update: the CI/secrets issue is fixed, but a real problem surfaced once deploy actually ran:

Error: The Edge Function "api/og" size is 1.04 MB and your plan size limit is 1 MB.

This isn't a CI config issue — it's a genuine regression from the version bump. @vercel/og's satori dependency jumped from 0.10.9 (in 0.6.2) to 0.25.0 (in 0.11.1), which pushes api/og.ts's edge bundle over Vercel's 1 MB Edge Function limit on this plan.

I don't think this is safe for me to fix blindly — the options all involve a product/infra tradeoff:

  • Move api/og.ts off the edge runtime to nodejs (higher size limit, but different runtime semantics/cold-start — the file's own comment notes edge-specific quirks with vercel dev)
  • Cap the bump at an earlier @vercel/og version that doesn't pull in the larger satori (e.g. something in the 0.6.x–0.8.x range) instead of 0.11.1
  • Trim the OG-image code/deps to fit back under 1 MB
  • Upgrade the Vercel plan's Edge Function size limit

Leaving this PR open and unmerged pending a decision — happy to implement whichever direction you prefer.


Generated by Claude Code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant