Skip to content

Backport #2814: Bump e2e framework versions#2819

Open
github-actions[bot] wants to merge 3 commits into
stablefrom
backport/pr-2814-to-stable
Open

Backport #2814: Bump e2e framework versions#2819
github-actions[bot] wants to merge 3 commits into
stablefrom
backport/pr-2814-to-stable

Conversation

@github-actions

@github-actions github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Automated backport of #2814 to stable (backport job run).

This backports the e2e framework and integration dependency updates from #2814.

Follow-up fixes

The original automated backport omitted #2814’s prerequisite, #2802. That caused the upgraded SvelteKit workbench to recursively load its Vite config and prevented the Vercel adapter output from being generated.

  • Backported Fix SvelteKit config loading #2802’s SvelteKit config loader fix, regression assertion, workbench alignment, and @workflow/sveltekit patch changeset in 8353889c3.
  • Added the existing catalog undici dependency directly to the private SvelteKit workbench in 83a12c292. This is required on stable, whose older Svelte integration externalizes Undici instead of bundling it through the newer main-branch world-target plugin architecture.
  • Regenerated pnpm-lock.yaml from the resulting stable dependency graph.

Merge conflicts in the original automated backport were resolved by AI (opencode with anthropic/claude-opus-4.8). Please review those resolutions carefully before merging.

Verification

  • pnpm install --frozen-lockfile
  • pnpm build
  • APP_NAME=sveltekit pnpm vitest run packages/core/e2e/local-build.test.ts
  • VERCEL_DEPLOYMENT_ID=local pnpm --dir workbench/sveltekit build

The adapter-vercel build produces .vercel/output/config.json, static output, and function output.

* Fix SvelteKit config loading

* Bump e2e framework versions

Signed-off-by: Nathan Colosimo <110621881+NathanColosimo@users.noreply.github.com>
@github-actions github-actions Bot requested review from a team and ijjk as code owners July 8, 2026 17:31
@changeset-bot

changeset-bot Bot commented Jul 8, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 83a12c2

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 16 packages
Name Type
@workflow/sveltekit Patch
workflow Patch
@workflow/world-testing Patch
@workflow/core Patch
@workflow/builders Patch
@workflow/cli Patch
@workflow/next Patch
@workflow/nitro Patch
@workflow/vitest Patch
@workflow/web-shared Patch
@workflow/web Patch
@workflow/astro Patch
@workflow/nest Patch
@workflow/rollup Patch
@workflow/vite Patch
@workflow/nuxt Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel

vercel Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
example-nextjs-workflow-turbopack Ready Ready Preview, Comment Jul 9, 2026 11:28pm
example-nextjs-workflow-webpack Ready Ready Preview, Comment Jul 9, 2026 11:28pm
example-workflow Ready Ready Preview, Comment Jul 9, 2026 11:28pm
workbench-astro-workflow Ready Ready Preview, Comment Jul 9, 2026 11:28pm
workbench-express-workflow Ready Ready Preview, Comment Jul 9, 2026 11:28pm
workbench-fastify-workflow Ready Ready Preview, Comment Jul 9, 2026 11:28pm
workbench-hono-workflow Ready Ready Preview, Comment Jul 9, 2026 11:28pm
workbench-nitro-workflow Ready Ready Preview, Comment Jul 9, 2026 11:28pm
workbench-nuxt-workflow Ready Ready Preview, Comment Jul 9, 2026 11:28pm
workbench-sveltekit-workflow Ready Ready Preview, Comment Jul 9, 2026 11:28pm
workbench-tanstack-start-workflow Ready Ready Preview, Comment Jul 9, 2026 11:28pm
workbench-vite-workflow Ready Ready Preview, Comment Jul 9, 2026 11:28pm
workflow-docs Ready Ready Preview, Comment, Open in v0 Jul 9, 2026 11:28pm
workflow-swc-playground Ready Ready Preview, Comment Jul 9, 2026 11:28pm
workflow-tarballs Ready Ready Preview, Comment Jul 9, 2026 11:28pm
workflow-web Ready Ready Preview, Comment Jul 9, 2026 11:28pm

@socket-security

socket-security Bot commented Jul 8, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Critical
Critical CVE: Decompress: Archive extraction can create files and links outside of the target directory in npm @xhmikosr/decompress

CVE: GHSA-mp2f-45pm-3cg9 Decompress: Archive extraction can create files and links outside of the target directory (CRITICAL)

Affected versions: < 10.2.1; >= 11.0.0 < 11.1.3

Patched version: 10.2.1

From: pnpm-lock.yamlnpm/@swc/cli@0.6.0npm/@xhmikosr/decompress@10.2.0

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@xhmikosr/decompress@10.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
High CVE: npm @isaacs/brace-expansion has Uncontrolled Resource Consumption

CVE: GHSA-7h2j-956f-4vf2 @isaacs/brace-expansion has Uncontrolled Resource Consumption (HIGH)

Affected versions: < 5.0.1

Patched version: 5.0.1

From: pnpm-lock.yamlnpm/glob@11.1.0npm/@isaacs/brace-expansion@5.0.0

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@isaacs/brace-expansion@5.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
High CVE: npm minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions

CVE: GHSA-23c5-xmqv-rm74 minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions (HIGH)

Affected versions: >= 10.0.0 < 10.2.3; >= 9.0.0 < 9.0.7; >= 8.0.0 < 8.0.6; >= 7.0.0 < 7.4.8; >= 6.0.0 < 6.2.2; >= 5.0.0 < 5.1.8; >= 4.0.0 < 4.2.5; < 3.1.4

Patched version: 10.2.3

From: pnpm-lock.yamlnpm/glob@11.1.0npm/minimatch@10.1.1

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/minimatch@10.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
High CVE: npm minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

CVE: GHSA-7r86-cg39-jmmj minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments (HIGH)

Affected versions: >= 10.0.0 < 10.2.3; >= 9.0.0 < 9.0.7; >= 8.0.0 < 8.0.6; >= 7.0.0 < 7.4.8; >= 6.0.0 < 6.2.2; >= 5.0.0 < 5.1.8; >= 4.0.0 < 4.2.5; < 3.1.3

Patched version: 10.2.3

From: pnpm-lock.yamlnpm/glob@11.1.0npm/minimatch@10.1.1

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/minimatch@10.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
High CVE: npm minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

CVE: GHSA-3ppc-4f35-3m26 minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern (HIGH)

Affected versions: >= 10.0.0 < 10.2.1; >= 9.0.0 < 9.0.6; >= 8.0.0 < 8.0.5; >= 7.0.0 < 7.4.7; >= 6.0.0 < 6.2.1; >= 5.0.0 < 5.1.7; >= 4.0.0 < 4.2.4; < 3.1.3

Patched version: 10.2.1

From: pnpm-lock.yamlnpm/glob@11.1.0npm/minimatch@10.1.1

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/minimatch@10.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
High CVE: npm minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions

CVE: GHSA-23c5-xmqv-rm74 minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions (HIGH)

Affected versions: >= 10.0.0 < 10.2.3; >= 9.0.0 < 9.0.7; >= 8.0.0 < 8.0.6; >= 7.0.0 < 7.4.8; >= 6.0.0 < 6.2.2; >= 5.0.0 < 5.1.8; >= 4.0.0 < 4.2.5; < 3.1.4

Patched version: 5.1.8

From: pnpm-lock.yamlnpm/@testcontainers/postgresql@11.12.0npm/@vercel/analytics@2.0.1npm/nitropack@2.13.4npm/@oclif/core@4.11.4npm/nuxt@4.4.8npm/genversion@3.2.0npm/minimatch@5.1.6

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/minimatch@5.1.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
High CVE: npm minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

CVE: GHSA-7r86-cg39-jmmj minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments (HIGH)

Affected versions: >= 10.0.0 < 10.2.3; >= 9.0.0 < 9.0.7; >= 8.0.0 < 8.0.6; >= 7.0.0 < 7.4.8; >= 6.0.0 < 6.2.2; >= 5.0.0 < 5.1.8; >= 4.0.0 < 4.2.5; < 3.1.3

Patched version: 5.1.8

From: pnpm-lock.yamlnpm/@testcontainers/postgresql@11.12.0npm/@vercel/analytics@2.0.1npm/nitropack@2.13.4npm/@oclif/core@4.11.4npm/nuxt@4.4.8npm/genversion@3.2.0npm/minimatch@5.1.6

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/minimatch@5.1.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
High CVE: npm minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

CVE: GHSA-3ppc-4f35-3m26 minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern (HIGH)

Affected versions: >= 10.0.0 < 10.2.1; >= 9.0.0 < 9.0.6; >= 8.0.0 < 8.0.5; >= 7.0.0 < 7.4.7; >= 6.0.0 < 6.2.1; >= 5.0.0 < 5.1.7; >= 4.0.0 < 4.2.4; < 3.1.3

Patched version: 5.1.7

From: pnpm-lock.yamlnpm/@testcontainers/postgresql@11.12.0npm/@vercel/analytics@2.0.1npm/nitropack@2.13.4npm/@oclif/core@4.11.4npm/nuxt@4.4.8npm/genversion@3.2.0npm/minimatch@5.1.6

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/minimatch@5.1.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
High CVE: npm minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions

CVE: GHSA-23c5-xmqv-rm74 minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions (HIGH)

Affected versions: >= 10.0.0 < 10.2.3; >= 9.0.0 < 9.0.7; >= 8.0.0 < 8.0.6; >= 7.0.0 < 7.4.8; >= 6.0.0 < 6.2.2; >= 5.0.0 < 5.1.8; >= 4.0.0 < 4.2.5; < 3.1.4

Patched version: 9.0.7

From: pnpm-lock.yamlnpm/@testcontainers/postgresql@11.12.0npm/@vercel/analytics@2.0.1npm/@swc/cli@0.8.1npm/nitropack@2.13.4npm/nuxt@4.4.8npm/@swc/cli@0.6.0npm/minimatch@9.0.5

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/minimatch@9.0.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
High CVE: npm minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

CVE: GHSA-7r86-cg39-jmmj minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments (HIGH)

Affected versions: >= 10.0.0 < 10.2.3; >= 9.0.0 < 9.0.7; >= 8.0.0 < 8.0.6; >= 7.0.0 < 7.4.8; >= 6.0.0 < 6.2.2; >= 5.0.0 < 5.1.8; >= 4.0.0 < 4.2.5; < 3.1.3

Patched version: 9.0.7

From: pnpm-lock.yamlnpm/@testcontainers/postgresql@11.12.0npm/@vercel/analytics@2.0.1npm/@swc/cli@0.8.1npm/nitropack@2.13.4npm/nuxt@4.4.8npm/@swc/cli@0.6.0npm/minimatch@9.0.5

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/minimatch@9.0.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
High CVE: npm minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

CVE: GHSA-3ppc-4f35-3m26 minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern (HIGH)

Affected versions: >= 10.0.0 < 10.2.1; >= 9.0.0 < 9.0.6; >= 8.0.0 < 8.0.5; >= 7.0.0 < 7.4.7; >= 6.0.0 < 6.2.1; >= 5.0.0 < 5.1.7; >= 4.0.0 < 4.2.4; < 3.1.3

Patched version: 9.0.6

From: pnpm-lock.yamlnpm/@testcontainers/postgresql@11.12.0npm/@vercel/analytics@2.0.1npm/@swc/cli@0.8.1npm/nitropack@2.13.4npm/nuxt@4.4.8npm/@swc/cli@0.6.0npm/minimatch@9.0.5

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/minimatch@9.0.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@TooTallNate TooTallNate left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version-bump content itself is a faithful backport — I verified every non-lockfile hunk against the original #2814 (identical except two correct stable adaptations: sveltekit's vite devDep starts from 7.1.12 instead of 7.3.2 but lands on the same 7.3.6, and the nitro catalog hunk is correctly omitted because stable already pins 3.0.260610-beta), and pnpm install --frozen-lockfile + a full pnpm build succeed on the branch. But there's a real, deterministic breakage:

Blocking: the sveltekit workbench Vercel deployment fails on this PR, and it's caused by a missing prerequisite backport. The Vercel – workbench-sveltekit-workflow check fails with No Output Directory named "public" found after the Build completed, while the same check is green on the last 5 stable commits — so it's not a flake. Root cause: #2814 was stacked on #2802 ("Fix SvelteKit config loading", which changes packages/sveltekit/src/builder.ts), and #2802 was never backported to stable. This PR's lockfile refresh re-resolves the sveltekit workbench's caret ranges from @sveltejs/kit@2.55.0 up to 2.69.1 (plus newer adapter/plugin versions), which is exactly the territory that needs the config-loading fix — without it the adapter output isn't where the Vercel project expects. The original #2814 passed this same check on main because main has #2802.

Note the PR description's AI recommendation says this backport "includes a SvelteKit config-loading fix" — it doesn't; that text was inferred from the squash commit's message bullets, but the diff contains no sveltekit source changes.

Suggested path: backport #2802 to stable first (it should apply cleanly — packages/sveltekit/src/builder.ts exists there, and it carries its own changeset), then refresh this PR's lockfile on top. Folding #2802's changes into this PR would also work but loses the per-PR changeset/attribution granularity.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

🧪 E2E Test Results

Some tests failed

Summary

Passed Failed Skipped Total
✅ ▲ Vercel Production 1077 0 78 1155
✅ 💻 Local Development 1174 0 86 1260
✅ 📦 Local Production 1174 0 86 1260
✅ 🐘 Local Postgres 1174 0 86 1260
✅ 🪟 Windows 105 0 0 105
❌ 🌍 Community Worlds 79 102 9 190
✅ 📋 Other 594 0 36 630
Total 5377 102 381 5860

❌ Failed Tests

🌍 Community Worlds (102 failed)

redis (19 failed):

  • hookWorkflow | wrun_01KX54VWSSTCCDVSSC796PG5GJ
  • hookWorkflow is not resumable via public webhook endpoint | wrun_01KX54W5Y77PNPT378X3W5VXWE
  • parallelStepsThenWebhookWorkflow - no hook_conflict from same-tick replay race | wrun_01KX54WKWQSH8K265AYJAS7PG3
  • sleepingWorkflow | wrun_01KX54XMCT5SWED2PZJF6SQG8V
  • outputStreamWorkflow negative startIndex (reads from end)
  • outputStreamWorkflow - getTailIndex and getStreamChunks getTailIndex returns correct index after stream completes
  • outputStreamWorkflow - getTailIndex and getStreamChunks getTailIndex returns -1 before any chunks are written
  • outputStreamWorkflow - getTailIndex and getStreamChunks getStreamChunks returns same content as reading the stream
  • concurrent hook token conflict - two workflows cannot use the same hook token simultaneously | wrun_01KX555HMZQFNX6EGV8JMBBYCK
  • hookGetConflictWorkflow - awaiting hook.getConflict() registers hook without payload | wrun_01KX555YZCKP4TZFR2S78HG5FV
  • hookGetConflictThenStepParallelWorkflow - hook.getConflict() continuation step runs alongside other steps | wrun_01KX5566VRY8YJ7X09SCWZD3W1
  • hookGetConflictWorkflow - hook.getConflict() resolves with the conflicting run when token is already registered | wrun_01KX556MAXBE0EE5BP9D5KCJM7
  • hookClaimOnlyMutexWorkflow - hook works as a pure run mutex without payload data | wrun_01KX557KD4CAGDQ704907PM103
  • hookAdoptOwnerResultWorkflow - duplicate adopts the owner result via conflict.returnValue | wrun_01KX557RJHNDWH4XPDES7016Z8
  • hookSignalOwnerWorkflow - duplicate forwards its payload to the owner via resumeHook | wrun_01KX557Y6WEK1A8QH6SWZDVXVD
  • hookSupersedeOwnerWorkflow - duplicate cancels the owner and claims the released token | wrun_01KX5582KXEA6Q4P9GZVWK41C6
  • resume-or-start route pattern - resumeHook retried after start() reaches the new run | wrun_01KX558D3YTW1EESGN1F4QGAQV
  • pages router sleepingWorkflow via pages router
  • resilient start: addTenWorkflow completes when run_created returns 500 | wrun_01KX55ECC8CTNXK37CCHTZ0ABC

turso (83 failed):

  • addTenWorkflow | wrun_01KX54TWSQ2EBY86947S3PHXF9
  • addTenWorkflow | wrun_01KX54TWSQ2EBY86947S3PHXF9
  • deploymentId: 'latest' is a no-op in non-Vercel worlds
  • wellKnownAgentWorkflow (.well-known/agent) | wrun_01KX54V6B329BD60C3Z9Z8PTVH
  • should work with react rendering in step
  • promiseAllWorkflow | wrun_01KX54V417S5QE1W89NZMYASHT
  • promiseRaceWorkflow | wrun_01KX54V7RBVYP4GMCP60KTWPP6
  • promiseAnyWorkflow | wrun_01KX54VA35Z8ZY227K1DJSDBJH
  • importedStepOnlyWorkflow | wrun_01KX54VG6NFEN8WTY2BRXG9MHJ
  • readableStreamWorkflow | wrun_01KX54VDNNWFQ7K1QXDMEG43YN
  • hookWorkflow | wrun_01KX54VWSSTCCDVSSC796PG5GJ
  • hookWorkflow is not resumable via public webhook endpoint | wrun_01KX54W5Y77PNPT378X3W5VXWE
  • webhookWorkflow | wrun_01KX54WACA3N5HBYXXH9CNW8X9
  • parallelStepsThenWebhookWorkflow - no hook_conflict from same-tick replay race | wrun_01KX54WKWQSH8K265AYJAS7PG3
  • sleepingWorkflow | wrun_01KX54XMCT5SWED2PZJF6SQG8V
  • parallelSleepWorkflow | wrun_01KX54Y43TCG67X084HQ0D49BE
  • sleepWinsRaceWorkflow | wrun_01KX54Y7M61F2RJDBQNP0QMVZA
  • stepWinsRaceWorkflow | wrun_01KX54YB2K6EX2C37TZ59831AJ
  • nullByteWorkflow | wrun_01KX54YEK018WQW95KZH22VJCM
  • workflowAndStepMetadataWorkflow | wrun_01KX54YGVX4F6K87YJXYMN24MA
  • outputStreamWorkflow no startIndex (reads all chunks)
  • outputStreamWorkflow positive startIndex (skips first chunk)
  • outputStreamWorkflow negative startIndex (reads from end)
  • outputStreamWorkflow - getTailIndex and getStreamChunks getTailIndex returns correct index after stream completes
  • outputStreamWorkflow - getTailIndex and getStreamChunks getTailIndex returns -1 before any chunks are written
  • outputStreamWorkflow - getTailIndex and getStreamChunks getStreamChunks returns same content as reading the stream
  • outputStreamInsideStepWorkflow - getWritable() called inside step functions | wrun_01KX550SB846F17GF6PMKG5CS9
  • writableForwardedFromWorkflowWorkflow | wrun_01KX5517500QN9C5AX1QS46ZB4
  • writableForwardedFromStepWorkflow | wrun_01KX551BGN0TVESKKBKS9ANW7G
  • fetchWorkflow | wrun_01KX551FDY3YG1QP0RRRRPFRRH
  • promiseRaceStressTestWorkflow | wrun_01KX551JXPXYJAVZ0PVKAPSNVE
  • error handling error propagation workflow errors nested function calls preserve message and stack trace
  • error handling error propagation workflow errors cross-file imports preserve message and stack trace
  • error handling error propagation step errors basic step error preserves message and stack trace
  • error handling error propagation step errors cross-file step error preserves message and function names in stack
  • error handling retry behavior regular Error retries until success
  • error handling retry behavior FatalError fails immediately without retries
  • error handling retry behavior RetryableError respects custom retryAfter delay
  • error handling retry behavior maxRetries=0 disables retries
  • error handling catchability FatalError can be caught and detected with FatalError.is()
  • error handling not registered WorkflowNotRegisteredError fails the run when workflow does not exist
  • error handling not registered StepNotRegisteredError fails the step but workflow can catch it
  • error handling not registered StepNotRegisteredError fails the run when not caught in workflow
  • hookCleanupTestWorkflow - hook token reuse after workflow completion | wrun_01KX5554RVN7R2V0PZCB89VSWG
  • concurrent hook token conflict - two workflows cannot use the same hook token simultaneously | wrun_01KX555HMZQFNX6EGV8JMBBYCK
  • hookGetConflictWorkflow - awaiting hook.getConflict() registers hook without payload | wrun_01KX555YZCKP4TZFR2S78HG5FV
  • 'hookGetConflictWithPriorStepWorkflow' - hook.getConflict() does not block step execution | wrun_01KX5561JCPPQ8WWRPEZF2JPS5
  • 'hookGetConflictWithParallelStepWorkfl…' - hook.getConflict() does not block step execution | wrun_01KX5564922Y61X4M3BNR7WESX
  • hookGetConflictThenStepParallelWorkflow - hook.getConflict() continuation step runs alongside other steps | wrun_01KX5566VRY8YJ7X09SCWZD3W1
  • hookGetConflictWorkflow - hook.getConflict() resolves with the conflicting run when token is already registered | wrun_01KX556MAXBE0EE5BP9D5KCJM7
  • hookClaimOnlyMutexWorkflow - hook works as a pure run mutex without payload data | wrun_01KX557KD4CAGDQ704907PM103
  • hookAdoptOwnerResultWorkflow - duplicate adopts the owner result via conflict.returnValue | wrun_01KX557RJHNDWH4XPDES7016Z8
  • hookSignalOwnerWorkflow - duplicate forwards its payload to the owner via resumeHook | wrun_01KX557Y6WEK1A8QH6SWZDVXVD
  • hookSupersedeOwnerWorkflow - duplicate cancels the owner and claims the released token | wrun_01KX5582KXEA6Q4P9GZVWK41C6
  • resume-or-start route pattern - resumeHook retried after start() reaches the new run | wrun_01KX558D3YTW1EESGN1F4QGAQV
  • hookDisposeTestWorkflow - hook token reuse after explicit disposal while workflow still running | wrun_01KX558MJ7ZZ075JNC59DW7KP0
  • stepFunctionPassingWorkflow - step function references can be passed as arguments (without closure vars) | wrun_01KX5594RPHJP4TFE5J73P5HEE
  • stepFunctionWithClosureWorkflow - step function with closure variables passed as argument | wrun_01KX559ENCMPD4VZ2MBKZ33J83
  • closureVariableWorkflow - nested step functions with closure variables | wrun_01KX559MXMQRMNN2G3BG1PX7CK
  • spawnWorkflowFromStepWorkflow - spawning a child workflow using start() inside a step | wrun_01KX559QB7AY8JR3AFEY929FAY
  • health check (queue-based) - workflow and step endpoints respond to health check messages
  • health check (CLI) - workflow health command reports healthy endpoints
  • pathsAliasWorkflow - TypeScript path aliases resolve correctly | wrun_01KX55A7KNG8R9TPW99371WXF9
  • Calculator.calculate - static workflow method using static step methods from another class | wrun_01KX55ADXFZ95752S39BQ1EREB
  • AllInOneService.processNumber - static workflow method using sibling static step methods | wrun_01KX55ANC3ACTHXWJXC7X815ZC
  • ChainableService.processWithThis - static step methods using this to reference the class | wrun_01KX55AWW87HK1A63GYYKWZ04F
  • thisSerializationWorkflow - step function invoked with .call() and .apply() | wrun_01KX55B48NCFEQ7Q9KTSZ47KXE
  • customSerializationWorkflow - custom class serialization with WORKFLOW_SERIALIZE/WORKFLOW_DESERIALIZE | wrun_01KX55BBGPSD5MA6DJYZGK5XT0
  • instanceMethodStepWorkflow - instance methods with "use step" directive | wrun_01KX55BJXBGHQ7RSPAKK1PHW38
  • crossContextSerdeWorkflow - classes defined in step code are deserializable in workflow context | wrun_01KX55C02ESHKH10KWMF992JV7
  • stepFunctionAsStartArgWorkflow - step function reference passed as start() argument | wrun_01KX55C8B26387SKGN5F8AJ74M
  • cancelRun - cancelling a running workflow | wrun_01KX55CFQSMJY4SRSXYFHH1RM0
  • cancelRun via CLI - cancelling a running workflow | wrun_01KX55CN417YTS4DE0BEFN0A95
  • pages router addTenWorkflow via pages router
  • pages router promiseAllWorkflow via pages router
  • pages router sleepingWorkflow via pages router
  • hookWithSleepWorkflow - hook payloads delivered correctly with concurrent sleep | wrun_01KX55CXBE48XF9ESF2T141P2Z
  • hookWithSleepFinalStepWorkflow - step only on final payload | wrun_01KX55DBG4K93EJA2Z977Q6C1X
  • sleepInLoopWorkflow - sleep inside loop with steps actually delays each iteration | wrun_01KX55DN72ZCXCCPN87R7KJQ0K
  • sleepWithSequentialStepsWorkflow - sequential steps work with concurrent sleep (control) | wrun_01KX55E0CD50QYYBXX8Y9TCC23
  • importMetaUrlWorkflow - import.meta.url is available in step bundles | wrun_01KX55E7J9CA1E55KQNPX1KNFA
  • metadataFromHelperWorkflow - getWorkflowMetadata/getStepMetadata work from module-level helper (#1577) | wrun_01KX55E9ZC7DAP42BAEJKPMTXN
  • resilient start: addTenWorkflow completes when run_created returns 500 | wrun_01KX55ECC8CTNXK37CCHTZ0ABC

Details by Category

✅ ▲ Vercel Production
App Passed Failed Skipped
✅ astro 97 0 8
✅ example 97 0 8
✅ express 97 0 8
✅ fastify 97 0 8
✅ hono 97 0 8
✅ nextjs-turbopack 102 0 3
✅ nextjs-webpack 102 0 3
✅ nitro 97 0 8
✅ nuxt 97 0 8
✅ sveltekit 97 0 8
✅ vite 97 0 8
✅ 💻 Local Development
App Passed Failed Skipped
✅ astro-stable 99 0 6
✅ express-stable 99 0 6
✅ fastify-stable 99 0 6
✅ hono-stable 99 0 6
✅ nextjs-turbopack-canary 86 0 19
✅ nextjs-turbopack-stable 105 0 0
✅ nextjs-webpack-canary 86 0 19
✅ nextjs-webpack-stable 105 0 0
✅ nitro-stable 99 0 6
✅ nuxt-stable 99 0 6
✅ sveltekit-stable 99 0 6
✅ vite-stable 99 0 6
✅ 📦 Local Production
App Passed Failed Skipped
✅ astro-stable 99 0 6
✅ express-stable 99 0 6
✅ fastify-stable 99 0 6
✅ hono-stable 99 0 6
✅ nextjs-turbopack-canary 86 0 19
✅ nextjs-turbopack-stable 105 0 0
✅ nextjs-webpack-canary 86 0 19
✅ nextjs-webpack-stable 105 0 0
✅ nitro-stable 99 0 6
✅ nuxt-stable 99 0 6
✅ sveltekit-stable 99 0 6
✅ vite-stable 99 0 6
✅ 🐘 Local Postgres
App Passed Failed Skipped
✅ astro-stable 99 0 6
✅ express-stable 99 0 6
✅ fastify-stable 99 0 6
✅ hono-stable 99 0 6
✅ nextjs-turbopack-canary 86 0 19
✅ nextjs-turbopack-stable 105 0 0
✅ nextjs-webpack-canary 86 0 19
✅ nextjs-webpack-stable 105 0 0
✅ nitro-stable 99 0 6
✅ nuxt-stable 99 0 6
✅ sveltekit-stable 99 0 6
✅ vite-stable 99 0 6
✅ 🪟 Windows
App Passed Failed Skipped
✅ nextjs-turbopack 105 0 0
❌ 🌍 Community Worlds
App Passed Failed Skipped
✅ mongodb-dev 3 0 3
✅ redis-dev 3 0 3
❌ redis 67 19 0
✅ turso-dev 3 0 3
❌ turso 3 83 0
✅ 📋 Other
App Passed Failed Skipped
✅ e2e-local-dev-nest-stable 99 0 6
✅ e2e-local-dev-tanstack-start-stable 99 0 6
✅ e2e-local-postgres-nest-stable 99 0 6
✅ e2e-local-postgres-tanstack-start-stable 99 0 6
✅ e2e-local-prod-nest-stable 99 0 6
✅ e2e-local-prod-tanstack-start-stable 99 0 6

📋 View full workflow run

@NathanColosimo

Copy link
Copy Markdown
Contributor

Addressed the blocking SvelteKit review.

  • 8353889c3 backports Fix SvelteKit config loading #2802’s loader fix, import-marker regression assertion, workbench updates, and @workflow/sveltekit changeset.
  • 83a12c292 adds the stable-only workbench undici dependency and refreshes the lockfile. Stable’s older Svelte plugin externalizes Undici, so without an app-level dependency the generated server has no valid strict-pnpm resolution. Main avoids this through its newer world-target/plugin bundling architecture.

Verified locally:

  • frozen install completes, including workbench/sveltekit prepare
  • full package build passes
  • targeted SvelteKit local-build test passes all 13 cases and logs workflow/sveltekit import ok
  • adapter-vercel build passes and produces .vercel/output/config.json, static output, and function output

The PR description now reflects that #2802 was added after the original automated backport. Please re-review when the refreshed checks finish.

@NathanColosimo

Copy link
Copy Markdown
Contributor

Final CI follow-up:

  • Vercel – workbench-sveltekit-workflow: passed
  • E2E Vercel Prod Tests (sveltekit): passed (99 passed, 6 skipped)
  • E2E Required Check: passed
  • All required checks are green on 83a12c292.

The remaining non-passing jobs are the explicitly non-blocking community-world lanes (Turso/Redis/MongoDB). .github/workflows/e2e-community-world.yml documents that those third-party adapters are incompatible with SDK HEAD and runs them with continue-on-error; .github/workflows/tests.yml intentionally excludes them from E2E Required Check. Turso reproduced its known uninitialized-schema failure (no such table: queue_messages / workflow_runs), unrelated to this backport.

The blocking SvelteKit deployment and runtime regression from the review are both resolved. Re-requesting review.

@NathanColosimo NathanColosimo enabled auto-merge (squash) July 10, 2026 17:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants