chore(deps): bump @vercel/og from 0.6.2 to 0.11.1#112
Conversation
hasparus
left a comment
There was a problem hiding this comment.
CI is green on all functional checks (lint, typecheck, build, Playwright e2e including OG image tests all pass) despite the @vercel/og 0.6→0.11 major bump. The only failing job step is Deploy Preview to Vercel (deploy.mjs: missing --token), which fails identically on every open Dependabot PR because secrets aren't available in dependabot-triggered pull_request runs — a pre-existing CI gap unrelated to this bump. Approving and merging.
Generated by Claude Code
|
·@·d·ependabot r·ebase Generated by Claude Code |
b07d36f to
1858b15
Compare
Bumps @vercel/og from 0.6.2 to 0.11.1. --- updated-dependencies: - dependency-name: "@vercel/og" dependency-version: 0.11.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
1858b15 to
e798e12
Compare
Dependabot PRs run from the same repo (not a fork), so the deploy step's fork-only guard let it through even though GitHub withholds repository secrets from dependabot-actor runs. That caused deploy.mjs to fail with 'missing --token'. Treat dependabot[bot] runs the same as fork PRs: build/lint/typecheck/test still run, but preview deploy and lighthouse are skipped until a maintainer adds the 'trusted' label. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
|
CI was failing on Pushed a fix that also excludes Generated by Claude Code |
|
Update: the CI/secrets issue is fixed, but a real problem surfaced once deploy actually ran: This isn't a CI config issue — it's a genuine regression from the version bump. I don't think this is safe for me to fix blindly — the options all involve a product/infra tradeoff:
Leaving this PR open and unmerged pending a decision — happy to implement whichever direction you prefer. Generated by Claude Code |
Bumps @vercel/og from 0.6.2 to 0.11.1.